From b326961adfc9b5ec043bf2b7edf005a14066800a899ce6157304598d06dd91b7 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Mon, 20 Jul 2015 10:27:18 +0000 Subject: [PATCH] Accepting request 317610 from home:gary_lin:branches:devel:openSUSE:Factory Update openssl and package the debug symbols OBS-URL: https://build.opensuse.org/request/show/317610 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=100 --- shim-change-debug-file-path.patch | 26 + shim-fix-gnu-efi-30w.patch | 85 - shim-gcc5.patch | 62 + shim-update-openssl-1.0.2d.patch | 146195 +++++++++++++++++++++++++++ shim.changes | 10 + shim.spec | 53 +- 6 files changed, 146343 insertions(+), 88 deletions(-) create mode 100644 shim-change-debug-file-path.patch delete mode 100644 shim-fix-gnu-efi-30w.patch create mode 100644 shim-gcc5.patch create mode 100644 shim-update-openssl-1.0.2d.patch diff --git a/shim-change-debug-file-path.patch b/shim-change-debug-file-path.patch new file mode 100644 index 0000000..8b210db --- /dev/null +++ b/shim-change-debug-file-path.patch @@ -0,0 +1,26 @@ +From a2b1ceac7093798d770cf50c8a2a78f7051c7be9 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Wed, 15 Jul 2015 18:15:40 +0800 +Subject: [PATCH] Change the debug file path + +Signed-off-by: Gary Ching-Pang Lin +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 48e2a7d..081c9a8 100644 +--- a/Makefile ++++ b/Makefile +@@ -43,7 +43,7 @@ ifeq ($(ARCH),x86_64) + -maccumulate-outgoing-args \ + -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ + "-DEFI_ARCH=L\"x64\"" \ +- "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\"" ++ "-DDEBUGDIR=L\"/usr/lib/debug/usr/lib64/efi/shim.debug\"" + endif + ifeq ($(ARCH),ia32) + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \ +-- +2.1.4 + diff --git a/shim-fix-gnu-efi-30w.patch b/shim-fix-gnu-efi-30w.patch deleted file mode 100644 index 23efcbe..0000000 --- a/shim-fix-gnu-efi-30w.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 7bfd197ba085e84db662decd9efc8ecf8a435ec2 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 25 Sep 2014 18:12:42 +0800 -Subject: [PATCH] Adapt the change in gnu-efi-3.0w - ---- - Cryptlib/Include/OpenSslSupport.h | 13 +++++++------ - Cryptlib/Makefile | 1 + - Cryptlib/OpenSSL/Makefile | 3 +++ - Makefile | 2 ++ - 4 files changed, 13 insertions(+), 6 deletions(-) - -diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h -index b77838d..8a53eb7 100644 ---- a/Cryptlib/Include/OpenSslSupport.h -+++ b/Cryptlib/Include/OpenSslSupport.h -@@ -16,12 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - #define __OPEN_SSL_SUPPORT_H__ - - #include --#include --#include --#include --#include --#include --#include - - #define CONST const - -@@ -63,6 +57,13 @@ typedef __builtin_va_list VA_LIST; - #define va_end(Marker) ((void)0) - #endif - -+#include -+#include -+#include -+#include -+#include -+#include -+ - // - // #defines from EFI Application Toolkit required to buiild Open SSL - // -diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile -index 1769e67..e4f9eb5 100644 ---- a/Cryptlib/Makefile -+++ b/Cryptlib/Makefile -@@ -4,6 +4,7 @@ EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLU - CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ - -Wall $(EFI_INCLUDES) \ - -ffreestanding -I$(shell $(CC) -print-file-name=include) -+CFLAGS += -DGNU_EFI_USE_EXTERNAL_STDARG - - ifeq ($(ARCH),x86_64) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ -diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile -index 7bedb94..1f2c6d5 100644 ---- a/Cryptlib/OpenSSL/Makefile -+++ b/Cryptlib/OpenSSL/Makefile -@@ -19,6 +19,9 @@ endif - ifeq ($(ARCH),arm) - CFLAGS += -O2 -DTHIRTY_TWO_BIT - endif -+ -+CFLAGS += -DGNU_EFI_USE_EXTERNAL_STDARG -+ - LDFLAGS = -nostdlib -znocombreloc - - TARGET = libopenssl.a -diff --git a/Makefile b/Makefile -index 83cf374..9cfebc7 100644 ---- a/Makefile -+++ b/Makefile -@@ -28,6 +28,8 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ - $(EFI_INCLUDES) - -+CFLAGS += -DGNU_EFI_USE_EXTERNAL_STDARG -+ - ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) - CFLAGS += -DOVERRIDE_SECURITY_POLICY - endif --- -2.1.4 - diff --git a/shim-gcc5.patch b/shim-gcc5.patch new file mode 100644 index 0000000..415a257 --- /dev/null +++ b/shim-gcc5.patch @@ -0,0 +1,62 @@ +From a508082e41339d929ae598c964562946287c1938 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 13 Jul 2015 16:33:52 +0800 +Subject: [PATCH] Specify the gnu89 standard + +According to the gcc5 porting guideline (*), gcc5 defaults to +-std=gnu11 instead of -std=gnu89. Append -std=gnu89 to CFLAGS +to avoid the potential problems. + +(*) https://gcc.gnu.org/gcc-5/porting_to.html + +Based on the patch from Cristian Rodriguez + +Signed-off-by: Gary Ching-Pang Lin +--- + Cryptlib/Makefile | 2 +- + Cryptlib/OpenSSL/Makefile | 2 +- + Makefile | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index cb18440..9a92304 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -2,7 +2,7 @@ + EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol + + CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ +- -Wall $(EFI_INCLUDES) \ ++ -Wall $(EFI_INCLUDES) -std=gnu89 \ + -ffreestanding -I$(shell $(CC) -print-file-name=include) + + ifeq ($(ARCH),x86_64) +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index 3f87a94..ab6e7dd 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -2,7 +2,7 @@ + EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Icrypto/asn1 -Icrypto/evp -Icrypto/modes + + CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ +- -ffreestanding -I$(shell $(CC) -print-file-name=include) \ ++ -ffreestanding -std=gnu89 -I$(shell $(CC) -print-file-name=include) \ + -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC + + ifeq ($(ARCH),x86_64) +diff --git a/Makefile b/Makefile +index 1181b8a..48e2a7d 100644 +--- a/Makefile ++++ b/Makefile +@@ -28,7 +28,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds + DEFAULT_LOADER := \\\\grub.efi + CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ + -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ +- -Werror=sign-compare -ffreestanding \ ++ -Werror=sign-compare -ffreestanding -std=gnu89 \ + -I$(shell $(CC) -print-file-name=include) \ + "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ + "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ +-- +2.1.4 + diff --git a/shim-update-openssl-1.0.2d.patch b/shim-update-openssl-1.0.2d.patch new file mode 100644 index 0000000..9e4f902 --- /dev/null +++ b/shim-update-openssl-1.0.2d.patch @@ -0,0 +1,146195 @@ +From 2921f6f692fcbe3f5147d504673d4f56c28def6b Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 13 Jul 2015 11:58:44 +0800 +Subject: [PATCH 1/2] Update openssl to 1.0.2d + +Also update Cryptlib to edk2 r17731 + +Signed-off-by: Gary Ching-Pang Lin +--- + Cryptlib/Hash/CryptSha512.c | 354 + + Cryptlib/Include/OpenSslSupport.h | 6 + + Cryptlib/Include/memory.h | 16 + + Cryptlib/Include/openssl/aes.h | 33 +- + Cryptlib/Include/openssl/asn1.h | 272 +- + Cryptlib/Include/openssl/asn1_mac.h | 7 + + Cryptlib/Include/openssl/asn1t.h | 73 +- + Cryptlib/Include/openssl/bio.h | 142 +- + Cryptlib/Include/openssl/blowfish.h | 2 +- + Cryptlib/Include/openssl/bn.h | 190 +- + Cryptlib/Include/openssl/buffer.h | 10 +- + Cryptlib/Include/openssl/camellia.h | 132 + + Cryptlib/Include/openssl/cast.h | 2 +- + Cryptlib/Include/openssl/cmac.h | 82 + + Cryptlib/Include/openssl/cms.h | 555 ++ + Cryptlib/Include/openssl/conf.h | 36 +- + Cryptlib/Include/openssl/crypto.h | 131 +- + Cryptlib/Include/openssl/des.h | 4 + + Cryptlib/Include/openssl/dh.h | 167 +- + Cryptlib/Include/openssl/dsa.h | 60 +- + Cryptlib/Include/openssl/dso.h | 43 +- + Cryptlib/Include/openssl/dtls1.h | 56 +- + Cryptlib/Include/openssl/e_os2.h | 58 +- + Cryptlib/Include/openssl/ebcdic.h | 7 + + Cryptlib/Include/openssl/ec.h | 1012 ++- + Cryptlib/Include/openssl/ecdh.h | 9 + + Cryptlib/Include/openssl/ecdsa.h | 276 +- + Cryptlib/Include/openssl/engine.h | 70 +- + Cryptlib/Include/openssl/err.h | 81 +- + Cryptlib/Include/openssl/evp.h | 746 +- + Cryptlib/Include/openssl/hmac.h | 11 +- + Cryptlib/Include/openssl/idea.h | 2 +- + Cryptlib/Include/openssl/kssl.h | 14 + + Cryptlib/Include/openssl/lhash.h | 131 +- + Cryptlib/Include/openssl/md2.h | 94 - + Cryptlib/Include/openssl/md4.h | 2 +- + Cryptlib/Include/openssl/md5.h | 2 +- + Cryptlib/Include/openssl/mdc2.h | 94 + + Cryptlib/Include/openssl/modes.h | 163 + + Cryptlib/Include/openssl/obj_mac.h | 305 +- + Cryptlib/Include/openssl/objects.h | 98 +- + Cryptlib/Include/openssl/ocsp.h | 39 +- + Cryptlib/Include/openssl/opensslconf.h | 92 +- + Cryptlib/Include/openssl/opensslv.h | 16 +- + Cryptlib/Include/openssl/ossl_typ.h | 32 +- + Cryptlib/Include/openssl/pem.h | 274 +- + Cryptlib/Include/openssl/pkcs12.h | 10 +- + Cryptlib/Include/openssl/pkcs7.h | 61 +- + Cryptlib/Include/openssl/pq_compat.h | 152 - + Cryptlib/Include/openssl/pqueue.h | 14 +- + Cryptlib/Include/openssl/rand.h | 40 +- + Cryptlib/Include/openssl/rc4.h | 8 +- + Cryptlib/Include/openssl/ripemd.h | 3 +- + Cryptlib/Include/openssl/rsa.h | 229 +- + Cryptlib/Include/openssl/safestack.h | 1310 ++- + Cryptlib/Include/openssl/seed.h | 149 + + Cryptlib/Include/openssl/sha.h | 13 +- + Cryptlib/Include/openssl/srp.h | 169 + + Cryptlib/Include/openssl/srtp.h | 147 + + Cryptlib/Include/openssl/ssl.h | 1387 ++- + Cryptlib/Include/openssl/ssl2.h | 4 + + Cryptlib/Include/openssl/ssl3.h | 247 +- + Cryptlib/Include/openssl/stack.h | 50 +- + Cryptlib/Include/openssl/store.h | 651 -- + Cryptlib/Include/openssl/symhacks.h | 102 +- + Cryptlib/Include/openssl/tls1.h | 387 +- + Cryptlib/Include/openssl/tmdiff.h | 91 - + Cryptlib/Include/openssl/ts.h | 862 ++ + Cryptlib/Include/openssl/txt_db.h | 18 +- + Cryptlib/Include/openssl/ui.h | 11 +- + Cryptlib/Include/openssl/whrlpool.h | 41 + + Cryptlib/Include/openssl/x509.h | 331 +- + Cryptlib/Include/openssl/x509_vfy.h | 97 +- + Cryptlib/Include/openssl/x509v3.h | 216 +- + Cryptlib/Library/BaseCryptLib.h | 500 +- + Cryptlib/Makefile | 2 + + Cryptlib/OpenSSL/Makefile | 173 +- + Cryptlib/OpenSSL/crypto/LPdir_nyi.c | 27 +- + Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 84 +- + Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 165 +- + Cryptlib/OpenSSL/crypto/aes/aes_core.c | 254 +- + Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 90 +- + Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 12 +- + Cryptlib/OpenSSL/crypto/aes/aes_locl.h | 50 +- + Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 21 + + Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 93 +- + Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 186 +- + Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 26 + + Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 6 +- + Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 2 +- + Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 65 +- + Cryptlib/OpenSSL/crypto/asn1/a_hdr.c | 118 - + Cryptlib/OpenSSL/crypto/asn1/a_int.c | 20 +- + Cryptlib/OpenSSL/crypto/asn1/a_meth.c | 86 - + Cryptlib/OpenSSL/crypto/asn1/a_object.c | 26 +- + Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 5 +- + Cryptlib/OpenSSL/crypto/asn1/a_set.c | 44 +- + Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 128 +- + Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 1 + + Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 21 +- + Cryptlib/OpenSSL/crypto/asn1/a_time.c | 68 +- + Cryptlib/OpenSSL/crypto/asn1/a_type.c | 7 +- + Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 124 +- + Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 68 +- + Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c | 484 ++ + Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 26 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 79 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 43 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h | 135 + + Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 16 +- + Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 107 +- + Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 9 +- + Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c | 482 ++ + Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c | 248 + + Cryptlib/OpenSSL/crypto/asn1/charmap.h | 24 +- + Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 97 +- + Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 9 +- + Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 34 +- + Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 38 +- + Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 5 +- + Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 71 +- + Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 178 +- + Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 63 +- + Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 3 +- + Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 689 +- + Cryptlib/OpenSSL/crypto/asn1/t_req.c | 27 +- + Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 22 +- + Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 120 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 22 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 11 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 8 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 33 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c | 585 ++ + Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 11 + + Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 15 + + Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 373 +- + Cryptlib/OpenSSL/crypto/asn1/x_long.c | 11 +- + Cryptlib/OpenSSL/crypto/asn1/x_name.c | 273 +- + Cryptlib/OpenSSL/crypto/asn1/x_nx509.c | 72 + + Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 289 +- + Cryptlib/OpenSSL/crypto/asn1/x_req.c | 3 +- + Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 43 +- + Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c | 123 - + Cryptlib/OpenSSL/crypto/bf/bf_ecb.c | 100 - + Cryptlib/OpenSSL/crypto/bf/bf_enc.c | 300 - + Cryptlib/OpenSSL/crypto/bf/bf_locl.h | 219 - + Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c | 110 - + Cryptlib/OpenSSL/crypto/bf/bf_pi.h | 325 - + Cryptlib/OpenSSL/crypto/bf/bf_skey.c | 121 - + Cryptlib/OpenSSL/crypto/bio/b_dump.c | 25 + + Cryptlib/OpenSSL/crypto/bio/b_print.c | 384 +- + Cryptlib/OpenSSL/crypto/bio/b_sock.c | 962 +++ + Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 6 +- + Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 33 +- + Cryptlib/OpenSSL/crypto/bio/bio_err.c | 4 +- + Cryptlib/OpenSSL/crypto/bio/bio_lcl.h | 52 +- + Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 40 +- + Cryptlib/OpenSSL/crypto/bio/bss_acpt.c | 463 + + Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 18 +- + Cryptlib/OpenSSL/crypto/bio/bss_conn.c | 603 ++ + Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 1494 +++- + Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 89 +- + Cryptlib/OpenSSL/crypto/bio/bss_file.c | 60 +- + Cryptlib/OpenSSL/crypto/bio/bss_log.c | 85 +- + Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 19 +- + Cryptlib/OpenSSL/crypto/bio/bss_sock.c | 287 + + Cryptlib/OpenSSL/crypto/bn/bn.h | 1266 +-- + Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 607 +- + Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 13 +- + Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 8 +- + Cryptlib/OpenSSL/crypto/bn/bn_div.c | 322 +- + Cryptlib/OpenSSL/crypto/bn/bn_err.c | 6 +- + Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 577 +- + Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 5 +- + Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 420 +- + Cryptlib/OpenSSL/crypto/bn/bn_lcl.h | 633 +- + Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 72 +- + Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 404 +- + Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 745 +- + Cryptlib/OpenSSL/crypto/bn/bn_opt.c | 86 - + Cryptlib/OpenSSL/crypto/bn/bn_prime.h | 535 +- + Cryptlib/OpenSSL/crypto/bn/bn_print.c | 43 +- + Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 10 +- + Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 39 +- + Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h | 56 + + Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 2 +- + Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 104 +- + Cryptlib/OpenSSL/crypto/buffer/buffer.c | 37 +- + Cryptlib/OpenSSL/crypto/cast/c_cfb64.c | 123 - + Cryptlib/OpenSSL/crypto/cast/c_ecb.c | 83 - + Cryptlib/OpenSSL/crypto/cast/c_enc.c | 200 - + Cryptlib/OpenSSL/crypto/cast/c_ofb64.c | 110 - + Cryptlib/OpenSSL/crypto/cast/c_skey.c | 172 - + Cryptlib/OpenSSL/crypto/cast/cast_lcl.h | 227 - + Cryptlib/OpenSSL/crypto/cast/cast_s.h | 585 -- + Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c | 96 + + Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c | 216 + + Cryptlib/OpenSSL/crypto/cmac/cmac.c | 298 + + Cryptlib/OpenSSL/crypto/comp/c_rle.c | 4 +- + Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 1 + + Cryptlib/OpenSSL/crypto/comp/comp_err.c | 2 +- + Cryptlib/OpenSSL/crypto/conf/conf_api.c | 135 +- + Cryptlib/OpenSSL/crypto/conf/conf_def.c | 26 +- + Cryptlib/OpenSSL/crypto/conf/conf_def.h | 241 +- + Cryptlib/OpenSSL/crypto/conf/conf_err.c | 4 +- + Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 30 +- + Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 1 - + Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 7 +- + Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 17 +- + Cryptlib/OpenSSL/crypto/cpt_err.c | 4 +- + Cryptlib/OpenSSL/crypto/cryptlib.c | 639 +- + Cryptlib/OpenSSL/crypto/cryptlib.h | 72 +- + Cryptlib/OpenSSL/crypto/cversion.c | 19 +- + Cryptlib/OpenSSL/crypto/des/des_enc.c | 25 +- + Cryptlib/OpenSSL/crypto/des/des_lib.c | 104 - + Cryptlib/OpenSSL/crypto/des/des_locl.h | 715 +- + Cryptlib/OpenSSL/crypto/des/des_ver.h | 18 +- + Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 46 +- + Cryptlib/OpenSSL/crypto/des/enc_read.c | 25 +- + Cryptlib/OpenSSL/crypto/des/enc_writ.c | 25 +- + Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 4 +- + Cryptlib/OpenSSL/crypto/des/ncbc_enc.c | 164 +- + Cryptlib/OpenSSL/crypto/des/rpc_des.h | 63 +- + Cryptlib/OpenSSL/crypto/des/set_key.c | 25 +- + Cryptlib/OpenSSL/crypto/des/spr.h | 312 +- + Cryptlib/OpenSSL/crypto/des/str2key.c | 2 +- + Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 2 +- + Cryptlib/OpenSSL/crypto/dh/dh_ameth.c | 957 +++ + Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 104 +- + Cryptlib/OpenSSL/crypto/dh/dh_check.c | 54 +- + Cryptlib/OpenSSL/crypto/dh/dh_err.c | 26 +- + Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 21 +- + Cryptlib/OpenSSL/crypto/dh/dh_key.c | 49 +- + Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 16 +- + Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c | 555 ++ + Cryptlib/OpenSSL/crypto/dh/dh_prn.c | 79 + + Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c | 285 + + Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c | 231 - + Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c | 113 - + Cryptlib/OpenSSL/crypto/dsa/dsa_err.c | 119 - + Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c | 352 - + Cryptlib/OpenSSL/crypto/dsa/dsa_key.c | 134 - + Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c | 316 - + Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c | 412 - + Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c | 92 - + Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c | 93 - + Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c | 83 - + Cryptlib/OpenSSL/crypto/dso/dso_beos.c | 253 + + Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 45 +- + Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 135 +- + Cryptlib/OpenSSL/crypto/dso/dso_err.c | 14 +- + Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 36 +- + Cryptlib/OpenSSL/crypto/dso/dso_null.c | 4 +- + Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 2 + + Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 215 +- + Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 221 +- + Cryptlib/OpenSSL/crypto/dyn_lck.c | 422 - + Cryptlib/OpenSSL/crypto/ebcdic.c | 2 +- + Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 463 - + Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c | 1035 --- + Cryptlib/OpenSSL/crypto/ec/ec2_smpt.c | 141 - + Cryptlib/OpenSSL/crypto/ec/ec_asn1.c | 1276 --- + Cryptlib/OpenSSL/crypto/ec/ec_check.c | 120 - + Cryptlib/OpenSSL/crypto/ec/ec_curve.c | 1335 --- + Cryptlib/OpenSSL/crypto/ec/ec_cvt.c | 141 - + Cryptlib/OpenSSL/crypto/ec/ec_err.c | 275 - + Cryptlib/OpenSSL/crypto/ec/ec_key.c | 460 - + Cryptlib/OpenSSL/crypto/ec/ec_lcl.h | 390 - + Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 1111 --- + Cryptlib/OpenSSL/crypto/ec/ec_mult.c | 911 -- + Cryptlib/OpenSSL/crypto/ec/ec_print.c | 179 - + Cryptlib/OpenSSL/crypto/ec/ecp_mont.c | 300 - + Cryptlib/OpenSSL/crypto/ec/ecp_nist.c | 235 - + Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c | 1769 ---- + Cryptlib/OpenSSL/crypto/ecdh/ech_err.c | 96 - + Cryptlib/OpenSSL/crypto/ecdh/ech_key.c | 84 - + Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 242 - + Cryptlib/OpenSSL/crypto/ecdh/ech_locl.h | 94 - + Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c | 205 - + Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c | 67 - + Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c | 104 - + Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 259 - + Cryptlib/OpenSSL/crypto/ecdsa/ecs_locl.h | 107 - + Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c | 437 - + Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c | 106 - + Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c | 112 - + Cryptlib/OpenSSL/crypto/engine/eng_all.c | 129 - + Cryptlib/OpenSSL/crypto/engine/eng_cnf.c | 242 - + Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c | 1175 --- + Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c | 385 - + Cryptlib/OpenSSL/crypto/engine/eng_dyn.c | 572 -- + Cryptlib/OpenSSL/crypto/engine/eng_err.c | 176 - + Cryptlib/OpenSSL/crypto/engine/eng_fat.c | 165 - + Cryptlib/OpenSSL/crypto/engine/eng_init.c | 157 - + Cryptlib/OpenSSL/crypto/engine/eng_int.h | 196 - + Cryptlib/OpenSSL/crypto/engine/eng_lib.c | 344 - + Cryptlib/OpenSSL/crypto/engine/eng_list.c | 402 - + Cryptlib/OpenSSL/crypto/engine/eng_openssl.c | 402 - + Cryptlib/OpenSSL/crypto/engine/eng_padlock.c | 1241 --- + Cryptlib/OpenSSL/crypto/engine/eng_pkey.c | 186 - + Cryptlib/OpenSSL/crypto/engine/eng_table.c | 326 - + Cryptlib/OpenSSL/crypto/engine/tb_cipher.c | 143 - + Cryptlib/OpenSSL/crypto/engine/tb_dh.c | 124 - + Cryptlib/OpenSSL/crypto/engine/tb_digest.c | 143 - + Cryptlib/OpenSSL/crypto/engine/tb_dsa.c | 124 - + Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c | 139 - + Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c | 124 - + Cryptlib/OpenSSL/crypto/engine/tb_rand.c | 124 - + Cryptlib/OpenSSL/crypto/engine/tb_rsa.c | 124 - + Cryptlib/OpenSSL/crypto/engine/tb_store.c | 129 - + Cryptlib/OpenSSL/crypto/err/err.c | 803 +- + Cryptlib/OpenSSL/crypto/err/err_all.c | 13 +- + Cryptlib/OpenSSL/crypto/err/err_bio.c | 74 - + Cryptlib/OpenSSL/crypto/err/err_def.c | 665 -- + Cryptlib/OpenSSL/crypto/err/err_prn.c | 67 +- + Cryptlib/OpenSSL/crypto/err/err_str.c | 289 - + Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 6 +- + Cryptlib/OpenSSL/crypto/evp/bio_md.c | 25 +- + Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 104 +- + Cryptlib/OpenSSL/crypto/evp/c_all.c | 2 +- + Cryptlib/OpenSSL/crypto/evp/c_allc.c | 32 +- + Cryptlib/OpenSSL/crypto/evp/c_alld.c | 5 +- + Cryptlib/OpenSSL/crypto/evp/dig_eng.c | 176 - + Cryptlib/OpenSSL/crypto/evp/digest.c | 248 +- + Cryptlib/OpenSSL/crypto/evp/e_aes.c | 1979 ++++- + Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c | 1005 +++ + .../OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c | 973 +++ + Cryptlib/OpenSSL/crypto/evp/e_camellia.c | 394 + + Cryptlib/OpenSSL/crypto/evp/e_des.c | 152 +- + Cryptlib/OpenSSL/crypto/evp/e_des3.c | 331 +- + Cryptlib/OpenSSL/crypto/evp/e_idea.c | 2 +- + Cryptlib/OpenSSL/crypto/evp/e_null.c | 8 +- + Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 9 +- + Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 6 +- + Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c | 308 + + Cryptlib/OpenSSL/crypto/evp/e_seed.c | 82 + + Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 20 +- + Cryptlib/OpenSSL/crypto/evp/enc_min.c | 410 - + Cryptlib/OpenSSL/crypto/evp/encode.c | 8 +- + Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 338 +- + Cryptlib/OpenSSL/crypto/evp/evp_err.c | 74 +- + Cryptlib/OpenSSL/crypto/evp/evp_key.c | 37 +- + Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 94 +- + Cryptlib/OpenSSL/crypto/evp/evp_locl.h | 383 +- + Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 245 +- + Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 631 +- + Cryptlib/OpenSSL/crypto/evp/m_dss.c | 4 +- + Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 7 +- + Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 3 +- + Cryptlib/OpenSSL/crypto/evp/m_md2.c | 1 - + Cryptlib/OpenSSL/crypto/evp/m_md4.c | 3 +- + Cryptlib/OpenSSL/crypto/evp/m_md5.c | 2 +- + Cryptlib/OpenSSL/crypto/evp/m_mdc2.c | 108 + + Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 1 + + Cryptlib/OpenSSL/crypto/evp/m_sha.c | 2 +- + Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 27 +- + Cryptlib/OpenSSL/crypto/evp/m_sigver.c | 203 + + Cryptlib/OpenSSL/crypto/evp/m_wp.c | 48 + + Cryptlib/OpenSSL/crypto/evp/names.c | 87 +- + Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 70 +- + Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 167 +- + Cryptlib/OpenSSL/crypto/evp/p_dec.c | 6 +- + Cryptlib/OpenSSL/crypto/evp/p_enc.c | 6 +- + Cryptlib/OpenSSL/crypto/evp/p_lib.c | 391 +- + Cryptlib/OpenSSL/crypto/evp/p_open.c | 5 +- + Cryptlib/OpenSSL/crypto/evp/p_seal.c | 13 +- + Cryptlib/OpenSSL/crypto/evp/p_sign.c | 47 +- + Cryptlib/OpenSSL/crypto/evp/p_verify.c | 42 +- + Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c | 346 + + Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c | 215 + + Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c | 613 ++ + Cryptlib/OpenSSL/crypto/ex_data.c | 45 +- + Cryptlib/OpenSSL/crypto/fips_err.c | 7 - + Cryptlib/OpenSSL/crypto/fips_ers.c | 7 + + Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c | 162 + + Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c | 262 + + Cryptlib/OpenSSL/crypto/hmac/hmac.c | 152 +- + Cryptlib/OpenSSL/crypto/idea/i_cbc.c | 171 - + Cryptlib/OpenSSL/crypto/idea/i_cfb64.c | 123 - + Cryptlib/OpenSSL/crypto/idea/i_ecb.c | 88 - + Cryptlib/OpenSSL/crypto/idea/i_ofb64.c | 110 - + Cryptlib/OpenSSL/crypto/idea/i_skey.c | 180 - + Cryptlib/OpenSSL/crypto/idea/idea_lcl.h | 215 - + Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 12 +- + Cryptlib/OpenSSL/crypto/lhash/lhash.c | 99 +- + Cryptlib/OpenSSL/crypto/md2/md2_dgst.c | 229 - + Cryptlib/OpenSSL/crypto/md2/md2_one.c | 96 - + Cryptlib/OpenSSL/crypto/md32_common.h | 486 +- + Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 45 +- + Cryptlib/OpenSSL/crypto/md4/md4_locl.h | 75 +- + Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 11 +- + Cryptlib/OpenSSL/crypto/md5/md5_locl.h | 93 +- + Cryptlib/OpenSSL/crypto/mem.c | 87 +- + Cryptlib/OpenSSL/crypto/mem_dbg.c | 255 +- + Cryptlib/OpenSSL/crypto/modes/cbc128.c | 207 + + Cryptlib/OpenSSL/crypto/modes/ccm128.c | 479 ++ + Cryptlib/OpenSSL/crypto/modes/cfb128.c | 254 + + Cryptlib/OpenSSL/crypto/modes/ctr128.c | 270 + + Cryptlib/OpenSSL/crypto/modes/cts128.c | 544 ++ + Cryptlib/OpenSSL/crypto/modes/gcm128.c | 2371 ++++++ + Cryptlib/OpenSSL/crypto/modes/modes_lcl.h | 143 + + Cryptlib/OpenSSL/crypto/modes/ofb128.c | 124 + + Cryptlib/OpenSSL/crypto/modes/wrap128.c | 138 + + Cryptlib/OpenSSL/crypto/modes/xts128.c | 204 + + Cryptlib/OpenSSL/crypto/o_dir.h | 20 +- + Cryptlib/OpenSSL/crypto/o_fips.c | 96 + + Cryptlib/OpenSSL/crypto/o_init.c | 56 +- + Cryptlib/OpenSSL/crypto/o_str.c | 2 +- + Cryptlib/OpenSSL/crypto/o_str.h | 13 +- + Cryptlib/OpenSSL/crypto/o_time.c | 231 +- + Cryptlib/OpenSSL/crypto/o_time.h | 14 +- + Cryptlib/OpenSSL/crypto/objects/o_names.c | 61 +- + Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 175 +- + Cryptlib/OpenSSL/crypto/objects/obj_dat.h | 8798 +++++++++++--------- + Cryptlib/OpenSSL/crypto/objects/obj_err.c | 2 +- + Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 38 +- + Cryptlib/OpenSSL/crypto/objects/obj_xref.c | 222 + + Cryptlib/OpenSSL/crypto/objects/obj_xref.h | 99 + + Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 2 - + Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 3 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 63 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 179 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 8 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 18 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 31 +- + Cryptlib/OpenSSL/crypto/pem/pem_all.c | 220 +- + Cryptlib/OpenSSL/crypto/pem/pem_err.c | 34 +- + Cryptlib/OpenSSL/crypto/pem/pem_info.c | 35 +- + Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 143 +- + Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 2 + + Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 152 +- + Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 6 +- + Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 1 - + Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 1 - + Cryptlib/OpenSSL/crypto/pem/pvkfmt.c | 883 ++ + Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 20 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 10 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 20 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 3 - + Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 20 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 42 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 137 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 20 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 6 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 12 +- + Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 2 +- + Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c | 70 + + Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 44 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 64 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 550 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 182 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 61 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 236 +- + Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 29 +- + Cryptlib/OpenSSL/crypto/pqueue/pqueue.c | 37 +- + Cryptlib/OpenSSL/crypto/pqueue/pqueue.h | 46 +- + Cryptlib/OpenSSL/crypto/rand/md_rand.c | 91 +- + Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 291 - + Cryptlib/OpenSSL/crypto/rand/rand_eng.c | 145 - + Cryptlib/OpenSSL/crypto/rand/rand_err.c | 27 +- + Cryptlib/OpenSSL/crypto/rand/rand_lcl.h | 105 +- + Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 206 +- + Cryptlib/OpenSSL/crypto/rand/rand_nw.c | 179 - + Cryptlib/OpenSSL/crypto/rand/rand_os2.c | 161 - + Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 119 +- + Cryptlib/OpenSSL/crypto/rand/rand_win.c | 751 -- + Cryptlib/OpenSSL/crypto/rand/randfile.c | 46 +- + Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c | 228 - + Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c | 92 - + Cryptlib/OpenSSL/crypto/rc2/rc2_locl.h | 156 - + Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c | 165 - + Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c | 123 - + Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c | 110 - + Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 18 +- + Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c | 75 - + Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h | 6 +- + Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 50 - + Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c | 62 + + Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c | 339 - + Cryptlib/OpenSSL/crypto/ripemd/rmd_locl.h | 150 - + Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c | 77 - + Cryptlib/OpenSSL/crypto/ripemd/rmdconst.h | 399 - + Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c | 969 +++ + Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 35 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 5 + + Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c | 247 + + Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 6 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c | 357 - + Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 64 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 18 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 348 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h | 4 + + Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 140 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c | 784 ++ + Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c | 92 + + Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 92 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 128 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 252 - + Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 4 +- + Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 4 +- + Cryptlib/OpenSSL/crypto/sha/sha256.c | 36 +- + Cryptlib/OpenSSL/crypto/sha/sha512.c | 173 +- + Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 7 +- + Cryptlib/OpenSSL/crypto/sha/sha_locl.h | 714 +- + Cryptlib/OpenSSL/crypto/stack/stack.c | 129 +- + Cryptlib/OpenSSL/crypto/store/str_err.c | 258 - + Cryptlib/OpenSSL/crypto/store/str_lib.c | 1771 ---- + Cryptlib/OpenSSL/crypto/store/str_locl.h | 124 - + Cryptlib/OpenSSL/crypto/store/str_mem.c | 377 - + Cryptlib/OpenSSL/crypto/store/str_meth.c | 280 - + Cryptlib/OpenSSL/crypto/ts/ts.h | 862 ++ + Cryptlib/OpenSSL/crypto/ts/ts_asn1.c | 326 + + Cryptlib/OpenSSL/crypto/ts/ts_conf.c | 491 ++ + Cryptlib/OpenSSL/crypto/ts/ts_err.c | 188 + + Cryptlib/OpenSSL/crypto/ts/ts_lib.c | 143 + + Cryptlib/OpenSSL/crypto/ts/ts_req_print.c | 104 + + Cryptlib/OpenSSL/crypto/ts/ts_req_utils.c | 232 + + Cryptlib/OpenSSL/crypto/ts/ts_rsp_print.c | 281 + + Cryptlib/OpenSSL/crypto/ts/ts_rsp_sign.c | 1020 +++ + Cryptlib/OpenSSL/crypto/ts/ts_rsp_utils.c | 396 + + Cryptlib/OpenSSL/crypto/ts/ts_rsp_verify.c | 736 ++ + Cryptlib/OpenSSL/crypto/ts/ts_verify_ctx.c | 162 + + Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 78 +- + Cryptlib/OpenSSL/crypto/ui/ui_err.c | 111 - + Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 23 + + Cryptlib/OpenSSL/crypto/ui/ui_locl.h | 182 +- + Cryptlib/OpenSSL/crypto/x509/by_dir.c | 368 - + Cryptlib/OpenSSL/crypto/x509/by_file.c | 277 - + Cryptlib/OpenSSL/crypto/x509/vpm_int.h | 70 + + Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 407 +- + Cryptlib/OpenSSL/crypto/x509/x509_err.c | 13 +- + Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 165 +- + Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 2 +- + Cryptlib/OpenSSL/crypto/x509/x509_req.c | 29 +- + Cryptlib/OpenSSL/crypto/x509/x509_set.c | 9 +- + Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 12 +- + Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 40 + + Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 1554 +++- + Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 273 +- + Cryptlib/OpenSSL/crypto/x509/x509cset.c | 4 +- + Cryptlib/OpenSSL/crypto/x509/x509name.c | 2 +- + Cryptlib/OpenSSL/crypto/x509/x509type.c | 38 +- + Cryptlib/OpenSSL/crypto/x509/x_all.c | 44 +- + Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h | 107 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 1 - + Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 14 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h | 204 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 61 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 42 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 222 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 13 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 148 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 8 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 34 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 19 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 485 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 21 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 14 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 151 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 48 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 290 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 49 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 4 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 14 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 13 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 2 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 213 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 4 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 478 +- + Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 20 +- + Cryptlib/OpenSSL/e_os.h | 122 +- + .../OpenSSL/openssl-bio-b_print-disable-sse.patch | 70 + + Cryptlib/OpenSSL/update.sh | 208 +- + Cryptlib/Pk/CryptAuthenticode.c | 6 +- + Cryptlib/Pk/CryptPkcs7Verify.c | 124 +- + Cryptlib/Pk/CryptTs.c | 729 ++ + Cryptlib/Pk/CryptX509.c | 21 +- + Cryptlib/update.sh | 47 +- + 578 files changed, 64180 insertions(+), 54986 deletions(-) + create mode 100644 Cryptlib/Hash/CryptSha512.c + create mode 100644 Cryptlib/Include/memory.h + create mode 100644 Cryptlib/Include/openssl/camellia.h + create mode 100644 Cryptlib/Include/openssl/cmac.h + create mode 100644 Cryptlib/Include/openssl/cms.h + delete mode 100644 Cryptlib/Include/openssl/md2.h + create mode 100644 Cryptlib/Include/openssl/mdc2.h + create mode 100644 Cryptlib/Include/openssl/modes.h + delete mode 100644 Cryptlib/Include/openssl/pq_compat.h + create mode 100644 Cryptlib/Include/openssl/seed.h + create mode 100644 Cryptlib/Include/openssl/srp.h + create mode 100644 Cryptlib/Include/openssl/srtp.h + delete mode 100644 Cryptlib/Include/openssl/store.h + delete mode 100644 Cryptlib/Include/openssl/tmdiff.h + create mode 100644 Cryptlib/Include/openssl/ts.h + create mode 100644 Cryptlib/Include/openssl/whrlpool.h + delete mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_hdr.c + delete mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_meth.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_nx509.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bf/bf_ecb.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bf/bf_enc.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bf/bf_locl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bf/bf_pi.h + delete mode 100644 Cryptlib/OpenSSL/crypto/bf/bf_skey.c + create mode 100644 Cryptlib/OpenSSL/crypto/bio/b_sock.c + create mode 100644 Cryptlib/OpenSSL/crypto/bio/bss_acpt.c + create mode 100644 Cryptlib/OpenSSL/crypto/bio/bss_conn.c + create mode 100644 Cryptlib/OpenSSL/crypto/bio/bss_sock.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bn/bn_opt.c + create mode 100644 Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h + delete mode 100644 Cryptlib/OpenSSL/crypto/cast/c_cfb64.c + delete mode 100644 Cryptlib/OpenSSL/crypto/cast/c_ecb.c + delete mode 100644 Cryptlib/OpenSSL/crypto/cast/c_enc.c + delete mode 100644 Cryptlib/OpenSSL/crypto/cast/c_ofb64.c + delete mode 100644 Cryptlib/OpenSSL/crypto/cast/c_skey.c + delete mode 100644 Cryptlib/OpenSSL/crypto/cast/cast_lcl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/cast/cast_s.h + create mode 100644 Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c + create mode 100644 Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c + create mode 100644 Cryptlib/OpenSSL/crypto/cmac/cmac.c + delete mode 100644 Cryptlib/OpenSSL/crypto/des/des_lib.c + create mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_ameth.c + create mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c + create mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_prn.c + create mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_err.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_key.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c + create mode 100644 Cryptlib/OpenSSL/crypto/dso/dso_beos.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dyn_lck.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec2_mult.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec2_smpt.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_asn1.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_check.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_curve.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_cvt.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_err.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_key.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_lcl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_lib.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_mult.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ec_print.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ecp_mont.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ecp_nist.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_err.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_key.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_locl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_locl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_all.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_cnf.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_dyn.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_err.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_fat.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_init.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_int.h + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_lib.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_list.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_openssl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_padlock.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_pkey.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/eng_table.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/tb_cipher.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/tb_dh.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/tb_digest.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/tb_dsa.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/tb_rand.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/tb_rsa.c + delete mode 100644 Cryptlib/OpenSSL/crypto/engine/tb_store.c + delete mode 100644 Cryptlib/OpenSSL/crypto/err/err_bio.c + delete mode 100644 Cryptlib/OpenSSL/crypto/err/err_def.c + delete mode 100644 Cryptlib/OpenSSL/crypto/err/err_str.c + delete mode 100644 Cryptlib/OpenSSL/crypto/evp/dig_eng.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/e_camellia.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/e_seed.c + delete mode 100644 Cryptlib/OpenSSL/crypto/evp/enc_min.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_mdc2.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_sigver.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_wp.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c + delete mode 100644 Cryptlib/OpenSSL/crypto/fips_err.c + create mode 100644 Cryptlib/OpenSSL/crypto/fips_ers.c + create mode 100644 Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c + create mode 100644 Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c + delete mode 100644 Cryptlib/OpenSSL/crypto/idea/i_cbc.c + delete mode 100644 Cryptlib/OpenSSL/crypto/idea/i_cfb64.c + delete mode 100644 Cryptlib/OpenSSL/crypto/idea/i_ecb.c + delete mode 100644 Cryptlib/OpenSSL/crypto/idea/i_ofb64.c + delete mode 100644 Cryptlib/OpenSSL/crypto/idea/i_skey.c + delete mode 100644 Cryptlib/OpenSSL/crypto/idea/idea_lcl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/md2/md2_dgst.c + delete mode 100644 Cryptlib/OpenSSL/crypto/md2/md2_one.c + create mode 100644 Cryptlib/OpenSSL/crypto/modes/cbc128.c + create mode 100644 Cryptlib/OpenSSL/crypto/modes/ccm128.c + create mode 100644 Cryptlib/OpenSSL/crypto/modes/cfb128.c + create mode 100644 Cryptlib/OpenSSL/crypto/modes/ctr128.c + create mode 100644 Cryptlib/OpenSSL/crypto/modes/cts128.c + create mode 100644 Cryptlib/OpenSSL/crypto/modes/gcm128.c + create mode 100644 Cryptlib/OpenSSL/crypto/modes/modes_lcl.h + create mode 100644 Cryptlib/OpenSSL/crypto/modes/ofb128.c + create mode 100644 Cryptlib/OpenSSL/crypto/modes/wrap128.c + create mode 100644 Cryptlib/OpenSSL/crypto/modes/xts128.c + create mode 100644 Cryptlib/OpenSSL/crypto/o_fips.c + create mode 100644 Cryptlib/OpenSSL/crypto/objects/obj_xref.c + create mode 100644 Cryptlib/OpenSSL/crypto/objects/obj_xref.h + create mode 100644 Cryptlib/OpenSSL/crypto/pem/pvkfmt.c + create mode 100644 Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_egd.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_eng.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_nw.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_os2.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_win.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_locl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c + create mode 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_locl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ripemd/rmdconst.h + create mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c + create mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c + create mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h + create mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c + create mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c + delete mode 100644 Cryptlib/OpenSSL/crypto/store/str_err.c + delete mode 100644 Cryptlib/OpenSSL/crypto/store/str_lib.c + delete mode 100644 Cryptlib/OpenSSL/crypto/store/str_locl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/store/str_mem.c + delete mode 100644 Cryptlib/OpenSSL/crypto/store/str_meth.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts.h + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_asn1.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_conf.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_err.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_lib.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_req_print.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_req_utils.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_rsp_print.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_rsp_sign.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_rsp_utils.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_rsp_verify.c + create mode 100644 Cryptlib/OpenSSL/crypto/ts/ts_verify_ctx.c + delete mode 100644 Cryptlib/OpenSSL/crypto/ui/ui_err.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/by_dir.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/by_file.c + create mode 100644 Cryptlib/OpenSSL/crypto/x509/vpm_int.h + create mode 100644 Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch + create mode 100644 Cryptlib/Pk/CryptTs.c + +diff --git a/Cryptlib/Hash/CryptSha512.c b/Cryptlib/Hash/CryptSha512.c +new file mode 100644 +index 0000000..491f45d +--- /dev/null ++++ b/Cryptlib/Hash/CryptSha512.c +@@ -0,0 +1,354 @@ ++/** @file ++ SHA-384 and SHA-512 Digest Wrapper Implementations over OpenSSL. ++ ++Copyright (c) 2014, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++#include ++ ++/** ++ Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations. ++ ++ @return The size, in bytes, of the context buffer required for SHA-384 hash operations. ++ ++**/ ++UINTN ++EFIAPI ++Sha384GetContextSize ( ++ VOID ++ ) ++{ ++ // ++ // Retrieves OpenSSL SHA-384 Context Size ++ // ++ return (UINTN) (sizeof (SHA512_CTX)); ++} ++ ++/** ++ Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for ++ subsequent use. ++ ++ If Sha384Context is NULL, then return FALSE. ++ ++ @param[out] Sha384Context Pointer to SHA-384 context being initialized. ++ ++ @retval TRUE SHA-384 context initialization succeeded. ++ @retval FALSE SHA-384 context initialization failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha384Init ( ++ OUT VOID *Sha384Context ++ ) ++{ ++ // ++ // Check input parameters. ++ // ++ if (Sha384Context == NULL) { ++ return FALSE; ++ } ++ ++ // ++ // OpenSSL SHA-384 Context Initialization ++ // ++ return (BOOLEAN) (SHA384_Init ((SHA512_CTX *) Sha384Context)); ++} ++ ++/** ++ Makes a copy of an existing SHA-384 context. ++ ++ If Sha384Context is NULL, then return FALSE. ++ If NewSha384Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ ++ @param[in] Sha384Context Pointer to SHA-384 context being copied. ++ @param[out] NewSha384Context Pointer to new SHA-384 context. ++ ++ @retval TRUE SHA-384 context copy succeeded. ++ @retval FALSE SHA-384 context copy failed. ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha384Duplicate ( ++ IN CONST VOID *Sha384Context, ++ OUT VOID *NewSha384Context ++ ) ++{ ++ // ++ // Check input parameters. ++ // ++ if (Sha384Context == NULL || NewSha384Context == NULL) { ++ return FALSE; ++ } ++ ++ CopyMem (NewSha384Context, Sha384Context, sizeof (SHA512_CTX)); ++ ++ return TRUE; ++} ++ ++/** ++ Digests the input data and updates SHA-384 context. ++ ++ This function performs SHA-384 digest on a data buffer of the specified size. ++ It can be called multiple times to compute the digest of long or discontinuous data streams. ++ SHA-384 context should be already correctly intialized by Sha384Init(), and should not be finalized ++ by Sha384Final(). Behavior with invalid context is undefined. ++ ++ If Sha384Context is NULL, then return FALSE. ++ ++ @param[in, out] Sha384Context Pointer to the SHA-384 context. ++ @param[in] Data Pointer to the buffer containing the data to be hashed. ++ @param[in] DataSize Size of Data buffer in bytes. ++ ++ @retval TRUE SHA-384 data digest succeeded. ++ @retval FALSE SHA-384 data digest failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha384Update ( ++ IN OUT VOID *Sha384Context, ++ IN CONST VOID *Data, ++ IN UINTN DataSize ++ ) ++{ ++ // ++ // Check input parameters. ++ // ++ if (Sha384Context == NULL) { ++ return FALSE; ++ } ++ ++ // ++ // Check invalid parameters, in case that only DataLength was checked in OpenSSL ++ // ++ if (Data == NULL && DataSize != 0) { ++ return FALSE; ++ } ++ ++ // ++ // OpenSSL SHA-384 Hash Update ++ // ++ return (BOOLEAN) (SHA384_Update ((SHA512_CTX *) Sha384Context, Data, DataSize)); ++} ++ ++/** ++ Completes computation of the SHA-384 digest value. ++ ++ This function completes SHA-384 hash computation and retrieves the digest value into ++ the specified memory. After this function has been called, the SHA-384 context cannot ++ be used again. ++ SHA-384 context should be already correctly intialized by Sha384Init(), and should not be ++ finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined. ++ ++ If Sha384Context is NULL, then return FALSE. ++ If HashValue is NULL, then return FALSE. ++ ++ @param[in, out] Sha384Context Pointer to the SHA-384 context. ++ @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest ++ value (48 bytes). ++ ++ @retval TRUE SHA-384 digest computation succeeded. ++ @retval FALSE SHA-384 digest computation failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha384Final ( ++ IN OUT VOID *Sha384Context, ++ OUT UINT8 *HashValue ++ ) ++{ ++ // ++ // Check input parameters. ++ // ++ if (Sha384Context == NULL || HashValue == NULL) { ++ return FALSE; ++ } ++ ++ // ++ // OpenSSL SHA-384 Hash Finalization ++ // ++ return (BOOLEAN) (SHA384_Final (HashValue, (SHA512_CTX *) Sha384Context)); ++} ++ ++/** ++ Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations. ++ ++ @return The size, in bytes, of the context buffer required for SHA-512 hash operations. ++ ++**/ ++UINTN ++EFIAPI ++Sha512GetContextSize ( ++ VOID ++ ) ++{ ++ // ++ // Retrieves OpenSSL SHA-512 Context Size ++ // ++ return (UINTN) (sizeof (SHA512_CTX)); ++} ++ ++/** ++ Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for ++ subsequent use. ++ ++ If Sha512Context is NULL, then return FALSE. ++ ++ @param[out] Sha512Context Pointer to SHA-512 context being initialized. ++ ++ @retval TRUE SHA-512 context initialization succeeded. ++ @retval FALSE SHA-512 context initialization failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha512Init ( ++ OUT VOID *Sha512Context ++ ) ++{ ++ // ++ // Check input parameters. ++ // ++ if (Sha512Context == NULL) { ++ return FALSE; ++ } ++ ++ // ++ // OpenSSL SHA-512 Context Initialization ++ // ++ return (BOOLEAN) (SHA512_Init ((SHA512_CTX *) Sha512Context)); ++} ++ ++/** ++ Makes a copy of an existing SHA-512 context. ++ ++ If Sha512Context is NULL, then return FALSE. ++ If NewSha512Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ ++ @param[in] Sha512Context Pointer to SHA-512 context being copied. ++ @param[out] NewSha512Context Pointer to new SHA-512 context. ++ ++ @retval TRUE SHA-512 context copy succeeded. ++ @retval FALSE SHA-512 context copy failed. ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha512Duplicate ( ++ IN CONST VOID *Sha512Context, ++ OUT VOID *NewSha512Context ++ ) ++{ ++ // ++ // Check input parameters. ++ // ++ if (Sha512Context == NULL || NewSha512Context == NULL) { ++ return FALSE; ++ } ++ ++ CopyMem (NewSha512Context, Sha512Context, sizeof (SHA512_CTX)); ++ ++ return TRUE; ++} ++ ++/** ++ Digests the input data and updates SHA-512 context. ++ ++ This function performs SHA-512 digest on a data buffer of the specified size. ++ It can be called multiple times to compute the digest of long or discontinuous data streams. ++ SHA-512 context should be already correctly intialized by Sha512Init(), and should not be finalized ++ by Sha512Final(). Behavior with invalid context is undefined. ++ ++ If Sha512Context is NULL, then return FALSE. ++ ++ @param[in, out] Sha512Context Pointer to the SHA-512 context. ++ @param[in] Data Pointer to the buffer containing the data to be hashed. ++ @param[in] DataSize Size of Data buffer in bytes. ++ ++ @retval TRUE SHA-512 data digest succeeded. ++ @retval FALSE SHA-512 data digest failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha512Update ( ++ IN OUT VOID *Sha512Context, ++ IN CONST VOID *Data, ++ IN UINTN DataSize ++ ) ++{ ++ // ++ // Check input parameters. ++ // ++ if (Sha512Context == NULL) { ++ return FALSE; ++ } ++ ++ // ++ // Check invalid parameters, in case that only DataLength was checked in OpenSSL ++ // ++ if (Data == NULL && DataSize != 0) { ++ return FALSE; ++ } ++ ++ // ++ // OpenSSL SHA-512 Hash Update ++ // ++ return (BOOLEAN) (SHA512_Update ((SHA512_CTX *) Sha512Context, Data, DataSize)); ++} ++ ++/** ++ Completes computation of the SHA-512 digest value. ++ ++ This function completes SHA-512 hash computation and retrieves the digest value into ++ the specified memory. After this function has been called, the SHA-512 context cannot ++ be used again. ++ SHA-512 context should be already correctly intialized by Sha512Init(), and should not be ++ finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined. ++ ++ If Sha512Context is NULL, then return FALSE. ++ If HashValue is NULL, then return FALSE. ++ ++ @param[in, out] Sha512Context Pointer to the SHA-512 context. ++ @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest ++ value (64 bytes). ++ ++ @retval TRUE SHA-512 digest computation succeeded. ++ @retval FALSE SHA-512 digest computation failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha512Final ( ++ IN OUT VOID *Sha512Context, ++ OUT UINT8 *HashValue ++ ) ++{ ++ // ++ // Check input parameters. ++ // ++ if (Sha512Context == NULL || HashValue == NULL) { ++ return FALSE; ++ } ++ ++ // ++ // OpenSSL SHA-512 Hash Finalization ++ // ++ return (BOOLEAN) (SHA384_Final (HashValue, (SHA512_CTX *) Sha512Context)); ++} +diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h +index b77838d..e5e1adc 100644 +--- a/Cryptlib/Include/OpenSslSupport.h ++++ b/Cryptlib/Include/OpenSslSupport.h +@@ -133,6 +133,11 @@ struct tm { + char *tm_zone; /* timezone abbreviation */ + }; + ++struct timeval { ++ long tv_sec; /* time value, in seconds */ ++ long tv_usec; /* time value, in microseconds */ ++} timeval; ++ + struct dirent { + UINT32 d_fileno; /* file number of entry */ + UINT16 d_reclen; /* length of this record */ +@@ -267,5 +272,6 @@ extern FILE *stdout; + #define assert(expression) + #define localtime(timer) NULL + #define gmtime_r(timer,result) (result = NULL) ++#define atoi(nptr) Atoi(nptr) + + #endif +diff --git a/Cryptlib/Include/memory.h b/Cryptlib/Include/memory.h +new file mode 100644 +index 0000000..092b3cd +--- /dev/null ++++ b/Cryptlib/Include/memory.h +@@ -0,0 +1,16 @@ ++/** @file ++ Include file to support building OpenSSL Crypto Library. ++ ++Copyright (c) 2015, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include ++ +diff --git a/Cryptlib/Include/openssl/aes.h b/Cryptlib/Include/openssl/aes.h +index 83c13c9..87bf60f 100644 +--- a/Cryptlib/Include/openssl/aes.h ++++ b/Cryptlib/Include/openssl/aes.h +@@ -58,6 +58,8 @@ + # error AES is disabled. + # endif + ++# include ++ + # define AES_ENCRYPT 1 + # define AES_DECRYPT 0 + +@@ -68,10 +70,6 @@ + # define AES_MAXNR 14 + # define AES_BLOCK_SIZE 16 + +-# ifdef OPENSSL_FIPS +-# define FIPS_AES_SIZE_T int +-# endif +- + #ifdef __cplusplus + extern "C" { + #endif +@@ -94,6 +92,11 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + ++int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key); ++int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key); ++ + void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + void AES_decrypt(const unsigned char *in, unsigned char *out, +@@ -102,37 +105,32 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, + void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); + void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); + void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); + void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); + void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +-void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out, +- const int nbits, const AES_KEY *key, +- unsigned char *ivec, const int enc); + void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); + void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num); +- +-/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */ + /* NB: the IV is _two_ blocks long */ + void AES_ige_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); + /* NB: the IV is _four_ blocks long */ + void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); + +@@ -143,6 +141,7 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); + ++ + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/Include/openssl/asn1.h b/Cryptlib/Include/openssl/asn1.h +index 47e3e02..68e791f 100644 +--- a/Cryptlib/Include/openssl/asn1.h ++++ b/Cryptlib/Include/openssl/asn1.h +@@ -207,13 +207,13 @@ typedef struct asn1_const_ctx_st { + # define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ + # define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ + # define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ +-typedef struct asn1_object_st { ++struct asn1_object_st { + const char *sn, *ln; + int nid; + int length; +- unsigned char *data; ++ const unsigned char *data; /* data remains const after init */ + int flags; /* Should we free this one */ +-} ASN1_OBJECT; ++}; + + # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ + /* +@@ -228,10 +228,15 @@ typedef struct asn1_object_st { + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ +-# define ASN1_STRING_FLAG_CONT 0x020 + ++# define ASN1_STRING_FLAG_CONT 0x020 ++/* ++ * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING ++ * type. ++ */ ++# define ASN1_STRING_FLAG_MSTRING 0x040 + /* This is the base type that holds just about everything :-) */ +-typedef struct asn1_string_st { ++struct asn1_string_st { + int length; + int type; + unsigned char *data; +@@ -241,7 +246,7 @@ typedef struct asn1_string_st { + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +-} ASN1_STRING; ++}; + + /* + * ASN1_ENCODING structure: this is used to save the received encoding of an +@@ -289,7 +294,6 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE) + * Declarations for template structures: for full definitions see asn1t.h + */ + typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +-typedef struct ASN1_ITEM_st ASN1_ITEM; + typedef struct ASN1_TLC_st ASN1_TLC; + /* This is just an opaque pointer */ + typedef struct ASN1_VALUE_st ASN1_VALUE; +@@ -330,6 +334,13 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; + type *name##_new(void); \ + void name##_free(type *a); + ++# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ ++ DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) ++ ++# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ ++ int fname##_print_ctx(BIO *out, stname *x, int indent, \ ++ const ASN1_PCTX *pctx); ++ + # define D2I_OF(type) type *(*)(type **,const unsigned char **,long) + # define I2D_OF(type) int (*)(type *,unsigned char **) + # define I2D_OF_const(type) int (*)(const type *,unsigned char **) +@@ -344,8 +355,6 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; + ((void*) (1 ? p : (type*)0)) + # define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) +-# define CHECKED_PTR_OF_TO_CHAR(type, p) \ +- ((char*) (1 ? p : (type*)0)) + + # define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) + # define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +@@ -546,19 +555,15 @@ typedef struct asn1_type_st { + DECLARE_STACK_OF(ASN1_TYPE) + DECLARE_ASN1_SET_OF(ASN1_TYPE) + +-typedef struct asn1_method_st { +- i2d_of_void *i2d; +- d2i_of_void *d2i; +- void *(*create) (void); +- void (*destroy) (void *); +-} ASN1_METHOD; ++typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; ++ ++DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) ++DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +-/* This is used when parsing some Netscape objects */ +-typedef struct asn1_header_st { ++typedef struct NETSCAPE_X509_st { + ASN1_OCTET_STRING *header; +- void *data; +- ASN1_METHOD *meth; +-} ASN1_HEADER; ++ X509 *cert; ++} NETSCAPE_X509; + + /* This is used to contain a list of bit names */ + typedef struct BIT_STRING_BITNAME_st { +@@ -577,32 +582,34 @@ typedef struct BIT_STRING_BITNAME_st { + ASN1_STRING_type_new(V_ASN1_BIT_STRING) + # define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) + # define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ +- ASN1_STRING_dup((ASN1_STRING *)a) ++ ASN1_STRING_dup((const ASN1_STRING *)a) + # define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ +- (ASN1_STRING *)a,(ASN1_STRING *)b) ++ (const ASN1_STRING *)a,(const ASN1_STRING *)b) + # define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) + + # define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ + ASN1_STRING_type_new(V_ASN1_INTEGER) + # define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) ++# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) + # define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ +- (ASN1_STRING *)a,(ASN1_STRING *)b) ++ (const ASN1_STRING *)a,(const ASN1_STRING *)b) + + # define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ + ASN1_STRING_type_new(V_ASN1_ENUMERATED) + # define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) ++# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) + # define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ +- (ASN1_STRING *)a,(ASN1_STRING *)b) ++ (const ASN1_STRING *)a,(const ASN1_STRING *)b) + + # define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ + ASN1_STRING_type_new(V_ASN1_OCTET_STRING) + # define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) + # define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ +- ASN1_STRING_dup((ASN1_STRING *)a) ++ ASN1_STRING_dup((const ASN1_STRING *)a) + # define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ +- (ASN1_STRING *)a,(ASN1_STRING *)b) ++ (const ASN1_STRING *)a,(const ASN1_STRING *)b) + # define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) + # define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) + # define M_i2d_ASN1_OCTET_STRING(a,pp) \ +@@ -686,7 +693,7 @@ typedef struct BIT_STRING_BITNAME_st { + ASN1_STRING_type_new(V_ASN1_IA5STRING) + # define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) + # define M_ASN1_IA5STRING_dup(a) \ +- (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) ++ (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) + # define M_i2d_ASN1_IA5STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ + V_ASN1_UNIVERSAL) +@@ -697,18 +704,20 @@ typedef struct BIT_STRING_BITNAME_st { + # define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ + ASN1_STRING_type_new(V_ASN1_UTCTIME) + # define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) ++# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) + + # define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ + ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) + # define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) + # define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ +- (ASN1_STRING *)a) ++ (const ASN1_STRING *)a) + + # define M_ASN1_TIME_new() (ASN1_TIME *)\ + ASN1_STRING_type_new(V_ASN1_UTCTIME) + # define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-# define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) ++# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) + + # define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ + ASN1_STRING_type_new(V_ASN1_GENERALSTRING) +@@ -786,16 +795,18 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT) + + ASN1_STRING *ASN1_STRING_new(void); + void ASN1_STRING_free(ASN1_STRING *a); +-ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *a); ++void ASN1_STRING_clear_free(ASN1_STRING *a); ++int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); ++ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); + ASN1_STRING *ASN1_STRING_type_new(int type); +-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); ++int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ + int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); + void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +-int ASN1_STRING_length(ASN1_STRING *x); ++int ASN1_STRING_length(const ASN1_STRING *x); + void ASN1_STRING_length_set(ASN1_STRING *x, int n); + int ASN1_STRING_type(ASN1_STRING *x); + unsigned char *ASN1_STRING_data(ASN1_STRING *x); +@@ -807,6 +818,8 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); + int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); + int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); ++int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, ++ unsigned char *flags, int flags_len); + + # ifndef OPENSSL_NO_BIO + int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, +@@ -825,27 +838,35 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); + ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +-ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x); +-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); ++ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); ++int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + + DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +-int ASN1_UTCTIME_check(ASN1_UTCTIME *a); ++int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); + ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); ++ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, ++ int offset_day, long offset_sec); + int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); + int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + # if 0 + time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); + # endif + +-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); ++int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); + ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); ++ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, ++ time_t t, int offset_day, ++ long offset_sec); + int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); ++int ASN1_TIME_diff(int *pday, int *psec, ++ const ASN1_TIME *from, const ASN1_TIME *to); + + DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); +-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); ++ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); ++int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, ++ const ASN1_OCTET_STRING *b); + int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +@@ -873,15 +894,20 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); ++ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, ++ int offset_day, long offset_sec); + int ASN1_TIME_check(ASN1_TIME *t); + ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME + **out); ++int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); + +-int i2d_ASN1_SET(STACK * a, unsigned char **pp, ++int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, + i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); +-STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length, +- d2i_of_void *d2i, void (*free_func) (void *), +- int ex_tag, int ex_class); ++STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, ++ const unsigned char **pp, ++ long length, d2i_of_void *d2i, ++ void (*free_func) (OPENSSL_BLOCK), ++ int ex_tag, int ex_class); + + # ifndef OPENSSL_NO_BIO + int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); +@@ -899,9 +925,9 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + + int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +-long ASN1_INTEGER_get(ASN1_INTEGER *a); +-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); +-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn); ++long ASN1_INTEGER_get(const ASN1_INTEGER *a); ++ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); ++BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); + long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); +@@ -935,17 +961,17 @@ int ASN1_put_eoc(unsigned char **pp); + int ASN1_object_size(int constructed, int length, int tag); + + /* Used to implement other functions */ +-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); ++void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + + # define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ +- CHECKED_PTR_OF_TO_CHAR(type, x))) ++ CHECKED_PTR_OF(type, x))) + + # define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ +- CHECKED_PTR_OF_TO_CHAR(const type, x))) ++ CHECKED_PTR_OF(const type, x))) + + void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + +@@ -1006,31 +1032,24 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + CHECKED_PTR_OF(const type, x))) + + int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +-int ASN1_UTCTIME_print(BIO *fp, ASN1_UTCTIME *a); +-int ASN1_GENERALIZEDTIME_print(BIO *fp, ASN1_GENERALIZEDTIME *a); +-int ASN1_TIME_print(BIO *fp, ASN1_TIME *a); +-int ASN1_STRING_print(BIO *bp, ASN1_STRING *v); ++int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); ++int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); ++int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); ++int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); + int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); ++int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, ++ unsigned char *buf, int off); + int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); + int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); + # endif + const char *ASN1_tag2str(int tag); + +-/* Used to load and write netscape format cert/key */ +-int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp); +-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp, +- long length); +-ASN1_HEADER *ASN1_HEADER_new(void); +-void ASN1_HEADER_free(ASN1_HEADER * a); ++/* Used to load and write netscape format cert */ + +-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); ++DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) + +-/* Not used that much at this point, except for the first two */ +-ASN1_METHOD *X509_asn1_meth(void); +-ASN1_METHOD *RSAPrivateKey_asn1_meth(void); +-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void); +-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void); ++int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + + int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); + int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len); +@@ -1039,9 +1058,10 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +-STACK *ASN1_seq_unpack(const unsigned char *buf, int len, +- d2i_of_void *d2i, void (*free_func) (void *)); +-unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d, ++STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, ++ d2i_of_void *d2i, ++ void (*free_func) (OPENSSL_BLOCK)); ++unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, + unsigned char **buf, int *len); + void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); + void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); +@@ -1088,14 +1108,56 @@ void ASN1_add_oid_module(void); + ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); + ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); + +-typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, +- int flags, const ASN1_ITEM *it); +- +-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, +- int ctype_nid, int econt_nid, +- STACK_OF(X509_ALGOR) *mdalgs, +- asn1_output_data_fn * data_fn, const ASN1_ITEM *it); ++/* ASN1 Print flags */ ++ ++/* Indicate missing OPTIONAL fields */ ++# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 ++/* Mark start and end of SEQUENCE */ ++# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 ++/* Mark start and end of SEQUENCE/SET OF */ ++# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 ++/* Show the ASN1 type of primitives */ ++# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 ++/* Don't show ASN1 type of ANY */ ++# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 ++/* Don't show ASN1 type of MSTRINGs */ ++# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 ++/* Don't show field names in SEQUENCE */ ++# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 ++/* Show structure names of each SEQUENCE field */ ++# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 ++/* Don't show structure name even at top level */ ++# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 ++ ++int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, ++ const ASN1_ITEM *it, const ASN1_PCTX *pctx); ++ASN1_PCTX *ASN1_PCTX_new(void); ++void ASN1_PCTX_free(ASN1_PCTX *p); ++unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p); ++void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); ++unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p); ++void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); ++unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p); ++void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); ++unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p); ++void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); ++unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p); ++void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); ++ ++BIO_METHOD *BIO_f_asn1(void); ++ ++BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); ++ ++int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, ++ const ASN1_ITEM *it); ++int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, ++ const char *hdr, const ASN1_ITEM *it); ++int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, ++ int ctype_nid, int econt_nid, ++ STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); + ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); ++int SMIME_crlf_copy(BIO *in, BIO *out, int flags); ++int SMIME_text(BIO *in, BIO *out); + + /* BEGIN ERROR CODES */ + /* +@@ -1127,6 +1189,7 @@ void ERR_load_ASN1_strings(void); + # define ASN1_F_ASN1_ENUMERATED_TO_BN 113 + # define ASN1_F_ASN1_EX_C2I 204 + # define ASN1_F_ASN1_FIND_END 190 ++# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 + # define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 + # define ASN1_F_ASN1_GENERATE_V3 178 + # define ASN1_F_ASN1_GET_OBJECT 114 +@@ -1143,11 +1206,12 @@ void ERR_load_ASN1_strings(void); + # define ASN1_F_ASN1_ITEM_I2D_FP 193 + # define ASN1_F_ASN1_ITEM_PACK 198 + # define ASN1_F_ASN1_ITEM_SIGN 195 ++# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 + # define ASN1_F_ASN1_ITEM_UNPACK 199 + # define ASN1_F_ASN1_ITEM_VERIFY 197 + # define ASN1_F_ASN1_MBSTRING_NCOPY 122 + # define ASN1_F_ASN1_OBJECT_NEW 123 +-# define ASN1_F_ASN1_OUTPUT_DATA 207 ++# define ASN1_F_ASN1_OUTPUT_DATA 214 + # define ASN1_F_ASN1_PACK_STRING 124 + # define ASN1_F_ASN1_PCTX_NEW 205 + # define ASN1_F_ASN1_PKCS5_PBE_SET 125 +@@ -1161,14 +1225,17 @@ void ERR_load_ASN1_strings(void); + # define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 + # define ASN1_F_ASN1_TEMPLATE_NEW 133 + # define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 ++# define ASN1_F_ASN1_TIME_ADJ 217 + # define ASN1_F_ASN1_TIME_SET 175 + # define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 + # define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 + # define ASN1_F_ASN1_UNPACK_STRING 136 ++# define ASN1_F_ASN1_UTCTIME_ADJ 218 + # define ASN1_F_ASN1_UTCTIME_SET 187 + # define ASN1_F_ASN1_VERIFY 137 +-# define ASN1_F_B64_READ_ASN1 208 +-# define ASN1_F_B64_WRITE_ASN1 209 ++# define ASN1_F_B64_READ_ASN1 209 ++# define ASN1_F_B64_WRITE_ASN1 210 ++# define ASN1_F_BIO_NEW_NDEF 208 + # define ASN1_F_BITSTR_CB 180 + # define ASN1_F_BN_TO_ASN1_ENUMERATED 138 + # define ASN1_F_BN_TO_ASN1_INTEGER 139 +@@ -1187,6 +1254,7 @@ void ERR_load_ASN1_strings(void); + # define ASN1_F_D2I_ASN1_TYPE_BYTES 149 + # define ASN1_F_D2I_ASN1_UINTEGER 150 + # define ASN1_F_D2I_ASN1_UTCTIME 151 ++# define ASN1_F_D2I_AUTOPRIVATEKEY 207 + # define ASN1_F_D2I_NETSCAPE_RSA 152 + # define ASN1_F_D2I_NETSCAPE_RSA_2 153 + # define ASN1_F_D2I_PRIVATEKEY 154 +@@ -1196,6 +1264,7 @@ void ERR_load_ASN1_strings(void); + # define ASN1_F_D2I_X509 156 + # define ASN1_F_D2I_X509_CINF 157 + # define ASN1_F_D2I_X509_PKEY 159 ++# define ASN1_F_I2D_ASN1_BIO_STREAM 211 + # define ASN1_F_I2D_ASN1_SET 188 + # define ASN1_F_I2D_ASN1_TIME 160 + # define ASN1_F_I2D_DSA_PUBKEY 161 +@@ -1207,10 +1276,12 @@ void ERR_load_ASN1_strings(void); + # define ASN1_F_LONG_C2I 166 + # define ASN1_F_OID_MODULE_INIT 174 + # define ASN1_F_PARSE_TAGGING 182 +-# define ASN1_F_PKCS5_PBE2_SET 167 ++# define ASN1_F_PKCS5_PBE2_SET_IV 167 + # define ASN1_F_PKCS5_PBE_SET 202 +-# define ASN1_F_SMIME_READ_ASN1 210 +-# define ASN1_F_SMIME_TEXT 211 ++# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 ++# define ASN1_F_PKCS5_PBKDF2_SET 219 ++# define ASN1_F_SMIME_READ_ASN1 212 ++# define ASN1_F_SMIME_TEXT 213 + # define ASN1_F_X509_CINF_NEW 168 + # define ASN1_F_X509_CRL_ADD0_REVOKED 169 + # define ASN1_F_X509_INFO_NEW 170 +@@ -1222,22 +1293,24 @@ void ERR_load_ASN1_strings(void); + + /* Reason codes. */ + # define ASN1_R_ADDING_OBJECT 171 +-# define ASN1_R_ASN1_PARSE_ERROR 198 +-# define ASN1_R_ASN1_SIG_PARSE_ERROR 199 ++# define ASN1_R_ASN1_PARSE_ERROR 203 ++# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 + # define ASN1_R_AUX_ERROR 100 + # define ASN1_R_BAD_CLASS 101 + # define ASN1_R_BAD_OBJECT_HEADER 102 + # define ASN1_R_BAD_PASSWORD_READ 103 + # define ASN1_R_BAD_TAG 104 +-# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 ++# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 + # define ASN1_R_BN_LIB 105 + # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 + # define ASN1_R_BUFFER_TOO_SMALL 107 + # define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 ++# define ASN1_R_CONTEXT_NOT_INITIALISED 217 + # define ASN1_R_DATA_IS_WRONG 109 + # define ASN1_R_DECODE_ERROR 110 + # define ASN1_R_DECODING_ERROR 111 + # define ASN1_R_DEPTH_EXCEEDED 174 ++# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 + # define ASN1_R_ENCODE_ERROR 112 + # define ASN1_R_ERROR_GETTING_TIME 173 + # define ASN1_R_ERROR_LOADING_SECTION 172 +@@ -1272,10 +1345,10 @@ void ERR_load_ASN1_strings(void); + # define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 + # define ASN1_R_INVALID_BMPSTRING_LENGTH 129 + # define ASN1_R_INVALID_DIGIT 130 +-# define ASN1_R_INVALID_MIME_TYPE 200 ++# define ASN1_R_INVALID_MIME_TYPE 205 + # define ASN1_R_INVALID_MODIFIER 186 + # define ASN1_R_INVALID_NUMBER 187 +-# define ASN1_R_INVALID_OBJECT_ENCODING 212 ++# define ASN1_R_INVALID_OBJECT_ENCODING 216 + # define ASN1_R_INVALID_SEPARATOR 131 + # define ASN1_R_INVALID_TIME_FORMAT 132 + # define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +@@ -1283,9 +1356,9 @@ void ERR_load_ASN1_strings(void); + # define ASN1_R_IV_TOO_LARGE 135 + # define ASN1_R_LENGTH_ERROR 136 + # define ASN1_R_LIST_ERROR 188 +-# define ASN1_R_MIME_NO_CONTENT_TYPE 201 +-# define ASN1_R_MIME_PARSE_ERROR 202 +-# define ASN1_R_MIME_SIG_PARSE_ERROR 203 ++# define ASN1_R_MIME_NO_CONTENT_TYPE 206 ++# define ASN1_R_MIME_PARSE_ERROR 207 ++# define ASN1_R_MIME_SIG_PARSE_ERROR 208 + # define ASN1_R_MISSING_EOC 137 + # define ASN1_R_MISSING_SECOND_NUMBER 138 + # define ASN1_R_MISSING_VALUE 189 +@@ -1295,11 +1368,12 @@ void ERR_load_ASN1_strings(void); + # define ASN1_R_NON_HEX_CHARACTERS 141 + # define ASN1_R_NOT_ASCII_FORMAT 190 + # define ASN1_R_NOT_ENOUGH_DATA 142 +-# define ASN1_R_NO_CONTENT_TYPE 204 ++# define ASN1_R_NO_CONTENT_TYPE 209 ++# define ASN1_R_NO_DEFAULT_DIGEST 201 + # define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +-# define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 +-# define ASN1_R_NO_MULTIPART_BOUNDARY 206 +-# define ASN1_R_NO_SIG_CONTENT_TYPE 207 ++# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 ++# define ASN1_R_NO_MULTIPART_BOUNDARY 211 ++# define ASN1_R_NO_SIG_CONTENT_TYPE 212 + # define ASN1_R_NULL_IS_WRONG_LENGTH 144 + # define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 + # define ASN1_R_ODD_NUMBER_OF_CHARS 145 +@@ -1309,8 +1383,8 @@ void ERR_load_ASN1_strings(void); + # define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 + # define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 + # define ASN1_R_SHORT_LINE 150 +-# define ASN1_R_SIG_INVALID_MIME_TYPE 208 +-# define ASN1_R_STREAMING_NOT_SUPPORTED 209 ++# define ASN1_R_SIG_INVALID_MIME_TYPE 213 ++# define ASN1_R_STREAMING_NOT_SUPPORTED 202 + # define ASN1_R_STRING_TOO_LONG 151 + # define ASN1_R_STRING_TOO_SHORT 152 + # define ASN1_R_TAG_VALUE_TOO_HIGH 153 +@@ -1322,11 +1396,12 @@ void ERR_load_ASN1_strings(void); + # define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 + # define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 + # define ASN1_R_UNEXPECTED_EOC 159 +-# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 ++# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 + # define ASN1_R_UNKNOWN_FORMAT 160 + # define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 + # define ASN1_R_UNKNOWN_OBJECT_TYPE 162 + # define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 ++# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 + # define ASN1_R_UNKNOWN_TAG 194 + # define ASN1_R_UNKOWN_FORMAT 195 + # define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +@@ -1334,6 +1409,7 @@ void ERR_load_ASN1_strings(void); + # define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 + # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 + # define ASN1_R_UNSUPPORTED_TYPE 196 ++# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 + # define ASN1_R_WRONG_TAG 168 + # define ASN1_R_WRONG_TYPE 169 + +diff --git a/Cryptlib/Include/openssl/asn1_mac.h b/Cryptlib/Include/openssl/asn1_mac.h +index 4aa6af8..abc6dc3 100644 +--- a/Cryptlib/Include/openssl/asn1_mac.h ++++ b/Cryptlib/Include/openssl/asn1_mac.h +@@ -153,6 +153,13 @@ err:\ + M_ASN1_D2I_get(b,func); \ + } + ++# define M_ASN1_D2I_get_int_opt(b,func,type) \ ++ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ ++ == (V_ASN1_UNIVERSAL|(type)))) \ ++ { \ ++ M_ASN1_D2I_get_int(b,func); \ ++ } ++ + # define M_ASN1_D2I_get_imp(b,func, type) \ + M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ + c.q=c.p; \ +diff --git a/Cryptlib/Include/openssl/asn1t.h b/Cryptlib/Include/openssl/asn1t.h +index 0a868ac..99bc0ee 100644 +--- a/Cryptlib/Include/openssl/asn1t.h ++++ b/Cryptlib/Include/openssl/asn1t.h +@@ -4,7 +4,7 @@ + * 2000. + */ + /* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -215,6 +215,18 @@ extern "C" { + #stname \ + ASN1_ITEM_end(tname) + ++# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ ++ ;\ ++ ASN1_ITEM_start(tname) \ ++ ASN1_ITYPE_NDEF_SEQUENCE,\ ++ V_ASN1_SEQUENCE,\ ++ tname##_seq_tt,\ ++ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ ++ &tname##_aux,\ ++ sizeof(stname),\ ++ #stname \ ++ ASN1_ITEM_end(tname) ++ + /*- + * This pair helps declare a CHOICE type. We can do: + * +@@ -652,11 +664,18 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + ++typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, ++ int indent, const char *fname, ++ const ASN1_PCTX *pctx); ++ + typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); + typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); ++typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, ++ const ASN1_ITEM *it, int indent, ++ const ASN1_PCTX *pctx); + + typedef struct ASN1_COMPAT_FUNCS_st { + ASN1_new_func *asn1_new; +@@ -672,6 +691,7 @@ typedef struct ASN1_EXTERN_FUNCS_st { + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; ++ ASN1_ex_print_func *asn1_ex_print; + } ASN1_EXTERN_FUNCS; + + typedef struct ASN1_PRIMITIVE_FUNCS_st { +@@ -682,6 +702,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; ++ ASN1_primitive_print *prim_print; + } ASN1_PRIMITIVE_FUNCS; + + /* +@@ -697,7 +718,8 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { + * more appropriate. + */ + +-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it); ++typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, ++ void *exarg); + + typedef struct ASN1_AUX_st { + void *app_data; +@@ -708,6 +730,23 @@ typedef struct ASN1_AUX_st { + int enc_offset; /* Offset of ASN1_ENCODING structure */ + } ASN1_AUX; + ++/* For print related callbacks exarg points to this structure */ ++typedef struct ASN1_PRINT_ARG_st { ++ BIO *out; ++ int indent; ++ const ASN1_PCTX *pctx; ++} ASN1_PRINT_ARG; ++ ++/* For streaming related callbacks exarg points to this structure */ ++typedef struct ASN1_STREAM_ARG_st { ++ /* BIO to stream through */ ++ BIO *out; ++ /* BIO with filters appended */ ++ BIO *ndef_bio; ++ /* Streaming I/O boundary */ ++ unsigned char **boundary; ++} ASN1_STREAM_ARG; ++ + /* Flags in ASN1_AUX */ + + /* Use a reference count */ +@@ -727,6 +766,12 @@ typedef struct ASN1_AUX_st { + # define ASN1_OP_D2I_POST 5 + # define ASN1_OP_I2D_PRE 6 + # define ASN1_OP_I2D_POST 7 ++# define ASN1_OP_PRINT_PRE 8 ++# define ASN1_OP_PRINT_POST 9 ++# define ASN1_OP_STREAM_PRE 10 ++# define ASN1_OP_STREAM_POST 11 ++# define ASN1_OP_DETACHED_PRE 12 ++# define ASN1_OP_DETACHED_POST 13 + + /* Macro to implement a primitive type */ + # define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +@@ -782,9 +827,22 @@ typedef struct ASN1_AUX_st { + # define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + ++# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ ++ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) ++ + # define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + ++# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ ++ pre stname *fname##_new(void) \ ++ { \ ++ return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ ++ } \ ++ pre void fname##_free(stname *a) \ ++ { \ ++ ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ ++ } ++ + # define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ +@@ -835,6 +893,17 @@ typedef struct ASN1_AUX_st { + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + ++# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ ++ IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) ++ ++# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ ++ int fname##_print_ctx(BIO *out, stname *x, int indent, \ ++ const ASN1_PCTX *pctx) \ ++ { \ ++ return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ ++ ASN1_ITEM_rptr(itname), pctx); \ ++ } ++ + # define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h +index 9d29b36..561ae2f 100644 +--- a/Cryptlib/Include/openssl/bio.h ++++ b/Cryptlib/Include/openssl/bio.h +@@ -68,6 +68,14 @@ + + # include + ++# ifndef OPENSSL_NO_SCTP ++# ifndef OPENSSL_SYS_VMS ++# include ++# else ++# include ++# endif ++# endif ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -95,6 +103,10 @@ extern "C" { + # define BIO_TYPE_BIO (19|0x0400)/* (half a) BIO pair */ + # define BIO_TYPE_LINEBUFFER (20|0x0200)/* filter */ + # define BIO_TYPE_DGRAM (21|0x0400|0x0100) ++# ifndef OPENSSL_NO_SCTP ++# define BIO_TYPE_DGRAM_SCTP (24|0x0400|0x0100) ++# endif ++# define BIO_TYPE_ASN1 (22|0x0200)/* filter */ + # define BIO_TYPE_COMP (23|0x0200)/* filter */ + + # define BIO_TYPE_DESCRIPTOR 0x0100/* socket, fd, connect or accept */ +@@ -161,7 +173,25 @@ extern "C" { + # define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + + # define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout +- * to * adjust socket timeouts */ ++ * to adjust socket timeouts */ ++# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 ++ ++# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 ++ ++# ifndef OPENSSL_NO_SCTP ++/* SCTP stuff */ ++# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 ++# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 ++# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 ++# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 ++# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 ++# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 ++# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 ++# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 ++# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 ++# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 ++# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 ++# endif + + /* modifiers */ + # define BIO_FP_READ 0x02 +@@ -261,7 +291,7 @@ void BIO_clear_flags(BIO *b, int flags); + * BIO_CB_RETURN flag indicates if it is after the call + */ + # define BIO_CB_RETURN 0x80 +-# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) ++# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) + # define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) + # define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +@@ -279,7 +309,6 @@ int BIO_method_type(const BIO *b); + typedef void bio_info_cb (struct bio_st *, int, const char *, int, long, + long); + +-# ifndef OPENSSL_SYS_WIN16 + typedef struct bio_method_st { + int type; + const char *name; +@@ -292,20 +321,6 @@ typedef struct bio_method_st { + int (*destroy) (BIO *); + long (*callback_ctrl) (BIO *, int, bio_info_cb *); + } BIO_METHOD; +-# else +-typedef struct bio_method_st { +- int type; +- const char *name; +- int (_far * bwrite) (); +- int (_far * bread) (); +- int (_far * bputs) (); +- int (_far * bgets) (); +- long (_far * ctrl) (); +- int (_far * create) (); +- int (_far * destroy) (); +- long (_far * callback_ctrl) (); +-} BIO_METHOD; +-# endif + + struct bio_st { + BIO_METHOD *method; +@@ -351,6 +366,35 @@ typedef struct bio_f_buffer_ctx_struct { + int obuf_off; /* write/read offset */ + } BIO_F_BUFFER_CTX; + ++/* Prefix and suffix callback in ASN1 BIO */ ++typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, ++ void *parg); ++ ++# ifndef OPENSSL_NO_SCTP ++/* SCTP parameter structs */ ++struct bio_dgram_sctp_sndinfo { ++ uint16_t snd_sid; ++ uint16_t snd_flags; ++ uint32_t snd_ppid; ++ uint32_t snd_context; ++}; ++ ++struct bio_dgram_sctp_rcvinfo { ++ uint16_t rcv_sid; ++ uint16_t rcv_ssn; ++ uint16_t rcv_flags; ++ uint32_t rcv_ppid; ++ uint32_t rcv_tsn; ++ uint32_t rcv_cumtsn; ++ uint32_t rcv_context; ++}; ++ ++struct bio_dgram_sctp_prinfo { ++ uint16_t pr_policy; ++ uint32_t pr_value; ++}; ++# endif ++ + /* connect BIO stuff */ + # define BIO_CONN_S_BEFORE 1 + # define BIO_CONN_S_GET_IP 2 +@@ -416,6 +460,14 @@ typedef struct bio_f_buffer_ctx_struct { + # define BIO_C_RESET_READ_REQUEST 147 + # define BIO_C_SET_MD_CTX 148 + ++# define BIO_C_SET_PREFIX 149 ++# define BIO_C_GET_PREFIX 150 ++# define BIO_C_SET_SUFFIX 151 ++# define BIO_C_GET_SUFFIX 152 ++ ++# define BIO_C_SET_EX_ARG 153 ++# define BIO_C_GET_EX_ARG 154 ++ + # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) + # define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +@@ -571,6 +623,8 @@ int BIO_ctrl_reset_read_request(BIO *b); + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) + # define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) ++# define BIO_dgram_get_mtu_overhead(b) \ ++ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + + /* These two aren't currently implemented */ + /* int BIO_get_ex_num(BIO *bio); */ +@@ -582,22 +636,21 @@ int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + unsigned long BIO_number_read(BIO *bio); + unsigned long BIO_number_written(BIO *bio); + +-# ifndef OPENSSL_NO_FP_API +-# if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL) +-BIO_METHOD *BIO_s_file_internal(void); +-BIO *BIO_new_file_internal(char *filename, char *mode); +-BIO *BIO_new_fp_internal(FILE *stream, int close_flag); +-# define BIO_s_file BIO_s_file_internal +-# define BIO_new_file BIO_new_file_internal +-# define BIO_new_fp BIO_new_fp_internal +-# else /* FP_API */ ++/* For BIO_f_asn1() */ ++int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, ++ asn1_ps_func *prefix_free); ++int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, ++ asn1_ps_func **pprefix_free); ++int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, ++ asn1_ps_func *suffix_free); ++int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, ++ asn1_ps_func **psuffix_free); ++ + BIO_METHOD *BIO_s_file(void); + BIO *BIO_new_file(const char *filename, const char *mode); + BIO *BIO_new_fp(FILE *stream, int close_flag); +-# define BIO_s_file_internal BIO_s_file +-# define BIO_new_file_internal BIO_new_file +-# define BIO_new_fp_internal BIO_s_file +-# endif /* FP_API */ ++# ifndef OPENSSL_NO_FP_API ++# define BIO_s_file_internal BIO_s_file + # endif + BIO *BIO_new(BIO_METHOD *type); + int BIO_set(BIO *a, BIO_METHOD *type); +@@ -628,13 +681,8 @@ int BIO_nread(BIO *bio, char **buf, int num); + int BIO_nwrite0(BIO *bio, char **buf); + int BIO_nwrite(BIO *bio, char **buf, int num); + +-# ifndef OPENSSL_SYS_WIN16 + long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); +-# else +-long _far _loadds BIO_debug_callback(BIO *bio, int cmd, const char *argp, +- int argi, long argl, long ret); +-# endif + + BIO_METHOD *BIO_s_mem(void); + BIO *BIO_new_mem_buf(void *buf, int len); +@@ -655,6 +703,9 @@ BIO_METHOD *BIO_f_linebuffer(void); + BIO_METHOD *BIO_f_nbio_test(void); + # ifndef OPENSSL_NO_DGRAM + BIO_METHOD *BIO_s_datagram(void); ++# ifndef OPENSSL_NO_SCTP ++BIO_METHOD *BIO_s_datagram_sctp(void); ++# endif + # endif + + /* BIO_METHOD *BIO_f_ber(void); */ +@@ -675,6 +726,9 @@ int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); + int BIO_dump_fp(FILE *fp, const char *s, int len); + int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); + # endif ++int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, ++ int datalen); ++ + struct hostent *BIO_gethostbyname(const char *name); + /*- + * We might want a thread-safe interface too: +@@ -698,9 +752,21 @@ int BIO_set_tcp_ndelay(int sock, int turn_on); + + BIO *BIO_new_socket(int sock, int close_flag); + BIO *BIO_new_dgram(int fd, int close_flag); ++# ifndef OPENSSL_NO_SCTP ++BIO *BIO_new_dgram_sctp(int fd, int close_flag); ++int BIO_dgram_is_sctp(BIO *bio); ++int BIO_dgram_sctp_notification_cb(BIO *b, ++ void (*handle_notifications) (BIO *bio, ++ void ++ *context, ++ void *buf), ++ void *context); ++int BIO_dgram_sctp_wait_for_dry(BIO *b); ++int BIO_dgram_sctp_msg_waiting(BIO *b); ++# endif + BIO *BIO_new_fd(int fd, int close_flag); +-BIO *BIO_new_connect(char *host_port); +-BIO *BIO_new_accept(char *host_port); ++BIO *BIO_new_connect(const char *host_port); ++BIO *BIO_new_accept(const char *host_port); + + int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +@@ -766,6 +832,8 @@ void ERR_load_BIO_strings(void); + # define BIO_F_BUFFER_CTRL 114 + # define BIO_F_CONN_CTRL 127 + # define BIO_F_CONN_STATE 115 ++# define BIO_F_DGRAM_SCTP_READ 132 ++# define BIO_F_DGRAM_SCTP_WRITE 133 + # define BIO_F_FILE_CTRL 116 + # define BIO_F_FILE_READ 130 + # define BIO_F_LINEBUFFER_CTRL 129 +diff --git a/Cryptlib/Include/openssl/blowfish.h b/Cryptlib/Include/openssl/blowfish.h +index db19b9a..8329302 100644 +--- a/Cryptlib/Include/openssl/blowfish.h ++++ b/Cryptlib/Include/openssl/blowfish.h +@@ -79,7 +79,7 @@ extern "C" { + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +-# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# if defined(__LP32__) + # define BF_LONG unsigned long + # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) + # define BF_LONG unsigned long +diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h +index 6dc2d75..5696965 100644 +--- a/Cryptlib/Include/openssl/bn.h ++++ b/Cryptlib/Include/openssl/bn.h +@@ -56,6 +56,59 @@ + * [including the GNU Public Licence.] + */ + /* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by +@@ -77,6 +130,7 @@ + # include /* FILE */ + # endif + # include ++# include + + #ifdef __cplusplus + extern "C" { +@@ -94,9 +148,11 @@ extern "C" { + /* #define BN_DEBUG */ + /* #define BN_DEBUG_RAND */ + +-# define BN_MUL_COMBA +-# define BN_SQR_COMBA +-# define BN_RECURSION ++# ifndef OPENSSL_SMALL_FOOTPRINT ++# define BN_MUL_COMBA ++# define BN_SQR_COMBA ++# define BN_RECURSION ++# endif + + /* + * This next option uses the C libraries (2 word)/(1 word) function. If it is +@@ -139,6 +195,8 @@ extern "C" { + # define BN_DEC_FMT1 "%lu" + # define BN_DEC_FMT2 "%019lu" + # define BN_DEC_NUM 19 ++# define BN_HEX_FMT1 "%lX" ++# define BN_HEX_FMT2 "%016lX" + # endif + + /* +@@ -165,83 +223,37 @@ extern "C" { + # define BN_DEC_FMT1 "%llu" + # define BN_DEC_FMT2 "%019llu" + # define BN_DEC_NUM 19 ++# define BN_HEX_FMT1 "%llX" ++# define BN_HEX_FMT2 "%016llX" + # endif + + # ifdef THIRTY_TWO_BIT + # ifdef BN_LLONG +-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) ++# if defined(_WIN32) && !defined(__GNUC__) + # define BN_ULLONG unsigned __int64 ++# define BN_MASK (0xffffffffffffffffI64) + # else + # define BN_ULLONG unsigned long long ++# define BN_MASK (0xffffffffffffffffLL) + # endif + # endif +-# define BN_ULONG unsigned long +-# define BN_LONG long ++# define BN_ULONG unsigned int ++# define BN_LONG int + # define BN_BITS 64 + # define BN_BYTES 4 + # define BN_BITS2 32 + # define BN_BITS4 16 +-# ifdef OPENSSL_SYS_WIN32 +-/* VC++ doesn't like the LL suffix */ +-# define BN_MASK (0xffffffffffffffffL) +-# else +-# define BN_MASK (0xffffffffffffffffLL) +-# endif + # define BN_MASK2 (0xffffffffL) + # define BN_MASK2l (0xffff) + # define BN_MASK2h1 (0xffff8000L) + # define BN_MASK2h (0xffff0000L) + # define BN_TBIT (0x80000000L) + # define BN_DEC_CONV (1000000000L) +-# define BN_DEC_FMT1 "%lu" +-# define BN_DEC_FMT2 "%09lu" +-# define BN_DEC_NUM 9 +-# endif +- +-# ifdef SIXTEEN_BIT +-# ifndef BN_DIV2W +-# define BN_DIV2W +-# endif +-# define BN_ULLONG unsigned long +-# define BN_ULONG unsigned short +-# define BN_LONG short +-# define BN_BITS 32 +-# define BN_BYTES 2 +-# define BN_BITS2 16 +-# define BN_BITS4 8 +-# define BN_MASK (0xffffffff) +-# define BN_MASK2 (0xffff) +-# define BN_MASK2l (0xff) +-# define BN_MASK2h1 (0xff80) +-# define BN_MASK2h (0xff00) +-# define BN_TBIT (0x8000) +-# define BN_DEC_CONV (100000) +-# define BN_DEC_FMT1 "%u" +-# define BN_DEC_FMT2 "%05u" +-# define BN_DEC_NUM 5 +-# endif +- +-# ifdef EIGHT_BIT +-# ifndef BN_DIV2W +-# define BN_DIV2W +-# endif +-# define BN_ULLONG unsigned short +-# define BN_ULONG unsigned char +-# define BN_LONG char +-# define BN_BITS 16 +-# define BN_BYTES 1 +-# define BN_BITS2 8 +-# define BN_BITS4 4 +-# define BN_MASK (0xffff) +-# define BN_MASK2 (0xff) +-# define BN_MASK2l (0xf) +-# define BN_MASK2h1 (0xf8) +-# define BN_MASK2h (0xf0) +-# define BN_TBIT (0x80) +-# define BN_DEC_CONV (100) + # define BN_DEC_FMT1 "%u" +-# define BN_DEC_FMT2 "%02u" +-# define BN_DEC_NUM 2 ++# define BN_DEC_FMT2 "%09u" ++# define BN_DEC_NUM 9 ++# define BN_HEX_FMT1 "%X" ++# define BN_HEX_FMT2 "%08X" + # endif + + # define BN_DEFAULT_BITS 1280 +@@ -314,12 +326,9 @@ struct bn_mont_ctx_st { + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only + * stored for bignum algorithm) */ +-# if 0 +- /* OpenSSL 0.9.9 preview: */ +- BN_ULONG n0[2]; /* least significant word(s) of Ni */ +-# else +- BN_ULONG n0; /* least significant word of Ni */ +-# endif ++ BN_ULONG n0[2]; /* least significant word(s) of Ni; (type ++ * changed with 0.9.9, was "BN_ULONG n0;" ++ * before) */ + int flags; + }; + +@@ -522,6 +531,7 @@ char *BN_bn2hex(const BIGNUM *a); + char *BN_bn2dec(const BIGNUM *a); + int BN_hex2bn(BIGNUM **a, const char *str); + int BN_dec2bn(BIGNUM **a, const char *str); ++int BN_asc2bn(BIGNUM **a, const char *str); + int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for +@@ -589,8 +599,11 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); + int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); + int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); ++# ifndef OPENSSL_NO_DEPRECATED + unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); + void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); ++# endif ++CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); + void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); + BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +@@ -619,6 +632,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + ++# ifndef OPENSSL_NO_EC2M ++ + /* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is +@@ -630,7 +645,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + * r = a + b + */ + int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +-# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) ++# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) + /* + * r=a mod p + */ +@@ -654,7 +669,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + /* r^2 + r = a mod p */ + int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +-# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) ++# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) + /*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: +@@ -662,30 +677,32 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + * where m = p[0] > p[1] > ... > p[k] = 0. + */ + /* r = a mod p */ +-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); ++int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); + /* r = (a * b) mod p */ + int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx); ++ const int p[], BN_CTX *ctx); + /* r = (a * a) mod p */ +-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], ++int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); + /* r = (1 / b) mod p */ +-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], ++int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); + /* r = (a / b) mod p */ + int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx); ++ const int p[], BN_CTX *ctx); + /* r = (a ^ b) mod p */ + int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx); ++ const int p[], BN_CTX *ctx); + /* r = sqrt(a) mod p */ + int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, +- const unsigned int p[], BN_CTX *ctx); ++ const int p[], BN_CTX *ctx); + /* r^2 + r = a mod p */ + int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, +- const unsigned int p[], BN_CTX *ctx); +-int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); +-int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); ++ const int p[], BN_CTX *ctx); ++int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); ++int BN_GF2m_arr2poly(const int p[], BIGNUM *a); ++ ++# endif + + /* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 +@@ -762,6 +779,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ ++ /* Debug only - safe to ignore error return */ \ + RAND_pseudo_bytes(&_tmp_char, 1); \ + memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ +@@ -789,7 +807,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); + # define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ +- assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ ++ assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ ++ /* avoid unused variable warning with NDEBUG */ \ ++ (void)(_bnum2); \ + } while(0) + + # else /* !BN_DEBUG */ +@@ -805,10 +825,12 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); + # define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ +- if ((a)->top > 0) \ ++ int tmp_top = (a)->top; \ ++ if (tmp_top > 0) \ + { \ +- for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ +- if (*(ftl--)) break; \ ++ for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ ++ if (*(ftl--)) break; \ ++ (a)->top = tmp_top; \ + } \ + bn_pollute(a); \ + } +@@ -871,6 +893,7 @@ void ERR_load_BN_strings(void); + # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 + # define BN_F_BN_GF2M_MOD_SQR 136 + # define BN_F_BN_GF2M_MOD_SQRT 137 ++# define BN_F_BN_LSHIFT 145 + # define BN_F_BN_MOD_EXP2_MONT 118 + # define BN_F_BN_MOD_EXP_MONT 109 + # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +@@ -886,12 +909,14 @@ void ERR_load_BN_strings(void); + # define BN_F_BN_NEW 113 + # define BN_F_BN_RAND 114 + # define BN_F_BN_RAND_RANGE 122 ++# define BN_F_BN_RSHIFT 146 + # define BN_F_BN_USUB 115 + + /* Reason codes. */ + # define BN_R_ARG2_LT_ARG3 100 + # define BN_R_BAD_RECIPROCAL 101 + # define BN_R_BIGNUM_TOO_LONG 114 ++# define BN_R_BITS_TOO_SMALL 118 + # define BN_R_CALLED_WITH_EVEN_MODULUS 102 + # define BN_R_DIV_BY_ZERO 103 + # define BN_R_ENCODING_ERROR 104 +@@ -899,6 +924,7 @@ void ERR_load_BN_strings(void); + # define BN_R_INPUT_NOT_REDUCED 110 + # define BN_R_INVALID_LENGTH 106 + # define BN_R_INVALID_RANGE 115 ++# define BN_R_INVALID_SHIFT 119 + # define BN_R_NOT_A_SQUARE 111 + # define BN_R_NOT_INITIALIZED 107 + # define BN_R_NO_INVERSE 108 +diff --git a/Cryptlib/Include/openssl/buffer.h b/Cryptlib/Include/openssl/buffer.h +index 910832f..c343dd7 100644 +--- a/Cryptlib/Include/openssl/buffer.h ++++ b/Cryptlib/Include/openssl/buffer.h +@@ -75,18 +75,20 @@ extern "C" { + /* typedef struct buf_mem_st BUF_MEM; */ + + struct buf_mem_st { +- int length; /* current number of bytes */ ++ size_t length; /* current number of bytes */ + char *data; +- int max; /* size of buffer */ ++ size_t max; /* size of buffer */ + }; + + BUF_MEM *BUF_MEM_new(void); + void BUF_MEM_free(BUF_MEM *a); +-int BUF_MEM_grow(BUF_MEM *str, int len); +-int BUF_MEM_grow_clean(BUF_MEM *str, int len); ++int BUF_MEM_grow(BUF_MEM *str, size_t len); ++int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); ++size_t BUF_strnlen(const char *str, size_t maxlen); + char *BUF_strdup(const char *str); + char *BUF_strndup(const char *str, size_t siz); + void *BUF_memdup(const void *data, size_t siz); ++void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + + /* safe string functions */ + size_t BUF_strlcpy(char *dst, const char *src, size_t siz); +diff --git a/Cryptlib/Include/openssl/camellia.h b/Cryptlib/Include/openssl/camellia.h +new file mode 100644 +index 0000000..9be7c0f +--- /dev/null ++++ b/Cryptlib/Include/openssl/camellia.h +@@ -0,0 +1,132 @@ ++/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#ifndef HEADER_CAMELLIA_H ++# define HEADER_CAMELLIA_H ++ ++# include ++ ++# ifdef OPENSSL_NO_CAMELLIA ++# error CAMELLIA is disabled. ++# endif ++ ++# include ++ ++# define CAMELLIA_ENCRYPT 1 ++# define CAMELLIA_DECRYPT 0 ++ ++/* ++ * Because array size can't be a const in C, the following two are macros. ++ * Both sizes are in bytes. ++ */ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* This should be a hidden type, but EVP requires that the size be known */ ++ ++# define CAMELLIA_BLOCK_SIZE 16 ++# define CAMELLIA_TABLE_BYTE_LEN 272 ++# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) ++ ++typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match ++ * with WORD */ ++ ++struct camellia_key_st { ++ union { ++ double d; /* ensures 64-bit align */ ++ KEY_TABLE_TYPE rd_key; ++ } u; ++ int grand_rounds; ++}; ++typedef struct camellia_key_st CAMELLIA_KEY; ++ ++# ifdef OPENSSL_FIPS ++int private_Camellia_set_key(const unsigned char *userKey, const int bits, ++ CAMELLIA_KEY *key); ++# endif ++int Camellia_set_key(const unsigned char *userKey, const int bits, ++ CAMELLIA_KEY *key); ++ ++void Camellia_encrypt(const unsigned char *in, unsigned char *out, ++ const CAMELLIA_KEY *key); ++void Camellia_decrypt(const unsigned char *in, unsigned char *out, ++ const CAMELLIA_KEY *key); ++ ++void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, ++ const CAMELLIA_KEY *key, const int enc); ++void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const CAMELLIA_KEY *key, ++ unsigned char *ivec, const int enc); ++void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const CAMELLIA_KEY *key, ++ unsigned char *ivec, int *num, const int enc); ++void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const CAMELLIA_KEY *key, ++ unsigned char *ivec, int *num, const int enc); ++void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const CAMELLIA_KEY *key, ++ unsigned char *ivec, int *num, const int enc); ++void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const CAMELLIA_KEY *key, ++ unsigned char *ivec, int *num); ++void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const CAMELLIA_KEY *key, ++ unsigned char ivec[CAMELLIA_BLOCK_SIZE], ++ unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], ++ unsigned int *num); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* !HEADER_Camellia_H */ +diff --git a/Cryptlib/Include/openssl/cast.h b/Cryptlib/Include/openssl/cast.h +index 46c97cd..0003ec9 100644 +--- a/Cryptlib/Include/openssl/cast.h ++++ b/Cryptlib/Include/openssl/cast.h +@@ -72,7 +72,7 @@ extern "C" { + # define CAST_ENCRYPT 1 + # define CAST_DECRYPT 0 + +-# define CAST_LONG unsigned long ++# define CAST_LONG unsigned int + + # define CAST_BLOCK 8 + # define CAST_KEY_LENGTH 16 +diff --git a/Cryptlib/Include/openssl/cmac.h b/Cryptlib/Include/openssl/cmac.h +new file mode 100644 +index 0000000..175be83 +--- /dev/null ++++ b/Cryptlib/Include/openssl/cmac.h +@@ -0,0 +1,82 @@ ++/* crypto/cmac/cmac.h */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#ifndef HEADER_CMAC_H ++# define HEADER_CMAC_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# include ++ ++/* Opaque */ ++typedef struct CMAC_CTX_st CMAC_CTX; ++ ++CMAC_CTX *CMAC_CTX_new(void); ++void CMAC_CTX_cleanup(CMAC_CTX *ctx); ++void CMAC_CTX_free(CMAC_CTX *ctx); ++EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); ++int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); ++ ++int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, ++ const EVP_CIPHER *cipher, ENGINE *impl); ++int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); ++int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); ++int CMAC_resume(CMAC_CTX *ctx); ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/Include/openssl/cms.h b/Cryptlib/Include/openssl/cms.h +new file mode 100644 +index 0000000..e6c7f96 +--- /dev/null ++++ b/Cryptlib/Include/openssl/cms.h +@@ -0,0 +1,555 @@ ++/* crypto/cms/cms.h */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#ifndef HEADER_CMS_H ++# define HEADER_CMS_H ++ ++# include ++ ++# ifdef OPENSSL_NO_CMS ++# error CMS is disabled. ++# endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++typedef struct CMS_ContentInfo_st CMS_ContentInfo; ++typedef struct CMS_SignerInfo_st CMS_SignerInfo; ++typedef struct CMS_CertificateChoices CMS_CertificateChoices; ++typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; ++typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; ++typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; ++typedef struct CMS_Receipt_st CMS_Receipt; ++typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; ++typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; ++ ++DECLARE_STACK_OF(CMS_SignerInfo) ++DECLARE_STACK_OF(GENERAL_NAMES) ++DECLARE_STACK_OF(CMS_RecipientEncryptedKey) ++DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) ++DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) ++DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) ++ ++# define CMS_SIGNERINFO_ISSUER_SERIAL 0 ++# define CMS_SIGNERINFO_KEYIDENTIFIER 1 ++ ++# define CMS_RECIPINFO_NONE -1 ++# define CMS_RECIPINFO_TRANS 0 ++# define CMS_RECIPINFO_AGREE 1 ++# define CMS_RECIPINFO_KEK 2 ++# define CMS_RECIPINFO_PASS 3 ++# define CMS_RECIPINFO_OTHER 4 ++ ++/* S/MIME related flags */ ++ ++# define CMS_TEXT 0x1 ++# define CMS_NOCERTS 0x2 ++# define CMS_NO_CONTENT_VERIFY 0x4 ++# define CMS_NO_ATTR_VERIFY 0x8 ++# define CMS_NOSIGS \ ++ (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) ++# define CMS_NOINTERN 0x10 ++# define CMS_NO_SIGNER_CERT_VERIFY 0x20 ++# define CMS_NOVERIFY 0x20 ++# define CMS_DETACHED 0x40 ++# define CMS_BINARY 0x80 ++# define CMS_NOATTR 0x100 ++# define CMS_NOSMIMECAP 0x200 ++# define CMS_NOOLDMIMETYPE 0x400 ++# define CMS_CRLFEOL 0x800 ++# define CMS_STREAM 0x1000 ++# define CMS_NOCRL 0x2000 ++# define CMS_PARTIAL 0x4000 ++# define CMS_REUSE_DIGEST 0x8000 ++# define CMS_USE_KEYID 0x10000 ++# define CMS_DEBUG_DECRYPT 0x20000 ++# define CMS_KEY_PARAM 0x40000 ++ ++const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); ++ ++BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); ++int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); ++ ++ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); ++int CMS_is_detached(CMS_ContentInfo *cms); ++int CMS_set_detached(CMS_ContentInfo *cms, int detached); ++ ++# ifdef HEADER_PEM_H ++DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) ++# endif ++int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); ++CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); ++int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); ++ ++BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); ++int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); ++int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, ++ int flags); ++CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); ++int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); ++ ++int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, ++ unsigned int flags); ++ ++CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, ++ STACK_OF(X509) *certs, BIO *data, ++ unsigned int flags); ++ ++CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, ++ X509 *signcert, EVP_PKEY *pkey, ++ STACK_OF(X509) *certs, unsigned int flags); ++ ++int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); ++CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); ++ ++int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, ++ unsigned int flags); ++CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, ++ unsigned int flags); ++ ++int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, ++ const unsigned char *key, size_t keylen, ++ BIO *dcont, BIO *out, unsigned int flags); ++ ++CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, ++ const unsigned char *key, ++ size_t keylen, unsigned int flags); ++ ++int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, ++ const unsigned char *key, size_t keylen); ++ ++int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, ++ X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); ++ ++int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, ++ STACK_OF(X509) *certs, ++ X509_STORE *store, unsigned int flags); ++ ++STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); ++ ++CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, ++ const EVP_CIPHER *cipher, unsigned int flags); ++ ++int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, ++ BIO *dcont, BIO *out, unsigned int flags); ++ ++int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); ++int CMS_decrypt_set1_key(CMS_ContentInfo *cms, ++ unsigned char *key, size_t keylen, ++ unsigned char *id, size_t idlen); ++int CMS_decrypt_set1_password(CMS_ContentInfo *cms, ++ unsigned char *pass, ossl_ssize_t passlen); ++ ++STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); ++int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); ++EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); ++CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); ++CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, ++ X509 *recip, unsigned int flags); ++int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); ++int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); ++int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, ++ EVP_PKEY **pk, X509 **recip, ++ X509_ALGOR **palg); ++int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, ++ ASN1_OCTET_STRING **keyid, ++ X509_NAME **issuer, ++ ASN1_INTEGER **sno); ++ ++CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, ++ unsigned char *key, size_t keylen, ++ unsigned char *id, size_t idlen, ++ ASN1_GENERALIZEDTIME *date, ++ ASN1_OBJECT *otherTypeId, ++ ASN1_TYPE *otherType); ++ ++int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, ++ X509_ALGOR **palg, ++ ASN1_OCTET_STRING **pid, ++ ASN1_GENERALIZEDTIME **pdate, ++ ASN1_OBJECT **potherid, ++ ASN1_TYPE **pothertype); ++ ++int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, ++ unsigned char *key, size_t keylen); ++ ++int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, ++ const unsigned char *id, size_t idlen); ++ ++int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, ++ unsigned char *pass, ++ ossl_ssize_t passlen); ++ ++CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, ++ int iter, int wrap_nid, ++ int pbe_nid, ++ unsigned char *pass, ++ ossl_ssize_t passlen, ++ const EVP_CIPHER *kekciph); ++ ++int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); ++int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); ++ ++int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, ++ unsigned int flags); ++CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); ++ ++int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); ++const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); ++ ++CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); ++int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); ++int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); ++STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); ++ ++CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); ++int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); ++int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); ++STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); ++ ++int CMS_SignedData_init(CMS_ContentInfo *cms); ++CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, ++ X509 *signer, EVP_PKEY *pk, const EVP_MD *md, ++ unsigned int flags); ++EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); ++EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); ++STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); ++ ++void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); ++int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ++ ASN1_OCTET_STRING **keyid, ++ X509_NAME **issuer, ASN1_INTEGER **sno); ++int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); ++int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, ++ unsigned int flags); ++void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, ++ X509 **signer, X509_ALGOR **pdig, ++ X509_ALGOR **psig); ++ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); ++int CMS_SignerInfo_sign(CMS_SignerInfo *si); ++int CMS_SignerInfo_verify(CMS_SignerInfo *si); ++int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); ++ ++int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); ++int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, ++ int algnid, int keysize); ++int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); ++ ++int CMS_signed_get_attr_count(const CMS_SignerInfo *si); ++int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, ++ int lastpos); ++int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, ++ int lastpos); ++X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); ++X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); ++int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); ++int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, ++ const ASN1_OBJECT *obj, int type, ++ const void *bytes, int len); ++int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, ++ int nid, int type, ++ const void *bytes, int len); ++int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, ++ const char *attrname, int type, ++ const void *bytes, int len); ++void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, ++ int lastpos, int type); ++ ++int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); ++int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, ++ int lastpos); ++int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, ++ int lastpos); ++X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); ++X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); ++int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); ++int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, ++ const ASN1_OBJECT *obj, int type, ++ const void *bytes, int len); ++int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, ++ int nid, int type, ++ const void *bytes, int len); ++int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, ++ const char *attrname, int type, ++ const void *bytes, int len); ++void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, ++ int lastpos, int type); ++ ++# ifdef HEADER_X509V3_H ++ ++int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); ++CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, ++ int allorfirst, ++ STACK_OF(GENERAL_NAMES) ++ *receiptList, STACK_OF(GENERAL_NAMES) ++ *receiptsTo); ++int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); ++void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ++ ASN1_STRING **pcid, ++ int *pallorfirst, ++ STACK_OF(GENERAL_NAMES) **plist, ++ STACK_OF(GENERAL_NAMES) **prto); ++# endif ++int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, ++ X509_ALGOR **palg, ++ ASN1_OCTET_STRING **pukm); ++STACK_OF(CMS_RecipientEncryptedKey) ++*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); ++ ++int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, ++ X509_ALGOR **pubalg, ++ ASN1_BIT_STRING **pubkey, ++ ASN1_OCTET_STRING **keyid, ++ X509_NAME **issuer, ++ ASN1_INTEGER **sno); ++ ++int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); ++ ++int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, ++ ASN1_OCTET_STRING **keyid, ++ ASN1_GENERALIZEDTIME **tm, ++ CMS_OtherKeyAttribute **other, ++ X509_NAME **issuer, ASN1_INTEGER **sno); ++int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, ++ X509 *cert); ++int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); ++EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); ++int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, ++ CMS_RecipientInfo *ri, ++ CMS_RecipientEncryptedKey *rek); ++ ++int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ++ ASN1_OCTET_STRING *ukm, int keylen); ++ ++/* BEGIN ERROR CODES */ ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++void ERR_load_CMS_strings(void); ++ ++/* Error codes for the CMS functions. */ ++ ++/* Function codes. */ ++# define CMS_F_CHECK_CONTENT 99 ++# define CMS_F_CMS_ADD0_CERT 164 ++# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 ++# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 ++# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 ++# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 ++# define CMS_F_CMS_ADD1_SIGNER 102 ++# define CMS_F_CMS_ADD1_SIGNINGTIME 103 ++# define CMS_F_CMS_COMPRESS 104 ++# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 ++# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 ++# define CMS_F_CMS_COPY_CONTENT 107 ++# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 ++# define CMS_F_CMS_DATA 109 ++# define CMS_F_CMS_DATAFINAL 110 ++# define CMS_F_CMS_DATAINIT 111 ++# define CMS_F_CMS_DECRYPT 112 ++# define CMS_F_CMS_DECRYPT_SET1_KEY 113 ++# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 ++# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 ++# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 ++# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 ++# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 ++# define CMS_F_CMS_DIGEST_VERIFY 118 ++# define CMS_F_CMS_ENCODE_RECEIPT 161 ++# define CMS_F_CMS_ENCRYPT 119 ++# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 ++# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 ++# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 ++# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 ++# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 ++# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 ++# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 ++# define CMS_F_CMS_ENV_ASN1_CTRL 171 ++# define CMS_F_CMS_FINAL 127 ++# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 ++# define CMS_F_CMS_GET0_CONTENT 129 ++# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 ++# define CMS_F_CMS_GET0_ENVELOPED 131 ++# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 ++# define CMS_F_CMS_GET0_SIGNED 133 ++# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 ++# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 ++# define CMS_F_CMS_RECEIPT_VERIFY 160 ++# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 ++# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 ++# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 ++# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 ++# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 ++# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 ++# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 ++# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 ++# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 ++# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 ++# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 ++# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 ++# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 ++# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 ++# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 ++# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 ++# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 ++# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 ++# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 ++# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 ++# define CMS_F_CMS_SD_ASN1_CTRL 170 ++# define CMS_F_CMS_SET1_IAS 176 ++# define CMS_F_CMS_SET1_KEYID 177 ++# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 ++# define CMS_F_CMS_SET_DETACHED 147 ++# define CMS_F_CMS_SIGN 148 ++# define CMS_F_CMS_SIGNED_DATA_INIT 149 ++# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 ++# define CMS_F_CMS_SIGNERINFO_SIGN 151 ++# define CMS_F_CMS_SIGNERINFO_VERIFY 152 ++# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 ++# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 ++# define CMS_F_CMS_SIGN_RECEIPT 163 ++# define CMS_F_CMS_STREAM 155 ++# define CMS_F_CMS_UNCOMPRESS 156 ++# define CMS_F_CMS_VERIFY 157 ++ ++/* Reason codes. */ ++# define CMS_R_ADD_SIGNER_ERROR 99 ++# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 ++# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 ++# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 ++# define CMS_R_CIPHER_INITIALISATION_ERROR 101 ++# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 ++# define CMS_R_CMS_DATAFINAL_ERROR 103 ++# define CMS_R_CMS_LIB 104 ++# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 ++# define CMS_R_CONTENT_NOT_FOUND 105 ++# define CMS_R_CONTENT_TYPE_MISMATCH 171 ++# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 ++# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 ++# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 ++# define CMS_R_CONTENT_VERIFY_ERROR 109 ++# define CMS_R_CTRL_ERROR 110 ++# define CMS_R_CTRL_FAILURE 111 ++# define CMS_R_DECRYPT_ERROR 112 ++# define CMS_R_DIGEST_ERROR 161 ++# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 ++# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 ++# define CMS_R_ERROR_SETTING_KEY 115 ++# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 ++# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 ++# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 ++# define CMS_R_INVALID_KEY_LENGTH 118 ++# define CMS_R_MD_BIO_INIT_ERROR 119 ++# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 ++# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 ++# define CMS_R_MSGSIGDIGEST_ERROR 172 ++# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 ++# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 ++# define CMS_R_NEED_ONE_SIGNER 164 ++# define CMS_R_NOT_A_SIGNED_RECEIPT 165 ++# define CMS_R_NOT_ENCRYPTED_DATA 122 ++# define CMS_R_NOT_KEK 123 ++# define CMS_R_NOT_KEY_AGREEMENT 181 ++# define CMS_R_NOT_KEY_TRANSPORT 124 ++# define CMS_R_NOT_PWRI 177 ++# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 ++# define CMS_R_NO_CIPHER 126 ++# define CMS_R_NO_CONTENT 127 ++# define CMS_R_NO_CONTENT_TYPE 173 ++# define CMS_R_NO_DEFAULT_DIGEST 128 ++# define CMS_R_NO_DIGEST_SET 129 ++# define CMS_R_NO_KEY 130 ++# define CMS_R_NO_KEY_OR_CERT 174 ++# define CMS_R_NO_MATCHING_DIGEST 131 ++# define CMS_R_NO_MATCHING_RECIPIENT 132 ++# define CMS_R_NO_MATCHING_SIGNATURE 166 ++# define CMS_R_NO_MSGSIGDIGEST 167 ++# define CMS_R_NO_PASSWORD 178 ++# define CMS_R_NO_PRIVATE_KEY 133 ++# define CMS_R_NO_PUBLIC_KEY 134 ++# define CMS_R_NO_RECEIPT_REQUEST 168 ++# define CMS_R_NO_SIGNERS 135 ++# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 ++# define CMS_R_RECEIPT_DECODE_ERROR 169 ++# define CMS_R_RECIPIENT_ERROR 137 ++# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 ++# define CMS_R_SIGNFINAL_ERROR 139 ++# define CMS_R_SMIME_TEXT_ERROR 140 ++# define CMS_R_STORE_INIT_ERROR 141 ++# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 ++# define CMS_R_TYPE_NOT_DATA 143 ++# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 ++# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 ++# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 ++# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 ++# define CMS_R_UNKNOWN_CIPHER 148 ++# define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149 ++# define CMS_R_UNKNOWN_ID 150 ++# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 ++# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 ++# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 ++# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 ++# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 ++# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155 ++# define CMS_R_UNSUPPORTED_TYPE 156 ++# define CMS_R_UNWRAP_ERROR 157 ++# define CMS_R_UNWRAP_FAILURE 180 ++# define CMS_R_VERIFICATION_FAILURE 158 ++# define CMS_R_WRAP_ERROR 159 ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/Include/openssl/conf.h b/Cryptlib/Include/openssl/conf.h +index 0cdadaf..8d926d5 100644 +--- a/Cryptlib/Include/openssl/conf.h ++++ b/Cryptlib/Include/openssl/conf.h +@@ -78,8 +78,7 @@ typedef struct { + } CONF_VALUE; + + DECLARE_STACK_OF(CONF_VALUE) +-DECLARE_STACK_OF(CONF_MODULE) +-DECLARE_STACK_OF(CONF_IMODULE) ++DECLARE_LHASH_OF(CONF_VALUE); + + struct conf_st; + struct conf_method_st; +@@ -103,6 +102,9 @@ struct conf_method_st { + typedef struct conf_imodule_st CONF_IMODULE; + typedef struct conf_module_st CONF_MODULE; + ++DECLARE_STACK_OF(CONF_MODULE) ++DECLARE_STACK_OF(CONF_IMODULE) ++ + /* DSO module function typedefs */ + typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); + typedef void conf_finish_func (CONF_IMODULE *md); +@@ -115,18 +117,24 @@ typedef void conf_finish_func (CONF_IMODULE *md); + # define CONF_MFLAGS_DEFAULT_SECTION 0x20 + + int CONF_set_default_method(CONF_METHOD *meth); +-void CONF_set_nconf(CONF *conf, LHASH *hash); +-LHASH *CONF_load(LHASH *conf, const char *file, long *eline); ++void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); ++LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, ++ long *eline); + # ifndef OPENSSL_NO_FP_API +-LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline); ++LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, ++ long *eline); + # endif +-LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline); +-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section); +-char *CONF_get_string(LHASH *conf, const char *group, const char *name); +-long CONF_get_number(LHASH *conf, const char *group, const char *name); +-void CONF_free(LHASH *conf); +-int CONF_dump_fp(LHASH *conf, FILE *out); +-int CONF_dump_bio(LHASH *conf, BIO *out); ++LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, ++ long *eline); ++STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, ++ const char *section); ++char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, ++ const char *name); ++long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, ++ const char *name); ++void CONF_free(LHASH_OF(CONF_VALUE) *conf); ++int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); ++int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + + void OPENSSL_config(const char *config_name); + void OPENSSL_no_config(void); +@@ -139,7 +147,7 @@ void OPENSSL_no_config(void); + struct conf_st { + CONF_METHOD *meth; + void *meth_data; +- LHASH *data; ++ LHASH_OF(CONF_VALUE) *data; + }; + + CONF *NCONF_new(CONF_METHOD *meth); +@@ -217,6 +225,7 @@ void ERR_load_CONF_strings(void); + # define CONF_F_CONF_LOAD_BIO 102 + # define CONF_F_CONF_LOAD_FP 103 + # define CONF_F_CONF_MODULES_LOAD 116 ++# define CONF_F_CONF_PARSE_LIST 119 + # define CONF_F_DEF_LOAD 120 + # define CONF_F_DEF_LOAD_BIO 121 + # define CONF_F_MODULE_INIT 115 +@@ -236,6 +245,7 @@ void ERR_load_CONF_strings(void); + + /* Reason codes. */ + # define CONF_R_ERROR_LOADING_DSO 110 ++# define CONF_R_LIST_CANNOT_BE_NULL 115 + # define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 + # define CONF_R_MISSING_EQUAL_SIGN 101 + # define CONF_R_MISSING_FINISH_FUNCTION 111 +diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h +index 748330f..d6e804e 100644 +--- a/Cryptlib/Include/openssl/crypto.h ++++ b/Cryptlib/Include/openssl/crypto.h +@@ -1,6 +1,6 @@ + /* crypto/crypto.h */ + /* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -223,13 +223,9 @@ typedef struct openssl_item_st { + # define CRYPTO_LOCK_EC_PRE_COMP 36 + # define CRYPTO_LOCK_STORE 37 + # define CRYPTO_LOCK_COMP 38 +-# ifndef OPENSSL_FIPS +-# define CRYPTO_NUM_LOCKS 39 +-# else +-# define CRYPTO_LOCK_FIPS 39 +-# define CRYPTO_LOCK_FIPS2 40 +-# define CRYPTO_NUM_LOCKS 41 +-# endif ++# define CRYPTO_LOCK_FIPS 39 ++# define CRYPTO_LOCK_FIPS2 40 ++# define CRYPTO_NUM_LOCKS 41 + + # define CRYPTO_LOCK 1 + # define CRYPTO_UNLOCK 2 +@@ -294,10 +290,11 @@ typedef struct { + typedef struct bio_st BIO_dummy; + + struct crypto_ex_data_st { +- STACK *sk; ++ STACK_OF(void) *sk; + /* gcc is screwing up this data structure :-( */ + int dummy; + }; ++DECLARE_STACK_OF(void) + + /* + * This stuff is basically class callback functions The current classes are +@@ -360,7 +357,14 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) + * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG + * is defined) + */ +-void CRYPTO_malloc_debug_init(void); ++# define CRYPTO_malloc_debug_init() do {\ ++ CRYPTO_set_mem_debug_functions(\ ++ CRYPTO_dbg_malloc,\ ++ CRYPTO_dbg_realloc,\ ++ CRYPTO_dbg_free,\ ++ CRYPTO_dbg_set_options,\ ++ CRYPTO_dbg_get_options);\ ++ } while(0) + + int CRYPTO_mem_ctrl(int mode); + int CRYPTO_is_mem_check_on(void); +@@ -439,17 +443,31 @@ void CRYPTO_set_add_lock_callback(int (*func) + const char *file, int line)); + int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, + const char *file, int line); ++ ++/* Don't use this structure directly. */ ++typedef struct crypto_threadid_st { ++ void *ptr; ++ unsigned long val; ++} CRYPTO_THREADID; ++/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ ++void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); ++void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); ++int CRYPTO_THREADID_set_callback(void (*threadid_func) (CRYPTO_THREADID *)); ++void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *); ++void CRYPTO_THREADID_current(CRYPTO_THREADID *id); ++int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); ++void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); ++unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); ++# ifndef OPENSSL_NO_DEPRECATED + void CRYPTO_set_id_callback(unsigned long (*func) (void)); + unsigned long (*CRYPTO_get_id_callback(void)) (void); + unsigned long CRYPTO_thread_id(void); ++# endif ++ + const char *CRYPTO_get_lock_name(int type); + int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, + int line); + +-void int_CRYPTO_set_do_dynlock_callback(void (*do_dynlock_cb) +- (int mode, int type, +- const char *file, int line)); +- + int CRYPTO_get_new_dynlockid(void); + void CRYPTO_destroy_dynlockid(int i); + struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); +@@ -493,10 +511,6 @@ int CRYPTO_set_mem_debug_functions(void (*m) + const char *, int, int), + void (*f) (void *, int), void (*so) (long), + long (*go) (void)); +-void CRYPTO_set_mem_info_functions(int (*push_info_fn) +- (const char *info, const char *file, +- int line), int (*pop_info_fn) (void), +- int (*remove_all_info_fn) (void)); + void CRYPTO_get_mem_functions(void *(**m) (size_t), + void *(**r) (void *, size_t), + void (**f) (void *)); +@@ -516,10 +530,10 @@ void CRYPTO_get_mem_debug_functions(void (**m) + void (**so) (long), long (**go) (void)); + + void *CRYPTO_malloc_locked(int num, const char *file, int line); +-void CRYPTO_free_locked(void *); ++void CRYPTO_free_locked(void *ptr); + void *CRYPTO_malloc(int num, const char *file, int line); + char *CRYPTO_strdup(const char *str, const char *file, int line); +-void CRYPTO_free(void *); ++void CRYPTO_free(void *ptr); + void *CRYPTO_realloc(void *addr, int num, const char *file, int line); + void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file, + int line); +@@ -563,10 +577,6 @@ void CRYPTO_dbg_free(void *addr, int before_p); + void CRYPTO_dbg_set_options(long bits); + long CRYPTO_dbg_get_options(void); + +-int CRYPTO_dbg_push_info(const char *info, const char *file, int line); +-int CRYPTO_dbg_pop_info(void); +-int CRYPTO_dbg_remove_all_info(void); +- + # ifndef OPENSSL_NO_FP_API + void CRYPTO_mem_leaks_fp(FILE *); + # endif +@@ -584,63 +594,32 @@ unsigned long *OPENSSL_ia32cap_loc(void); + # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + int OPENSSL_isservice(void); + +-# ifdef OPENSSL_FIPS +-# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ +- alg " previous FIPS forbidden algorithm error ignored"); +- +-# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ +- #alg " Algorithm forbidden in FIPS mode"); +- +-# ifdef OPENSSL_FIPS_STRICT +-# define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) +-# else +-# define FIPS_BAD_ALGORITHM(alg) \ +- { \ +- FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ +- ERR_add_error_data(2, "Algorithm=", #alg); \ +- return 0; \ +- } +-# endif ++int FIPS_mode(void); ++int FIPS_mode_set(int r); + +-/* Low level digest API blocking macro */ ++void OPENSSL_init(void); + +-# define FIPS_NON_FIPS_MD_Init(alg) \ +- int alg##_Init(alg##_CTX *c) \ +- { \ +- if (FIPS_mode()) \ +- FIPS_BAD_ALGORITHM(alg) \ +- return private_##alg##_Init(c); \ +- } \ +- int private_##alg##_Init(alg##_CTX *c) ++# define fips_md_init(alg) fips_md_init_ctx(alg, alg) + +-/* +- * For ciphers the API often varies from cipher to cipher and each needs to +- * be treated as a special case. Variable key length ciphers (Blowfish, RC4, +- * CAST) however are very similar and can use a blocking macro. +- */ ++# ifdef OPENSSL_FIPS ++# define fips_md_init_ctx(alg, cx) \ ++ int alg##_Init(cx##_CTX *c) \ ++ { \ ++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \ ++ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ ++ return private_##alg##_Init(c); \ ++ } \ ++ int private_##alg##_Init(cx##_CTX *c) + +-# define FIPS_NON_FIPS_VCIPHER_Init(alg) \ +- void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ +- { \ +- if (FIPS_mode()) \ +- FIPS_BAD_ABORT(alg) \ +- private_##alg##_set_key(key, len, data); \ +- } \ +- void private_##alg##_set_key(alg##_KEY *key, int len, \ +- const unsigned char *data) ++# define fips_cipher_abort(alg) \ ++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \ ++ "Low level API call to cipher " #alg " forbidden in FIPS mode!") + + # else +- +-# define FIPS_NON_FIPS_VCIPHER_Init(alg) \ +- void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) +- +-# define FIPS_NON_FIPS_MD_Init(alg) \ +- int alg##_Init(alg##_CTX *c) +- +-# endif /* def OPENSSL_FIPS */ +- +-# define OPENSSL_HAVE_INIT 1 +-void OPENSSL_init(void); ++# define fips_md_init_ctx(alg, cx) \ ++ int alg##_Init(cx##_CTX *c) ++# define fips_cipher_abort(alg) while(0) ++# endif + + /* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. +@@ -667,11 +646,13 @@ void ERR_load_CRYPTO_strings(void); + # define CRYPTO_F_CRYPTO_SET_EX_DATA 102 + # define CRYPTO_F_DEF_ADD_INDEX 104 + # define CRYPTO_F_DEF_GET_CLASS 105 ++# define CRYPTO_F_FIPS_MODE_SET 109 + # define CRYPTO_F_INT_DUP_EX_DATA 106 + # define CRYPTO_F_INT_FREE_EX_DATA 107 + # define CRYPTO_F_INT_NEW_EX_DATA 108 + + /* Reason codes. */ ++# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 + # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 + + #ifdef __cplusplus +diff --git a/Cryptlib/Include/openssl/des.h b/Cryptlib/Include/openssl/des.h +index fe02e34..1b40144 100644 +--- a/Cryptlib/Include/openssl/des.h ++++ b/Cryptlib/Include/openssl/des.h +@@ -231,6 +231,10 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); + int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); + int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); + void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); ++# ifdef OPENSSL_FIPS ++void private_DES_set_key_unchecked(const_DES_cblock *key, ++ DES_key_schedule *schedule); ++# endif + void DES_string_to_key(const char *str, DES_cblock *key); + void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); + void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +diff --git a/Cryptlib/Include/openssl/dh.h b/Cryptlib/Include/openssl/dh.h +index 10d9f78..0502f1a 100644 +--- a/Cryptlib/Include/openssl/dh.h ++++ b/Cryptlib/Include/openssl/dh.h +@@ -77,8 +77,6 @@ + # define OPENSSL_DH_MAX_MODULUS_BITS 10000 + # endif + +-# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 +- + # define DH_FLAG_CACHE_MONT_P 0x01 + + /* +@@ -91,6 +89,23 @@ + */ + # define DH_FLAG_NO_EXP_CONSTTIME 0x02 + ++/* ++ * If this flag is set the DH method is FIPS compliant and can be used in ++ * FIPS mode. This is set in the validated module method. If an application ++ * sets this flag in its own methods it is its reposibility to ensure the ++ * result is compliant. ++ */ ++ ++# define DH_FLAG_FIPS_METHOD 0x0400 ++ ++/* ++ * If this flag is set the operations normally disabled in FIPS mode are ++ * permitted it is then the applications responsibility to ensure that the ++ * usage is compliant. ++ */ ++ ++# define DH_FLAG_NON_FIPS_ALLOW 0x0400 ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -152,6 +167,9 @@ struct dh_st { + # define DH_CHECK_P_NOT_SAFE_PRIME 0x02 + # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 + # define DH_NOT_SUITABLE_GENERATOR 0x08 ++# define DH_CHECK_Q_NOT_PRIME 0x10 ++# define DH_CHECK_INVALID_Q_VALUE 0x20 ++# define DH_CHECK_INVALID_J_VALUE 0x40 + + /* DH_check_pub_key error codes */ + # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +@@ -163,7 +181,6 @@ struct dh_st { + */ + # define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +-# define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) + # define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) + # define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ +@@ -171,12 +188,9 @@ struct dh_st { + # define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) + # define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +-const DH_METHOD *DH_OpenSSL(void); ++DH *DHparams_dup(DH *); + +-# ifdef OPENSSL_FIPS +-DH *FIPS_dh_new(void); +-void FIPS_dh_free(DH *dh); +-# endif ++const DH_METHOD *DH_OpenSSL(void); + + void DH_set_default_method(const DH_METHOD *meth); + const DH_METHOD *DH_get_default_method(void); +@@ -206,8 +220,11 @@ int DH_check(const DH *dh, int *codes); + int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); + int DH_generate_key(DH *dh); + int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); ++int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); + DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); + int i2d_DHparams(const DH *a, unsigned char **pp); ++DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); ++int i2d_DHxparams(const DH *a, unsigned char **pp); + # ifndef OPENSSL_NO_FP_API + int DHparams_print_fp(FILE *fp, const DH *x); + # endif +@@ -217,6 +234,110 @@ int DHparams_print(BIO *bp, const DH *x); + int DHparams_print(char *bp, const DH *x); + # endif + ++/* RFC 5114 parameters */ ++DH *DH_get_1024_160(void); ++DH *DH_get_2048_224(void); ++DH *DH_get_2048_256(void); ++ ++/* RFC2631 KDF */ ++int DH_KDF_X9_42(unsigned char *out, size_t outlen, ++ const unsigned char *Z, size_t Zlen, ++ ASN1_OBJECT *key_oid, ++ const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); ++ ++# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ ++ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) ++ ++# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ ++ EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) ++ ++# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ ++ EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) ++ ++# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ ++ EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) ++ ++# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ ++ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) ++ ++# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ ++ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) ++ ++# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) ++ ++# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) ++ ++# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid) ++ ++# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid) ++ ++# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md) ++ ++# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd) ++ ++# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) ++ ++# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen) ++ ++# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p) ++ ++# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p) ++ ++# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) ++# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) ++# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) ++# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) ++# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) ++# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) ++# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) ++# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) ++# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) ++# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) ++# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) ++# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) ++# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) ++# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) ++ ++/* KDF types */ ++# define EVP_PKEY_DH_KDF_NONE 1 ++# define EVP_PKEY_DH_KDF_X9_42 2 ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +@@ -228,22 +349,42 @@ void ERR_load_DH_strings(void); + + /* Function codes. */ + # define DH_F_COMPUTE_KEY 102 +-# define DH_F_DHPARAMS_PRINT 100 + # define DH_F_DHPARAMS_PRINT_FP 101 + # define DH_F_DH_BUILTIN_GENPARAMS 106 +-# define DH_F_DH_COMPUTE_KEY 107 +-# define DH_F_DH_GENERATE_KEY 108 +-# define DH_F_DH_GENERATE_PARAMETERS 109 ++# define DH_F_DH_CMS_DECRYPT 117 ++# define DH_F_DH_CMS_SET_PEERKEY 118 ++# define DH_F_DH_CMS_SET_SHARED_INFO 119 ++# define DH_F_DH_COMPUTE_KEY 114 ++# define DH_F_DH_GENERATE_KEY 115 ++# define DH_F_DH_GENERATE_PARAMETERS_EX 116 + # define DH_F_DH_NEW_METHOD 105 ++# define DH_F_DH_PARAM_DECODE 107 ++# define DH_F_DH_PRIV_DECODE 110 ++# define DH_F_DH_PRIV_ENCODE 111 ++# define DH_F_DH_PUB_DECODE 108 ++# define DH_F_DH_PUB_ENCODE 109 ++# define DH_F_DO_DH_PRINT 100 + # define DH_F_GENERATE_KEY 103 + # define DH_F_GENERATE_PARAMETERS 104 ++# define DH_F_PKEY_DH_DERIVE 112 ++# define DH_F_PKEY_DH_KEYGEN 113 + + /* Reason codes. */ + # define DH_R_BAD_GENERATOR 101 ++# define DH_R_BN_DECODE_ERROR 109 ++# define DH_R_BN_ERROR 106 ++# define DH_R_DECODE_ERROR 104 + # define DH_R_INVALID_PUBKEY 102 +-# define DH_R_KEY_SIZE_TOO_SMALL 104 ++# define DH_R_KDF_PARAMETER_ERROR 112 ++# define DH_R_KEYS_NOT_SET 108 ++# define DH_R_KEY_SIZE_TOO_SMALL 110 + # define DH_R_MODULUS_TOO_LARGE 103 ++# define DH_R_NON_FIPS_METHOD 111 ++# define DH_R_NO_PARAMETERS_SET 107 + # define DH_R_NO_PRIVATE_VALUE 100 ++# define DH_R_PARAMETER_ENCODING_ERROR 105 ++# define DH_R_PEER_KEY_ERROR 113 ++# define DH_R_SHARED_INFO_ERROR 114 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/dsa.h b/Cryptlib/Include/openssl/dsa.h +index 8f7b5de..545358f 100644 +--- a/Cryptlib/Include/openssl/dsa.h ++++ b/Cryptlib/Include/openssl/dsa.h +@@ -88,8 +88,6 @@ + # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 + # endif + +-# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 +- + # define DSA_FLAG_CACHE_MONT_P 0x01 + /* + * new with 0.9.7h; the built-in DSA implementation now uses constant time +@@ -115,10 +113,6 @@ + + # define DSA_FLAG_NON_FIPS_ALLOW 0x0400 + +-# ifdef OPENSSL_FIPS +-# define FIPS_DSA_SIZE_T int +-# endif +- + #ifdef __cplusplus + extern "C" { + #endif +@@ -151,7 +145,7 @@ struct dsa_method { + char *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen) (DSA *dsa, int bits, +- unsigned char *seed, int seed_len, ++ const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ +@@ -183,7 +177,6 @@ struct dsa_st { + ENGINE *engine; + }; + +-# define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) + # define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) + # define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ +@@ -191,6 +184,7 @@ struct dsa_st { + # define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) + # define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) + ++DSA *DSAparams_dup(DSA *x); + DSA_SIG *DSA_SIG_new(void); + void DSA_SIG_free(DSA_SIG *a); + int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +@@ -206,11 +200,6 @@ void DSA_set_default_method(const DSA_METHOD *); + const DSA_METHOD *DSA_get_default_method(void); + int DSA_set_method(DSA *dsa, const DSA_METHOD *); + +-# ifdef OPENSSL_FIPS +-DSA *FIPS_dsa_new(void); +-void FIPS_dsa_free(DSA *r); +-# endif +- + DSA *DSA_new(void); + DSA *DSA_new_method(ENGINE *engine); + void DSA_free(DSA *r); +@@ -242,7 +231,7 @@ DSA *DSA_generate_parameters(int bits, + + /* New version */ + int DSA_generate_parameters_ex(DSA *dsa, int bits, +- unsigned char *seed, int seed_len, ++ const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + +@@ -276,10 +265,13 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off); + DH *DSA_dup_DH(const DSA *r); + # endif + +-# ifdef OPENSSL_FIPS +-int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); +-int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); +-# endif ++# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ ++ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) ++ ++# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) ++# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) ++# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + + /* BEGIN ERROR CODES */ + /* +@@ -292,33 +284,47 @@ void ERR_load_DSA_strings(void); + + /* Function codes. */ + # define DSA_F_D2I_DSA_SIG 110 ++# define DSA_F_DO_DSA_PRINT 104 + # define DSA_F_DSAPARAMS_PRINT 100 + # define DSA_F_DSAPARAMS_PRINT_FP 101 +-# define DSA_F_DSA_BUILTIN_KEYGEN 119 +-# define DSA_F_DSA_BUILTIN_PARAMGEN 118 ++# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 + # define DSA_F_DSA_DO_SIGN 112 + # define DSA_F_DSA_DO_VERIFY 113 +-# define DSA_F_DSA_GENERATE_PARAMETERS 117 ++# define DSA_F_DSA_GENERATE_KEY 124 ++# define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 + # define DSA_F_DSA_NEW_METHOD 103 +-# define DSA_F_DSA_PRINT 104 ++# define DSA_F_DSA_PARAM_DECODE 119 + # define DSA_F_DSA_PRINT_FP 105 +-# define DSA_F_DSA_SET_DEFAULT_METHOD 115 +-# define DSA_F_DSA_SET_METHOD 116 ++# define DSA_F_DSA_PRIV_DECODE 115 ++# define DSA_F_DSA_PRIV_ENCODE 116 ++# define DSA_F_DSA_PUB_DECODE 117 ++# define DSA_F_DSA_PUB_ENCODE 118 + # define DSA_F_DSA_SIGN 106 + # define DSA_F_DSA_SIGN_SETUP 107 + # define DSA_F_DSA_SIG_NEW 109 ++# define DSA_F_DSA_SIG_PRINT 125 + # define DSA_F_DSA_VERIFY 108 + # define DSA_F_I2D_DSA_SIG 111 ++# define DSA_F_OLD_DSA_PRIV_DECODE 122 ++# define DSA_F_PKEY_DSA_CTRL 120 ++# define DSA_F_PKEY_DSA_KEYGEN 121 + # define DSA_F_SIG_CB 114 + + /* Reason codes. */ + # define DSA_R_BAD_Q_VALUE 102 ++# define DSA_R_BN_DECODE_ERROR 108 ++# define DSA_R_BN_ERROR 109 + # define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +-# define DSA_R_KEY_SIZE_TOO_SMALL 106 ++# define DSA_R_DECODE_ERROR 104 ++# define DSA_R_INVALID_DIGEST_TYPE 106 ++# define DSA_R_INVALID_PARAMETERS 112 + # define DSA_R_MISSING_PARAMETERS 101 + # define DSA_R_MODULUS_TOO_LARGE 103 +-# define DSA_R_NON_FIPS_METHOD 104 +-# define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 ++# define DSA_R_NEED_NEW_SETUP_VALUES 110 ++# define DSA_R_NON_FIPS_DSA_METHOD 111 ++# define DSA_R_NO_PARAMETERS_SET 107 ++# define DSA_R_PARAMETER_ENCODING_ERROR 105 ++# define DSA_R_Q_NOT_PRIME 113 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/dso.h b/Cryptlib/Include/openssl/dso.h +index 277427d..7c4a1dc 100644 +--- a/Cryptlib/Include/openssl/dso.h ++++ b/Cryptlib/Include/openssl/dso.h +@@ -182,6 +182,10 @@ typedef struct dso_meth_st { + /* [De]Initialisation handlers. */ + int (*init) (DSO *dso); + int (*finish) (DSO *dso); ++ /* Return pathname of the module containing location */ ++ int (*pathbyaddr) (void *addr, char *path, int sz); ++ /* Perform global symbol lookup, i.e. among *all* modules */ ++ void *(*globallookup) (const char *symname); + } DSO_METHOD; + + /**********************************************************************/ +@@ -195,7 +199,7 @@ struct dso_st { + * handler. All in all, let each method control its own destiny. + * "Handles" and such go in a STACK. + */ +- STACK *meth_data; ++ STACK_OF(void) *meth_data; + int references; + int flags; + /* +@@ -337,6 +341,31 @@ DSO_METHOD *DSO_METHOD_win32(void); + /* If VMS is defined, use shared images. If not, return NULL. */ + DSO_METHOD *DSO_METHOD_vms(void); + ++/* ++ * This function writes null-terminated pathname of DSO module containing ++ * 'addr' into 'sz' large caller-provided 'path' and returns the number of ++ * characters [including trailing zero] written to it. If 'sz' is 0 or ++ * negative, 'path' is ignored and required amount of charachers [including ++ * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then ++ * pathname of cryptolib itself is returned. Negative or zero return value ++ * denotes error. ++ */ ++int DSO_pathbyaddr(void *addr, char *path, int sz); ++ ++/* ++ * This function should be used with caution! It looks up symbols in *all* ++ * loaded modules and if module gets unloaded by somebody else attempt to ++ * dereference the pointer is doomed to have fatal consequences. Primary ++ * usage for this function is to probe *core* system functionality, e.g. ++ * check if getnameinfo(3) is available at run-time without bothering about ++ * OS-specific details such as libc.so.versioning or where does it actually ++ * reside: in libc itself or libsocket. ++ */ ++void *DSO_global_lookup(const char *name); ++ ++/* If BeOS is defined, use shared images. If not, return NULL. */ ++DSO_METHOD *DSO_METHOD_beos(void); ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +@@ -347,6 +376,11 @@ void ERR_load_DSO_strings(void); + /* Error codes for the DSO functions. */ + + /* Function codes. */ ++# define DSO_F_BEOS_BIND_FUNC 144 ++# define DSO_F_BEOS_BIND_VAR 145 ++# define DSO_F_BEOS_LOAD 146 ++# define DSO_F_BEOS_NAME_CONVERTER 147 ++# define DSO_F_BEOS_UNLOAD 148 + # define DSO_F_DLFCN_BIND_FUNC 100 + # define DSO_F_DLFCN_BIND_VAR 101 + # define DSO_F_DLFCN_LOAD 102 +@@ -366,22 +400,29 @@ void ERR_load_DSO_strings(void); + # define DSO_F_DSO_FREE 111 + # define DSO_F_DSO_GET_FILENAME 127 + # define DSO_F_DSO_GET_LOADED_FILENAME 128 ++# define DSO_F_DSO_GLOBAL_LOOKUP 139 + # define DSO_F_DSO_LOAD 112 + # define DSO_F_DSO_MERGE 132 + # define DSO_F_DSO_NEW_METHOD 113 ++# define DSO_F_DSO_PATHBYADDR 140 + # define DSO_F_DSO_SET_FILENAME 129 + # define DSO_F_DSO_SET_NAME_CONVERTER 122 + # define DSO_F_DSO_UP_REF 114 ++# define DSO_F_GLOBAL_LOOKUP_FUNC 138 ++# define DSO_F_PATHBYADDR 137 + # define DSO_F_VMS_BIND_SYM 115 + # define DSO_F_VMS_LOAD 116 + # define DSO_F_VMS_MERGER 133 + # define DSO_F_VMS_UNLOAD 117 + # define DSO_F_WIN32_BIND_FUNC 118 + # define DSO_F_WIN32_BIND_VAR 119 ++# define DSO_F_WIN32_GLOBALLOOKUP 142 ++# define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143 + # define DSO_F_WIN32_JOINER 135 + # define DSO_F_WIN32_LOAD 120 + # define DSO_F_WIN32_MERGER 134 + # define DSO_F_WIN32_NAME_CONVERTER 125 ++# define DSO_F_WIN32_PATHBYADDR 141 + # define DSO_F_WIN32_SPLITTER 136 + # define DSO_F_WIN32_UNLOAD 121 + +diff --git a/Cryptlib/Include/openssl/dtls1.h b/Cryptlib/Include/openssl/dtls1.h +index 7d6e6db..30bbcf2 100644 +--- a/Cryptlib/Include/openssl/dtls1.h ++++ b/Cryptlib/Include/openssl/dtls1.h +@@ -72,7 +72,11 @@ + # elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) + # include + # else +-# include ++# if defined(OPENSSL_SYS_VXWORKS) ++# include ++# else ++# include ++# endif + # endif + + #ifdef __cplusplus +@@ -80,10 +84,15 @@ extern "C" { + #endif + + # define DTLS1_VERSION 0xFEFF +-# define DTLS_MAX_VERSION DTLS1_VERSION ++# define DTLS1_2_VERSION 0xFEFD ++# define DTLS_MAX_VERSION DTLS1_2_VERSION ++# define DTLS1_VERSION_MAJOR 0xFE + + # define DTLS1_BAD_VER 0x0100 + ++/* Special value for method supporting multiple versions */ ++# define DTLS_ANY_VERSION 0x1FFFF ++ + # if 0 + /* this alert description is not specified anywhere... */ + # define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 +@@ -107,20 +116,30 @@ extern "C" { + # define DTLS1_AL_HEADER_LENGTH 2 + # endif + ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++# ifndef OPENSSL_NO_SCTP ++# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" ++# endif ++ ++/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ ++# define DTLS1_MAX_MTU_OVERHEAD 48 ++ + typedef struct dtls1_bitmap_st { +- PQ_64BIT map; +- unsigned long length; /* sizeof the bitmap in bits */ +- PQ_64BIT max_seq_num; /* max record number seen so far */ ++ unsigned long map; /* track 32 packets on 32-bit systems and 64 ++ * - on 64-bit systems */ ++ unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit ++ * value in big-endian encoding */ + } DTLS1_BITMAP; + + struct dtls1_retransmit_state { + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ +- const EVP_MD *write_hash; /* used for mac generation */ +-# ifndef OPENSSL_NO_COMP ++ EVP_MD_CTX *write_hash; /* used for mac generation */ ++# ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +-# else ++# else + char *compress; +-# endif ++# endif + SSL_SESSION *session; + unsigned short epoch; + }; +@@ -197,11 +216,14 @@ typedef struct dtls1_state_st { + record_pqueue buffered_app_data; + /* Is set when listening for new connections with dtls1_listen() */ + unsigned int listen; ++ unsigned int link_mtu; /* max on-the-wire DTLS packet size */ + unsigned int mtu; /* max DTLS packet size */ + struct hm_header_st w_msg_hdr; + struct hm_header_st r_msg_hdr; + struct dtls1_timeout_st timeout; +- /* Indicates when the last handshake msg sent will timeout */ ++ /* ++ * Indicates when the last handshake msg or heartbeat sent will timeout ++ */ + struct timeval next_timeout; + /* Timeout duration */ + unsigned short timeout_duration; +@@ -214,7 +236,16 @@ typedef struct dtls1_state_st { + unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; + unsigned int handshake_fragment_len; + unsigned int retransmitting; ++ /* ++ * Set when the handshake is ready to process peer's ChangeCipherSpec message. ++ * Cleared after the message has been processed. ++ */ + unsigned int change_cipher_spec_ok; ++# ifndef OPENSSL_NO_SCTP ++ /* used when SSL_ST_XX_FLUSH is entered */ ++ int next_state; ++ int shutdown_received; ++# endif + } DTLS1_STATE; + + typedef struct dtls1_record_data_st { +@@ -222,8 +253,13 @@ typedef struct dtls1_record_data_st { + unsigned int packet_length; + SSL3_BUFFER rbuf; + SSL3_RECORD rrec; ++# ifndef OPENSSL_NO_SCTP ++ struct bio_dgram_sctp_rcvinfo recordinfo; ++# endif + } DTLS1_RECORD_DATA; + ++# endif ++ + /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ + # define DTLS1_TMO_READ_COUNT 2 + # define DTLS1_TMO_WRITE_COUNT 2 +diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h +index c9f2543..7be9989 100644 +--- a/Cryptlib/Include/openssl/e_os2.h ++++ b/Cryptlib/Include/openssl/e_os2.h +@@ -101,7 +101,7 @@ extern "C" { + # undef OPENSSL_SYS_UNIX + # define OPENSSL_SYS_WIN32_UWIN + # else +-# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) ++# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN) + # undef OPENSSL_SYS_UNIX + # define OPENSSL_SYS_WIN32_CYGWIN + # else +@@ -109,6 +109,12 @@ extern "C" { + # undef OPENSSL_SYS_UNIX + # define OPENSSL_SYS_WIN32 + # endif ++# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) ++# undef OPENSSL_SYS_UNIX ++# if !defined(OPENSSL_SYS_WIN64) ++# define OPENSSL_SYS_WIN64 ++# endif ++# endif + # if defined(OPENSSL_SYSNAME_WINNT) + # undef OPENSSL_SYS_UNIX + # define OPENSSL_SYS_WINNT +@@ -121,7 +127,7 @@ extern "C" { + # endif + + /* Anything that tries to look like Microsoft is "Windows" */ +-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) ++# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) + # undef OPENSSL_SYS_UNIX + # define OPENSSL_SYS_WINDOWS + # ifndef OPENSSL_SYS_MSDOS +@@ -199,8 +205,14 @@ extern "C" { + # endif + + /* -------------------------------- VOS ----------------------------------- */ +-# ifdef OPENSSL_SYSNAME_VOS ++# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS) + # define OPENSSL_SYS_VOS ++# ifdef __HPPA__ ++# define OPENSSL_SYS_VOS_HPPA ++# endif ++# ifdef __IA32__ ++# define OPENSSL_SYS_VOS_IA32 ++# endif + # endif + + /* ------------------------------ VxWorks --------------------------------- */ +@@ -208,6 +220,17 @@ extern "C" { + # define OPENSSL_SYS_VXWORKS + # endif + ++/* -------------------------------- BeOS ---------------------------------- */ ++# if defined(__BEOS__) ++# define OPENSSL_SYS_BEOS ++# include ++# if defined(BONE_VERSION) ++# define OPENSSL_SYS_BEOS_BONE ++# else ++# define OPENSSL_SYS_BEOS_R5 ++# endif ++# endif ++ + /** + * That's it for OS-specific stuff + *****************************************************************************/ +@@ -268,18 +291,37 @@ extern "C" { + * #define foobar OPENSSL_GLOBAL_REF(foobar) + */ + # ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION +-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \ +- extern type _hide_##name; \ +- type *_shadow_##name(void) { return &_hide_##name; } \ +- static type _hide_##name ++# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ ++ type *_shadow_##name(void) \ ++ { static type _hide_##name=value; return &_hide_##name; } + # define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) + # define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) + # else +-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name ++# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value; + # define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name + # define OPENSSL_GLOBAL_REF(name) _shadow_##name + # endif + ++# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE) ++# define ossl_ssize_t long ++# endif ++ ++# ifdef OPENSSL_SYS_MSDOS ++# define ossl_ssize_t long ++# endif ++ ++# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) ++# define ssize_t int ++# endif ++ ++# if defined(__ultrix) && !defined(ssize_t) ++# define ossl_ssize_t int ++# endif ++ ++# ifndef ossl_ssize_t ++# define ossl_ssize_t ssize_t ++# endif ++ + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/Include/openssl/ebcdic.h b/Cryptlib/Include/openssl/ebcdic.h +index fc72ecf..4cbdfeb 100644 +--- a/Cryptlib/Include/openssl/ebcdic.h ++++ b/Cryptlib/Include/openssl/ebcdic.h +@@ -5,6 +5,10 @@ + + # include + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + /* Avoid name clashes with other applications */ + # define os_toascii _openssl_os_toascii + # define os_toebcdic _openssl_os_toebcdic +@@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256]; + void *ebcdic2ascii(void *dest, const void *srce, size_t count); + void *ascii2ebcdic(void *dest, const void *srce, size_t count); + ++#ifdef __cplusplus ++} ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h +index 08adf1f..6d3178f 100644 +--- a/Cryptlib/Include/openssl/ec.h ++++ b/Cryptlib/Include/openssl/ec.h +@@ -2,8 +2,12 @@ + /* + * Originally written by Bodo Moeller for the OpenSSL project. + */ ++/** ++ * \file crypto/ec/ec.h Include file for the OpenSSL EC functions ++ * \author Originally written by Bodo Moeller for the OpenSSL project ++ */ + /* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -96,10 +100,16 @@ extern "C" { + # define OPENSSL_ECC_MAX_FIELD_BITS 661 + # endif + ++/** Enum for the point conversion form as defined in X9.62 (ECDSA) ++ * for the encoding of a elliptic curve point (x,y) */ + typedef enum { +- /* values as defined in X9.62 (ECDSA) and elsewhere */ ++ /** the point is encoded as z||x, where the octet z specifies ++ * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, ++ /** the point is encoded as z||x||y, where z is the octet 0x02 */ + POINT_CONVERSION_UNCOMPRESSED = 4, ++ /** the point is encoded as z||x||y, where the octet z specifies ++ * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 + } point_conversion_form_t; + +@@ -118,89 +128,280 @@ typedef struct ec_group_st + + typedef struct ec_point_st EC_POINT; + +-/* +- * EC_METHODs for curves over GF(p). EC_GFp_simple_method provides the basis +- * for the optimized methods. ++/********************************************************************/ ++/* EC_METHODs for curves over GF(p) */ ++/********************************************************************/ ++ ++/** Returns the basic GFp ec methods which provides the basis for the ++ * optimized methods. ++ * \return EC_METHOD object + */ + const EC_METHOD *EC_GFp_simple_method(void); ++ ++/** Returns GFp methods using montgomery multiplication. ++ * \return EC_METHOD object ++ */ + const EC_METHOD *EC_GFp_mont_method(void); ++ ++/** Returns GFp methods using optimized methods for NIST recommended curves ++ * \return EC_METHOD object ++ */ + const EC_METHOD *EC_GFp_nist_method(void); + +-/* +- * EC_METHOD for curves over GF(2^m). ++# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 ++/** Returns 64-bit optimized methods for nistp224 ++ * \return EC_METHOD object ++ */ ++const EC_METHOD *EC_GFp_nistp224_method(void); ++ ++/** Returns 64-bit optimized methods for nistp256 ++ * \return EC_METHOD object ++ */ ++const EC_METHOD *EC_GFp_nistp256_method(void); ++ ++/** Returns 64-bit optimized methods for nistp521 ++ * \return EC_METHOD object ++ */ ++const EC_METHOD *EC_GFp_nistp521_method(void); ++# endif ++ ++# ifndef OPENSSL_NO_EC2M ++/********************************************************************/ ++/* EC_METHOD for curves over GF(2^m) */ ++/********************************************************************/ ++ ++/** Returns the basic GF2m ec method ++ * \return EC_METHOD object + */ + const EC_METHOD *EC_GF2m_simple_method(void); + +-EC_GROUP *EC_GROUP_new(const EC_METHOD *); +-void EC_GROUP_free(EC_GROUP *); +-void EC_GROUP_clear_free(EC_GROUP *); +-int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *); +-EC_GROUP *EC_GROUP_dup(const EC_GROUP *); ++# endif ++ ++/********************************************************************/ ++/* EC_GROUP functions */ ++/********************************************************************/ + +-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); +-int EC_METHOD_get_field_type(const EC_METHOD *); ++/** Creates a new EC_GROUP object ++ * \param meth EC_METHOD to use ++ * \return newly created EC_GROUP object or NULL in case of an error. ++ */ ++EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); ++ ++/** Frees a EC_GROUP object ++ * \param group EC_GROUP object to be freed. ++ */ ++void EC_GROUP_free(EC_GROUP *group); + +-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, ++/** Clears and frees a EC_GROUP object ++ * \param group EC_GROUP object to be cleared and freed. ++ */ ++void EC_GROUP_clear_free(EC_GROUP *group); ++ ++/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. ++ * \param dst destination EC_GROUP object ++ * \param src source EC_GROUP object ++ * \return 1 on success and 0 if an error occurred. ++ */ ++int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); ++ ++/** Creates a new EC_GROUP object and copies the copies the content ++ * form src to the newly created EC_KEY object ++ * \param src source EC_GROUP object ++ * \return newly created EC_GROUP object or NULL in case of an error. ++ */ ++EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); ++ ++/** Returns the EC_METHOD of the EC_GROUP object. ++ * \param group EC_GROUP object ++ * \return EC_METHOD used in this EC_GROUP object. ++ */ ++const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); ++ ++/** Returns the field type of the EC_METHOD. ++ * \param meth EC_METHOD object ++ * \return NID of the underlying field type OID. ++ */ ++int EC_METHOD_get_field_type(const EC_METHOD *meth); ++ ++/** Sets the generator and it's order/cofactor of a EC_GROUP object. ++ * \param group EC_GROUP object ++ * \param generator EC_POINT object with the generator. ++ * \param order the order of the group generated by the generator. ++ * \param cofactor the index of the sub-group generated by the generator ++ * in the group of all points on the elliptic curve. ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); +-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); +-int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); +-int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); + +-void EC_GROUP_set_curve_name(EC_GROUP *, int nid); +-int EC_GROUP_get_curve_name(const EC_GROUP *); ++/** Returns the generator of a EC_GROUP object. ++ * \param group EC_GROUP object ++ * \return the currently used generator (possibly NULL). ++ */ ++const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); ++ ++/** Returns the montgomery data for order(Generator) ++ * \param group EC_GROUP object ++ * \return the currently used generator (possibly NULL). ++*/ ++BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +-void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag); +-int EC_GROUP_get_asn1_flag(const EC_GROUP *); ++/** Gets the order of a EC_GROUP ++ * \param group EC_GROUP object ++ * \param order BIGNUM to which the order is copied ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t); ++/** Gets the cofactor of a EC_GROUP ++ * \param group EC_GROUP object ++ * \param cofactor BIGNUM to which the cofactor is copied ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, ++ BN_CTX *ctx); ++ ++/** Sets the name of a EC_GROUP object ++ * \param group EC_GROUP object ++ * \param nid NID of the curve name OID ++ */ ++void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); ++ ++/** Returns the curve name of a EC_GROUP object ++ * \param group EC_GROUP object ++ * \return NID of the curve name OID or 0 if not set. ++ */ ++int EC_GROUP_get_curve_name(const EC_GROUP *group); ++ ++void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); ++int EC_GROUP_get_asn1_flag(const EC_GROUP *group); ++ ++void EC_GROUP_set_point_conversion_form(EC_GROUP *group, ++ point_conversion_form_t form); + point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *); ++unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); + size_t EC_GROUP_get_seed_len(const EC_GROUP *); + size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +-int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *); +-int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, +- BN_CTX *); +-int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *); +-int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, +- BN_CTX *); ++/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b ++ * \param group EC_GROUP object ++ * \param p BIGNUM with the prime number ++ * \param a BIGNUM with parameter a of the equation ++ * \param b BIGNUM with parameter b of the equation ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx); + +-/* returns the number of bits needed to represent a field element */ +-int EC_GROUP_get_degree(const EC_GROUP *); ++/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b ++ * \param group EC_GROUP object ++ * \param p BIGNUM for the prime number ++ * \param a BIGNUM for parameter a of the equation ++ * \param b BIGNUM for parameter b of the equation ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, ++ BIGNUM *b, BN_CTX *ctx); + +-/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ ++# ifndef OPENSSL_NO_EC2M ++/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b ++ * \param group EC_GROUP object ++ * \param p BIGNUM with the polynomial defining the underlying field ++ * \param a BIGNUM with parameter a of the equation ++ * \param b BIGNUM with parameter b of the equation ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx); ++ ++/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b ++ * \param group EC_GROUP object ++ * \param p BIGNUM for the polynomial defining the underlying field ++ * \param a BIGNUM for parameter a of the equation ++ * \param b BIGNUM for parameter b of the equation ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, ++ BIGNUM *b, BN_CTX *ctx); ++# endif ++/** Returns the number of bits needed to represent a field element ++ * \param group EC_GROUP object ++ * \return number of bits needed to represent a field element ++ */ ++int EC_GROUP_get_degree(const EC_GROUP *group); ++ ++/** Checks whether the parameter in the EC_GROUP define a valid ec group ++ * \param group EC_GROUP object ++ * \param ctx BN_CTX object (optional) ++ * \return 1 if group is a valid ec group and 0 otherwise ++ */ + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +-/* +- * EC_GROUP_check_discriminant() returns 1 if the discriminant of the +- * elliptic curve is not zero, 0 otherwise ++ ++/** Checks whether the discriminant of the elliptic curve is zero or not ++ * \param group EC_GROUP object ++ * \param ctx BN_CTX object (optional) ++ * \return 1 if the discriminant is not zero and 0 otherwise + */ +-int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); ++int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +-/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ +-int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); ++/** Compares two EC_GROUP objects ++ * \param a first EC_GROUP object ++ * \param b second EC_GROUP object ++ * \param ctx BN_CTX object (optional) ++ * \return 0 if both groups are equal and 1 otherwise ++ */ ++int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + + /* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ ++ ++/** Creates a new EC_GROUP object with the specified parameters defined ++ * over GFp (defined by the equation y^2 = x^3 + a*x + b) ++ * \param p BIGNUM with the prime number ++ * \param a BIGNUM with the parameter a of the equation ++ * \param b BIGNUM with the parameter b of the equation ++ * \param ctx BN_CTX object (optional) ++ * \return newly created EC_GROUP object with the specified parameters ++ */ + EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *); ++ const BIGNUM *b, BN_CTX *ctx); ++# ifndef OPENSSL_NO_EC2M ++/** Creates a new EC_GROUP object with the specified parameters defined ++ * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) ++ * \param p BIGNUM with the polynomial defining the underlying field ++ * \param a BIGNUM with the parameter a of the equation ++ * \param b BIGNUM with the parameter b of the equation ++ * \param ctx BN_CTX object (optional) ++ * \return newly created EC_GROUP object with the specified parameters ++ */ + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *); +- +-/* +- * EC_GROUP_new_by_curve_name() creates a EC_GROUP structure specified by a +- * curve name (in form of a NID) ++ const BIGNUM *b, BN_CTX *ctx); ++# endif ++/** Creates a EC_GROUP object with a curve specified by a NID ++ * \param nid NID of the OID of the curve name ++ * \return newly created EC_GROUP object with specified curve or NULL ++ * if an error occurred + */ + EC_GROUP *EC_GROUP_new_by_curve_name(int nid); +-/* handling of internal curves */ ++ ++/********************************************************************/ ++/* handling of internal curves */ ++/********************************************************************/ ++ + typedef struct { + int nid; + const char *comment; + } EC_builtin_curve; ++ + /* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r ist not zero +@@ -209,46 +410,181 @@ typedef struct { + */ + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +-/* EC_POINT functions */ ++const char *EC_curve_nid2nist(int nid); ++int EC_curve_nist2nid(const char *name); ++ ++/********************************************************************/ ++/* EC_POINT functions */ ++/********************************************************************/ ++ ++/** Creates a new EC_POINT object for the specified EC_GROUP ++ * \param group EC_GROUP the underlying EC_GROUP object ++ * \return newly created EC_POINT object or NULL if an error occurred ++ */ ++EC_POINT *EC_POINT_new(const EC_GROUP *group); ++ ++/** Frees a EC_POINT object ++ * \param point EC_POINT object to be freed ++ */ ++void EC_POINT_free(EC_POINT *point); ++ ++/** Clears and frees a EC_POINT object ++ * \param point EC_POINT object to be cleared and freed ++ */ ++void EC_POINT_clear_free(EC_POINT *point); ++ ++/** Copies EC_POINT object ++ * \param dst destination EC_POINT object ++ * \param src source EC_POINT object ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); ++ ++/** Creates a new EC_POINT object and copies the content of the supplied ++ * EC_POINT ++ * \param src source EC_POINT object ++ * \param group underlying the EC_GROUP object ++ * \return newly created EC_POINT object or NULL if an error occurred ++ */ ++EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); ++ ++/** Returns the EC_METHOD used in EC_POINT object ++ * \param point EC_POINT object ++ * \return the EC_METHOD used ++ */ ++const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); ++ ++/** Sets a point to infinity (neutral element) ++ * \param group underlying EC_GROUP object ++ * \param point EC_POINT to set to infinity ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +-EC_POINT *EC_POINT_new(const EC_GROUP *); +-void EC_POINT_free(EC_POINT *); +-void EC_POINT_clear_free(EC_POINT *); +-int EC_POINT_copy(EC_POINT *, const EC_POINT *); +-EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); ++/** Sets the jacobian projective coordinates of a EC_POINT over GFp ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param x BIGNUM with the x-coordinate ++ * \param y BIGNUM with the y-coordinate ++ * \param z BIGNUM with the z-coordinate ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, ++ EC_POINT *p, const BIGNUM *x, ++ const BIGNUM *y, const BIGNUM *z, ++ BN_CTX *ctx); + +-const EC_METHOD *EC_POINT_method_of(const EC_POINT *); ++/** Gets the jacobian projective coordinates of a EC_POINT over GFp ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param x BIGNUM for the x-coordinate ++ * \param y BIGNUM for the y-coordinate ++ * \param z BIGNUM for the z-coordinate ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, ++ const EC_POINT *p, BIGNUM *x, ++ BIGNUM *y, BIGNUM *z, ++ BN_CTX *ctx); + +-int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *); +-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, const BIGNUM *y, +- const BIGNUM *z, BN_CTX *); +-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, +- const EC_POINT *, BIGNUM *x, +- BIGNUM *y, BIGNUM *z, BN_CTX *); +-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, ++/** Sets the affine coordinates of a EC_POINT over GFp ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param x BIGNUM with the x-coordinate ++ * \param y BIGNUM with the y-coordinate ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, +- BN_CTX *); +-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BN_CTX *); +-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, int y_bit, +- BN_CTX *); +- +-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *, ++ BN_CTX *ctx); ++ ++/** Gets the affine coordinates of a EC_POINT over GFp ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param x BIGNUM for the x-coordinate ++ * \param y BIGNUM for the y-coordinate ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, ++ const EC_POINT *p, BIGNUM *x, ++ BIGNUM *y, BN_CTX *ctx); ++ ++/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param x BIGNUM with x-coordinate ++ * \param y_bit integer with the y-Bit (either 0 or 1) ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, ++ EC_POINT *p, const BIGNUM *x, ++ int y_bit, BN_CTX *ctx); ++# ifndef OPENSSL_NO_EC2M ++/** Sets the affine coordinates of a EC_POINT over GF2m ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param x BIGNUM with the x-coordinate ++ * \param y BIGNUM with the y-coordinate ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, +- BN_CTX *); +-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BN_CTX *); +-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, int y_bit, +- BN_CTX *); +- +-size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, +- point_conversion_form_t form, unsigned char *buf, +- size_t len, BN_CTX *); +-int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, const unsigned char *buf, +- size_t len, BN_CTX *); ++ BN_CTX *ctx); ++ ++/** Gets the affine coordinates of a EC_POINT over GF2m ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param x BIGNUM for the x-coordinate ++ * \param y BIGNUM for the y-coordinate ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, ++ const EC_POINT *p, BIGNUM *x, ++ BIGNUM *y, BN_CTX *ctx); ++ ++/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param x BIGNUM with x-coordinate ++ * \param y_bit integer with the y-Bit (either 0 or 1) ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, ++ EC_POINT *p, const BIGNUM *x, ++ int y_bit, BN_CTX *ctx); ++# endif ++/** Encodes a EC_POINT object to a octet string ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param form point conversion form ++ * \param buf memory buffer for the result. If NULL the function returns ++ * required buffer size. ++ * \param len length of the memory buffer ++ * \param ctx BN_CTX object (optional) ++ * \return the length of the encoded octet string or 0 if an error occurred ++ */ ++size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, ++ point_conversion_form_t form, ++ unsigned char *buf, size_t len, BN_CTX *ctx); ++ ++/** Decodes a EC_POINT from a octet string ++ * \param group underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \param buf memory buffer with the encoded ec point ++ * \param len length of the encoded ec point ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, ++ const unsigned char *buf, size_t len, BN_CTX *ctx); + + /* other interfaces to point2oct/oct2point: */ + BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, +@@ -260,46 +596,122 @@ char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +-int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, +- const EC_POINT *b, BN_CTX *); +-int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); +-int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); ++/********************************************************************/ ++/* functions for doing EC_POINT arithmetic */ ++/********************************************************************/ + +-int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *); +-int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); +-int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, +- BN_CTX *); ++/** Computes the sum of two EC_POINT ++ * \param group underlying EC_GROUP object ++ * \param r EC_POINT object for the result (r = a + b) ++ * \param a EC_POINT object with the first summand ++ * \param b EC_POINT object with the second summand ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ++ const EC_POINT *b, BN_CTX *ctx); + +-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); +-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], +- BN_CTX *); ++/** Computes the double of a EC_POINT ++ * \param group underlying EC_GROUP object ++ * \param r EC_POINT object for the result (r = 2 * a) ++ * \param a EC_POINT object ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ++ BN_CTX *ctx); + +-int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, +- const EC_POINT *[], const BIGNUM *[], BN_CTX *); +-int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, +- const EC_POINT *, const BIGNUM *, BN_CTX *); ++/** Computes the inverse of a EC_POINT ++ * \param group underlying EC_GROUP object ++ * \param a EC_POINT object to be inverted (it's used for the result as well) ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +-/* +- * EC_GROUP_precompute_mult() stores multiples of generator for faster point +- * multiplication ++/** Checks whether the point is the neutral element of the group ++ * \param group the underlying EC_GROUP object ++ * \param p EC_POINT object ++ * \return 1 if the point is the neutral element and 0 otherwise + */ +-int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); +-/* +- * EC_GROUP_have_precompute_mult() reports whether such precomputation has +- * been done ++int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); ++ ++/** Checks whether the point is on the curve ++ * \param group underlying EC_GROUP object ++ * \param point EC_POINT object to check ++ * \param ctx BN_CTX object (optional) ++ * \return 1 if point if on the curve and 0 otherwise ++ */ ++int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, ++ BN_CTX *ctx); ++ ++/** Compares two EC_POINTs ++ * \param group underlying EC_GROUP object ++ * \param a first EC_POINT object ++ * \param b second EC_POINT object ++ * \param ctx BN_CTX object (optional) ++ * \return 0 if both points are equal and a value != 0 otherwise + */ +-int EC_GROUP_have_precompute_mult(const EC_GROUP *); ++int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, ++ BN_CTX *ctx); + +-/* ASN1 stuff */ ++int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); ++int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, ++ EC_POINT *points[], BN_CTX *ctx); ++ ++/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] ++ * \param group underlying EC_GROUP object ++ * \param r EC_POINT object for the result ++ * \param n BIGNUM with the multiplier for the group generator (optional) ++ * \param num number futher summands ++ * \param p array of size num of EC_POINT objects ++ * \param m array of size num of BIGNUM objects ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, ++ size_t num, const EC_POINT *p[], const BIGNUM *m[], ++ BN_CTX *ctx); ++ ++/** Computes r = generator * n + q * m ++ * \param group underlying EC_GROUP object ++ * \param r EC_POINT object for the result ++ * \param n BIGNUM with the multiplier for the group generator (optional) ++ * \param q EC_POINT object with the first factor of the second summand ++ * \param m BIGNUM with the second factor of the second summand ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, ++ const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); ++ ++/** Stores multiples of generator for faster point multiplication ++ * \param group EC_GROUP object ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured ++ */ ++int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); ++ ++/** Reports whether a precomputation has been done ++ * \param group EC_GROUP object ++ * \return 1 if a pre-computation has been done and 0 otherwise ++ */ ++int EC_GROUP_have_precompute_mult(const EC_GROUP *group); ++ ++/********************************************************************/ ++/* ASN1 stuff */ ++/********************************************************************/ + + /* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ + int EC_GROUP_get_basis_type(const EC_GROUP *); ++# ifndef OPENSSL_NO_EC2M + int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); + int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); ++# endif + + # define OPENSSL_EC_NAMED_CURVE 0x001 + +@@ -322,33 +734,110 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); + int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + # endif + +-/* the EC_KEY stuff */ ++/********************************************************************/ ++/* EC_KEY functions */ ++/********************************************************************/ ++ + typedef struct ec_key_st EC_KEY; + + /* some values for the encoding_flag */ + # define EC_PKEY_NO_PARAMETERS 0x001 + # define EC_PKEY_NO_PUBKEY 0x002 + ++/* some values for the flags field */ ++# define EC_FLAG_NON_FIPS_ALLOW 0x1 ++# define EC_FLAG_FIPS_CHECKED 0x2 ++ ++/** Creates a new EC_KEY object. ++ * \return EC_KEY object or NULL if an error occurred. ++ */ + EC_KEY *EC_KEY_new(void); ++ ++int EC_KEY_get_flags(const EC_KEY *key); ++ ++void EC_KEY_set_flags(EC_KEY *key, int flags); ++ ++void EC_KEY_clear_flags(EC_KEY *key, int flags); ++ ++/** Creates a new EC_KEY object using a named curve as underlying ++ * EC_GROUP object. ++ * \param nid NID of the named curve. ++ * \return EC_KEY object or NULL if an error occurred. ++ */ + EC_KEY *EC_KEY_new_by_curve_name(int nid); +-void EC_KEY_free(EC_KEY *); +-EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *); +-EC_KEY *EC_KEY_dup(const EC_KEY *); +- +-int EC_KEY_up_ref(EC_KEY *); +- +-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *); +-int EC_KEY_set_group(EC_KEY *, const EC_GROUP *); +-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *); +-int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *); +-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); +-int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); +-unsigned EC_KEY_get_enc_flags(const EC_KEY *); +-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); +-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); +-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); ++ ++/** Frees a EC_KEY object. ++ * \param key EC_KEY object to be freed. ++ */ ++void EC_KEY_free(EC_KEY *key); ++ ++/** Copies a EC_KEY object. ++ * \param dst destination EC_KEY object ++ * \param src src EC_KEY object ++ * \return dst or NULL if an error occurred. ++ */ ++EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); ++ ++/** Creates a new EC_KEY object and copies the content from src to it. ++ * \param src the source EC_KEY object ++ * \return newly created EC_KEY object or NULL if an error occurred. ++ */ ++EC_KEY *EC_KEY_dup(const EC_KEY *src); ++ ++/** Increases the internal reference count of a EC_KEY object. ++ * \param key EC_KEY object ++ * \return 1 on success and 0 if an error occurred. ++ */ ++int EC_KEY_up_ref(EC_KEY *key); ++ ++/** Returns the EC_GROUP object of a EC_KEY object ++ * \param key EC_KEY object ++ * \return the EC_GROUP object (possibly NULL). ++ */ ++const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); ++ ++/** Sets the EC_GROUP of a EC_KEY object. ++ * \param key EC_KEY object ++ * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY ++ * object will use an own copy of the EC_GROUP). ++ * \return 1 on success and 0 if an error occurred. ++ */ ++int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); ++ ++/** Returns the private key of a EC_KEY object. ++ * \param key EC_KEY object ++ * \return a BIGNUM with the private key (possibly NULL). ++ */ ++const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); ++ ++/** Sets the private key of a EC_KEY object. ++ * \param key EC_KEY object ++ * \param prv BIGNUM with the private key (note: the EC_KEY object ++ * will use an own copy of the BIGNUM). ++ * \return 1 on success and 0 if an error occurred. ++ */ ++int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); ++ ++/** Returns the public key of a EC_KEY object. ++ * \param key the EC_KEY object ++ * \return a EC_POINT object with the public key (possibly NULL) ++ */ ++const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); ++ ++/** Sets the public key of a EC_KEY object. ++ * \param key EC_KEY object ++ * \param pub EC_POINT object with the public key (note: the EC_KEY object ++ * will use an own copy of the EC_POINT object). ++ * \return 1 on success and 0 if an error occurred. ++ */ ++int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); ++ ++unsigned EC_KEY_get_enc_flags(const EC_KEY *key); ++void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); ++point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); ++void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + /* functions to set/get method specific data */ +-void *EC_KEY_get_key_method_data(EC_KEY *, ++void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func) (void *), + void (*free_func) (void *), + void (*clear_free_func) (void *)); +@@ -365,34 +854,134 @@ void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void (*free_func) (void *), + void (*clear_free_func) (void *)); + /* wrapper functions for the underlying EC_GROUP object */ +-void EC_KEY_set_asn1_flag(EC_KEY *, int); +-int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx); +- +-/* EC_KEY_generate_key() creates a ec private (public) key */ +-int EC_KEY_generate_key(EC_KEY *); +-/* EC_KEY_check_key() */ +-int EC_KEY_check_key(const EC_KEY *); +- +-/* de- and encoding functions for SEC1 ECPrivateKey */ +-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); +-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); +-/* de- and encoding functions for EC parameters */ +-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); +-int i2d_ECParameters(EC_KEY *a, unsigned char **out); +-/* +- * de- and encoding functions for EC public key (octet string, not DER -- +- * hence 'o2i' and 'i2o') ++void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); ++ ++/** Creates a table of pre-computed multiples of the generator to ++ * accelerate further EC_KEY operations. ++ * \param key EC_KEY object ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occurred. ++ */ ++int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); ++ ++/** Creates a new ec private (and optional a new public) key. ++ * \param key EC_KEY object ++ * \return 1 on success and 0 if an error occurred. ++ */ ++int EC_KEY_generate_key(EC_KEY *key); ++ ++/** Verifies that a private and/or public key is valid. ++ * \param key the EC_KEY object ++ * \return 1 on success and 0 otherwise. ++ */ ++int EC_KEY_check_key(const EC_KEY *key); ++ ++/** Sets a public key from affine coordindates performing ++ * neccessary NIST PKV tests. ++ * \param key the EC_KEY object ++ * \param x public key x coordinate ++ * \param y public key y coordinate ++ * \return 1 on success and 0 otherwise. ++ */ ++int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, ++ BIGNUM *y); ++ ++/********************************************************************/ ++/* de- and encoding functions for SEC1 ECPrivateKey */ ++/********************************************************************/ ++ ++/** Decodes a private key from a memory buffer. ++ * \param key a pointer to a EC_KEY object which should be used (or NULL) ++ * \param in pointer to memory with the DER encoded private key ++ * \param len length of the DER encoded private key ++ * \return the decoded private key or NULL if an error occurred. ++ */ ++EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); ++ ++/** Encodes a private key object and stores the result in a buffer. ++ * \param key the EC_KEY object to encode ++ * \param out the buffer for the result (if NULL the function returns number ++ * of bytes needed). ++ * \return 1 on success and 0 if an error occurred. ++ */ ++int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); ++ ++/********************************************************************/ ++/* de- and encoding functions for EC parameters */ ++/********************************************************************/ ++ ++/** Decodes ec parameter from a memory buffer. ++ * \param key a pointer to a EC_KEY object which should be used (or NULL) ++ * \param in pointer to memory with the DER encoded ec parameters ++ * \param len length of the DER encoded ec parameters ++ * \return a EC_KEY object with the decoded parameters or NULL if an error ++ * occurred. ++ */ ++EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); ++ ++/** Encodes ec parameter and stores the result in a buffer. ++ * \param key the EC_KEY object with ec paramters to encode ++ * \param out the buffer for the result (if NULL the function returns number ++ * of bytes needed). ++ * \return 1 on success and 0 if an error occurred. ++ */ ++int i2d_ECParameters(EC_KEY *key, unsigned char **out); ++ ++/********************************************************************/ ++/* de- and encoding functions for EC public key */ ++/* (octet string, not DER -- hence 'o2i' and 'i2o') */ ++/********************************************************************/ ++ ++/** Decodes a ec public key from a octet string. ++ * \param key a pointer to a EC_KEY object which should be used ++ * \param in memory buffer with the encoded public key ++ * \param len length of the encoded public key ++ * \return EC_KEY object with decoded public key or NULL if an error ++ * occurred. + */ +-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); +-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); ++EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); ++ ++/** Encodes a ec public key in an octet string. ++ * \param key the EC_KEY object with the public key ++ * \param out the buffer for the result (if NULL the function returns number ++ * of bytes needed). ++ * \return 1 on success and 0 if an error occurred ++ */ ++int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); + + # ifndef OPENSSL_NO_BIO +-int ECParameters_print(BIO *bp, const EC_KEY *x); +-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); ++/** Prints out the ec parameters on human readable form. ++ * \param bp BIO object to which the information is printed ++ * \param key EC_KEY object ++ * \return 1 on success and 0 if an error occurred ++ */ ++int ECParameters_print(BIO *bp, const EC_KEY *key); ++ ++/** Prints out the contents of a EC_KEY object ++ * \param bp BIO object to which the information is printed ++ * \param key EC_KEY object ++ * \param off line offset ++ * \return 1 on success and 0 if an error occurred ++ */ ++int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); ++ + # endif + # ifndef OPENSSL_NO_FP_API +-int ECParameters_print_fp(FILE *fp, const EC_KEY *x); +-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); ++/** Prints out the ec parameters on human readable form. ++ * \param fp file descriptor to which the information is printed ++ * \param key EC_KEY object ++ * \return 1 on success and 0 if an error occurred ++ */ ++int ECParameters_print_fp(FILE *fp, const EC_KEY *key); ++ ++/** Prints out the contents of a EC_KEY object ++ * \param fp file descriptor to which the information is printed ++ * \param key EC_KEY object ++ * \param off line offset ++ * \return 1 on success and 0 if an error occurred ++ */ ++int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); ++ + # endif + + # define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) +@@ -405,6 +994,80 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); + # endif + # endif + ++# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ ++ EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) ++ ++# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ ++ EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) ++ ++# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) ++ ++# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) ++ ++# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) ++ ++# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) ++ ++# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)md) ++ ++# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)pmd) ++ ++# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) ++ ++# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)plen) ++ ++# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)p) ++ ++# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ ++ EVP_PKEY_OP_DERIVE, \ ++ EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)p) ++ ++# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) ++# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) ++# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) ++# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) ++# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) ++# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) ++# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) ++# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) ++# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) ++# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) ++/* KDF types */ ++# define EVP_PKEY_ECDH_KDF_NONE 1 ++# define EVP_PKEY_ECDH_KDF_X9_62 2 ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +@@ -415,14 +1078,31 @@ void ERR_load_EC_strings(void); + /* Error codes for the EC functions. */ + + /* Function codes. */ ++# define EC_F_BN_TO_FELEM 224 + # define EC_F_COMPUTE_WNAF 143 + # define EC_F_D2I_ECPARAMETERS 144 + # define EC_F_D2I_ECPKPARAMETERS 145 + # define EC_F_D2I_ECPRIVATEKEY 146 ++# define EC_F_DO_EC_KEY_PRINT 221 ++# define EC_F_ECDH_CMS_DECRYPT 238 ++# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 ++# define EC_F_ECKEY_PARAM2TYPE 223 ++# define EC_F_ECKEY_PARAM_DECODE 212 ++# define EC_F_ECKEY_PRIV_DECODE 213 ++# define EC_F_ECKEY_PRIV_ENCODE 214 ++# define EC_F_ECKEY_PUB_DECODE 215 ++# define EC_F_ECKEY_PUB_ENCODE 216 ++# define EC_F_ECKEY_TYPE2PARAM 220 + # define EC_F_ECPARAMETERS_PRINT 147 + # define EC_F_ECPARAMETERS_PRINT_FP 148 + # define EC_F_ECPKPARAMETERS_PRINT 149 + # define EC_F_ECPKPARAMETERS_PRINT_FP 150 ++# define EC_F_ECP_NISTZ256_GET_AFFINE 240 ++# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 ++# define EC_F_ECP_NISTZ256_POINTS_MUL 241 ++# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 ++# define EC_F_ECP_NISTZ256_SET_WORDS 245 ++# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 + # define EC_F_ECP_NIST_MOD_192 203 + # define EC_F_ECP_NIST_MOD_224 204 + # define EC_F_ECP_NIST_MOD_256 205 +@@ -449,6 +1129,15 @@ void ERR_load_EC_strings(void); + # define EC_F_EC_GFP_MONT_FIELD_SQR 132 + # define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 + # define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 ++# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 ++# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 ++# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 ++# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 ++# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 ++# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 ++# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 ++# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 ++# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 + # define EC_F_EC_GFP_NIST_FIELD_MUL 200 + # define EC_F_EC_GFP_NIST_FIELD_SQR 201 + # define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +@@ -491,8 +1180,8 @@ void ERR_load_EC_strings(void); + # define EC_F_EC_KEY_NEW 182 + # define EC_F_EC_KEY_PRINT 180 + # define EC_F_EC_KEY_PRINT_FP 181 ++# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 + # define EC_F_EC_POINTS_MAKE_AFFINE 136 +-# define EC_F_EC_POINTS_MUL 138 + # define EC_F_EC_POINT_ADD 112 + # define EC_F_EC_POINT_CMP 113 + # define EC_F_EC_POINT_COPY 114 +@@ -522,22 +1211,39 @@ void ERR_load_EC_strings(void); + # define EC_F_I2D_ECPKPARAMETERS 191 + # define EC_F_I2D_ECPRIVATEKEY 192 + # define EC_F_I2O_ECPUBLICKEY 151 ++# define EC_F_NISTP224_PRE_COMP_NEW 227 ++# define EC_F_NISTP256_PRE_COMP_NEW 236 ++# define EC_F_NISTP521_PRE_COMP_NEW 237 + # define EC_F_O2I_ECPUBLICKEY 152 ++# define EC_F_OLD_EC_PRIV_DECODE 222 ++# define EC_F_PKEY_EC_CTRL 197 ++# define EC_F_PKEY_EC_CTRL_STR 198 ++# define EC_F_PKEY_EC_DERIVE 217 ++# define EC_F_PKEY_EC_KEYGEN 199 ++# define EC_F_PKEY_EC_PARAMGEN 219 ++# define EC_F_PKEY_EC_SIGN 218 + + /* Reason codes. */ + # define EC_R_ASN1_ERROR 115 + # define EC_R_ASN1_UNKNOWN_FIELD 116 ++# define EC_R_BIGNUM_OUT_OF_RANGE 144 + # define EC_R_BUFFER_TOO_SMALL 100 ++# define EC_R_COORDINATES_OUT_OF_RANGE 146 + # define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 ++# define EC_R_DECODE_ERROR 142 + # define EC_R_DISCRIMINANT_IS_ZERO 118 + # define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +-# define EC_R_FIELD_TOO_LARGE 138 ++# define EC_R_FIELD_TOO_LARGE 143 ++# define EC_R_GF2M_NOT_SUPPORTED 147 + # define EC_R_GROUP2PKPARAMETERS_FAILURE 120 + # define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 + # define EC_R_INCOMPATIBLE_OBJECTS 101 + # define EC_R_INVALID_ARGUMENT 112 + # define EC_R_INVALID_COMPRESSED_POINT 110 + # define EC_R_INVALID_COMPRESSION_BIT 109 ++# define EC_R_INVALID_CURVE 141 ++# define EC_R_INVALID_DIGEST 151 ++# define EC_R_INVALID_DIGEST_TYPE 138 + # define EC_R_INVALID_ENCODING 102 + # define EC_R_INVALID_FIELD 103 + # define EC_R_INVALID_FORM 104 +@@ -545,6 +1251,8 @@ void ERR_load_EC_strings(void); + # define EC_R_INVALID_PENTANOMIAL_BASIS 132 + # define EC_R_INVALID_PRIVATE_KEY 123 + # define EC_R_INVALID_TRINOMIAL_BASIS 137 ++# define EC_R_KDF_PARAMETER_ERROR 148 ++# define EC_R_KEYS_NOT_SET 140 + # define EC_R_MISSING_PARAMETERS 124 + # define EC_R_MISSING_PRIVATE_KEY 125 + # define EC_R_NOT_A_NIST_PRIME 135 +@@ -552,16 +1260,20 @@ void ERR_load_EC_strings(void); + # define EC_R_NOT_IMPLEMENTED 126 + # define EC_R_NOT_INITIALIZED 111 + # define EC_R_NO_FIELD_MOD 133 ++# define EC_R_NO_PARAMETERS_SET 139 + # define EC_R_PASSED_NULL_PARAMETER 134 ++# define EC_R_PEER_KEY_ERROR 149 + # define EC_R_PKPARAMETERS2GROUP_FAILURE 127 + # define EC_R_POINT_AT_INFINITY 106 + # define EC_R_POINT_IS_NOT_ON_CURVE 107 ++# define EC_R_SHARED_INFO_ERROR 150 + # define EC_R_SLOT_FULL 108 + # define EC_R_UNDEFINED_GENERATOR 113 + # define EC_R_UNDEFINED_ORDER 128 + # define EC_R_UNKNOWN_GROUP 129 + # define EC_R_UNKNOWN_ORDER 114 + # define EC_R_UNSUPPORTED_FIELD 131 ++# define EC_R_WRONG_CURVE_PARAMETERS 145 + # define EC_R_WRONG_ORDER 130 + + #ifdef __cplusplus +diff --git a/Cryptlib/Include/openssl/ecdh.h b/Cryptlib/Include/openssl/ecdh.h +index eb4047d..25348b3 100644 +--- a/Cryptlib/Include/openssl/ecdh.h ++++ b/Cryptlib/Include/openssl/ecdh.h +@@ -85,6 +85,8 @@ + extern "C" { + #endif + ++# define EC_FLAG_COFACTOR_ECDH 0x1000 ++ + const ECDH_METHOD *ECDH_OpenSSL(void); + + void ECDH_set_default_method(const ECDH_METHOD *); +@@ -101,6 +103,11 @@ int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); + void *ECDH_get_ex_data(EC_KEY *d, int idx); + ++int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, ++ const unsigned char *Z, size_t Zlen, ++ const unsigned char *sinfo, size_t sinfolen, ++ const EVP_MD *md); ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +@@ -111,11 +118,13 @@ void ERR_load_ECDH_strings(void); + /* Error codes for the ECDH functions. */ + + /* Function codes. */ ++# define ECDH_F_ECDH_CHECK 102 + # define ECDH_F_ECDH_COMPUTE_KEY 100 + # define ECDH_F_ECDH_DATA_NEW_METHOD 101 + + /* Reason codes. */ + # define ECDH_R_KDF_FAILED 102 ++# define ECDH_R_NON_FIPS_METHOD 103 + # define ECDH_R_NO_PRIVATE_VALUE 100 + # define ECDH_R_POINT_ARITHMETIC_FAILURE 101 + +diff --git a/Cryptlib/Include/openssl/ecdsa.h b/Cryptlib/Include/openssl/ecdsa.h +index 48dd988..c4016ac 100644 +--- a/Cryptlib/Include/openssl/ecdsa.h ++++ b/Cryptlib/Include/openssl/ecdsa.h +@@ -4,7 +4,7 @@ + * \author Written by Nils Larsch for the OpenSSL project + */ + /* ==================================================================== +- * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -80,156 +80,143 @@ typedef struct ECDSA_SIG_st { + BIGNUM *s; + } ECDSA_SIG; + +-/** ECDSA_SIG *ECDSA_SIG_new(void) +- * allocates and initialize a ECDSA_SIG structure +- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred ++/** Allocates and initialize a ECDSA_SIG structure ++ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ + ECDSA_SIG *ECDSA_SIG_new(void); + +-/** ECDSA_SIG_free +- * frees a ECDSA_SIG structure +- * \param a pointer to the ECDSA_SIG structure ++/** frees a ECDSA_SIG structure ++ * \param sig pointer to the ECDSA_SIG structure + */ +-void ECDSA_SIG_free(ECDSA_SIG *a); +- +-/** i2d_ECDSA_SIG +- * DER encode content of ECDSA_SIG object (note: this function modifies *pp +- * (*pp += length of the DER encoded signature)). +- * \param a pointer to the ECDSA_SIG object +- * \param pp pointer to a unsigned char pointer for the output or NULL +- * \return the length of the DER encoded ECDSA_SIG object or 0 ++void ECDSA_SIG_free(ECDSA_SIG *sig); ++ ++/** DER encode content of ECDSA_SIG object (note: this function modifies *pp ++ * (*pp += length of the DER encoded signature)). ++ * \param sig pointer to the ECDSA_SIG object ++ * \param pp pointer to a unsigned char pointer for the output or NULL ++ * \return the length of the DER encoded ECDSA_SIG object or 0 + */ +-int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); +- +-/** d2i_ECDSA_SIG +- * decodes a DER encoded ECDSA signature (note: this function changes *pp +- * (*pp += len)). +- * \param v pointer to ECDSA_SIG pointer (may be NULL) +- * \param pp buffer with the DER encoded signature +- * \param len bufferlength +- * \return pointer to the decoded ECDSA_SIG structure (or NULL) ++int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); ++ ++/** Decodes a DER encoded ECDSA signature (note: this function changes *pp ++ * (*pp += len)). ++ * \param sig pointer to ECDSA_SIG pointer (may be NULL) ++ * \param pp memory buffer with the DER encoded signature ++ * \param len length of the buffer ++ * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len); +- +-/** ECDSA_do_sign +- * computes the ECDSA signature of the given hash value using +- * the supplied private key and returns the created signature. +- * \param dgst pointer to the hash value +- * \param dgst_len length of the hash value +- * \param eckey pointer to the EC_KEY object containing a private EC key +- * \return pointer to a ECDSA_SIG structure or NULL ++ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); ++ ++/** Computes the ECDSA signature of the given hash value using ++ * the supplied private key and returns the created signature. ++ * \param dgst pointer to the hash value ++ * \param dgst_len length of the hash value ++ * \param eckey EC_KEY object containing a private EC key ++ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ + ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + +-/** ECDSA_do_sign_ex +- * computes ECDSA signature of a given hash value using the supplied +- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). +- * \param dgst pointer to the hash value to sign +- * \param dgstlen length of the hash value +- * \param kinv optional pointer to a pre-computed inverse k +- * \param rp optional pointer to the pre-computed rp value (see +- * ECDSA_sign_setup +- * \param eckey pointer to the EC_KEY object containing a private EC key +- * \return pointer to a ECDSA_SIG structure or NULL ++/** Computes ECDSA signature of a given hash value using the supplied ++ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). ++ * \param dgst pointer to the hash value to sign ++ * \param dgstlen length of the hash value ++ * \param kinv BIGNUM with a pre-computed inverse k (optional) ++ * \param rp BIGNUM with a pre-computed rp value (optioanl), ++ * see ECDSA_sign_setup ++ * \param eckey EC_KEY object containing a private EC key ++ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ + ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); + +-/** ECDSA_do_verify +- * verifies that the supplied signature is a valid ECDSA +- * signature of the supplied hash value using the supplied public key. +- * \param dgst pointer to the hash value +- * \param dgst_len length of the hash value +- * \param sig pointer to the ECDSA_SIG structure +- * \param eckey pointer to the EC_KEY object containing a public EC key +- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error ++/** Verifies that the supplied signature is a valid ECDSA ++ * signature of the supplied hash value using the supplied public key. ++ * \param dgst pointer to the hash value ++ * \param dgst_len length of the hash value ++ * \param sig ECDSA_SIG structure ++ * \param eckey EC_KEY object containing a public EC key ++ * \return 1 if the signature is valid, 0 if the signature is invalid ++ * and -1 on error + */ + int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + + const ECDSA_METHOD *ECDSA_OpenSSL(void); + +-/** ECDSA_set_default_method +- * sets the default ECDSA method +- * \param meth the new default ECDSA_METHOD ++/** Sets the default ECDSA method ++ * \param meth new default ECDSA_METHOD + */ + void ECDSA_set_default_method(const ECDSA_METHOD *meth); + +-/** ECDSA_get_default_method +- * returns the default ECDSA method +- * \return pointer to ECDSA_METHOD structure containing the default method ++/** Returns the default ECDSA method ++ * \return pointer to ECDSA_METHOD structure containing the default method + */ + const ECDSA_METHOD *ECDSA_get_default_method(void); + +-/** ECDSA_set_method +- * sets method to be used for the ECDSA operations +- * \param eckey pointer to the EC_KEY object +- * \param meth pointer to the new method +- * \return 1 on success and 0 otherwise ++/** Sets method to be used for the ECDSA operations ++ * \param eckey EC_KEY object ++ * \param meth new method ++ * \return 1 on success and 0 otherwise + */ + int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); + +-/** ECDSA_size +- * returns the maximum length of the DER encoded signature +- * \param eckey pointer to a EC_KEY object +- * \return numbers of bytes required for the DER encoded signature ++/** Returns the maximum length of the DER encoded signature ++ * \param eckey EC_KEY object ++ * \return numbers of bytes required for the DER encoded signature + */ + int ECDSA_size(const EC_KEY *eckey); + +-/** ECDSA_sign_setup +- * precompute parts of the signing operation. +- * \param eckey pointer to the EC_KEY object containing a private EC key +- * \param ctx pointer to a BN_CTX object (may be NULL) +- * \param kinv pointer to a BIGNUM pointer for the inverse of k +- * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator +- * \return 1 on success and 0 otherwise ++/** Precompute parts of the signing operation ++ * \param eckey EC_KEY object containing a private EC key ++ * \param ctx BN_CTX object (optional) ++ * \param kinv BIGNUM pointer for the inverse of k ++ * \param rp BIGNUM pointer for x coordinate of k * generator ++ * \return 1 on success and 0 otherwise + */ + int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + +-/** ECDSA_sign +- * computes ECDSA signature of a given hash value using the supplied +- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). +- * \param type this parameter is ignored +- * \param dgst pointer to the hash value to sign +- * \param dgstlen length of the hash value +- * \param sig buffer to hold the DER encoded signature +- * \param siglen pointer to the length of the returned signature +- * \param eckey pointer to the EC_KEY object containing a private EC key +- * \return 1 on success and 0 otherwise ++/** Computes ECDSA signature of a given hash value using the supplied ++ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). ++ * \param type this parameter is ignored ++ * \param dgst pointer to the hash value to sign ++ * \param dgstlen length of the hash value ++ * \param sig memory for the DER encoded created signature ++ * \param siglen pointer to the length of the returned signature ++ * \param eckey EC_KEY object containing a private EC key ++ * \return 1 on success and 0 otherwise + */ + int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +-/** ECDSA_sign_ex +- * computes ECDSA signature of a given hash value using the supplied +- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). +- * \param type this parameter is ignored +- * \param dgst pointer to the hash value to sign +- * \param dgstlen length of the hash value +- * \param sig buffer to hold the DER encoded signature +- * \param siglen pointer to the length of the returned signature +- * \param kinv optional pointer to a pre-computed inverse k +- * \param rp optional pointer to the pre-computed rp value (see +- * ECDSA_sign_setup +- * \param eckey pointer to the EC_KEY object containing a private EC key +- * \return 1 on success and 0 otherwise ++/** Computes ECDSA signature of a given hash value using the supplied ++ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). ++ * \param type this parameter is ignored ++ * \param dgst pointer to the hash value to sign ++ * \param dgstlen length of the hash value ++ * \param sig buffer to hold the DER encoded signature ++ * \param siglen pointer to the length of the returned signature ++ * \param kinv BIGNUM with a pre-computed inverse k (optional) ++ * \param rp BIGNUM with a pre-computed rp value (optioanl), ++ * see ECDSA_sign_setup ++ * \param eckey EC_KEY object containing a private EC key ++ * \return 1 on success and 0 otherwise + */ + int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +-/** ECDSA_verify +- * verifies that the given signature is valid ECDSA signature +- * of the supplied hash value using the specified public key. +- * \param type this parameter is ignored +- * \param dgst pointer to the hash value +- * \param dgstlen length of the hash value +- * \param sig pointer to the DER encoded signature +- * \param siglen length of the DER encoded signature +- * \param eckey pointer to the EC_KEY object containing a public EC key +- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error ++/** Verifies that the given signature is valid ECDSA signature ++ * of the supplied hash value using the specified public key. ++ * \param type this parameter is ignored ++ * \param dgst pointer to the hash value ++ * \param dgstlen length of the hash value ++ * \param sig pointer to the DER encoded signature ++ * \param siglen length of the DER encoded signature ++ * \param eckey EC_KEY object containing a public EC key ++ * \return 1 if the signature is valid, 0 if the signature is invalid ++ * and -1 on error + */ + int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); +@@ -241,6 +228,80 @@ int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); + void *ECDSA_get_ex_data(EC_KEY *d, int idx); + ++/** Allocates and initialize a ECDSA_METHOD structure ++ * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) ++ * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred ++ */ ++ ++ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method); ++ ++/** frees a ECDSA_METHOD structure ++ * \param ecdsa_method pointer to the ECDSA_METHOD structure ++ */ ++void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); ++ ++/** Sets application specific data in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param app application specific data to set ++ */ ++ ++void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app); ++ ++/** Returns application specific data from a ECDSA_METHOD structure ++ * \param ecdsa_method pointer to ECDSA_METHOD structure ++ * \return pointer to application specific data. ++ */ ++ ++void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); ++ ++/** Set the ECDSA_do_sign function in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param ecdsa_do_sign a funtion of type ECDSA_do_sign ++ */ ++ ++void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, ++ ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char ++ *dgst, int dgst_len, ++ const BIGNUM *inv, ++ const BIGNUM *rp, ++ EC_KEY *eckey)); ++ ++/** Set the ECDSA_sign_setup function in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup ++ */ ++ ++void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, ++ int (*ecdsa_sign_setup) (EC_KEY *eckey, ++ BN_CTX *ctx, ++ BIGNUM **kinv, ++ BIGNUM **r)); ++ ++/** Set the ECDSA_do_verify function in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param ecdsa_do_verify a funtion of type ECDSA_do_verify ++ */ ++ ++void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, ++ int (*ecdsa_do_verify) (const unsigned char ++ *dgst, int dgst_len, ++ const ECDSA_SIG *sig, ++ EC_KEY *eckey)); ++ ++void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); ++ ++/** Set the flags field in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param flags flags value to set ++ */ ++ ++void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); ++ ++/** Set the name field in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param name name to set ++ */ ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +@@ -251,9 +312,11 @@ void ERR_load_ECDSA_strings(void); + /* Error codes for the ECDSA functions. */ + + /* Function codes. */ ++# define ECDSA_F_ECDSA_CHECK 104 + # define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 + # define ECDSA_F_ECDSA_DO_SIGN 101 + # define ECDSA_F_ECDSA_DO_VERIFY 102 ++# define ECDSA_F_ECDSA_METHOD_NEW 105 + # define ECDSA_F_ECDSA_SIGN_SETUP 103 + + /* Reason codes. */ +@@ -262,6 +325,7 @@ void ERR_load_ECDSA_strings(void); + # define ECDSA_R_ERR_EC_LIB 102 + # define ECDSA_R_MISSING_PARAMETERS 103 + # define ECDSA_R_NEED_NEW_SETUP_VALUES 106 ++# define ECDSA_R_NON_FIPS_METHOD 107 + # define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 + # define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 + +diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h +index 335b78f..bd7b591 100644 +--- a/Cryptlib/Include/openssl/engine.h ++++ b/Cryptlib/Include/openssl/engine.h +@@ -89,16 +89,15 @@ + # include + # endif + # include +-# include + # include + # include + # endif + +-# include +- + # include + # include + ++# include ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -116,6 +115,8 @@ extern "C" { + # define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 + # define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 + # define ENGINE_METHOD_STORE (unsigned int)0x0100 ++# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 ++# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 + /* Obvious all-or-nothing cases. */ + # define ENGINE_METHOD_ALL (unsigned int)0xFFFF + # define ENGINE_METHOD_NONE (unsigned int)0x0000 +@@ -153,6 +154,14 @@ extern "C" { + # define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + + /* ++ * This flag if for an ENGINE that does not want its methods registered as ++ * part of ENGINE_register_all_complete() for example if the methods are not ++ * usable as default methods. ++ */ ++ ++# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 ++ ++/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is +@@ -354,7 +363,10 @@ typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); + typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +- ++typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, ++ const int **, int); ++typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, ++ const int **, int); + /* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This +@@ -388,20 +400,20 @@ void ENGINE_load_aep(void); + void ENGINE_load_atalla(void); + void ENGINE_load_chil(void); + void ENGINE_load_cswift(void); +-# ifndef OPENSSL_NO_GMP +-void ENGINE_load_gmp(void); +-# endif + void ENGINE_load_nuron(void); + void ENGINE_load_sureware(void); + void ENGINE_load_ubsec(void); +-# ifdef OPENSSL_SYS_WIN32 +-# ifndef OPENSSL_NO_CAPIENG ++void ENGINE_load_padlock(void); + void ENGINE_load_capi(void); +-# endif ++# ifndef OPENSSL_NO_GMP ++void ENGINE_load_gmp(void); ++# endif ++# ifndef OPENSSL_NO_GOST ++void ENGINE_load_gost(void); + # endif + # endif + void ENGINE_load_cryptodev(void); +-void ENGINE_load_padlock(void); ++void ENGINE_load_rdrand(void); + void ENGINE_load_builtin_engines(void); + + /* +@@ -456,6 +468,14 @@ int ENGINE_register_digests(ENGINE *e); + void ENGINE_unregister_digests(ENGINE *e); + void ENGINE_register_all_digests(void); + ++int ENGINE_register_pkey_meths(ENGINE *e); ++void ENGINE_unregister_pkey_meths(ENGINE *e); ++void ENGINE_register_all_pkey_meths(void); ++ ++int ENGINE_register_pkey_asn1_meths(ENGINE *e); ++void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); ++void ENGINE_register_all_pkey_asn1_meths(void); ++ + /* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application +@@ -551,6 +571,8 @@ int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + loadssl_f); + int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); + int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); ++int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); ++int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); + int ENGINE_set_flags(ENGINE *e, int flags); + int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); + /* These functions allow control over any per-structure ENGINE data. */ +@@ -593,8 +615,18 @@ ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE + *e); + ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); + ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); ++ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); ++ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); + const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); + const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); ++const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); ++const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); ++const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, ++ const char *str, ++ int len); ++const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, ++ const char *str, ++ int len); + const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); + int ENGINE_get_flags(const ENGINE *e); + +@@ -657,6 +689,8 @@ ENGINE *ENGINE_get_default_RAND(void); + */ + ENGINE *ENGINE_get_cipher_engine(int nid); + ENGINE *ENGINE_get_digest_engine(int nid); ++ENGINE *ENGINE_get_pkey_meth_engine(int nid); ++ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + + /* + * This sets a new default ENGINE structure for performing RSA operations. If +@@ -674,6 +708,8 @@ int ENGINE_set_default_DH(ENGINE *e); + int ENGINE_set_default_RAND(ENGINE *e); + int ENGINE_set_default_ciphers(ENGINE *e); + int ENGINE_set_default_digests(ENGINE *e); ++int ENGINE_set_default_pkey_meths(ENGINE *e); ++int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + + /* + * The combination "set" - the flags are bitwise "OR"d from the +@@ -762,6 +798,7 @@ typedef struct st_dynamic_fns { + */ + typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); + # define IMPLEMENT_DYNAMIC_CHECK_FN() \ ++ OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } +@@ -788,6 +825,8 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); + # define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ ++ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ ++ OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ +@@ -818,7 +857,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + */ + void *ENGINE_get_static_state(void); + +-# if defined(__OpenBSD__) || defined(__FreeBSD__) ++# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) + void ENGINE_setup_bsd_cryptodev(void); + # endif + +@@ -848,13 +887,15 @@ void ERR_load_ENGINE_strings(void); + # define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 + # define ENGINE_F_ENGINE_GET_DIGEST 186 + # define ENGINE_F_ENGINE_GET_NEXT 115 ++# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 ++# define ENGINE_F_ENGINE_GET_PKEY_METH 192 + # define ENGINE_F_ENGINE_GET_PREV 116 + # define ENGINE_F_ENGINE_INIT 119 + # define ENGINE_F_ENGINE_LIST_ADD 120 + # define ENGINE_F_ENGINE_LIST_REMOVE 121 + # define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 + # define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +-# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 ++# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 + # define ENGINE_F_ENGINE_NEW 122 + # define ENGINE_F_ENGINE_REMOVE 123 + # define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +@@ -883,7 +924,7 @@ void ERR_load_ENGINE_strings(void); + # define ENGINE_R_DSO_FAILURE 104 + # define ENGINE_R_DSO_NOT_FOUND 132 + # define ENGINE_R_ENGINES_SECTION_ERROR 148 +-# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 ++# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 + # define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 + # define ENGINE_R_ENGINE_SECTION_ERROR 149 + # define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +@@ -910,6 +951,7 @@ void ERR_load_ENGINE_strings(void); + # define ENGINE_R_RSA_NOT_IMPLEMENTED 141 + # define ENGINE_R_UNIMPLEMENTED_CIPHER 146 + # define ENGINE_R_UNIMPLEMENTED_DIGEST 147 ++# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 + # define ENGINE_R_VERSION_INCOMPATIBILITY 145 + + #ifdef __cplusplus +diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h +index 2a2ecc8..bbfdb95 100644 +--- a/Cryptlib/Include/openssl/err.h ++++ b/Cryptlib/Include/openssl/err.h +@@ -55,6 +55,59 @@ + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ + + #ifndef HEADER_ERR_H + # define HEADER_ERR_H +@@ -93,7 +146,7 @@ extern "C" { + + # define ERR_NUM_ERRORS 16 + typedef struct err_state_st { +- unsigned long pid; ++ CRYPTO_THREADID tid; + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; +@@ -141,7 +194,9 @@ typedef struct err_state_st { + # define ERR_LIB_STORE 44 + # define ERR_LIB_FIPS 45 + # define ERR_LIB_CMS 46 +-# define ERR_LIB_JPAKE 47 ++# define ERR_LIB_TS 47 ++# define ERR_LIB_HMAC 48 ++# define ERR_LIB_JPAKE 49 + + # define ERR_LIB_USER 128 + +@@ -175,6 +230,8 @@ typedef struct err_state_st { + # define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) + # define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) + # define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) ++# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) ++# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) + # define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) + + /* +@@ -231,6 +288,7 @@ typedef struct err_state_st { + # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ + # define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */ + # define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ ++# define ERR_R_TS_LIB ERR_LIB_TS/* 45 */ + + # define ERR_R_NESTED_ASN1_ERROR 58 + # define ERR_R_BAD_ASN1_OBJECT_HEADER 59 +@@ -285,6 +343,7 @@ void ERR_print_errors_fp(FILE *fp); + # endif + # ifndef OPENSSL_NO_BIO + void ERR_print_errors(BIO *bp); ++# endif + + /* Add EFIAPI for UEFI version. */ + #if defined(OPENSSL_SYS_UEFI) +@@ -292,20 +351,24 @@ void EFIAPI ERR_add_error_data(int num, ...); + #else + void ERR_add_error_data(int num, ...); + #endif +-# endif ++ ++void ERR_add_error_vdata(int num, va_list args); + void ERR_load_strings(int lib, ERR_STRING_DATA str[]); + void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); + void ERR_load_ERR_strings(void); + void ERR_load_crypto_strings(void); + void ERR_free_strings(void); + ++void ERR_remove_thread_state(const CRYPTO_THREADID *tid); ++# ifndef OPENSSL_NO_DEPRECATED + void ERR_remove_state(unsigned long pid); /* if zero we look it up */ ++# endif + ERR_STATE *ERR_get_state(void); + + # ifndef OPENSSL_NO_LHASH +-LHASH *ERR_get_string_table(void); +-LHASH *ERR_get_err_state_table(void); +-void ERR_release_err_state_table(LHASH **hash); ++LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); ++LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); ++void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); + # endif + + int ERR_get_next_error_library(void); +@@ -313,12 +376,6 @@ int ERR_get_next_error_library(void); + int ERR_set_mark(void); + int ERR_pop_to_mark(void); + +-# ifdef OPENSSL_FIPS +-void int_ERR_set_state_func(ERR_STATE *(*get_func) (void), +- void (*remove_func) (unsigned long pid)); +-void int_ERR_lib_init(void); +-# endif +- + /* Already defined in ossl_typ.h */ + /* typedef struct st_ERR_FNS ERR_FNS; */ + /* +diff --git a/Cryptlib/Include/openssl/evp.h b/Cryptlib/Include/openssl/evp.h +index df838d0..39ab793 100644 +--- a/Cryptlib/Include/openssl/evp.h ++++ b/Cryptlib/Include/openssl/evp.h +@@ -75,10 +75,6 @@ + # include + # endif + +-# ifdef OPENSSL_FIPS +-# include +-# endif +- + /*- + #define EVP_RC2_KEY_SIZE 16 + #define EVP_RC4_KEY_SIZE 16 +@@ -87,7 +83,7 @@ + #define EVP_RC5_32_12_16_KEY_SIZE 16 + */ + # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +-# define EVP_MAX_KEY_LENGTH 32 ++# define EVP_MAX_KEY_LENGTH 64 + # define EVP_MAX_IV_LENGTH 16 + # define EVP_MAX_BLOCK_LENGTH 32 + +@@ -107,7 +103,6 @@ + # define EVP_PKS_RSA 0x0100 + # define EVP_PKS_DSA 0x0200 + # define EVP_PKS_EC 0x0400 +-# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ + + # define EVP_PKEY_NONE NID_undef + # define EVP_PKEY_RSA NID_rsaEncryption +@@ -118,7 +113,10 @@ + # define EVP_PKEY_DSA3 NID_dsaWithSHA1 + # define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 + # define EVP_PKEY_DH NID_dhKeyAgreement ++# define EVP_PKEY_DHX NID_dhpublicnumber + # define EVP_PKEY_EC NID_X9_62_id_ecPublicKey ++# define EVP_PKEY_HMAC NID_hmac ++# define EVP_PKEY_CMAC NID_cmac + + #ifdef __cplusplus + extern "C" { +@@ -132,6 +130,8 @@ struct evp_pkey_st { + int type; + int save_type; + int references; ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ ENGINE *engine; + union { + char *ptr; + # ifndef OPENSSL_NO_RSA +@@ -156,70 +156,6 @@ struct evp_pkey_st { + # define EVP_PKEY_MO_ENCRYPT 0x0004 + # define EVP_PKEY_MO_DECRYPT 0x0008 + +-# if 0 +-/* +- * This structure is required to tie the message digest and signing together. +- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or oid, md +- * and pkey. This is required because for various smart-card perform the +- * digest and signing/verification on-board. To handle this case, the +- * specific EVP_MD and EVP_PKEY_METHODs need to be closely associated. When a +- * PKEY is created, it will have a EVP_PKEY_METHOD associated with it. This +- * can either be software or a token to provide the required low level +- * routines. +- */ +-typedef struct evp_pkey_md_st { +- int oid; +- EVP_MD *md; +- EVP_PKEY_METHOD *pkey; +-} EVP_PKEY_MD; +- +-# define EVP_rsa_md2() \ +- EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ +- EVP_rsa_pkcs1(),EVP_md2()) +-# define EVP_rsa_md5() \ +- EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ +- EVP_rsa_pkcs1(),EVP_md5()) +-# define EVP_rsa_sha0() \ +- EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ +- EVP_rsa_pkcs1(),EVP_sha()) +-# define EVP_rsa_sha1() \ +- EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ +- EVP_rsa_pkcs1(),EVP_sha1()) +-# define EVP_rsa_ripemd160() \ +- EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ +- EVP_rsa_pkcs1(),EVP_ripemd160()) +-# define EVP_rsa_mdc2() \ +- EVP_PKEY_MD_add(NID_mdc2WithRSA,\ +- EVP_rsa_octet_string(),EVP_mdc2()) +-# define EVP_dsa_sha() \ +- EVP_PKEY_MD_add(NID_dsaWithSHA,\ +- EVP_dsa(),EVP_sha()) +-# define EVP_dsa_sha1() \ +- EVP_PKEY_MD_add(NID_dsaWithSHA1,\ +- EVP_dsa(),EVP_sha1()) +- +-typedef struct evp_pkey_method_st { +- char *name; +- int flags; +- int type; /* RSA, DSA, an SSLeay specific constant */ +- int oid; /* For the pub-key type */ +- int encrypt_oid; /* pub/priv key encryption */ +- int (*sign) (); +- int (*verify) (); +- struct { +- int (*set) (); /* get and/or set the underlying type */ +- int (*get) (); +- int (*encrypt) (); +- int (*decrypt) (); +- int (*i2d) (); +- int (*d2i) (); +- int (*dup) (); +- } pub, priv; +- int (*set_asn1_parameters) (); +- int (*get_asn1_parameters) (); +-} EVP_PKEY_METHOD; +-# endif +- + # ifndef EVP_MD + struct env_md_st { + int type; +@@ -240,6 +176,8 @@ struct env_md_st { + int required_pkey_type[5]; /* EVP_PKEY_xxx */ + int block_size; + int ctx_size; /* how big does the ctx->md_data need to be */ ++ /* control function */ ++ int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); + } /* EVP_MD */ ; + + typedef int evp_sign_method(int type, const unsigned char *m, +@@ -250,19 +188,48 @@ typedef int evp_verify_method(int type, const unsigned char *m, + const unsigned char *sigbuf, + unsigned int siglen, void *key); + +-typedef struct { +- EVP_MD_CTX *mctx; +- void *key; +-} EVP_MD_SVCTX; +- + /* digest can only handle a single block */ + # define EVP_MD_FLAG_ONESHOT 0x0001 + ++/* ++ * digest is a "clone" digest used ++ * which is a copy of an existing ++ * one for a specific public key type. ++ * EVP_dss1() etc ++ */ ++# define EVP_MD_FLAG_PKEY_DIGEST 0x0002 ++ ++/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ ++ ++# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 ++ ++/* DigestAlgorithmIdentifier flags... */ ++ ++# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 ++ ++/* NULL or absent parameter accepted. Use NULL */ ++ ++# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 ++ ++/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ ++ ++# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 ++ ++/* Custom handling via ctrl */ ++ ++# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 ++ + /* Note if suitable for use in FIPS mode */ + # define EVP_MD_FLAG_FIPS 0x0400 + +-# define EVP_MD_FLAG_SVCTX 0x0800 +- /* pass EVP_MD_SVCTX to sign/verify */ ++/* Digest ctrls */ ++ ++# define EVP_MD_CTRL_DIGALGID 0x1 ++# define EVP_MD_CTRL_MICALG 0x2 ++ ++/* Minimum Algorithm specific ctrl value */ ++ ++# define EVP_MD_CTRL_ALG_CTRL 0x1000 + + # define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} + +@@ -304,6 +271,10 @@ struct env_md_ctx_st { + * ENGINE-provided */ + unsigned long flags; + void *md_data; ++ /* Public key context for sign/verify */ ++ EVP_PKEY_CTX *pctx; ++ /* Update function: usually copied from EVP_MD */ ++ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); + } /* EVP_MD_CTX */ ; + + /* values for EVP_MD_CTX flags */ +@@ -314,17 +285,25 @@ struct env_md_ctx_st { + * cleaned */ + # define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_cleanup */ ++/* ++ * FIPS and pad options are ignored in 1.0.0, definitions are here so we ++ * don't accidentally reuse the values for other purposes. ++ */ ++ + # define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS + * digest in FIPS mode */ + ++/* ++ * The following PAD options are also currently ignored in 1.0.0, digest ++ * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() ++ * instead. ++ */ + # define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ + # define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ + # define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ + # define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ +-# define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ +- ((ctx->flags>>16) &0xFFFF) /* seed length */ +-# define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF/* salt len same as digest */ +-# define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE/* salt max or auto recovered */ ++ ++# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ + + struct evp_cipher_st { + int nid; +@@ -339,7 +318,7 @@ struct evp_cipher_st { + const unsigned char *iv, int enc); + /* encrypt/decrypt data */ + int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); ++ const unsigned char *in, size_t inl); + /* cleanup ctx */ + int (*cleanup) (EVP_CIPHER_CTX *); + /* how big ctx->cipher_data needs to be */ +@@ -363,7 +342,12 @@ struct evp_cipher_st { + # define EVP_CIPH_CBC_MODE 0x2 + # define EVP_CIPH_CFB_MODE 0x3 + # define EVP_CIPH_OFB_MODE 0x4 +-# define EVP_CIPH_MODE 0x7 ++# define EVP_CIPH_CTR_MODE 0x5 ++# define EVP_CIPH_GCM_MODE 0x6 ++# define EVP_CIPH_CCM_MODE 0x7 ++# define EVP_CIPH_XTS_MODE 0x10001 ++# define EVP_CIPH_WRAP_MODE 0x10002 ++# define EVP_CIPH_MODE 0xF0007 + /* Set if variable length cipher */ + # define EVP_CIPH_VARIABLE_LENGTH 0x8 + /* Set if the iv handling should be done by the cipher itself */ +@@ -378,14 +362,29 @@ struct evp_cipher_st { + # define EVP_CIPH_NO_PADDING 0x100 + /* cipher handles random key generation */ + # define EVP_CIPH_RAND_KEY 0x200 +-/* Note if suitable for use in FIPS mode */ +-# define EVP_CIPH_FLAG_FIPS 0x400 +-/* Allow non FIPS cipher in FIPS mode */ +-# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 ++/* cipher has its own additional copying logic */ ++# define EVP_CIPH_CUSTOM_COPY 0x400 + /* Allow use default ASN1 get/set iv */ + # define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 + /* Buffer length in bits not bytes: CFB1 mode only */ + # define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 ++/* Note if suitable for use in FIPS mode */ ++# define EVP_CIPH_FLAG_FIPS 0x4000 ++/* Allow non FIPS cipher in FIPS mode */ ++# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 ++/* ++ * Cipher handles any and all padding logic as well as finalisation. ++ */ ++# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 ++# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 ++# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 ++ ++/* ++ * Cipher context flag to indicate we can handle wrap mode: if allowed in ++ * older applications it could overflow buffers. ++ */ ++ ++# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + + /* ctrl() values */ + +@@ -396,6 +395,51 @@ struct evp_cipher_st { + # define EVP_CTRL_GET_RC5_ROUNDS 0x4 + # define EVP_CTRL_SET_RC5_ROUNDS 0x5 + # define EVP_CTRL_RAND_KEY 0x6 ++# define EVP_CTRL_PBE_PRF_NID 0x7 ++# define EVP_CTRL_COPY 0x8 ++# define EVP_CTRL_GCM_SET_IVLEN 0x9 ++# define EVP_CTRL_GCM_GET_TAG 0x10 ++# define EVP_CTRL_GCM_SET_TAG 0x11 ++# define EVP_CTRL_GCM_SET_IV_FIXED 0x12 ++# define EVP_CTRL_GCM_IV_GEN 0x13 ++# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN ++# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG ++# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG ++# define EVP_CTRL_CCM_SET_L 0x14 ++# define EVP_CTRL_CCM_SET_MSGLEN 0x15 ++/* ++ * AEAD cipher deduces payload length and returns number of bytes required to ++ * store MAC and eventual padding. Subsequent call to EVP_Cipher even ++ * appends/verifies MAC. ++ */ ++# define EVP_CTRL_AEAD_TLS1_AAD 0x16 ++/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ ++# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 ++/* Set the GCM invocation field, decrypt only */ ++# define EVP_CTRL_GCM_SET_IV_INV 0x18 ++ ++# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 ++# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a ++# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b ++# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c ++ ++/* RFC 5246 defines additional data to be 13 bytes in length */ ++# define EVP_AEAD_TLS1_AAD_LEN 13 ++ ++typedef struct { ++ unsigned char *out; ++ const unsigned char *inp; ++ size_t len; ++ unsigned int interleave; ++} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; ++ ++/* GCM TLS constants */ ++/* Length of fixed part of IV derived from PRF */ ++# define EVP_GCM_TLS_FIXED_IV_LEN 4 ++/* Length of explicit part of IV part of TLS records */ ++# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 ++/* Length of tag for TLS */ ++# define EVP_GCM_TLS_TAG_LEN 16 + + typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; +@@ -411,7 +455,7 @@ struct evp_cipher_ctx_st { + unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ + unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ +- int num; /* used by cfb/ofb mode */ ++ int num; /* used by cfb/ofb/ctr mode */ + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ + unsigned long flags; /* Various flags */ +@@ -469,24 +513,13 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + # define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) + # define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +-/* Macros to reduce FIPS dependencies: do NOT use in applications */ +-# define M_EVP_MD_size(e) ((e)->md_size) +-# define M_EVP_MD_block_size(e) ((e)->block_size) +-# define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +-# define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) +-# define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) +-# define M_EVP_MD_type(e) ((e)->type) +-# define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) +-# define M_EVP_MD_CTX_md(e) ((e)->digest) +- +-# define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +- + int EVP_MD_type(const EVP_MD *md); + # define EVP_MD_nid(e) EVP_MD_type(e) + # define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) + int EVP_MD_pkey_type(const EVP_MD *md); + int EVP_MD_size(const EVP_MD *md); + int EVP_MD_block_size(const EVP_MD *md); ++unsigned long EVP_MD_flags(const EVP_MD *md); + + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); + # define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +@@ -506,6 +539,7 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); ++int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); + void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); + void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); + # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +@@ -523,6 +557,8 @@ unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); + # define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + # define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) + # define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) ++# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) ++# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + + # ifdef CONST_STRICT + void BIO_set_md(BIO *, const EVP_MD *md); +@@ -567,6 +603,8 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); + int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); + + int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); ++int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, ++ const char *prompt, int verify); + void EVP_set_pw_prompt(const char *prompt); + char *EVP_get_pw_prompt(void); + +@@ -616,6 +654,16 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + ++int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ++ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); ++int EVP_DigestSignFinal(EVP_MD_CTX *ctx, ++ unsigned char *sigret, size_t *siglen); ++ ++int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ++ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); ++int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, ++ const unsigned char *sig, size_t siglen); ++ + int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv); +@@ -688,6 +736,9 @@ const EVP_MD *EVP_mdc2(void); + # ifndef OPENSSL_NO_RIPEMD + const EVP_MD *EVP_ripemd160(void); + # endif ++# ifndef OPENSSL_NO_WHIRLPOOL ++const EVP_MD *EVP_whirlpool(void); ++# endif + const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ + # ifndef OPENSSL_NO_DES + const EVP_CIPHER *EVP_des_ecb(void); +@@ -716,6 +767,7 @@ const EVP_CIPHER *EVP_des_cbc(void); + const EVP_CIPHER *EVP_des_ede_cbc(void); + const EVP_CIPHER *EVP_des_ede3_cbc(void); + const EVP_CIPHER *EVP_desx_cbc(void); ++const EVP_CIPHER *EVP_des_ede3_wrap(void); + /* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler +@@ -732,6 +784,9 @@ const EVP_MD *EVP_dev_crypto_md5(void); + # ifndef OPENSSL_NO_RC4 + const EVP_CIPHER *EVP_rc4(void); + const EVP_CIPHER *EVP_rc4_40(void); ++# ifndef OPENSSL_NO_MD5 ++const EVP_CIPHER *EVP_rc4_hmac_md5(void); ++# endif + # endif + # ifndef OPENSSL_NO_IDEA + const EVP_CIPHER *EVP_idea_ecb(void); +@@ -778,9 +833,11 @@ const EVP_CIPHER *EVP_aes_128_cfb8(void); + const EVP_CIPHER *EVP_aes_128_cfb128(void); + # define EVP_aes_128_cfb EVP_aes_128_cfb128 + const EVP_CIPHER *EVP_aes_128_ofb(void); +-# if 0 + const EVP_CIPHER *EVP_aes_128_ctr(void); +-# endif ++const EVP_CIPHER *EVP_aes_128_ccm(void); ++const EVP_CIPHER *EVP_aes_128_gcm(void); ++const EVP_CIPHER *EVP_aes_128_xts(void); ++const EVP_CIPHER *EVP_aes_128_wrap(void); + const EVP_CIPHER *EVP_aes_192_ecb(void); + const EVP_CIPHER *EVP_aes_192_cbc(void); + const EVP_CIPHER *EVP_aes_192_cfb1(void); +@@ -788,9 +845,10 @@ const EVP_CIPHER *EVP_aes_192_cfb8(void); + const EVP_CIPHER *EVP_aes_192_cfb128(void); + # define EVP_aes_192_cfb EVP_aes_192_cfb128 + const EVP_CIPHER *EVP_aes_192_ofb(void); +-# if 0 + const EVP_CIPHER *EVP_aes_192_ctr(void); +-# endif ++const EVP_CIPHER *EVP_aes_192_ccm(void); ++const EVP_CIPHER *EVP_aes_192_gcm(void); ++const EVP_CIPHER *EVP_aes_192_wrap(void); + const EVP_CIPHER *EVP_aes_256_ecb(void); + const EVP_CIPHER *EVP_aes_256_cbc(void); + const EVP_CIPHER *EVP_aes_256_cfb1(void); +@@ -798,8 +856,18 @@ const EVP_CIPHER *EVP_aes_256_cfb8(void); + const EVP_CIPHER *EVP_aes_256_cfb128(void); + # define EVP_aes_256_cfb EVP_aes_256_cfb128 + const EVP_CIPHER *EVP_aes_256_ofb(void); +-# if 0 + const EVP_CIPHER *EVP_aes_256_ctr(void); ++const EVP_CIPHER *EVP_aes_256_ccm(void); ++const EVP_CIPHER *EVP_aes_256_gcm(void); ++const EVP_CIPHER *EVP_aes_256_xts(void); ++const EVP_CIPHER *EVP_aes_256_wrap(void); ++# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) ++const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); ++const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); ++# endif ++# ifndef OPENSSL_NO_SHA256 ++const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); ++const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); + # endif + # endif + # ifndef OPENSSL_NO_CAMELLIA +@@ -858,16 +926,35 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); + const EVP_MD *EVP_get_digestbyname(const char *name); + void EVP_cleanup(void); + +-int EVP_PKEY_decrypt(unsigned char *dec_key, +- const unsigned char *enc_key, int enc_key_len, +- EVP_PKEY *private_key); +-int EVP_PKEY_encrypt(unsigned char *enc_key, +- const unsigned char *key, int key_len, +- EVP_PKEY *pub_key); ++void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, ++ const char *from, const char *to, void *x), ++ void *arg); ++void EVP_CIPHER_do_all_sorted(void (*fn) ++ (const EVP_CIPHER *ciph, const char *from, ++ const char *to, void *x), void *arg); ++ ++void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, ++ const char *from, const char *to, void *x), ++ void *arg); ++void EVP_MD_do_all_sorted(void (*fn) ++ (const EVP_MD *ciph, const char *from, ++ const char *to, void *x), void *arg); ++ ++int EVP_PKEY_decrypt_old(unsigned char *dec_key, ++ const unsigned char *enc_key, int enc_key_len, ++ EVP_PKEY *private_key); ++int EVP_PKEY_encrypt_old(unsigned char *enc_key, ++ const unsigned char *key, int key_len, ++ EVP_PKEY *pub_key); + int EVP_PKEY_type(int type); ++int EVP_PKEY_id(const EVP_PKEY *pkey); ++int EVP_PKEY_base_id(const EVP_PKEY *pkey); + int EVP_PKEY_bits(EVP_PKEY *pkey); + int EVP_PKEY_size(EVP_PKEY *pkey); +-int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); ++int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); ++int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); ++int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); ++void *EVP_PKEY_get0(EVP_PKEY *pkey); + + # ifndef OPENSSL_NO_RSA + struct rsa_st; +@@ -910,6 +997,15 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + + int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + ++int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, ++ int indent, ASN1_PCTX *pctx); ++int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, ++ int indent, ASN1_PCTX *pctx); ++int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, ++ int indent, ASN1_PCTX *pctx); ++ ++int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); ++ + int EVP_CIPHER_type(const EVP_CIPHER *ctx); + + /* calls methods */ +@@ -927,6 +1023,9 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); ++int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, ++ const unsigned char *salt, int saltlen, int iter, ++ const EVP_MD *digest, int keylen, unsigned char *out); + int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +@@ -935,26 +1034,334 @@ void PKCS5_PBE_add(void); + + int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); ++ ++/* PBE type */ ++ ++/* Can appear as the outermost AlgorithmIdentifier */ ++# define EVP_PBE_TYPE_OUTER 0x0 ++/* Is an PRF type OID */ ++# define EVP_PBE_TYPE_PRF 0x1 ++ ++int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, ++ int md_nid, EVP_PBE_KEYGEN *keygen); + int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); ++int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, ++ EVP_PBE_KEYGEN **pkeygen); + void EVP_PBE_cleanup(void); + +-# ifdef OPENSSL_FIPS +-# ifndef OPENSSL_NO_ENGINE +-void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl), +- int (*eng_md_fin) (ENGINE *impl), +- int (*eng_md_evp) +- (EVP_MD_CTX *ctx, const EVP_MD **ptype, +- ENGINE *impl)); +-void int_EVP_MD_init_engine_callbacks(void); +-void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl), +- int (*eng_ciph_evp) +- (EVP_CIPHER_CTX *ctx, +- const EVP_CIPHER **pciph, +- ENGINE *impl)); +-void int_EVP_CIPHER_init_engine_callbacks(void); +-# endif +-# endif ++# define ASN1_PKEY_ALIAS 0x1 ++# define ASN1_PKEY_DYNAMIC 0x2 ++# define ASN1_PKEY_SIGPARAM_NULL 0x4 ++ ++# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 ++# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 ++# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 ++# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 ++# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 ++# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 ++ ++int EVP_PKEY_asn1_get_count(void); ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, ++ const char *str, int len); ++int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); ++int EVP_PKEY_asn1_add_alias(int to, int from); ++int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, ++ int *ppkey_flags, const char **pinfo, ++ const char **ppem_str, ++ const EVP_PKEY_ASN1_METHOD *ameth); ++ ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey); ++EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, ++ const char *pem_str, ++ const char *info); ++void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, ++ const EVP_PKEY_ASN1_METHOD *src); ++void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); ++void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*pub_decode) (EVP_PKEY *pk, ++ X509_PUBKEY *pub), ++ int (*pub_encode) (X509_PUBKEY *pub, ++ const EVP_PKEY *pk), ++ int (*pub_cmp) (const EVP_PKEY *a, ++ const EVP_PKEY *b), ++ int (*pub_print) (BIO *out, ++ const EVP_PKEY *pkey, ++ int indent, ASN1_PCTX *pctx), ++ int (*pkey_size) (const EVP_PKEY *pk), ++ int (*pkey_bits) (const EVP_PKEY *pk)); ++void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*priv_decode) (EVP_PKEY *pk, ++ PKCS8_PRIV_KEY_INFO ++ *p8inf), ++ int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, ++ const EVP_PKEY *pk), ++ int (*priv_print) (BIO *out, ++ const EVP_PKEY *pkey, ++ int indent, ++ ASN1_PCTX *pctx)); ++void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*param_decode) (EVP_PKEY *pkey, ++ const unsigned char **pder, ++ int derlen), ++ int (*param_encode) (const EVP_PKEY *pkey, ++ unsigned char **pder), ++ int (*param_missing) (const EVP_PKEY *pk), ++ int (*param_copy) (EVP_PKEY *to, ++ const EVP_PKEY *from), ++ int (*param_cmp) (const EVP_PKEY *a, ++ const EVP_PKEY *b), ++ int (*param_print) (BIO *out, ++ const EVP_PKEY *pkey, ++ int indent, ++ ASN1_PCTX *pctx)); ++ ++void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, ++ void (*pkey_free) (EVP_PKEY *pkey)); ++void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*pkey_ctrl) (EVP_PKEY *pkey, int op, ++ long arg1, void *arg2)); ++void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*item_verify) (EVP_MD_CTX *ctx, ++ const ASN1_ITEM *it, ++ void *asn, ++ X509_ALGOR *a, ++ ASN1_BIT_STRING *sig, ++ EVP_PKEY *pkey), ++ int (*item_sign) (EVP_MD_CTX *ctx, ++ const ASN1_ITEM *it, ++ void *asn, ++ X509_ALGOR *alg1, ++ X509_ALGOR *alg2, ++ ASN1_BIT_STRING *sig)); ++ ++# define EVP_PKEY_OP_UNDEFINED 0 ++# define EVP_PKEY_OP_PARAMGEN (1<<1) ++# define EVP_PKEY_OP_KEYGEN (1<<2) ++# define EVP_PKEY_OP_SIGN (1<<3) ++# define EVP_PKEY_OP_VERIFY (1<<4) ++# define EVP_PKEY_OP_VERIFYRECOVER (1<<5) ++# define EVP_PKEY_OP_SIGNCTX (1<<6) ++# define EVP_PKEY_OP_VERIFYCTX (1<<7) ++# define EVP_PKEY_OP_ENCRYPT (1<<8) ++# define EVP_PKEY_OP_DECRYPT (1<<9) ++# define EVP_PKEY_OP_DERIVE (1<<10) ++ ++# define EVP_PKEY_OP_TYPE_SIG \ ++ (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ ++ | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) ++ ++# define EVP_PKEY_OP_TYPE_CRYPT \ ++ (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) ++ ++# define EVP_PKEY_OP_TYPE_NOGEN \ ++ (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) ++ ++# define EVP_PKEY_OP_TYPE_GEN \ ++ (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) ++ ++# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ ++ EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ ++ EVP_PKEY_CTRL_MD, 0, (void *)md) ++ ++# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ ++ EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ ++ EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) ++ ++# define EVP_PKEY_CTRL_MD 1 ++# define EVP_PKEY_CTRL_PEER_KEY 2 ++ ++# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 ++# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 ++ ++# define EVP_PKEY_CTRL_PKCS7_SIGN 5 ++ ++# define EVP_PKEY_CTRL_SET_MAC_KEY 6 ++ ++# define EVP_PKEY_CTRL_DIGESTINIT 7 ++ ++/* Used by GOST key encryption in TLS */ ++# define EVP_PKEY_CTRL_SET_IV 8 ++ ++# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 ++# define EVP_PKEY_CTRL_CMS_DECRYPT 10 ++# define EVP_PKEY_CTRL_CMS_SIGN 11 ++ ++# define EVP_PKEY_CTRL_CIPHER 12 ++ ++# define EVP_PKEY_CTRL_GET_MD 13 ++ ++# define EVP_PKEY_ALG_CTRL 0x1000 ++ ++# define EVP_PKEY_FLAG_AUTOARGLEN 2 ++/* ++ * Method handles all operations: don't assume any digest related defaults. ++ */ ++# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 ++ ++const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); ++EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); ++void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, ++ const EVP_PKEY_METHOD *meth); ++void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); ++void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); ++int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); ++ ++EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); ++EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); ++EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); ++void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); ++ ++int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, ++ int cmd, int p1, void *p2); ++int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, ++ const char *value); ++ ++int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); ++void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); ++ ++EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, ++ const unsigned char *key, int keylen); ++ ++void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); ++void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); ++EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); ++ ++EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); ++ ++void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); ++void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); ++ ++int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); ++int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, ++ unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, size_t tbslen); ++int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); ++int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, ++ const unsigned char *sig, size_t siglen, ++ const unsigned char *tbs, size_t tbslen); ++int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); ++int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, ++ unsigned char *rout, size_t *routlen, ++ const unsigned char *sig, size_t siglen); ++int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); ++int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, ++ unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen); ++int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); ++int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, ++ unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen); ++ ++int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); ++int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); ++int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); ++ ++typedef int EVP_PKEY_gen_cb (EVP_PKEY_CTX *ctx); ++ ++int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); ++int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); ++int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); ++int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); ++ ++void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); ++EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); ++ ++int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); ++ ++void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, ++ int (*init) (EVP_PKEY_CTX *ctx)); ++ ++void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, ++ int (*copy) (EVP_PKEY_CTX *dst, ++ EVP_PKEY_CTX *src)); ++ ++void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, ++ void (*cleanup) (EVP_PKEY_CTX *ctx)); ++ ++void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, ++ int (*paramgen_init) (EVP_PKEY_CTX *ctx), ++ int (*paramgen) (EVP_PKEY_CTX *ctx, ++ EVP_PKEY *pkey)); ++ ++void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, ++ int (*keygen_init) (EVP_PKEY_CTX *ctx), ++ int (*keygen) (EVP_PKEY_CTX *ctx, ++ EVP_PKEY *pkey)); ++ ++void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, ++ int (*sign_init) (EVP_PKEY_CTX *ctx), ++ int (*sign) (EVP_PKEY_CTX *ctx, ++ unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); ++ ++void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, ++ int (*verify_init) (EVP_PKEY_CTX *ctx), ++ int (*verify) (EVP_PKEY_CTX *ctx, ++ const unsigned char *sig, ++ size_t siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); ++ ++void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, ++ int (*verify_recover_init) (EVP_PKEY_CTX ++ *ctx), ++ int (*verify_recover) (EVP_PKEY_CTX ++ *ctx, ++ unsigned char ++ *sig, ++ size_t *siglen, ++ const unsigned ++ char *tbs, ++ size_t tbslen)); ++ ++void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, ++ int (*signctx_init) (EVP_PKEY_CTX *ctx, ++ EVP_MD_CTX *mctx), ++ int (*signctx) (EVP_PKEY_CTX *ctx, ++ unsigned char *sig, ++ size_t *siglen, ++ EVP_MD_CTX *mctx)); ++ ++void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, ++ int (*verifyctx_init) (EVP_PKEY_CTX *ctx, ++ EVP_MD_CTX *mctx), ++ int (*verifyctx) (EVP_PKEY_CTX *ctx, ++ const unsigned char *sig, ++ int siglen, ++ EVP_MD_CTX *mctx)); ++ ++void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, ++ int (*encrypt_init) (EVP_PKEY_CTX *ctx), ++ int (*encryptfn) (EVP_PKEY_CTX *ctx, ++ unsigned char *out, ++ size_t *outlen, ++ const unsigned char *in, ++ size_t inlen)); ++ ++void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, ++ int (*decrypt_init) (EVP_PKEY_CTX *ctx), ++ int (*decrypt) (EVP_PKEY_CTX *ctx, ++ unsigned char *out, ++ size_t *outlen, ++ const unsigned char *in, ++ size_t inlen)); ++ ++void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, ++ int (*derive_init) (EVP_PKEY_CTX *ctx), ++ int (*derive) (EVP_PKEY_CTX *ctx, ++ unsigned char *key, ++ size_t *keylen)); ++ ++void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, ++ int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, ++ void *p2), ++ int (*ctrl_str) (EVP_PKEY_CTX *ctx, ++ const char *type, ++ const char *value)); + + void EVP_add_alg_module(void); + +@@ -968,51 +1375,88 @@ void ERR_load_EVP_strings(void); + /* Error codes for the EVP functions. */ + + /* Function codes. */ ++# define EVP_F_AESNI_INIT_KEY 165 ++# define EVP_F_AESNI_XTS_CIPHER 176 + # define EVP_F_AES_INIT_KEY 133 +-# define EVP_F_ALG_MODULE_INIT 138 ++# define EVP_F_AES_T4_INIT_KEY 178 ++# define EVP_F_AES_XTS 172 ++# define EVP_F_AES_XTS_CIPHER 175 ++# define EVP_F_ALG_MODULE_INIT 177 + # define EVP_F_CAMELLIA_INIT_KEY 159 ++# define EVP_F_CMAC_INIT 173 ++# define EVP_F_CMLL_T4_INIT_KEY 179 + # define EVP_F_D2I_PKEY 100 +-# define EVP_F_DO_EVP_ENC_ENGINE 140 +-# define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 +-# define EVP_F_DO_EVP_MD_ENGINE 139 +-# define EVP_F_DO_EVP_MD_ENGINE_FULL 142 ++# define EVP_F_DO_SIGVER_INIT 161 + # define EVP_F_DSAPKEY2PKCS8 134 + # define EVP_F_DSA_PKEY2PKCS8 135 + # define EVP_F_ECDSA_PKEY2PKCS8 129 + # define EVP_F_ECKEY_PKEY2PKCS8 132 +-# define EVP_F_EVP_CIPHERINIT 137 + # define EVP_F_EVP_CIPHERINIT_EX 123 ++# define EVP_F_EVP_CIPHER_CTX_COPY 163 + # define EVP_F_EVP_CIPHER_CTX_CTRL 124 + # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 + # define EVP_F_EVP_DECRYPTFINAL_EX 101 +-# define EVP_F_EVP_DIGESTINIT 136 + # define EVP_F_EVP_DIGESTINIT_EX 128 + # define EVP_F_EVP_ENCRYPTFINAL_EX 127 + # define EVP_F_EVP_MD_CTX_COPY_EX 110 ++# define EVP_F_EVP_MD_SIZE 162 + # define EVP_F_EVP_OPENINIT 102 + # define EVP_F_EVP_PBE_ALG_ADD 115 ++# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 + # define EVP_F_EVP_PBE_CIPHERINIT 116 + # define EVP_F_EVP_PKCS82PKEY 111 ++# define EVP_F_EVP_PKCS82PKEY_BROKEN 136 + # define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 + # define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 ++# define EVP_F_EVP_PKEY_CTX_CTRL 137 ++# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 ++# define EVP_F_EVP_PKEY_CTX_DUP 156 + # define EVP_F_EVP_PKEY_DECRYPT 104 ++# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 ++# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 ++# define EVP_F_EVP_PKEY_DERIVE 153 ++# define EVP_F_EVP_PKEY_DERIVE_INIT 154 ++# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 + # define EVP_F_EVP_PKEY_ENCRYPT 105 ++# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 ++# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 + # define EVP_F_EVP_PKEY_GET1_DH 119 + # define EVP_F_EVP_PKEY_GET1_DSA 120 + # define EVP_F_EVP_PKEY_GET1_ECDSA 130 + # define EVP_F_EVP_PKEY_GET1_EC_KEY 131 + # define EVP_F_EVP_PKEY_GET1_RSA 121 ++# define EVP_F_EVP_PKEY_KEYGEN 146 ++# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 + # define EVP_F_EVP_PKEY_NEW 106 ++# define EVP_F_EVP_PKEY_PARAMGEN 148 ++# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 ++# define EVP_F_EVP_PKEY_SIGN 140 ++# define EVP_F_EVP_PKEY_SIGN_INIT 141 ++# define EVP_F_EVP_PKEY_VERIFY 142 ++# define EVP_F_EVP_PKEY_VERIFY_INIT 143 ++# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 ++# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 + # define EVP_F_EVP_RIJNDAEL 126 + # define EVP_F_EVP_SIGNFINAL 107 + # define EVP_F_EVP_VERIFYFINAL 108 ++# define EVP_F_FIPS_CIPHERINIT 166 ++# define EVP_F_FIPS_CIPHER_CTX_COPY 170 ++# define EVP_F_FIPS_CIPHER_CTX_CTRL 167 ++# define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 ++# define EVP_F_FIPS_DIGESTINIT 168 ++# define EVP_F_FIPS_MD_CTX_COPY 169 ++# define EVP_F_HMAC_INIT_EX 174 ++# define EVP_F_INT_CTX_NEW 157 + # define EVP_F_PKCS5_PBE_KEYIVGEN 117 + # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 ++# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 + # define EVP_F_PKCS8_SET_BROKEN 112 ++# define EVP_F_PKEY_SET_TYPE 158 + # define EVP_F_RC2_MAGIC_TO_METH 109 + # define EVP_F_RC5_CTRL 125 + + /* Reason codes. */ ++# define EVP_R_AES_IV_SETUP_FAILED 162 + # define EVP_R_AES_KEY_SETUP_FAILED 143 + # define EVP_R_ASN1_LIB 140 + # define EVP_R_BAD_BLOCK_LENGTH 136 +@@ -1020,41 +1464,59 @@ void ERR_load_EVP_strings(void); + # define EVP_R_BAD_KEY_LENGTH 137 + # define EVP_R_BN_DECODE_ERROR 112 + # define EVP_R_BN_PUBKEY_ERROR 113 ++# define EVP_R_BUFFER_TOO_SMALL 155 + # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 + # define EVP_R_CIPHER_PARAMETER_ERROR 122 ++# define EVP_R_COMMAND_NOT_SUPPORTED 147 + # define EVP_R_CTRL_NOT_IMPLEMENTED 132 + # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 + # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 + # define EVP_R_DECODE_ERROR 114 + # define EVP_R_DIFFERENT_KEY_TYPES 101 +-# define EVP_R_DISABLED_FOR_FIPS 144 ++# define EVP_R_DIFFERENT_PARAMETERS 153 ++# define EVP_R_DISABLED_FOR_FIPS 163 + # define EVP_R_ENCODE_ERROR 115 +-# define EVP_R_ERROR_LOADING_SECTION 145 +-# define EVP_R_ERROR_SETTING_FIPS_MODE 146 ++# define EVP_R_ERROR_LOADING_SECTION 165 ++# define EVP_R_ERROR_SETTING_FIPS_MODE 166 + # define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 + # define EVP_R_EXPECTING_AN_RSA_KEY 127 + # define EVP_R_EXPECTING_A_DH_KEY 128 + # define EVP_R_EXPECTING_A_DSA_KEY 129 + # define EVP_R_EXPECTING_A_ECDSA_KEY 141 + # define EVP_R_EXPECTING_A_EC_KEY 142 +-# define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 ++# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 + # define EVP_R_INITIALIZATION_ERROR 134 + # define EVP_R_INPUT_NOT_INITIALIZED 111 +-# define EVP_R_INVALID_FIPS_MODE 148 ++# define EVP_R_INVALID_DIGEST 152 ++# define EVP_R_INVALID_FIPS_MODE 168 + # define EVP_R_INVALID_KEY_LENGTH 130 ++# define EVP_R_INVALID_OPERATION 148 + # define EVP_R_IV_TOO_LARGE 102 + # define EVP_R_KEYGEN_FAILURE 120 ++# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 ++# define EVP_R_METHOD_NOT_SUPPORTED 144 + # define EVP_R_MISSING_PARAMETERS 103 + # define EVP_R_NO_CIPHER_SET 131 ++# define EVP_R_NO_DEFAULT_DIGEST 158 + # define EVP_R_NO_DIGEST_SET 139 + # define EVP_R_NO_DSA_PARAMETERS 116 ++# define EVP_R_NO_KEY_SET 154 ++# define EVP_R_NO_OPERATION_SET 149 + # define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 + # define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 ++# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 ++# define EVP_R_OPERATON_NOT_INITIALIZED 151 + # define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 ++# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 ++# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 + # define EVP_R_PUBLIC_KEY_NOT_RSA 106 +-# define EVP_R_UNKNOWN_OPTION 149 ++# define EVP_R_TOO_LARGE 164 ++# define EVP_R_UNKNOWN_CIPHER 160 ++# define EVP_R_UNKNOWN_DIGEST 161 ++# define EVP_R_UNKNOWN_OPTION 169 + # define EVP_R_UNKNOWN_PBE_ALGORITHM 121 + # define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 ++# define EVP_R_UNSUPPORTED_ALGORITHM 156 + # define EVP_R_UNSUPPORTED_CIPHER 107 + # define EVP_R_UNSUPPORTED_KEYLENGTH 123 + # define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +@@ -1062,9 +1524,9 @@ void ERR_load_EVP_strings(void); + # define EVP_R_UNSUPPORTED_PRF 125 + # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 + # define EVP_R_UNSUPPORTED_SALT_TYPE 126 ++# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 + # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 + # define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 +-# define EVP_R_SEED_KEY_SETUP_FAILED 162 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/hmac.h b/Cryptlib/Include/openssl/hmac.h +index fcc2d0f..b8b55cd 100644 +--- a/Cryptlib/Include/openssl/hmac.h ++++ b/Cryptlib/Include/openssl/hmac.h +@@ -90,14 +90,15 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx); + # define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) + + /* deprecated */ +-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); +-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +- const EVP_MD *md, ENGINE *impl); +-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); +-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); ++int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); ++int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, ++ const EVP_MD *md, ENGINE *impl); ++int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); ++int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); + unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); ++int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); + +diff --git a/Cryptlib/Include/openssl/idea.h b/Cryptlib/Include/openssl/idea.h +index 60d2d95..6075984 100644 +--- a/Cryptlib/Include/openssl/idea.h ++++ b/Cryptlib/Include/openssl/idea.h +@@ -87,7 +87,7 @@ void private_idea_set_encrypt_key(const unsigned char *key, + IDEA_KEY_SCHEDULE *ks); + # endif + void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); ++void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); + void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int enc); +diff --git a/Cryptlib/Include/openssl/kssl.h b/Cryptlib/Include/openssl/kssl.h +index 931b4a7..9a57672 100644 +--- a/Cryptlib/Include/openssl/kssl.h ++++ b/Cryptlib/Include/openssl/kssl.h +@@ -71,6 +71,16 @@ + # include + # include + # include ++# ifdef OPENSSL_SYS_WIN32 ++/* ++ * These can sometimes get redefined indirectly by krb5 header files after ++ * they get undefed in ossl_typ.h ++ */ ++# undef X509_NAME ++# undef X509_EXTENSIONS ++# undef OCSP_REQUEST ++# undef OCSP_RESPONSE ++# endif + + #ifdef __cplusplus + extern "C" { +@@ -176,6 +186,10 @@ krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, + KSSL_ERR *kssl_err); + unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); + ++void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); ++KSSL_CTX *SSL_get0_kssl_ctx(SSL *s); ++char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); ++ + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/Include/openssl/lhash.h b/Cryptlib/Include/openssl/lhash.h +index 4374be2..b6c328b 100644 +--- a/Cryptlib/Include/openssl/lhash.h ++++ b/Cryptlib/Include/openssl/lhash.h +@@ -99,42 +99,42 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *); + */ + + /* First: "hash" functions */ +-# define DECLARE_LHASH_HASH_FN(f_name,o_type) \ +- unsigned long f_name##_LHASH_HASH(const void *); +-# define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ +- unsigned long f_name##_LHASH_HASH(const void *arg) { \ +- o_type a = (o_type)arg; \ +- return f_name(a); } +-# define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH ++# define DECLARE_LHASH_HASH_FN(name, o_type) \ ++ unsigned long name##_LHASH_HASH(const void *); ++# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ ++ unsigned long name##_LHASH_HASH(const void *arg) { \ ++ const o_type *a = arg; \ ++ return name##_hash(a); } ++# define LHASH_HASH_FN(name) name##_LHASH_HASH + + /* Second: "compare" functions */ +-# define DECLARE_LHASH_COMP_FN(f_name,o_type) \ +- int f_name##_LHASH_COMP(const void *, const void *); +-# define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ +- int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \ +- o_type a = (o_type)arg1; \ +- o_type b = (o_type)arg2; \ +- return f_name(a,b); } +-# define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP ++# define DECLARE_LHASH_COMP_FN(name, o_type) \ ++ int name##_LHASH_COMP(const void *, const void *); ++# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ ++ int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ ++ const o_type *a = arg1; \ ++ const o_type *b = arg2; \ ++ return name##_cmp(a,b); } ++# define LHASH_COMP_FN(name) name##_LHASH_COMP + + /* Third: "doall" functions */ +-# define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ +- void f_name##_LHASH_DOALL(void *); +-# define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ +- void f_name##_LHASH_DOALL(void *arg) { \ +- o_type a = (o_type)arg; \ +- f_name(a); } +-# define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL ++# define DECLARE_LHASH_DOALL_FN(name, o_type) \ ++ void name##_LHASH_DOALL(void *); ++# define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ ++ void name##_LHASH_DOALL(void *arg) { \ ++ o_type *a = arg; \ ++ name##_doall(a); } ++# define LHASH_DOALL_FN(name) name##_LHASH_DOALL + + /* Fourth: "doall_arg" functions */ +-# define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ +- void f_name##_LHASH_DOALL_ARG(void *, void *); +-# define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ +- void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ +- o_type a = (o_type)arg1; \ +- a_type b = (a_type)arg2; \ +- f_name(a,b); } +-# define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG ++# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ ++ void name##_LHASH_DOALL_ARG(void *, void *); ++# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ ++ void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ ++ o_type *a = arg1; \ ++ a_type *b = arg2; \ ++ name##_doall_arg(a, b); } ++# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + + typedef struct lhash_st { + LHASH_NODE **b; +@@ -161,7 +161,8 @@ typedef struct lhash_st { + unsigned long num_retrieve_miss; + unsigned long num_hash_comps; + int error; +-} LHASH; ++} _LHASH; /* Do not use _LHASH directly, use LHASH_OF ++ * and friends */ + + # define LH_LOAD_MULT 256 + +@@ -171,27 +172,67 @@ typedef struct lhash_st { + */ + # define lh_error(lh) ((lh)->error) + +-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); +-void lh_free(LHASH *lh); +-void *lh_insert(LHASH *lh, void *data); +-void *lh_delete(LHASH *lh, const void *data); +-void *lh_retrieve(LHASH *lh, const void *data); +-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); +-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); ++_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); ++void lh_free(_LHASH *lh); ++void *lh_insert(_LHASH *lh, void *data); ++void *lh_delete(_LHASH *lh, const void *data); ++void *lh_retrieve(_LHASH *lh, const void *data); ++void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); ++void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); + unsigned long lh_strhash(const char *c); +-unsigned long lh_num_items(const LHASH *lh); ++unsigned long lh_num_items(const _LHASH *lh); + + # ifndef OPENSSL_NO_FP_API +-void lh_stats(const LHASH *lh, FILE *out); +-void lh_node_stats(const LHASH *lh, FILE *out); +-void lh_node_usage_stats(const LHASH *lh, FILE *out); ++void lh_stats(const _LHASH *lh, FILE *out); ++void lh_node_stats(const _LHASH *lh, FILE *out); ++void lh_node_usage_stats(const _LHASH *lh, FILE *out); + # endif + + # ifndef OPENSSL_NO_BIO +-void lh_stats_bio(const LHASH *lh, BIO *out); +-void lh_node_stats_bio(const LHASH *lh, BIO *out); +-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out); ++void lh_stats_bio(const _LHASH *lh, BIO *out); ++void lh_node_stats_bio(const _LHASH *lh, BIO *out); ++void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); + # endif ++ ++/* Type checking... */ ++ ++# define LHASH_OF(type) struct lhash_st_##type ++ ++# define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } ++ ++# define CHECKED_LHASH_OF(type,lh) \ ++ ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) ++ ++/* Define wrapper functions. */ ++# define LHM_lh_new(type, name) \ ++ ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) ++# define LHM_lh_error(type, lh) \ ++ lh_error(CHECKED_LHASH_OF(type,lh)) ++# define LHM_lh_insert(type, lh, inst) \ ++ ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ ++ CHECKED_PTR_OF(type, inst))) ++# define LHM_lh_retrieve(type, lh, inst) \ ++ ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ ++ CHECKED_PTR_OF(type, inst))) ++# define LHM_lh_delete(type, lh, inst) \ ++ ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ ++ CHECKED_PTR_OF(type, inst))) ++# define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) ++# define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ ++ lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) ++# define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) ++# define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) ++# define LHM_lh_node_stats_bio(type, lh, out) \ ++ lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) ++# define LHM_lh_node_usage_stats_bio(type, lh, out) \ ++ lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) ++# define LHM_lh_stats_bio(type, lh, out) \ ++ lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) ++# define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) ++ ++DECLARE_LHASH_OF(OPENSSL_STRING); ++DECLARE_LHASH_OF(OPENSSL_CSTRING); ++ + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/Include/openssl/md2.h b/Cryptlib/Include/openssl/md2.h +deleted file mode 100644 +index b568d3f..0000000 +--- a/Cryptlib/Include/openssl/md2.h ++++ /dev/null +@@ -1,94 +0,0 @@ +-/* crypto/md/md2.h */ +-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#ifndef HEADER_MD2_H +-# define HEADER_MD2_H +- +-# include /* OPENSSL_NO_MD2, MD2_INT */ +-# ifdef OPENSSL_NO_MD2 +-# error MD2 is disabled. +-# endif +-# include +- +-# define MD2_DIGEST_LENGTH 16 +-# define MD2_BLOCK 16 +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-typedef struct MD2state_st { +- unsigned int num; +- unsigned char data[MD2_BLOCK]; +- MD2_INT cksm[MD2_BLOCK]; +- MD2_INT state[MD2_BLOCK]; +-} MD2_CTX; +- +-const char *MD2_options(void); +-# ifdef OPENSSL_FIPS +-int private_MD2_Init(MD2_CTX *c); +-# endif +-int MD2_Init(MD2_CTX *c); +-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); +-int MD2_Final(unsigned char *md, MD2_CTX *c); +-unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/Cryptlib/Include/openssl/md4.h b/Cryptlib/Include/openssl/md4.h +index a99d20a..11fd712 100644 +--- a/Cryptlib/Include/openssl/md4.h ++++ b/Cryptlib/Include/openssl/md4.h +@@ -77,7 +77,7 @@ extern "C" { + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +-# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# if defined(__LP32__) + # define MD4_LONG unsigned long + # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) + # define MD4_LONG unsigned long +diff --git a/Cryptlib/Include/openssl/md5.h b/Cryptlib/Include/openssl/md5.h +index 87a9c9e..2659038 100644 +--- a/Cryptlib/Include/openssl/md5.h ++++ b/Cryptlib/Include/openssl/md5.h +@@ -77,7 +77,7 @@ extern "C" { + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +-# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# if defined(__LP32__) + # define MD5_LONG unsigned long + # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) + # define MD5_LONG unsigned long +diff --git a/Cryptlib/Include/openssl/mdc2.h b/Cryptlib/Include/openssl/mdc2.h +new file mode 100644 +index 0000000..7efe53b +--- /dev/null ++++ b/Cryptlib/Include/openssl/mdc2.h +@@ -0,0 +1,94 @@ ++/* crypto/mdc2/mdc2.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#ifndef HEADER_MDC2_H ++# define HEADER_MDC2_H ++ ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# ifdef OPENSSL_NO_MDC2 ++# error MDC2 is disabled. ++# endif ++ ++# define MDC2_BLOCK 8 ++# define MDC2_DIGEST_LENGTH 16 ++ ++typedef struct mdc2_ctx_st { ++ unsigned int num; ++ unsigned char data[MDC2_BLOCK]; ++ DES_cblock h, hh; ++ int pad_type; /* either 1 or 2, default 1 */ ++} MDC2_CTX; ++ ++# ifdef OPENSSL_FIPS ++int private_MDC2_Init(MDC2_CTX *c); ++# endif ++int MDC2_Init(MDC2_CTX *c); ++int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); ++int MDC2_Final(unsigned char *md, MDC2_CTX *c); ++unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif +diff --git a/Cryptlib/Include/openssl/modes.h b/Cryptlib/Include/openssl/modes.h +new file mode 100644 +index 0000000..fd48849 +--- /dev/null ++++ b/Cryptlib/Include/openssl/modes.h +@@ -0,0 +1,163 @@ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Rights for redistribution and usage in source and binary ++ * forms are granted according to the OpenSSL license. ++ */ ++ ++#include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++typedef void (*block128_f) (const unsigned char in[16], ++ unsigned char out[16], const void *key); ++ ++typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], int enc); ++ ++typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, ++ size_t blocks, const void *key, ++ const unsigned char ivec[16]); ++ ++typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, ++ size_t blocks, const void *key, ++ const unsigned char ivec[16], ++ unsigned char cmac[16]); ++ ++void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], block128_f block); ++void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], block128_f block); ++ ++void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], ++ unsigned char ecount_buf[16], unsigned int *num, ++ block128_f block); ++ ++void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], ++ unsigned char ecount_buf[16], ++ unsigned int *num, ctr128_f ctr); ++ ++void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], int *num, ++ block128_f block); ++ ++void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], int *num, ++ int enc, block128_f block); ++void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const void *key, ++ unsigned char ivec[16], int *num, ++ int enc, block128_f block); ++void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, ++ size_t bits, const void *key, ++ unsigned char ivec[16], int *num, ++ int enc, block128_f block); ++ ++size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, ++ unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], ++ block128_f block); ++size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], cbc128_f cbc); ++size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, ++ unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], ++ block128_f block); ++size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], cbc128_f cbc); ++ ++size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, ++ unsigned char *out, size_t len, ++ const void *key, ++ unsigned char ivec[16], ++ block128_f block); ++size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], cbc128_f cbc); ++size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, ++ unsigned char *out, size_t len, ++ const void *key, ++ unsigned char ivec[16], ++ block128_f block); ++size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], cbc128_f cbc); ++ ++typedef struct gcm128_context GCM128_CONTEXT; ++ ++GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); ++void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); ++void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, ++ size_t len); ++int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, ++ size_t len); ++int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, ++ const unsigned char *in, unsigned char *out, ++ size_t len); ++int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, ++ const unsigned char *in, unsigned char *out, ++ size_t len); ++int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, ++ const unsigned char *in, unsigned char *out, ++ size_t len, ctr128_f stream); ++int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, ++ const unsigned char *in, unsigned char *out, ++ size_t len, ctr128_f stream); ++int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, ++ size_t len); ++void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); ++void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); ++ ++typedef struct ccm128_context CCM128_CONTEXT; ++ ++void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, ++ unsigned int M, unsigned int L, void *key, ++ block128_f block); ++int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, ++ size_t nlen, size_t mlen); ++void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, ++ size_t alen); ++int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, ++ unsigned char *out, size_t len); ++int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, ++ unsigned char *out, size_t len); ++int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, ++ unsigned char *out, size_t len, ++ ccm128_f stream); ++int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, ++ unsigned char *out, size_t len, ++ ccm128_f stream); ++size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); ++ ++typedef struct xts128_context XTS128_CONTEXT; ++ ++int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, ++ const unsigned char iv[16], ++ const unsigned char *inp, unsigned char *out, ++ size_t len, int enc); ++ ++size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, ++ block128_f block); ++ ++size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, ++ block128_f block); ++ ++#ifdef __cplusplus ++} ++#endif +diff --git a/Cryptlib/Include/openssl/obj_mac.h b/Cryptlib/Include/openssl/obj_mac.h +index ec6c8ea..779c309 100644 +--- a/Cryptlib/Include/openssl/obj_mac.h ++++ b/Cryptlib/Include/openssl/obj_mac.h +@@ -580,6 +580,26 @@ + #define NID_sha1WithRSAEncryption 65 + #define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + ++#define SN_rsaesOaep "RSAES-OAEP" ++#define LN_rsaesOaep "rsaesOaep" ++#define NID_rsaesOaep 919 ++#define OBJ_rsaesOaep OBJ_pkcs1,7L ++ ++#define SN_mgf1 "MGF1" ++#define LN_mgf1 "mgf1" ++#define NID_mgf1 911 ++#define OBJ_mgf1 OBJ_pkcs1,8L ++ ++#define SN_pSpecified "PSPECIFIED" ++#define LN_pSpecified "pSpecified" ++#define NID_pSpecified 935 ++#define OBJ_pSpecified OBJ_pkcs1,9L ++ ++#define SN_rsassaPss "RSASSA-PSS" ++#define LN_rsassaPss "rsassaPss" ++#define NID_rsassaPss 912 ++#define OBJ_rsassaPss OBJ_pkcs1,10L ++ + #define SN_sha256WithRSAEncryption "RSA-SHA256" + #define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" + #define NID_sha256WithRSAEncryption 668 +@@ -981,6 +1001,10 @@ + #define NID_id_smime_alg_CMSRC2wrap 247 + #define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + ++#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" ++#define NID_id_alg_PWRI_KEK 893 ++#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L ++ + #define SN_id_smime_cd_ldap "id-smime-cd-ldap" + #define NID_id_smime_cd_ldap 248 + #define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L +@@ -2399,6 +2423,11 @@ + #define NID_no_rev_avail 403 + #define OBJ_no_rev_avail OBJ_id_ce,56L + ++#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" ++#define LN_anyExtendedKeyUsage "Any Extended Key Usage" ++#define NID_anyExtendedKeyUsage 910 ++#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L ++ + #define SN_netscape "Netscape" + #define LN_netscape "Netscape Communications Corp." + #define NID_netscape 57 +@@ -2586,6 +2615,24 @@ + #define NID_aes_128_cfb128 421 + #define OBJ_aes_128_cfb128 OBJ_aes,4L + ++#define SN_id_aes128_wrap "id-aes128-wrap" ++#define NID_id_aes128_wrap 788 ++#define OBJ_id_aes128_wrap OBJ_aes,5L ++ ++#define SN_aes_128_gcm "id-aes128-GCM" ++#define LN_aes_128_gcm "aes-128-gcm" ++#define NID_aes_128_gcm 895 ++#define OBJ_aes_128_gcm OBJ_aes,6L ++ ++#define SN_aes_128_ccm "id-aes128-CCM" ++#define LN_aes_128_ccm "aes-128-ccm" ++#define NID_aes_128_ccm 896 ++#define OBJ_aes_128_ccm OBJ_aes,7L ++ ++#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" ++#define NID_id_aes128_wrap_pad 897 ++#define OBJ_id_aes128_wrap_pad OBJ_aes,8L ++ + #define SN_aes_192_ecb "AES-192-ECB" + #define LN_aes_192_ecb "aes-192-ecb" + #define NID_aes_192_ecb 422 +@@ -2606,6 +2653,24 @@ + #define NID_aes_192_cfb128 425 + #define OBJ_aes_192_cfb128 OBJ_aes,24L + ++#define SN_id_aes192_wrap "id-aes192-wrap" ++#define NID_id_aes192_wrap 789 ++#define OBJ_id_aes192_wrap OBJ_aes,25L ++ ++#define SN_aes_192_gcm "id-aes192-GCM" ++#define LN_aes_192_gcm "aes-192-gcm" ++#define NID_aes_192_gcm 898 ++#define OBJ_aes_192_gcm OBJ_aes,26L ++ ++#define SN_aes_192_ccm "id-aes192-CCM" ++#define LN_aes_192_ccm "aes-192-ccm" ++#define NID_aes_192_ccm 899 ++#define OBJ_aes_192_ccm OBJ_aes,27L ++ ++#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" ++#define NID_id_aes192_wrap_pad 900 ++#define OBJ_id_aes192_wrap_pad OBJ_aes,28L ++ + #define SN_aes_256_ecb "AES-256-ECB" + #define LN_aes_256_ecb "aes-256-ecb" + #define NID_aes_256_ecb 426 +@@ -2626,6 +2691,24 @@ + #define NID_aes_256_cfb128 429 + #define OBJ_aes_256_cfb128 OBJ_aes,44L + ++#define SN_id_aes256_wrap "id-aes256-wrap" ++#define NID_id_aes256_wrap 790 ++#define OBJ_id_aes256_wrap OBJ_aes,45L ++ ++#define SN_aes_256_gcm "id-aes256-GCM" ++#define LN_aes_256_gcm "aes-256-gcm" ++#define NID_aes_256_gcm 901 ++#define OBJ_aes_256_gcm OBJ_aes,46L ++ ++#define SN_aes_256_ccm "id-aes256-CCM" ++#define LN_aes_256_ccm "aes-256-ccm" ++#define NID_aes_256_ccm 902 ++#define OBJ_aes_256_ccm OBJ_aes,47L ++ ++#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" ++#define NID_id_aes256_wrap_pad 903 ++#define OBJ_id_aes256_wrap_pad OBJ_aes,48L ++ + #define SN_aes_128_cfb1 "AES-128-CFB1" + #define LN_aes_128_cfb1 "aes-128-cfb1" + #define NID_aes_128_cfb1 650 +@@ -2650,6 +2733,26 @@ + #define LN_aes_256_cfb8 "aes-256-cfb8" + #define NID_aes_256_cfb8 655 + ++#define SN_aes_128_ctr "AES-128-CTR" ++#define LN_aes_128_ctr "aes-128-ctr" ++#define NID_aes_128_ctr 904 ++ ++#define SN_aes_192_ctr "AES-192-CTR" ++#define LN_aes_192_ctr "aes-192-ctr" ++#define NID_aes_192_ctr 905 ++ ++#define SN_aes_256_ctr "AES-256-CTR" ++#define LN_aes_256_ctr "aes-256-ctr" ++#define NID_aes_256_ctr 906 ++ ++#define SN_aes_128_xts "AES-128-XTS" ++#define LN_aes_128_xts "aes-128-xts" ++#define NID_aes_128_xts 913 ++ ++#define SN_aes_256_xts "AES-256-XTS" ++#define LN_aes_256_xts "aes-256-xts" ++#define NID_aes_256_xts 914 ++ + #define SN_des_cfb1 "DES-CFB1" + #define LN_des_cfb1 "des-cfb1" + #define NID_des_cfb1 656 +@@ -2666,18 +2769,6 @@ + #define LN_des_ede3_cfb8 "des-ede3-cfb8" + #define NID_des_ede3_cfb8 659 + +-#define SN_id_aes128_wrap "id-aes128-wrap" +-#define NID_id_aes128_wrap 788 +-#define OBJ_id_aes128_wrap OBJ_aes,5L +- +-#define SN_id_aes192_wrap "id-aes192-wrap" +-#define NID_id_aes192_wrap 789 +-#define OBJ_id_aes192_wrap OBJ_aes,25L +- +-#define SN_id_aes256_wrap "id-aes256-wrap" +-#define NID_id_aes256_wrap 790 +-#define OBJ_id_aes256_wrap OBJ_aes,45L +- + #define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + + #define SN_sha256 "SHA256" +@@ -3810,6 +3901,18 @@ + #define NID_camellia_256_cbc 753 + #define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + ++#define SN_id_camellia128_wrap "id-camellia128-wrap" ++#define NID_id_camellia128_wrap 907 ++#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L ++ ++#define SN_id_camellia192_wrap "id-camellia192-wrap" ++#define NID_id_camellia192_wrap 908 ++#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L ++ ++#define SN_id_camellia256_wrap "id-camellia256-wrap" ++#define NID_id_camellia256_wrap 909 ++#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L ++ + #define OBJ_ntt_ds 0L,3L,4401L,5L + + #define OBJ_camellia OBJ_ntt_ds,3L,1L,9L +@@ -3911,3 +4014,181 @@ + #define SN_hmac "HMAC" + #define LN_hmac "hmac" + #define NID_hmac 855 ++ ++#define SN_cmac "CMAC" ++#define LN_cmac "cmac" ++#define NID_cmac 894 ++ ++#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" ++#define LN_rc4_hmac_md5 "rc4-hmac-md5" ++#define NID_rc4_hmac_md5 915 ++ ++#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" ++#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" ++#define NID_aes_128_cbc_hmac_sha1 916 ++ ++#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" ++#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" ++#define NID_aes_192_cbc_hmac_sha1 917 ++ ++#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" ++#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" ++#define NID_aes_256_cbc_hmac_sha1 918 ++ ++#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" ++#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" ++#define NID_aes_128_cbc_hmac_sha256 948 ++ ++#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" ++#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" ++#define NID_aes_192_cbc_hmac_sha256 949 ++ ++#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" ++#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" ++#define NID_aes_256_cbc_hmac_sha256 950 ++ ++#define SN_dhpublicnumber "dhpublicnumber" ++#define LN_dhpublicnumber "X9.42 DH" ++#define NID_dhpublicnumber 920 ++#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L ++ ++#define SN_brainpoolP160r1 "brainpoolP160r1" ++#define NID_brainpoolP160r1 921 ++#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L ++ ++#define SN_brainpoolP160t1 "brainpoolP160t1" ++#define NID_brainpoolP160t1 922 ++#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L ++ ++#define SN_brainpoolP192r1 "brainpoolP192r1" ++#define NID_brainpoolP192r1 923 ++#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L ++ ++#define SN_brainpoolP192t1 "brainpoolP192t1" ++#define NID_brainpoolP192t1 924 ++#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L ++ ++#define SN_brainpoolP224r1 "brainpoolP224r1" ++#define NID_brainpoolP224r1 925 ++#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L ++ ++#define SN_brainpoolP224t1 "brainpoolP224t1" ++#define NID_brainpoolP224t1 926 ++#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L ++ ++#define SN_brainpoolP256r1 "brainpoolP256r1" ++#define NID_brainpoolP256r1 927 ++#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L ++ ++#define SN_brainpoolP256t1 "brainpoolP256t1" ++#define NID_brainpoolP256t1 928 ++#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L ++ ++#define SN_brainpoolP320r1 "brainpoolP320r1" ++#define NID_brainpoolP320r1 929 ++#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L ++ ++#define SN_brainpoolP320t1 "brainpoolP320t1" ++#define NID_brainpoolP320t1 930 ++#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L ++ ++#define SN_brainpoolP384r1 "brainpoolP384r1" ++#define NID_brainpoolP384r1 931 ++#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L ++ ++#define SN_brainpoolP384t1 "brainpoolP384t1" ++#define NID_brainpoolP384t1 932 ++#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L ++ ++#define SN_brainpoolP512r1 "brainpoolP512r1" ++#define NID_brainpoolP512r1 933 ++#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L ++ ++#define SN_brainpoolP512t1 "brainpoolP512t1" ++#define NID_brainpoolP512t1 934 ++#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L ++ ++#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L ++ ++#define OBJ_secg_scheme OBJ_certicom_arc,1L ++ ++#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" ++#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 ++#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L ++ ++#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" ++#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 ++#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L ++ ++#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" ++#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 ++#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L ++ ++#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" ++#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 ++#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L ++ ++#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" ++#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 ++#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L ++ ++#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" ++#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 ++#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L ++ ++#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" ++#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 ++#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L ++ ++#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" ++#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 ++#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L ++ ++#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" ++#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 ++#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L ++ ++#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" ++#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 ++#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L ++ ++#define SN_dh_std_kdf "dh-std-kdf" ++#define NID_dh_std_kdf 946 ++ ++#define SN_dh_cofactor_kdf "dh-cofactor-kdf" ++#define NID_dh_cofactor_kdf 947 ++ ++#define SN_ct_precert_scts "ct_precert_scts" ++#define LN_ct_precert_scts "CT Precertificate SCTs" ++#define NID_ct_precert_scts 951 ++#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L ++ ++#define SN_ct_precert_poison "ct_precert_poison" ++#define LN_ct_precert_poison "CT Precertificate Poison" ++#define NID_ct_precert_poison 952 ++#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L ++ ++#define SN_ct_precert_signer "ct_precert_signer" ++#define LN_ct_precert_signer "CT Precertificate Signer" ++#define NID_ct_precert_signer 953 ++#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L ++ ++#define SN_ct_cert_scts "ct_cert_scts" ++#define LN_ct_cert_scts "CT Certificate SCTs" ++#define NID_ct_cert_scts 954 ++#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L ++ ++#define SN_jurisdictionLocalityName "jurisdictionL" ++#define LN_jurisdictionLocalityName "jurisdictionLocalityName" ++#define NID_jurisdictionLocalityName 955 ++#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L ++ ++#define SN_jurisdictionStateOrProvinceName "jurisdictionST" ++#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" ++#define NID_jurisdictionStateOrProvinceName 956 ++#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L ++ ++#define SN_jurisdictionCountryName "jurisdictionC" ++#define LN_jurisdictionCountryName "jurisdictionCountryName" ++#define NID_jurisdictionCountryName 957 ++#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L +diff --git a/Cryptlib/Include/openssl/objects.h b/Cryptlib/Include/openssl/objects.h +index 7958754..b8dafa8 100644 +--- a/Cryptlib/Include/openssl/objects.h ++++ b/Cryptlib/Include/openssl/objects.h +@@ -1015,11 +1015,91 @@ int OBJ_txt2nid(const char *s); + int OBJ_ln2nid(const char *s); + int OBJ_sn2nid(const char *s); + int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +-const char *OBJ_bsearch(const char *key, const char *base, int num, int size, +- int (*cmp) (const void *, const void *)); +-const char *OBJ_bsearch_ex(const char *key, const char *base, int num, +- int size, int (*cmp) (const void *, const void *), +- int flags); ++const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, ++ int (*cmp) (const void *, const void *)); ++const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, ++ int size, ++ int (*cmp) (const void *, const void *), ++ int flags); ++ ++# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ ++ static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ ++ static int nm##_cmp(type1 const *, type2 const *); \ ++ scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) ++ ++# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ ++ _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) ++# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ ++ type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) ++ ++/*- ++ * Unsolved problem: if a type is actually a pointer type, like ++ * nid_triple is, then its impossible to get a const where you need ++ * it. Consider: ++ * ++ * typedef int nid_triple[3]; ++ * const void *a_; ++ * const nid_triple const *a = a_; ++ * ++ * The assignement discards a const because what you really want is: ++ * ++ * const int const * const *a = a_; ++ * ++ * But if you do that, you lose the fact that a is an array of 3 ints, ++ * which breaks comparison functions. ++ * ++ * Thus we end up having to cast, sadly, or unpack the ++ * declarations. Or, as I finally did in this case, delcare nid_triple ++ * to be a struct, which it should have been in the first place. ++ * ++ * Ben, August 2008. ++ * ++ * Also, strictly speaking not all types need be const, but handling ++ * the non-constness means a lot of complication, and in practice ++ * comparison routines do always not touch their arguments. ++ */ ++ ++# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ ++ static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ ++ { \ ++ type1 const *a = a_; \ ++ type2 const *b = b_; \ ++ return nm##_cmp(a,b); \ ++ } \ ++ static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ ++ { \ ++ return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ ++ nm##_cmp_BSEARCH_CMP_FN); \ ++ } \ ++ extern void dummy_prototype(void) ++ ++# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ ++ static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ ++ { \ ++ type1 const *a = a_; \ ++ type2 const *b = b_; \ ++ return nm##_cmp(a,b); \ ++ } \ ++ type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ ++ { \ ++ return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ ++ nm##_cmp_BSEARCH_CMP_FN); \ ++ } \ ++ extern void dummy_prototype(void) ++ ++# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ ++ ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ ++ num,sizeof(type2), \ ++ ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ ++ (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ ++ cmp##_BSEARCH_CMP_FN))) ++ ++# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ ++ ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ ++ num,sizeof(type2), \ ++ ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ ++ (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ ++ cmp##_BSEARCH_CMP_FN)),flags) + + int OBJ_new_nid(int num); + int OBJ_add_object(const ASN1_OBJECT *obj); +@@ -1027,6 +1107,14 @@ int OBJ_create(const char *oid, const char *sn, const char *ln); + void OBJ_cleanup(void); + int OBJ_create_objects(BIO *in); + ++int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); ++int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); ++int OBJ_add_sigid(int signid, int dig_id, int pkey_id); ++void OBJ_sigid_free(void); ++ ++extern int obj_cleanup_defer; ++void check_defer(int nid); ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +diff --git a/Cryptlib/Include/openssl/ocsp.h b/Cryptlib/Include/openssl/ocsp.h +index 026725d..ca2ee76 100644 +--- a/Cryptlib/Include/openssl/ocsp.h ++++ b/Cryptlib/Include/openssl/ocsp.h +@@ -67,6 +67,7 @@ + #ifndef HEADER_OCSP_H + # define HEADER_OCSP_H + ++# include + # include + # include + # include +@@ -387,17 +388,31 @@ typedef struct ocsp_service_locator_st { + # define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +-# define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid) +- + # define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); +-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, ++OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); ++ ++OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); ++OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); ++int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); + int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); ++OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline); + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); ++void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); ++int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ++ ASN1_VALUE *val); ++int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, ++ const ASN1_ITEM *it); ++BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); ++int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ++ ASN1_VALUE *val); ++int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); ++int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); ++int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, ++ const char *name, const char *value); + + OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); + +@@ -443,7 +458,7 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, ++int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl); + + int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); +@@ -468,11 +483,6 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, +- void *data, STACK_OF(ASN1_OBJECT) *sk); +-# define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ +- ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) +- + X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); + + X509_EXTENSION *OCSP_accept_responses_new(char **oids); +@@ -549,9 +559,9 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) + DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) + DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +-char *OCSP_response_status_str(long s); +-char *OCSP_cert_status_str(long s); +-char *OCSP_crl_reason_str(long s); ++const char *OCSP_response_status_str(long s); ++const char *OCSP_cert_status_str(long s); ++const char *OCSP_crl_reason_str(long s); + + int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); + int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); +@@ -585,7 +595,8 @@ void ERR_load_OCSP_strings(void); + # define OCSP_F_OCSP_REQUEST_VERIFY 116 + # define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 + # define OCSP_F_OCSP_SENDREQ_BIO 112 +-# define OCSP_F_PARSE_HTTP_LINE1 117 ++# define OCSP_F_OCSP_SENDREQ_NBIO 117 ++# define OCSP_F_PARSE_HTTP_LINE1 118 + # define OCSP_F_REQUEST_VERIFY 113 + + /* Reason codes. */ +diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h +index fdc2cc3..90a4d2c 100644 +--- a/Cryptlib/Include/openssl/opensslconf.h ++++ b/Cryptlib/Include/openssl/opensslconf.h +@@ -1,18 +1,15 @@ + /* opensslconf.h */ + /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ + ++#ifdef __cplusplus ++extern "C" { ++#endif + /* OpenSSL was configured with the following options: */ + #ifndef OPENSSL_DOING_MAKEDEPEND + + +-#ifndef OPENSSL_NO_CAMELLIA +-# define OPENSSL_NO_CAMELLIA +-#endif +-#ifndef OPENSSL_NO_CAPIENG +-# define OPENSSL_NO_CAPIENG +-#endif +-#ifndef OPENSSL_NO_CMS +-# define OPENSSL_NO_CMS ++#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 ++# define OPENSSL_NO_EC_NISTP_64_GCC_128 + #endif + #ifndef OPENSSL_NO_GMP + # define OPENSSL_NO_GMP +@@ -23,8 +20,11 @@ + #ifndef OPENSSL_NO_KRB5 + # define OPENSSL_NO_KRB5 + #endif +-#ifndef OPENSSL_NO_MDC2 +-# define OPENSSL_NO_MDC2 ++#ifndef OPENSSL_NO_LIBUNBOUND ++# define OPENSSL_NO_LIBUNBOUND ++#endif ++#ifndef OPENSSL_NO_MD2 ++# define OPENSSL_NO_MD2 + #endif + #ifndef OPENSSL_NO_RC5 + # define OPENSSL_NO_RC5 +@@ -32,8 +32,17 @@ + #ifndef OPENSSL_NO_RFC3779 + # define OPENSSL_NO_RFC3779 + #endif +-#ifndef OPENSSL_NO_SEED +-# define OPENSSL_NO_SEED ++#ifndef OPENSSL_NO_SCTP ++# define OPENSSL_NO_SCTP ++#endif ++#ifndef OPENSSL_NO_SSL_TRACE ++# define OPENSSL_NO_SSL_TRACE ++#endif ++#ifndef OPENSSL_NO_STORE ++# define OPENSSL_NO_STORE ++#endif ++#ifndef OPENSSL_NO_UNIT_TEST ++# define OPENSSL_NO_UNIT_TEST + #endif + + #endif /* OPENSSL_DOING_MAKEDEPEND */ +@@ -47,14 +56,8 @@ + who haven't had the time to do the appropriate changes in their + applications. */ + #ifdef OPENSSL_ALGORITHM_DEFINES +-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +-# define NO_CAMELLIA +-# endif +-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) +-# define NO_CAPIENG +-# endif +-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +-# define NO_CMS ++# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) ++# define NO_EC_NISTP_64_GCC_128 + # endif + # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) + # define NO_GMP +@@ -65,8 +68,11 @@ + # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) + # define NO_KRB5 + # endif +-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +-# define NO_MDC2 ++# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) ++# define NO_LIBUNBOUND ++# endif ++# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) ++# define NO_MD2 + # endif + # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) + # define NO_RC5 +@@ -74,28 +80,22 @@ + # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) + # define NO_RFC3779 + # endif +-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +-# define NO_SEED ++# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) ++# define NO_SCTP ++# endif ++# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) ++# define NO_SSL_TRACE ++# endif ++# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) ++# define NO_STORE ++# endif ++# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) ++# define NO_UNIT_TEST + # endif + #endif + + /* crypto/opensslconf.h.in */ + +-#ifdef OPENSSL_DOING_MAKEDEPEND +- +-/* Include any symbols here that have to be explicitly set to enable a feature +- * that should be visible to makedepend. +- * +- * [Our "make depend" doesn't actually look at this, we use actual build settings +- * instead; we want to make it easy to remove subdirectories with disabled algorithms.] +- */ +- +-#ifndef OPENSSL_FIPS +-#define OPENSSL_FIPS +-#endif +- +-#endif +- + /* Generate 80386 code? */ + #undef I386_ONLY + +@@ -159,19 +159,12 @@ + /* Should we define BN_DIV2W here? */ + + /* Only one for the following should be defined */ +-/* The prime number generation stuff may not work when +- * EIGHT_BIT but I don't care since I've only used this mode +- * for debuging the bignum libraries */ +- +-/* Bypass following definition for UEFI version. */ ++/* Bypass the following definitions for UEFI version. */ + #if !defined(OPENSSL_SYS_UEFI) + #undef SIXTY_FOUR_BIT_LONG + #undef SIXTY_FOUR_BIT + #define THIRTY_TWO_BIT +-#undef SIXTEEN_BIT +-#undef EIGHT_BIT + #endif +- + #endif + + #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +@@ -207,7 +200,7 @@ + #endif + + #if defined(DES_RISC1) && defined(DES_RISC2) +-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! ++#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! + #endif + + /* Unroll the inner loop, this sometimes helps, sometimes hinders. +@@ -258,3 +251,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! + + #endif /* DES_DEFAULT_OPTIONS */ + #endif /* HEADER_DES_LOCL_H */ ++#ifdef __cplusplus ++} ++#endif +diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h +index 1c671fd..c06b13a 100644 +--- a/Cryptlib/Include/openssl/opensslv.h ++++ b/Cryptlib/Include/openssl/opensslv.h +@@ -1,6 +1,10 @@ + #ifndef HEADER_OPENSSLV_H + # define HEADER_OPENSSLV_H + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + /*- + * Numeric release version identifier: + * MNNFFPPS: major minor fix patch status +@@ -26,11 +30,11 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x009081ffL ++# define OPENSSL_VERSION_NUMBER 0x1000204fL + # ifdef OPENSSL_FIPS +-# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips 19 Mar 2015" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-fips 9 Jul 2015" + # else +-# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf 19 Mar 2015" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d 9 Jul 2015" + # endif + # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + +@@ -84,6 +88,10 @@ + * should only keep the versions that are binary compatible with the current. + */ + # define SHLIB_VERSION_HISTORY "" +-# define SHLIB_VERSION_NUMBER "0.9.8" ++# define SHLIB_VERSION_NUMBER "1.0.0" ++ + ++#ifdef __cplusplus ++} ++#endif + #endif /* HEADER_OPENSSLV_H */ +diff --git a/Cryptlib/Include/openssl/ossl_typ.h b/Cryptlib/Include/openssl/ossl_typ.h +index bfcb201..9144ea2 100644 +--- a/Cryptlib/Include/openssl/ossl_typ.h ++++ b/Cryptlib/Include/openssl/ossl_typ.h +@@ -55,6 +55,10 @@ + #ifndef HEADER_OPENSSL_TYPES_H + # define HEADER_OPENSSL_TYPES_H + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + # include + + # ifdef NO_ASN1_TYPEDEFS +@@ -91,10 +95,16 @@ typedef struct asn1_string_st ASN1_TIME; + typedef struct asn1_string_st ASN1_GENERALIZEDTIME; + typedef struct asn1_string_st ASN1_VISIBLESTRING; + typedef struct asn1_string_st ASN1_UTF8STRING; ++typedef struct asn1_string_st ASN1_STRING; + typedef int ASN1_BOOLEAN; + typedef int ASN1_NULL; + # endif + ++typedef struct asn1_object_st ASN1_OBJECT; ++ ++typedef struct ASN1_ITEM_st ASN1_ITEM; ++typedef struct asn1_pctx_st ASN1_PCTX; ++ + # ifdef OPENSSL_SYS_WIN32 + # undef X509_NAME + # undef X509_EXTENSIONS +@@ -122,6 +132,11 @@ typedef struct env_md_st EVP_MD; + typedef struct env_md_ctx_st EVP_MD_CTX; + typedef struct evp_pkey_st EVP_PKEY; + ++typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; ++ ++typedef struct evp_pkey_method_st EVP_PKEY_METHOD; ++typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; ++ + typedef struct dh_st DH; + typedef struct dh_method DH_METHOD; + +@@ -139,11 +154,14 @@ typedef struct ecdsa_method ECDSA_METHOD; + typedef struct x509_st X509; + typedef struct X509_algor_st X509_ALGOR; + typedef struct X509_crl_st X509_CRL; ++typedef struct x509_crl_method_st X509_CRL_METHOD; ++typedef struct x509_revoked_st X509_REVOKED; + typedef struct X509_name_st X509_NAME; ++typedef struct X509_pubkey_st X509_PUBKEY; + typedef struct x509_store_st X509_STORE; + typedef struct x509_store_ctx_st X509_STORE_CTX; +-typedef struct ssl_st SSL; +-typedef struct ssl_ctx_st SSL_CTX; ++ ++typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + + typedef struct v3_ext_ctx X509V3_CTX; + typedef struct conf_st CONF; +@@ -157,12 +175,19 @@ typedef struct ui_method_st UI_METHOD; + typedef struct st_ERR_FNS ERR_FNS; + + typedef struct engine_st ENGINE; ++typedef struct ssl_st SSL; ++typedef struct ssl_ctx_st SSL_CTX; + + typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; + typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; + typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; + typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + ++typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; ++typedef struct DIST_POINT_st DIST_POINT; ++typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; ++typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; ++ + /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ + # define DECLARE_PKCS12_STACK_OF(type)/* Nothing */ + # define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */ +@@ -180,4 +205,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; + typedef struct ocsp_response_st OCSP_RESPONSE; + typedef struct ocsp_responder_id_st OCSP_RESPID; + ++#ifdef __cplusplus ++} ++#endif + #endif /* def HEADER_OPENSSL_TYPES_H */ +diff --git a/Cryptlib/Include/openssl/pem.h b/Cryptlib/Include/openssl/pem.h +index 5fad903..d61605b 100644 +--- a/Cryptlib/Include/openssl/pem.h ++++ b/Cryptlib/Include/openssl/pem.h +@@ -129,11 +129,13 @@ extern "C" { + # define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" + # define PEM_STRING_PKCS8INF "PRIVATE KEY" + # define PEM_STRING_DHPARAMS "DH PARAMETERS" ++# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" + # define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" + # define PEM_STRING_DSAPARAMS "DSA PARAMETERS" + # define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" + # define PEM_STRING_ECPARAMETERS "EC PARAMETERS" + # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" ++# define PEM_STRING_PARAMETERS "PARAMETERS" + # define PEM_STRING_CMS "CMS" + + /* +@@ -180,12 +182,9 @@ typedef struct pem_ctx_st { + + int num_recipient; + PEM_USER **recipient; +- +-# ifndef OPENSSL_NO_STACK +- STACK *x509_chain; /* certificate chain */ +-# else +- char *x509_chain; /* certificate chain */ +-# endif ++/*- ++ XXX(ben): don#t think this is used! ++ STACK *x509_chain; / * certificate chain */ + EVP_MD *md; /* signature type */ + + int md_enc; /* is the md encrypted or not? */ +@@ -222,28 +221,19 @@ typedef struct pem_ctx_st { + # define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ + { \ +- return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ +- str, fp, \ +- CHECKED_PPTR_OF(type, x), \ +- cb, u); \ ++return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ + } + + # define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ + int PEM_write_##name(FILE *fp, type *x) \ + { \ +- return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ +- str, fp, \ +- CHECKED_PTR_OF(type, x), \ +- NULL, NULL, 0, NULL, NULL); \ ++return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ + } + + # define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ + int PEM_write_##name(FILE *fp, const type *x) \ + { \ +- return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ +- str, fp, \ +- CHECKED_PTR_OF(const type, x), \ +- NULL, NULL, 0, NULL, NULL); \ ++return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ + } + + # define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ +@@ -251,10 +241,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ +- return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ +- str, fp, \ +- CHECKED_PTR_OF(type, x), \ +- enc, kstr, klen, cb, u); \ ++ return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + + # define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +@@ -262,10 +249,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ +- return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ +- str, fp, \ +- CHECKED_PTR_OF(const type, x), \ +- enc, kstr, klen, cb, u); \ ++ return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + + # endif +@@ -273,48 +257,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + # define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ + { \ +- return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ +- str, bp, \ +- CHECKED_PPTR_OF(type, x), \ +- cb, u); \ ++return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ + } + + # define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + int PEM_write_bio_##name(BIO *bp, type *x) \ + { \ +- return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ +- str, bp, \ +- CHECKED_PTR_OF(type, x), \ +- NULL, NULL, 0, NULL, NULL); \ ++return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ + } + + # define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + int PEM_write_bio_##name(BIO *bp, const type *x) \ + { \ +- return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ +- str, bp, \ +- CHECKED_PTR_OF(const type, x), \ +- NULL, NULL, 0, NULL, NULL); \ ++return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ + } + + # define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ +- return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ +- str, bp, \ +- CHECKED_PTR_OF(type, x), \ +- enc, kstr, klen, cb, u); \ ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + + # define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ +- return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ +- str, bp, \ +- CHECKED_PTR_OF(const type, x), \ +- enc, kstr, klen, cb, u); \ ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ + } + + # define IMPLEMENT_PEM_write(name, type, str, asn1) \ +@@ -351,7 +320,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + + /* These are the same except they are for the declarations */ + +-# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) ++# if defined(OPENSSL_NO_FP_API) + + # define DECLARE_PEM_read_fp(name, type) /**/ + # define DECLARE_PEM_write_fp(name, type) /**/ +@@ -416,127 +385,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + # define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) +-# ifdef SSLEAY_MACROS +-# define PEM_write_SSL_SESSION(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ +- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_write_X509(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ +- (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ +- NULL,NULL,0,NULL,NULL) +-# define PEM_write_X509_CRL(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ +- fp,(char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ +- (char *)x,enc,kstr,klen,cb,u) +-# define PEM_write_RSAPublicKey(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ +- PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) +-# define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ +- (char *)x,enc,kstr,klen,cb,u) +-# define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write((int (*)())i2d_PrivateKey,\ +- (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-# define PEM_write_PKCS7(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_write_DHparams(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ +- (char *)x,NULL,NULL,0,NULL,NULL) +-# define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ +- PEM_STRING_X509,fp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ +- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) +-# define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ +- (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) +-# define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ +- (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) +-# define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ +- (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) +-# define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ +- (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) +-# define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ +- (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) +-# define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ +- (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) +-# define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ +- (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) +-# define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ +- (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) +-# define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ +- (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) +-# define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ +- (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ +- (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ +- (char **)x,cb,u) +-# define PEM_write_bio_X509(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ +- (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ +- NULL,NULL,0,NULL,NULL) +-# define PEM_write_bio_X509_CRL(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ +- bp,(char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-# define PEM_write_bio_RSAPublicKey(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ +- PEM_STRING_RSA_PUBLIC,\ +- bp,(char *)x,NULL,NULL,0,NULL,NULL) +-# define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-# define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ +- (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-# define PEM_write_bio_PKCS7(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_write_bio_DHparams(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ +- bp,(char *)x,NULL,NULL,0,NULL,NULL) +-# define PEM_write_bio_DSAparams(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ +- PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) +-# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ +- PEM_STRING_X509,bp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) +-# define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) +-# define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) +-# define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) +-# define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) +-# define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) +-# define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) +-# define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) +-# define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) +-# define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) +-# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ +- (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\ +- (char **)x,cb,u) +-# endif + # if 1 + /* "userdata": new with OpenSSL 0.9.4 */ + typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); +@@ -552,30 +400,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + # ifndef OPENSSL_NO_BIO + int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +-int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data, +- long len); ++int PEM_write_bio(BIO *bp, const char *name, const char *hdr, ++ const unsigned char *data, long len); + int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); + void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +- +-# define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ +- ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ +- name, bp, \ +- CHECKED_PPTR_OF(type, x), \ +- cb, u)) +- +-int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, char *x, ++int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +-# define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ +- (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ +- name, bp, \ +- CHECKED_PTR_OF(type, x), \ +- enc, kstr, klen, cb, u)) +- + STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); + int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, +@@ -583,18 +418,17 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + pem_password_cb *cd, void *u); + # endif + +-# ifndef OPENSSL_SYS_WIN16 + int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +-int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data, long len); ++int PEM_write(FILE *fp, const char *name, const char *hdr, ++ const unsigned char *data, long len); + void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); + int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, +- char *x, const EVP_CIPHER *enc, unsigned char *kstr, ++ void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u); + STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +-# endif + + int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, + EVP_MD *md_type, unsigned char **ek, int *ekl, +@@ -613,9 +447,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key); + void PEM_proc_type(char *buf, int type); + void PEM_dek_info(char *buf, const char *type, int len, char *str); + +-# ifndef SSLEAY_MACROS +- +-# include ++# include + + DECLARE_PEM_rw(X509, X509) + DECLARE_PEM_rw(X509_AUX, X509) +@@ -627,24 +459,25 @@ DECLARE_PEM_rw(PKCS7, PKCS7) + DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) + DECLARE_PEM_rw(PKCS8, X509_SIG) + DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +-# ifndef OPENSSL_NO_RSA ++# ifndef OPENSSL_NO_RSA + DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) + DECLARE_PEM_rw_const(RSAPublicKey, RSA) + DECLARE_PEM_rw(RSA_PUBKEY, RSA) +-# endif +-# ifndef OPENSSL_NO_DSA ++# endif ++# ifndef OPENSSL_NO_DSA + DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) + DECLARE_PEM_rw(DSA_PUBKEY, DSA) + DECLARE_PEM_rw_const(DSAparams, DSA) +-# endif +-# ifndef OPENSSL_NO_EC ++# endif ++# ifndef OPENSSL_NO_EC + DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) + DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) + DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +-# endif +-# ifndef OPENSSL_NO_DH ++# endif ++# ifndef OPENSSL_NO_DH + DECLARE_PEM_rw_const(DHparams, DH) +-# endif ++DECLARE_PEM_write_const(DHxparams, DH) ++# endif + DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) + DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +@@ -679,7 +512,20 @@ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, + void *u); + +-# endif /* SSLEAY_MACROS */ ++EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); ++int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); ++ ++EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); ++EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); ++EVP_PKEY *b2i_PrivateKey_bio(BIO *in); ++EVP_PKEY *b2i_PublicKey_bio(BIO *in); ++int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); ++int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); ++# ifndef OPENSSL_NO_RC4 ++EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); ++int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, ++ pem_password_cb *cb, void *u); ++# endif + + /* BEGIN ERROR CODES */ + /* +@@ -691,10 +537,22 @@ void ERR_load_PEM_strings(void); + /* Error codes for the PEM functions. */ + + /* Function codes. */ ++# define PEM_F_B2I_DSS 127 ++# define PEM_F_B2I_PVK_BIO 128 ++# define PEM_F_B2I_RSA 129 ++# define PEM_F_CHECK_BITLEN_DSA 130 ++# define PEM_F_CHECK_BITLEN_RSA 131 + # define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 + # define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 ++# define PEM_F_DO_B2I 132 ++# define PEM_F_DO_B2I_BIO 133 ++# define PEM_F_DO_BLOB_HEADER 134 + # define PEM_F_DO_PK8PKEY 126 + # define PEM_F_DO_PK8PKEY_FP 125 ++# define PEM_F_DO_PVK_BODY 135 ++# define PEM_F_DO_PVK_HEADER 136 ++# define PEM_F_I2B_PVK 137 ++# define PEM_F_I2B_PVK_BIO 138 + # define PEM_F_LOAD_IV 101 + # define PEM_F_PEM_ASN1_READ 102 + # define PEM_F_PEM_ASN1_READ_BIO 103 +@@ -707,13 +565,17 @@ void ERR_load_PEM_strings(void); + # define PEM_F_PEM_PK8PKEY 119 + # define PEM_F_PEM_READ 108 + # define PEM_F_PEM_READ_BIO 109 ++# define PEM_F_PEM_READ_BIO_DHPARAMS 141 ++# define PEM_F_PEM_READ_BIO_PARAMETERS 140 + # define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 ++# define PEM_F_PEM_READ_DHPARAMS 142 + # define PEM_F_PEM_READ_PRIVATEKEY 124 + # define PEM_F_PEM_SEALFINAL 110 + # define PEM_F_PEM_SEALINIT 111 + # define PEM_F_PEM_SIGNFINAL 112 + # define PEM_F_PEM_WRITE 113 + # define PEM_F_PEM_WRITE_BIO 114 ++# define PEM_F_PEM_WRITE_PRIVATEKEY 139 + # define PEM_F_PEM_X509_INFO_READ 115 + # define PEM_F_PEM_X509_INFO_READ_BIO 116 + # define PEM_F_PEM_X509_INFO_WRITE_BIO 117 +@@ -723,18 +585,30 @@ void ERR_load_PEM_strings(void); + # define PEM_R_BAD_DECRYPT 101 + # define PEM_R_BAD_END_LINE 102 + # define PEM_R_BAD_IV_CHARS 103 ++# define PEM_R_BAD_MAGIC_NUMBER 116 + # define PEM_R_BAD_PASSWORD_READ 104 ++# define PEM_R_BAD_VERSION_NUMBER 117 ++# define PEM_R_BIO_WRITE_FAILURE 118 ++# define PEM_R_CIPHER_IS_NULL 127 + # define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 ++# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 ++# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 ++# define PEM_R_INCONSISTENT_HEADER 121 ++# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 ++# define PEM_R_KEYBLOB_TOO_SHORT 123 + # define PEM_R_NOT_DEK_INFO 105 + # define PEM_R_NOT_ENCRYPTED 106 + # define PEM_R_NOT_PROC_TYPE 107 + # define PEM_R_NO_START_LINE 108 + # define PEM_R_PROBLEMS_GETTING_PASSWORD 109 + # define PEM_R_PUBLIC_KEY_NO_RSA 110 ++# define PEM_R_PVK_DATA_TOO_SHORT 124 ++# define PEM_R_PVK_TOO_SHORT 125 + # define PEM_R_READ_KEY 111 + # define PEM_R_SHORT_HEADER 112 + # define PEM_R_UNSUPPORTED_CIPHER 113 + # define PEM_R_UNSUPPORTED_ENCRYPTION 114 ++# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/pkcs12.h b/Cryptlib/Include/openssl/pkcs12.h +index 90959f6..a39adf5 100644 +--- a/Cryptlib/Include/openssl/pkcs12.h ++++ b/Cryptlib/Include/openssl/pkcs12.h +@@ -111,7 +111,7 @@ typedef struct { + PKCS7 *authsafes; + } PKCS12; + +-PREDECLARE_STACK_OF(PKCS12_SAFEBAG) typedef struct { ++typedef struct { + ASN1_OBJECT *type; + union { + struct pkcs12_bag_st *bag; /* secret, crl and certbag */ +@@ -239,16 +239,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + const EVP_MD *md_type); + int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +-# if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) +-/* Rename these functions to avoid name clashes on NetWare OS */ + unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); + char *OPENSSL_uni2asc(unsigned char *uni, int unilen); +-# else +-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, +- int *unilen); +-char *uni2asc(unsigned char *uni, int unilen); +-# endif ++ + DECLARE_ASN1_FUNCTIONS(PKCS12) + DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) + DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +diff --git a/Cryptlib/Include/openssl/pkcs7.h b/Cryptlib/Include/openssl/pkcs7.h +index 201f289..b51b386 100644 +--- a/Cryptlib/Include/openssl/pkcs7.h ++++ b/Cryptlib/Include/openssl/pkcs7.h +@@ -215,7 +215,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) + # define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) + # define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +- + # define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + + # define PKCS7_set_detached(p,v) \ +@@ -225,14 +224,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) + + # define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +-# ifdef SSLEAY_MACROS +-# ifndef PKCS7_ISSUER_AND_SERIAL_digest +-# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ +- ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ +- (char *)data,md,len) +-# endif +-# endif +- + /* S/MIME related flags */ + + # define PKCS7_TEXT 0x1 +@@ -249,6 +240,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) + # define PKCS7_CRLFEOL 0x800 + # define PKCS7_STREAM 0x1000 + # define PKCS7_NOCRL 0x2000 ++# define PKCS7_PARTIAL 0x4000 ++# define PKCS7_REUSE_DIGEST 0x8000 + + /* Flags: for compatibility with older code */ + +@@ -264,18 +257,18 @@ DECLARE_PKCS12_STACK_OF(PKCS7) + + DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +-# ifndef SSLEAY_MACROS + int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +-# ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); + int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); +-# endif ++# endif + PKCS7 *PKCS7_dup(PKCS7 *p7); + PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); + int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); +-# endif ++int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); ++int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + + DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) + DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +@@ -291,6 +284,7 @@ DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) + DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + + DECLARE_ASN1_NDEF_FUNCTION(PKCS7) ++DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + + long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +@@ -299,6 +293,7 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); + int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); + int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); ++int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); + int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); + int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +@@ -319,9 +314,13 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + + PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); ++void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, ++ X509_ALGOR **pdig, X509_ALGOR **psig); ++void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); + int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); + int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); + int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); ++int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + + PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); + ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +@@ -338,6 +337,12 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); ++ ++PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, ++ X509 *signcert, EVP_PKEY *pkey, ++ const EVP_MD *md, int flags); ++ ++int PKCS7_final(PKCS7 *p7, BIO *data, int flags); + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); + STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, +@@ -352,10 +357,15 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); + int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + ++int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); ++int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); ++int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, ++ const unsigned char *md, int mdlen); ++ + int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); + PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); +-int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +-int SMIME_text(BIO *in, BIO *out); ++ ++BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + + /* BEGIN ERROR CODES */ + /* +@@ -369,12 +379,17 @@ void ERR_load_PKCS7_strings(void); + /* Function codes. */ + # define PKCS7_F_B64_READ_PKCS7 120 + # define PKCS7_F_B64_WRITE_PKCS7 121 ++# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 ++# define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 ++# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 + # define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 + # define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 + # define PKCS7_F_PKCS7_ADD_CRL 101 + # define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 ++# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 + # define PKCS7_F_PKCS7_ADD_SIGNER 103 + # define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 ++# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 + # define PKCS7_F_PKCS7_CTRL 104 + # define PKCS7_F_PKCS7_DATADECODE 112 + # define PKCS7_F_PKCS7_DATAFINAL 128 +@@ -382,15 +397,22 @@ void ERR_load_PKCS7_strings(void); + # define PKCS7_F_PKCS7_DATASIGN 106 + # define PKCS7_F_PKCS7_DATAVERIFY 107 + # define PKCS7_F_PKCS7_DECRYPT 114 ++# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 ++# define PKCS7_F_PKCS7_ENCODE_RINFO 132 + # define PKCS7_F_PKCS7_ENCRYPT 115 ++# define PKCS7_F_PKCS7_FINAL 134 + # define PKCS7_F_PKCS7_FIND_DIGEST 127 + # define PKCS7_F_PKCS7_GET0_SIGNERS 124 ++# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 + # define PKCS7_F_PKCS7_SET_CIPHER 108 + # define PKCS7_F_PKCS7_SET_CONTENT 109 + # define PKCS7_F_PKCS7_SET_DIGEST 126 + # define PKCS7_F_PKCS7_SET_TYPE 110 + # define PKCS7_F_PKCS7_SIGN 116 + # define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 ++# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 ++# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 ++# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 + # define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 + # define PKCS7_F_PKCS7_VERIFY 117 + # define PKCS7_F_SMIME_READ_PKCS7 122 +@@ -401,20 +423,26 @@ void ERR_load_PKCS7_strings(void); + # define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 + # define PKCS7_R_CIPHER_NOT_INITIALIZED 116 + # define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 ++# define PKCS7_R_CTRL_ERROR 152 + # define PKCS7_R_DECODE_ERROR 130 + # define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 + # define PKCS7_R_DECRYPT_ERROR 119 + # define PKCS7_R_DIGEST_FAILURE 101 ++# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 ++# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 + # define PKCS7_R_ERROR_ADDING_RECIPIENT 120 + # define PKCS7_R_ERROR_SETTING_CIPHER 121 + # define PKCS7_R_INVALID_MIME_TYPE 131 + # define PKCS7_R_INVALID_NULL_POINTER 143 ++# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 + # define PKCS7_R_MIME_NO_CONTENT_TYPE 132 + # define PKCS7_R_MIME_PARSE_ERROR 133 + # define PKCS7_R_MIME_SIG_PARSE_ERROR 134 + # define PKCS7_R_MISSING_CERIPEND_INFO 103 + # define PKCS7_R_NO_CONTENT 122 + # define PKCS7_R_NO_CONTENT_TYPE 135 ++# define PKCS7_R_NO_DEFAULT_DIGEST 151 ++# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 + # define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 + # define PKCS7_R_NO_MULTIPART_BOUNDARY 137 + # define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +@@ -424,6 +452,7 @@ void ERR_load_PKCS7_strings(void); + # define PKCS7_R_NO_SIG_CONTENT_TYPE 138 + # define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 + # define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 ++# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 + # define PKCS7_R_PKCS7_DATAFINAL 126 + # define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 + # define PKCS7_R_PKCS7_DATASIGN 145 +@@ -432,6 +461,8 @@ void ERR_load_PKCS7_strings(void); + # define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 + # define PKCS7_R_SIGNATURE_FAILURE 105 + # define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 ++# define PKCS7_R_SIGNING_CTRL_FAILURE 147 ++# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 + # define PKCS7_R_SIG_INVALID_MIME_TYPE 141 + # define PKCS7_R_SMIME_TEXT_ERROR 129 + # define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +diff --git a/Cryptlib/Include/openssl/pq_compat.h b/Cryptlib/Include/openssl/pq_compat.h +deleted file mode 100644 +index 974cd05..0000000 +--- a/Cryptlib/Include/openssl/pq_compat.h ++++ /dev/null +@@ -1,152 +0,0 @@ +-/* crypto/pqueue/pqueue_compat.h */ +-/* +- * DTLS implementation written by Nagendra Modadugu +- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. +- */ +-/* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#ifndef HEADER_PQ_COMPAT_H +-# define HEADER_PQ_COMPAT_H +- +-# include +-# include +- +-/* +- * The purpose of this header file is for supporting 64-bit integer +- * manipulation on 32-bit (and lower) machines. Currently the only +- * such environment is VMS, Utrix and those with smaller default integer +- * sizes than 32 bits. For all such environment, we fall back to using +- * BIGNUM. We may need to fine tune the conditions for systems that +- * are incorrectly configured. +- * +- * The only clients of this code are (1) pqueue for priority, and +- * (2) DTLS, for sequence number manipulation. +- */ +- +-# if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT) +- +-# define PQ_64BIT_IS_INTEGER 0 +-# define PQ_64BIT_IS_BIGNUM 1 +- +-# define PQ_64BIT BIGNUM +-# define PQ_64BIT_CTX BN_CTX +- +-# define pq_64bit_init(x) BN_init(x) +-# define pq_64bit_free(x) BN_free(x) +- +-# define pq_64bit_ctx_new(ctx) BN_CTX_new() +-# define pq_64bit_ctx_free(x) BN_CTX_free(x) +- +-# define pq_64bit_assign(x, y) BN_copy(x, y) +-# define pq_64bit_assign_word(x, y) BN_set_word(x, y) +-# define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0 +-# define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0 +-# define pq_64bit_add_word(x, w) BN_add_word(x, w) +-# define pq_64bit_sub(r, x, y) BN_sub(r, x, y) +-# define pq_64bit_sub_word(x, w) BN_sub_word(x, w) +-# define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx) +- +-# define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn) +-# define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes) +-# define pq_64bit_get_word(x) BN_get_word(x) +-# define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset) +-# define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift) +-# define pq_64bit_set_bit(x, num) BN_set_bit(x, num) +-# define pq_64bit_get_length(x) BN_num_bits((x)) +- +-# else +- +-# define PQ_64BIT_IS_INTEGER 1 +-# define PQ_64BIT_IS_BIGNUM 0 +- +-# if defined(SIXTY_FOUR_BIT) +-# define PQ_64BIT BN_ULONG +-# define PQ_64BIT_PRINT "%lld" +-# elif defined(SIXTY_FOUR_BIT_LONG) +-# define PQ_64BIT BN_ULONG +-# define PQ_64BIT_PRINT "%ld" +-# elif defined(THIRTY_TWO_BIT) +-# define PQ_64BIT BN_ULLONG +-# define PQ_64BIT_PRINT "%lld" +-# endif +- +-# define PQ_64BIT_CTX void +- +-# define pq_64bit_init(x) +-# define pq_64bit_free(x) +-# define pq_64bit_ctx_new(ctx) (ctx) +-# define pq_64bit_ctx_free(x) +- +-# define pq_64bit_assign(x, y) (*(x) = *(y)) +-# define pq_64bit_assign_word(x, y) (*(x) = y) +-# define pq_64bit_gt(x, y) (*(x) > *(y)) +-# define pq_64bit_eq(x, y) (*(x) == *(y)) +-# define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w))) +-# define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y))) +-# define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w))) +-# define pq_64bit_mod(r, x, n, ctx) +- +-# define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num) +-# define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes) +-# define pq_64bit_get_word(x) *(x) +-# define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift))) +-# define pq_64bit_set_bit(x, num) do { \ +- PQ_64BIT mask = 1; \ +- mask = mask << (num); \ +- *(x) |= mask; \ +- } while(0) +-# endif /* OPENSSL_SYS_VMS */ +- +-#endif +diff --git a/Cryptlib/Include/openssl/pqueue.h b/Cryptlib/Include/openssl/pqueue.h +index 7b23580..d40d9c7 100644 +--- a/Cryptlib/Include/openssl/pqueue.h ++++ b/Cryptlib/Include/openssl/pqueue.h +@@ -64,19 +64,20 @@ + # include + # include + +-# include +- ++#ifdef __cplusplus ++extern "C" { ++#endif + typedef struct _pqueue *pqueue; + + typedef struct _pitem { +- PQ_64BIT priority; ++ unsigned char priority[8]; /* 64-bit value in big-endian encoding */ + void *data; + struct _pitem *next; + } pitem; + + typedef struct _pitem *piterator; + +-pitem *pitem_new(PQ_64BIT priority, void *data); ++pitem *pitem_new(unsigned char *prio64be, void *data); + void pitem_free(pitem *item); + + pqueue pqueue_new(void); +@@ -85,11 +86,14 @@ void pqueue_free(pqueue pq); + pitem *pqueue_insert(pqueue pq, pitem *item); + pitem *pqueue_peek(pqueue pq); + pitem *pqueue_pop(pqueue pq); +-pitem *pqueue_find(pqueue pq, PQ_64BIT priority); ++pitem *pqueue_find(pqueue pq, unsigned char *prio64be); + pitem *pqueue_iterator(pqueue pq); + pitem *pqueue_next(piterator *iter); + + void pqueue_print(pqueue pq); + int pqueue_size(pqueue pq); + ++#ifdef __cplusplus ++} ++#endif + #endif /* ! HEADER_PQUEUE_H */ +diff --git a/Cryptlib/Include/openssl/rand.h b/Cryptlib/Include/openssl/rand.h +index ed1f276..2553afd 100644 +--- a/Cryptlib/Include/openssl/rand.h ++++ b/Cryptlib/Include/openssl/rand.h +@@ -72,7 +72,7 @@ extern "C" { + #endif + + # if defined(OPENSSL_FIPS) +-# define FIPS_RAND_SIZE_T int ++# define FIPS_RAND_SIZE_T size_t + # endif + + /* Already defined in ossl_typ.h */ +@@ -110,16 +110,6 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); + int RAND_egd(const char *path); + int RAND_egd_bytes(const char *path, int bytes); + int RAND_poll(void); +-# ifndef OPENSSL_NO_ENGINE +-# ifdef OPENSSL_FIPS +-void int_RAND_init_engine_callbacks(void); +-void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth, +- const RAND_METHOD **pmeth), +- const RAND_METHOD *(*get_rand_func) (const +- RAND_METHOD +- **pmeth)); +-# endif +-# endif + + # if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) + +@@ -128,6 +118,11 @@ int RAND_event(UINT, WPARAM, LPARAM); + + # endif + ++# ifdef OPENSSL_FIPS ++void RAND_set_fips_drbg_type(int type, int flags); ++int RAND_init_fips(void); ++# endif ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +@@ -138,29 +133,16 @@ void ERR_load_RAND_strings(void); + /* Error codes for the RAND functions. */ + + /* Function codes. */ +-# define RAND_F_ENG_RAND_GET_RAND_METHOD 108 +-# define RAND_F_FIPS_RAND 103 +-# define RAND_F_FIPS_RAND_BYTES 102 +-# define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 +-# define RAND_F_FIPS_RAND_SET_DT 106 +-# define RAND_F_FIPS_SET_DT 104 +-# define RAND_F_FIPS_SET_PRNG_SEED 107 +-# define RAND_F_FIPS_SET_TEST_MODE 105 + # define RAND_F_RAND_GET_RAND_METHOD 101 ++# define RAND_F_RAND_INIT_FIPS 102 + # define RAND_F_SSLEAY_RAND_BYTES 100 + + /* Reason codes. */ +-# define RAND_R_NON_FIPS_METHOD 105 +-# define RAND_R_NOT_IN_TEST_MODE 106 +-# define RAND_R_NO_KEY_SET 107 +-# define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 +-# define RAND_R_PRNG_ERROR 108 +-# define RAND_R_PRNG_KEYED 109 +-# define RAND_R_PRNG_NOT_REKEYED 102 +-# define RAND_R_PRNG_NOT_RESEEDED 103 ++# define RAND_R_DUAL_EC_DRBG_DISABLED 104 ++# define RAND_R_ERROR_INITIALISING_DRBG 102 ++# define RAND_R_ERROR_INSTANTIATING_DRBG 103 ++# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 + # define RAND_R_PRNG_NOT_SEEDED 100 +-# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 +-# define RAND_R_PRNG_STUCK 104 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/rc4.h b/Cryptlib/Include/openssl/rc4.h +index 006f839..39162b1 100644 +--- a/Cryptlib/Include/openssl/rc4.h ++++ b/Cryptlib/Include/openssl/rc4.h +@@ -64,6 +64,8 @@ + # error RC4 is disabled. + # endif + ++# include ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -74,11 +76,9 @@ typedef struct rc4_key_st { + } RC4_KEY; + + const char *RC4_options(void); +-# ifdef OPENSSL_FIPS +-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +-# endif + void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, ++void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); ++void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + + #ifdef __cplusplus +diff --git a/Cryptlib/Include/openssl/ripemd.h b/Cryptlib/Include/openssl/ripemd.h +index 6cf74b3..b88ef25 100644 +--- a/Cryptlib/Include/openssl/ripemd.h ++++ b/Cryptlib/Include/openssl/ripemd.h +@@ -70,7 +70,7 @@ extern "C" { + # error RIPEMD is disabled. + # endif + +-# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# if defined(__LP32__) + # define RIPEMD160_LONG unsigned long + # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) + # define RIPEMD160_LONG unsigned long +@@ -89,6 +89,7 @@ typedef struct RIPEMD160state_st { + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; + } RIPEMD160_CTX; ++ + # ifdef OPENSSL_FIPS + int private_RIPEMD160_Init(RIPEMD160_CTX *c); + # endif +diff --git a/Cryptlib/Include/openssl/rsa.h b/Cryptlib/Include/openssl/rsa.h +index 4af5e35..d2ee374 100644 +--- a/Cryptlib/Include/openssl/rsa.h ++++ b/Cryptlib/Include/openssl/rsa.h +@@ -74,27 +74,6 @@ + # error RSA is disabled. + # endif + +-/* +- * If this flag is set the RSA method is FIPS compliant and can be used in +- * FIPS mode. This is set in the validated module method. If an application +- * sets this flag in its own methods it is its reposibility to ensure the +- * result is compliant. +- */ +- +-# define RSA_FLAG_FIPS_METHOD 0x0400 +- +-/* +- * If this flag is set the operations normally disabled in FIPS mode are +- * permitted it is then the applications responsibility to ensure that the +- * usage is compliant. +- */ +- +-# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +- +-# ifdef OPENSSL_FIPS +-# define FIPS_RSA_SIZE_T int +-# endif +- + #ifdef __cplusplus + extern "C" { + #endif +@@ -139,7 +118,7 @@ struct rsa_meth_st { + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); + int (*rsa_verify) (int dtype, const unsigned char *m, +- unsigned int m_length, unsigned char *sigbuf, ++ unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); + /* + * If this callback is NULL, the builtin software RSA key-gen will be +@@ -189,8 +168,6 @@ struct rsa_st { + # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 + # endif + +-# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 +- + # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS + # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 + # endif +@@ -256,11 +233,84 @@ struct rsa_st { + # define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME + # endif + ++# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \ ++ pad, NULL) ++ ++# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \ ++ EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) ++ ++# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ ++ (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ ++ EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \ ++ len, NULL) ++ ++# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ ++ (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ ++ EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \ ++ 0, plen) ++ ++# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ ++ EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) ++ ++# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ ++ EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) ++ ++# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ ++ EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ ++ EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md) ++ ++# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ ++ EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md) ++ ++# define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ ++ EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ ++ EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd) ++ ++# define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ ++ EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)pmd) ++ ++# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ ++ EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l) ++ ++# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ ++ EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)l) ++ ++# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) ++# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) ++ ++# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) ++# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) ++# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) ++ ++# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) ++# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) ++# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) ++ ++# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) ++# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) ++ ++# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) ++# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) ++ + # define RSA_PKCS1_PADDING 1 + # define RSA_SSLV23_PADDING 2 + # define RSA_NO_PADDING 3 + # define RSA_PKCS1_OAEP_PADDING 4 + # define RSA_X931_PADDING 5 ++/* EVP_PKEY_ only */ ++# define RSA_PKCS1_PSS_PADDING 6 + + # define RSA_PKCS1_PADDING_SIZE 11 + +@@ -269,7 +319,7 @@ struct rsa_st { + + RSA *RSA_new(void); + RSA *RSA_new_method(ENGINE *engine); +-int RSA_size(const RSA *); ++int RSA_size(const RSA *rsa); + + /* Deprecated version */ + # ifndef OPENSSL_NO_DEPRECATED +@@ -279,12 +329,6 @@ RSA *RSA_generate_key(int bits, unsigned long e, void + + /* New version */ + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, +- BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, +- const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, +- const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); +-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, +- BN_GENCB *cb); + + int RSA_check_key(const RSA *); + /* next 4 return -1 on error */ +@@ -302,11 +346,6 @@ int RSA_up_ref(RSA *r); + + int RSA_flags(const RSA *r); + +-# ifdef OPENSSL_FIPS +-RSA *FIPS_rsa_new(void); +-void FIPS_rsa_free(RSA *r); +-# endif +- + void RSA_set_default_method(const RSA_METHOD *meth); + const RSA_METHOD *RSA_get_default_method(void); + const RSA_METHOD *RSA_get_method(const RSA *rsa); +@@ -323,6 +362,23 @@ const RSA_METHOD *RSA_null_method(void); + DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) + DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) + ++typedef struct rsa_pss_params_st { ++ X509_ALGOR *hashAlgorithm; ++ X509_ALGOR *maskGenAlgorithm; ++ ASN1_INTEGER *saltLength; ++ ASN1_INTEGER *trailerField; ++} RSA_PSS_PARAMS; ++ ++DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) ++ ++typedef struct rsa_oaep_params_st { ++ X509_ALGOR *hashFunc; ++ X509_ALGOR *maskGenFunc; ++ X509_ALGOR *pSourceFunc; ++} RSA_OAEP_PARAMS; ++ ++DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) ++ + # ifndef OPENSSL_NO_FP_API + int RSA_print_fp(FILE *fp, const RSA *r, int offset); + # endif +@@ -354,7 +410,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, + int RSA_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); + int RSA_verify(int type, const unsigned char *m, unsigned int m_length, +- unsigned char *sigbuf, unsigned int siglen, RSA *rsa); ++ const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + + /* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside +@@ -390,6 +446,15 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); ++int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, int plen, ++ const EVP_MD *md, const EVP_MD *mgf1md); ++int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ int num, const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md); + int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl); + int RSA_padding_check_SSLv23(unsigned char *to, int tlen, +@@ -411,6 +476,15 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); + ++int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, ++ const EVP_MD *Hash, const EVP_MD *mgf1Hash, ++ const unsigned char *EM, int sLen); ++ ++int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ++ const unsigned char *mHash, ++ const EVP_MD *Hash, const EVP_MD *mgf1Hash, ++ int sLen); ++ + int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int RSA_set_ex_data(RSA *r, int idx, void *arg); +@@ -419,6 +493,28 @@ void *RSA_get_ex_data(const RSA *r, int idx); + RSA *RSAPublicKey_dup(RSA *rsa); + RSA *RSAPrivateKey_dup(RSA *rsa); + ++/* ++ * If this flag is set the RSA method is FIPS compliant and can be used in ++ * FIPS mode. This is set in the validated module method. If an application ++ * sets this flag in its own methods it is its responsibility to ensure the ++ * result is compliant. ++ */ ++ ++# define RSA_FLAG_FIPS_METHOD 0x0400 ++ ++/* ++ * If this flag is set the operations normally disabled in FIPS mode are ++ * permitted it is then the applications responsibility to ensure that the ++ * usage is compliant. ++ */ ++ ++# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 ++/* ++ * Application has decided PRNG is good enough to generate a key: don't ++ * check. ++ */ ++# define RSA_FLAG_CHECKED 0x0800 ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +@@ -429,17 +525,29 @@ void ERR_load_RSA_strings(void); + /* Error codes for the RSA functions. */ + + /* Function codes. */ +-# define RSA_F_FIPS_RSA_SIGN 140 +-# define RSA_F_FIPS_RSA_VERIFY 141 ++# define RSA_F_CHECK_PADDING_MD 140 ++# define RSA_F_DO_RSA_PRINT 146 ++# define RSA_F_INT_RSA_VERIFY 145 + # define RSA_F_MEMORY_LOCK 100 ++# define RSA_F_OLD_RSA_PRIV_DECODE 147 ++# define RSA_F_PKEY_RSA_CTRL 143 ++# define RSA_F_PKEY_RSA_CTRL_STR 144 ++# define RSA_F_PKEY_RSA_SIGN 142 ++# define RSA_F_PKEY_RSA_VERIFY 154 ++# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 ++# define RSA_F_RSA_ALGOR_TO_MD 157 + # define RSA_F_RSA_BUILTIN_KEYGEN 129 + # define RSA_F_RSA_CHECK_KEY 123 ++# define RSA_F_RSA_CMS_DECRYPT 158 + # define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 + # define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 + # define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 + # define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 + # define RSA_F_RSA_GENERATE_KEY 105 ++# define RSA_F_RSA_GENERATE_KEY_EX 155 ++# define RSA_F_RSA_ITEM_VERIFY 156 + # define RSA_F_RSA_MEMORY_LOCK 130 ++# define RSA_F_RSA_MGF1_TO_MD 159 + # define RSA_F_RSA_NEW_METHOD 106 + # define RSA_F_RSA_NULL 124 + # define RSA_F_RSA_NULL_MOD_EXP 131 +@@ -449,29 +557,37 @@ void ERR_load_RSA_strings(void); + # define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 + # define RSA_F_RSA_PADDING_ADD_NONE 107 + # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 ++# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 160 + # define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 ++# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 + # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 + # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 + # define RSA_F_RSA_PADDING_ADD_SSLV23 110 + # define RSA_F_RSA_PADDING_ADD_X931 127 + # define RSA_F_RSA_PADDING_CHECK_NONE 111 + # define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 ++# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 161 + # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 + # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 + # define RSA_F_RSA_PADDING_CHECK_SSLV23 114 + # define RSA_F_RSA_PADDING_CHECK_X931 128 + # define RSA_F_RSA_PRINT 115 + # define RSA_F_RSA_PRINT_FP 116 +-# define RSA_F_RSA_PRIVATE_ENCRYPT 137 +-# define RSA_F_RSA_PUBLIC_DECRYPT 138 ++# define RSA_F_RSA_PRIVATE_DECRYPT 150 ++# define RSA_F_RSA_PRIVATE_ENCRYPT 151 ++# define RSA_F_RSA_PRIV_DECODE 137 ++# define RSA_F_RSA_PRIV_ENCODE 138 ++# define RSA_F_RSA_PSS_TO_CTX 162 ++# define RSA_F_RSA_PUBLIC_DECRYPT 152 ++# define RSA_F_RSA_PUBLIC_ENCRYPT 153 ++# define RSA_F_RSA_PUB_DECODE 139 + # define RSA_F_RSA_SETUP_BLINDING 136 +-# define RSA_F_RSA_SET_DEFAULT_METHOD 139 +-# define RSA_F_RSA_SET_METHOD 142 + # define RSA_F_RSA_SIGN 117 + # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 + # define RSA_F_RSA_VERIFY 119 + # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 + # define RSA_F_RSA_VERIFY_PKCS1_PSS 126 ++# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 + + /* Reason codes. */ + # define RSA_R_ALGORITHM_MISMATCH 100 +@@ -487,25 +603,39 @@ void ERR_load_RSA_strings(void); + # define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 + # define RSA_R_DATA_TOO_SMALL 111 + # define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 ++# define RSA_R_DIGEST_DOES_NOT_MATCH 166 + # define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 + # define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 + # define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 + # define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 + # define RSA_R_FIRST_OCTET_INVALID 133 ++# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 ++# define RSA_R_INVALID_DIGEST 160 ++# define RSA_R_INVALID_DIGEST_LENGTH 143 + # define RSA_R_INVALID_HEADER 137 ++# define RSA_R_INVALID_KEYBITS 145 ++# define RSA_R_INVALID_LABEL 161 + # define RSA_R_INVALID_MESSAGE_LENGTH 131 ++# define RSA_R_INVALID_MGF1_MD 156 ++# define RSA_R_INVALID_OAEP_PARAMETERS 162 + # define RSA_R_INVALID_PADDING 138 ++# define RSA_R_INVALID_PADDING_MODE 141 ++# define RSA_R_INVALID_PSS_PARAMETERS 149 ++# define RSA_R_INVALID_PSS_SALTLEN 146 ++# define RSA_R_INVALID_SALT_LENGTH 150 + # define RSA_R_INVALID_TRAILER 139 ++# define RSA_R_INVALID_X931_DIGEST 142 + # define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 + # define RSA_R_KEY_SIZE_TOO_SMALL 120 + # define RSA_R_LAST_OCTET_INVALID 134 + # define RSA_R_MODULUS_TOO_LARGE 105 +-# define RSA_R_NON_FIPS_METHOD 141 ++# define RSA_R_NON_FIPS_RSA_METHOD 157 + # define RSA_R_NO_PUBLIC_EXPONENT 140 + # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 + # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 + # define RSA_R_OAEP_DECODING_ERROR 121 +-# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 ++# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 ++# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 + # define RSA_R_PADDING_CHECK_FAILED 114 + # define RSA_R_PKCS_DECODING_ERROR 159 + # define RSA_R_P_NOT_PRIME 128 +@@ -516,7 +646,16 @@ void ERR_load_RSA_strings(void); + # define RSA_R_SSLV3_ROLLBACK_ATTACK 115 + # define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 + # define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 ++# define RSA_R_UNKNOWN_DIGEST 163 ++# define RSA_R_UNKNOWN_MASK_DIGEST 151 + # define RSA_R_UNKNOWN_PADDING_TYPE 118 ++# define RSA_R_UNKNOWN_PSS_DIGEST 152 ++# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 164 ++# define RSA_R_UNSUPPORTED_LABEL_SOURCE 165 ++# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 ++# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 ++# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 ++# define RSA_R_VALUE_MISSING 147 + # define RSA_R_WRONG_SIGNATURE_LENGTH 119 + + #ifdef __cplusplus +diff --git a/Cryptlib/Include/openssl/safestack.h b/Cryptlib/Include/openssl/safestack.h +index 334ce9e..1d4f87e 100644 +--- a/Cryptlib/Include/openssl/safestack.h ++++ b/Cryptlib/Include/openssl/safestack.h +@@ -57,173 +57,161 @@ + + # include + +-# ifdef DEBUG_SAFESTACK ++#ifdef __cplusplus ++extern "C" { ++#endif + +-# ifndef CHECKED_PTR_OF +-# define CHECKED_PTR_OF(type, p) \ ++# ifndef CHECKED_PTR_OF ++# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +-# endif ++# endif ++ ++/* ++ * In C++ we get problems because an explicit cast is needed from (void *) we ++ * use CHECKED_STACK_OF to ensure the correct type is passed in the macros ++ * below. ++ */ ++ ++# define CHECKED_STACK_OF(type, p) \ ++ ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) + +-# define CHECKED_SK_FREE_FUNC(type, p) \ ++# define CHECKED_SK_COPY_FUNC(type, p) \ ++ ((void *(*)(void *)) ((1 ? p : (type *(*)(const type *))0))) ++ ++# define CHECKED_SK_FREE_FUNC(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) + +-# define CHECKED_SK_CMP_FUNC(type, p) \ +- ((int (*)(const char * const *, const char * const *)) \ ++# define CHECKED_SK_CMP_FUNC(type, p) \ ++ ((int (*)(const void *, const void *)) \ + ((1 ? p : (int (*)(const type * const *, const type * const *))0))) + +-# define STACK_OF(type) struct stack_st_##type +-# define PREDECLARE_STACK_OF(type) STACK_OF(type); ++# define STACK_OF(type) struct stack_st_##type ++# define PREDECLARE_STACK_OF(type) STACK_OF(type); + +-# define DECLARE_STACK_OF(type) \ ++# define DECLARE_STACK_OF(type) \ ++STACK_OF(type) \ ++ { \ ++ _STACK stack; \ ++ }; ++# define DECLARE_SPECIAL_STACK_OF(type, type2) \ + STACK_OF(type) \ + { \ +- STACK stack; \ ++ _STACK stack; \ + }; + + /* nada (obsolete in new safestack approach)*/ +-# define IMPLEMENT_STACK_OF(type) ++# define IMPLEMENT_STACK_OF(type) ++ ++/*- ++ * Strings are special: normally an lhash entry will point to a single ++ * (somewhat) mutable object. In the case of strings: ++ * ++ * a) Instead of a single char, there is an array of chars, NUL-terminated. ++ * b) The string may have be immutable. ++ * ++ * So, they need their own declarations. Especially important for ++ * type-checking tools, such as Deputy. ++ * ++ * In practice, however, it appears to be hard to have a const ++ * string. For now, I'm settling for dealing with the fact it is a ++ * string at all. ++ */ ++typedef char *OPENSSL_STRING; ++ ++typedef const char *OPENSSL_CSTRING; ++ ++/* ++ * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but ++ * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned ++ * above, instead of a single char each entry is a NUL-terminated array of ++ * chars. So, we have to implement STRING specially for STACK_OF. This is ++ * dealt with in the autogenerated macros below. ++ */ ++ ++DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) ++ ++/* ++ * Similarly, we sometimes use a block of characters, NOT nul-terminated. ++ * These should also be distinguished from "normal" stacks. ++ */ ++typedef void *OPENSSL_BLOCK; ++DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + + /* + * SKM_sk_... stack macros are internal to safestack.h: never use them + * directly, use sk__... instead + */ +-# define SKM_sk_new(type, cmp) \ ++# define SKM_sk_new(type, cmp) \ + ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) +-# define SKM_sk_new_null(type) \ ++# define SKM_sk_new_null(type) \ + ((STACK_OF(type) *)sk_new_null()) +-# define SKM_sk_free(type, st) \ +- sk_free(CHECKED_PTR_OF(STACK_OF(type), st)) +-# define SKM_sk_num(type, st) \ +- sk_num(CHECKED_PTR_OF(STACK_OF(type), st)) +-# define SKM_sk_value(type, st,i) \ +- ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i)) +-# define SKM_sk_set(type, st,i,val) \ +- sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val)) +-# define SKM_sk_zero(type, st) \ +- sk_zero(CHECKED_PTR_OF(STACK_OF(type), st)) +-# define SKM_sk_push(type, st,val) \ +- sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) +-# define SKM_sk_unshift(type, st,val) \ +- sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) +-# define SKM_sk_find(type, st,val) \ +- sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) +-# define SKM_sk_delete(type, st,i) \ +- (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i) +-# define SKM_sk_delete_ptr(type, st,ptr) \ +- (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr)) +-# define SKM_sk_insert(type, st,val,i) \ +- sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i) +-# define SKM_sk_set_cmp_func(type, st,cmp) \ ++# define SKM_sk_free(type, st) \ ++ sk_free(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_num(type, st) \ ++ sk_num(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_value(type, st,i) \ ++ ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) ++# define SKM_sk_set(type, st,i,val) \ ++ sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) ++# define SKM_sk_zero(type, st) \ ++ sk_zero(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_push(type, st, val) \ ++ sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) ++# define SKM_sk_unshift(type, st, val) \ ++ sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) ++# define SKM_sk_find(type, st, val) \ ++ sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) ++# define SKM_sk_find_ex(type, st, val) \ ++ sk_find_ex(CHECKED_STACK_OF(type, st), \ ++ CHECKED_PTR_OF(type, val)) ++# define SKM_sk_delete(type, st, i) \ ++ (type *)sk_delete(CHECKED_STACK_OF(type, st), i) ++# define SKM_sk_delete_ptr(type, st, ptr) \ ++ (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) ++# define SKM_sk_insert(type, st,val, i) \ ++ sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) ++# define SKM_sk_set_cmp_func(type, st, cmp) \ + ((int (*)(const type * const *,const type * const *)) \ +- sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp))) +-# define SKM_sk_dup(type, st) \ +- (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st)) +-# define SKM_sk_pop_free(type, st,free_func) \ +- sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func)) +-# define SKM_sk_shift(type, st) \ +- (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st)) +-# define SKM_sk_pop(type, st) \ +- (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st)) +-# define SKM_sk_sort(type, st) \ +- sk_sort(CHECKED_PTR_OF(STACK_OF(type), st)) +-# define SKM_sk_is_sorted(type, st) \ +- sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) +- +-# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \ ++ sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) ++# define SKM_sk_dup(type, st) \ ++ (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_pop_free(type, st, free_func) \ ++ sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) ++# define SKM_sk_deep_copy(type, st, copy_func, free_func) \ ++ (STACK_OF(type) *)sk_deep_copy(CHECKED_STACK_OF(type, st), CHECKED_SK_COPY_FUNC(type, copy_func), CHECKED_SK_FREE_FUNC(type, free_func)) ++# define SKM_sk_shift(type, st) \ ++ (type *)sk_shift(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_pop(type, st) \ ++ (type *)sk_pop(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_sort(type, st) \ ++ sk_sort(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_is_sorted(type, st) \ ++ sk_is_sorted(CHECKED_STACK_OF(type, st)) ++# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ (STACK_OF(type) *)d2i_ASN1_SET( \ ++ (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ + pp, length, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + ex_tag, ex_class) +- +-# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \ ++# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \ + CHECKED_I2D_OF(type, i2d_func), \ + ex_tag, ex_class, is_set) +- +-# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ ++# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ + ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ + CHECKED_I2D_OF(type, i2d_func), buf, len) +- +-# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ ++# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ + (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) +- +-# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ ++# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ + (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + pass, passlen, oct, seq) +- +-# else +- +-# define STACK_OF(type) STACK +-# define PREDECLARE_STACK_OF(type) +- /* nada */ +-# define DECLARE_STACK_OF(type)/* nada */ +-# define IMPLEMENT_STACK_OF(type) +- /* nada */ +- +-# define SKM_sk_new(type, cmp) \ +- sk_new((int (*)(const char * const *, const char * const *))(cmp)) +-# define SKM_sk_new_null(type) \ +- sk_new_null() +-# define SKM_sk_free(type, st) \ +- sk_free(st) +-# define SKM_sk_num(type, st) \ +- sk_num(st) +-# define SKM_sk_value(type, st,i) \ +- ((type *)sk_value(st, i)) +-# define SKM_sk_set(type, st,i,val) \ +- ((type *)sk_set(st, i,(char *)val)) +-# define SKM_sk_zero(type, st) \ +- sk_zero(st) +-# define SKM_sk_push(type, st,val) \ +- sk_push(st, (char *)val) +-# define SKM_sk_unshift(type, st,val) \ +- sk_unshift(st, (char *)val) +-# define SKM_sk_find(type, st,val) \ +- sk_find(st, (char *)val) +-# define SKM_sk_delete(type, st,i) \ +- ((type *)sk_delete(st, i)) +-# define SKM_sk_delete_ptr(type, st,ptr) \ +- ((type *)sk_delete_ptr(st,(char *)ptr)) +-# define SKM_sk_insert(type, st,val,i) \ +- sk_insert(st, (char *)val, i) +-# define SKM_sk_set_cmp_func(type, st,cmp) \ +- ((int (*)(const type * const *,const type * const *)) \ +- sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp))) +-# define SKM_sk_dup(type, st) \ +- sk_dup(st) +-# define SKM_sk_pop_free(type, st,free_func) \ +- sk_pop_free(st, (void (*)(void *))free_func) +-# define SKM_sk_shift(type, st) \ +- ((type *)sk_shift(st)) +-# define SKM_sk_pop(type, st) \ +- ((type *)sk_pop(st)) +-# define SKM_sk_sort(type, st) \ +- sk_sort(st) +-# define SKM_sk_is_sorted(type, st) \ +- sk_is_sorted(st) +- +-# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) +-# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set) +- +-# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ +- ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len) +-# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ +- ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func) +- +-# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ +- ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) +- +-# endif +- + /* + * This block of defines is updated by util/mkstack.pl, please do not touch! + */ +-# define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) + # define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) + # define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) + # define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) +@@ -240,12 +228,12 @@ STACK_OF(type) \ + # define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) + # define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) + # define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) ++# define sk_ACCESS_DESCRIPTION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ACCESS_DESCRIPTION, (st), (copy_func), (free_func)) + # define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) + # define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) + # define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) + # define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) +- +-# define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) + # define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) + # define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) + # define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) +@@ -262,12 +250,12 @@ STACK_OF(type) \ + # define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) + # define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) + # define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) ++# define sk_ASIdOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASIdOrRange, (st), (copy_func), (free_func)) + # define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) + # define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) + # define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) + # define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) +- +-# define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) + # define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) + # define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) + # define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) +@@ -284,12 +272,12 @@ STACK_OF(type) \ + # define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) + # define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) + # define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) ++# define sk_ASN1_GENERALSTRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_GENERALSTRING, (st), (copy_func), (free_func)) + # define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) + # define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) + # define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) + # define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) +- +-# define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) + # define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) + # define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) + # define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) +@@ -306,12 +294,12 @@ STACK_OF(type) \ + # define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) + # define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) + # define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) ++# define sk_ASN1_INTEGER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_INTEGER, (st), (copy_func), (free_func)) + # define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) + # define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) + # define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) + # define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) +- +-# define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) + # define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) + # define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) + # define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) +@@ -328,12 +316,12 @@ STACK_OF(type) \ + # define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) + # define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) + # define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) ++# define sk_ASN1_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_OBJECT, (st), (copy_func), (free_func)) + # define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) + # define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) + # define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) + # define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) +- +-# define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) + # define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) + # define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) + # define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) +@@ -350,12 +338,12 @@ STACK_OF(type) \ + # define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) + # define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) + # define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) ++# define sk_ASN1_STRING_TABLE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_STRING_TABLE, (st), (copy_func), (free_func)) + # define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) + # define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) + # define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) + # define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) +- +-# define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) + # define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) + # define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) + # define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) +@@ -372,12 +360,34 @@ STACK_OF(type) \ + # define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) + # define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) + # define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) ++# define sk_ASN1_TYPE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_TYPE, (st), (copy_func), (free_func)) + # define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) + # define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) + # define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) + # define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) +- +-# define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) ++# define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) ++# define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) ++# define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) ++# define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) ++# define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) ++# define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) ++# define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) ++# define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) ++# define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) ++# define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) ++# define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) ++# define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) ++# define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) ++# define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) ++# define sk_ASN1_UTF8STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_UTF8STRING, (st), (copy_func), (free_func)) ++# define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) + # define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) + # define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) + # define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) +@@ -394,12 +404,12 @@ STACK_OF(type) \ + # define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) + # define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) + # define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) ++# define sk_ASN1_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_VALUE, (st), (copy_func), (free_func)) + # define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) + # define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) + # define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) + # define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) +- +-# define sk_BIO_new(st) SKM_sk_new(BIO, (st)) ++# define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) + # define sk_BIO_new_null() SKM_sk_new_null(BIO) + # define sk_BIO_free(st) SKM_sk_free(BIO, (st)) + # define sk_BIO_num(st) SKM_sk_num(BIO, (st)) +@@ -416,12 +426,56 @@ STACK_OF(type) \ + # define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) + # define sk_BIO_dup(st) SKM_sk_dup(BIO, st) + # define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) ++# define sk_BIO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BIO, (st), (copy_func), (free_func)) + # define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) + # define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) + # define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) + # define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) +- +-# define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) ++# define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) ++# define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) ++# define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) ++# define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) ++# define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) ++# define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) ++# define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) ++# define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) ++# define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) ++# define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) ++# define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) ++# define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) ++# define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) ++# define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) ++# define sk_BY_DIR_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_ENTRY, (st), (copy_func), (free_func)) ++# define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) ++# define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) ++# define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) ++# define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) ++# define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) ++# define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) ++# define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) ++# define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) ++# define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) ++# define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) ++# define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) ++# define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) ++# define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) ++# define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) ++# define sk_BY_DIR_HASH_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_HASH, (st), (copy_func), (free_func)) ++# define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) ++# define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) + # define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) + # define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) + # define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) +@@ -438,12 +492,34 @@ STACK_OF(type) \ + # define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) + # define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) + # define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) ++# define sk_CMS_CertificateChoices_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_CertificateChoices, (st), (copy_func), (free_func)) + # define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) + # define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) + # define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) + # define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) +- +-# define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp)) ++# define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey) ++# define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_num(st) SKM_sk_num(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_value(st, i) SKM_sk_value(CMS_RecipientEncryptedKey, (st), (i)) ++# define sk_CMS_RecipientEncryptedKey_set(st, i, val) SKM_sk_set(CMS_RecipientEncryptedKey, (st), (i), (val)) ++# define sk_CMS_RecipientEncryptedKey_zero(st) SKM_sk_zero(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val)) ++# define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val)) ++# define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val)) ++# define sk_CMS_RecipientEncryptedKey_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientEncryptedKey, (st), (val)) ++# define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i)) ++# define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr)) ++# define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i)) ++# define sk_CMS_RecipientEncryptedKey_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientEncryptedKey, (st), (cmp)) ++# define sk_CMS_RecipientEncryptedKey_dup(st) SKM_sk_dup(CMS_RecipientEncryptedKey, st) ++# define sk_CMS_RecipientEncryptedKey_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientEncryptedKey, (st), (free_func)) ++# define sk_CMS_RecipientEncryptedKey_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientEncryptedKey, (st), (copy_func), (free_func)) ++# define sk_CMS_RecipientEncryptedKey_shift(st) SKM_sk_shift(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) + # define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) + # define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) + # define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) +@@ -460,12 +536,12 @@ STACK_OF(type) \ + # define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) + # define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) + # define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) ++# define sk_CMS_RecipientInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientInfo, (st), (copy_func), (free_func)) + # define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) + # define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) + # define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) + # define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) +- +-# define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) + # define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) + # define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) + # define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) +@@ -482,12 +558,12 @@ STACK_OF(type) \ + # define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) + # define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) + # define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) ++# define sk_CMS_RevocationInfoChoice_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RevocationInfoChoice, (st), (copy_func), (free_func)) + # define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) + # define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) + # define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) + # define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) +- +-# define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) + # define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) + # define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) + # define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) +@@ -504,12 +580,12 @@ STACK_OF(type) \ + # define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) + # define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) + # define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) ++# define sk_CMS_SignerInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_SignerInfo, (st), (copy_func), (free_func)) + # define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) + # define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) + # define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) + # define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) +- +-# define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) + # define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) + # define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) + # define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) +@@ -526,12 +602,12 @@ STACK_OF(type) \ + # define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) + # define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) + # define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) ++# define sk_CONF_IMODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_IMODULE, (st), (copy_func), (free_func)) + # define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) + # define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) + # define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) + # define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) +- +-# define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) + # define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) + # define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) + # define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) +@@ -548,12 +624,12 @@ STACK_OF(type) \ + # define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) + # define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) + # define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) ++# define sk_CONF_MODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_MODULE, (st), (copy_func), (free_func)) + # define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) + # define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) + # define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) + # define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) +- +-# define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) + # define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) + # define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) + # define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) +@@ -570,12 +646,12 @@ STACK_OF(type) \ + # define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) + # define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) + # define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) ++# define sk_CONF_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_VALUE, (st), (copy_func), (free_func)) + # define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) + # define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) + # define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) + # define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) +- +-# define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) + # define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) + # define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) + # define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) +@@ -592,12 +668,12 @@ STACK_OF(type) \ + # define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) + # define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) + # define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) ++# define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_EX_DATA_FUNCS, (st), (copy_func), (free_func)) + # define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) + # define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) + # define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) + # define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) +- +-# define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) + # define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) + # define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) + # define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) +@@ -614,12 +690,12 @@ STACK_OF(type) \ + # define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) + # define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) + # define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) ++# define sk_CRYPTO_dynlock_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_dynlock, (st), (copy_func), (free_func)) + # define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) + # define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) + # define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) + # define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) +- +-# define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) ++# define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) + # define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) + # define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) + # define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) +@@ -636,12 +712,12 @@ STACK_OF(type) \ + # define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) + # define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) + # define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) ++# define sk_DIST_POINT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(DIST_POINT, (st), (copy_func), (free_func)) + # define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) + # define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) + # define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) + # define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) +- +-# define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) ++# define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) + # define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) + # define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) + # define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) +@@ -658,12 +734,12 @@ STACK_OF(type) \ + # define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) + # define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) + # define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) ++# define sk_ENGINE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE, (st), (copy_func), (free_func)) + # define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) + # define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) + # define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) + # define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) +- +-# define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) + # define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) + # define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) + # define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) +@@ -680,12 +756,122 @@ STACK_OF(type) \ + # define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) + # define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) + # define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) ++# define sk_ENGINE_CLEANUP_ITEM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE_CLEANUP_ITEM, (st), (copy_func), (free_func)) + # define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) + # define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) + # define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) + # define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) +- +-# define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) ++# define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) ++# define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) ++# define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) ++# define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) ++# define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) ++# define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) ++# define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) ++# define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) ++# define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) ++# define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) ++# define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) ++# define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) ++# define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) ++# define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) ++# define sk_ESS_CERT_ID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ESS_CERT_ID, (st), (copy_func), (free_func)) ++# define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) ++# define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) ++# define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) ++# define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) ++# define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) ++# define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) ++# define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) ++# define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) ++# define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) ++# define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) ++# define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) ++# define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) ++# define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) ++# define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) ++# define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) ++# define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) ++# define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) ++# define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) ++# define sk_EVP_MD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_MD, (st), (copy_func), (free_func)) ++# define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) ++# define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) ++# define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) ++# define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) ++# define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) ++# define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) ++# define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) ++# define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) ++# define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) ++# define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) ++# define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) ++# define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) ++# define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) ++# define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) ++# define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) ++# define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) ++# define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) ++# define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) ++# define sk_EVP_PBE_CTL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PBE_CTL, (st), (copy_func), (free_func)) ++# define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) ++# define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) ++# define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) ++# define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) ++# define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) ++# define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) ++# define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) ++# define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) ++# define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) ++# define sk_EVP_PKEY_ASN1_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_ASN1_METHOD, (st), (copy_func), (free_func)) ++# define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) ++# define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) ++# define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) ++# define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) ++# define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) ++# define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) ++# define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) ++# define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) ++# define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) ++# define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) ++# define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) ++# define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) ++# define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) ++# define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) ++# define sk_EVP_PKEY_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_METHOD, (st), (copy_func), (free_func)) ++# define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) ++# define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) + # define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) + # define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) + # define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) +@@ -702,12 +888,12 @@ STACK_OF(type) \ + # define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) + # define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) + # define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) ++# define sk_GENERAL_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAME, (st), (copy_func), (free_func)) + # define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) + # define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) + # define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) + # define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) +- +-# define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) + # define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) + # define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) + # define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) +@@ -724,12 +910,12 @@ STACK_OF(type) \ + # define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) + # define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) + # define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) ++# define sk_GENERAL_NAMES_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAMES, (st), (copy_func), (free_func)) + # define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) + # define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) + # define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) + # define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) +- +-# define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) + # define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) + # define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) + # define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) +@@ -746,12 +932,12 @@ STACK_OF(type) \ + # define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) + # define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) + # define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) ++# define sk_GENERAL_SUBTREE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_SUBTREE, (st), (copy_func), (free_func)) + # define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) + # define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) + # define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) + # define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) +- +-# define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) + # define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) + # define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) + # define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) +@@ -768,12 +954,12 @@ STACK_OF(type) \ + # define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) + # define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) + # define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) ++# define sk_IPAddressFamily_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressFamily, (st), (copy_func), (free_func)) + # define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) + # define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) + # define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) + # define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) +- +-# define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) + # define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) + # define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) + # define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) +@@ -790,12 +976,12 @@ STACK_OF(type) \ + # define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) + # define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) + # define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) ++# define sk_IPAddressOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressOrRange, (st), (copy_func), (free_func)) + # define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) + # define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) + # define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) + # define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) +- +-# define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) + # define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) + # define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) + # define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) +@@ -812,12 +998,12 @@ STACK_OF(type) \ + # define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) + # define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) + # define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) ++# define sk_KRB5_APREQBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_APREQBODY, (st), (copy_func), (free_func)) + # define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) + # define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) + # define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) + # define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) +- +-# define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) + # define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) + # define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) + # define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) +@@ -834,12 +1020,12 @@ STACK_OF(type) \ + # define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) + # define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) + # define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) ++# define sk_KRB5_AUTHDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHDATA, (st), (copy_func), (free_func)) + # define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) + # define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) + # define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) + # define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) +- +-# define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) + # define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) + # define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) + # define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) +@@ -856,12 +1042,12 @@ STACK_OF(type) \ + # define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) + # define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) + # define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) ++# define sk_KRB5_AUTHENTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHENTBODY, (st), (copy_func), (free_func)) + # define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) + # define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) + # define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) + # define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) +- +-# define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) + # define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) + # define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) + # define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) +@@ -878,12 +1064,12 @@ STACK_OF(type) \ + # define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) + # define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) + # define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) ++# define sk_KRB5_CHECKSUM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_CHECKSUM, (st), (copy_func), (free_func)) + # define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) + # define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) + # define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) + # define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) +- +-# define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) + # define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) + # define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) + # define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) +@@ -900,12 +1086,12 @@ STACK_OF(type) \ + # define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) + # define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) + # define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) ++# define sk_KRB5_ENCDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCDATA, (st), (copy_func), (free_func)) + # define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) + # define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) + # define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) + # define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) +- +-# define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) + # define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) + # define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) + # define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) +@@ -922,12 +1108,12 @@ STACK_OF(type) \ + # define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) + # define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) + # define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) ++# define sk_KRB5_ENCKEY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCKEY, (st), (copy_func), (free_func)) + # define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) + # define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) + # define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) + # define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) +- +-# define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) + # define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) + # define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) + # define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) +@@ -944,12 +1130,12 @@ STACK_OF(type) \ + # define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) + # define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) + # define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) ++# define sk_KRB5_PRINCNAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_PRINCNAME, (st), (copy_func), (free_func)) + # define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) + # define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) + # define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) + # define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) +- +-# define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) + # define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) + # define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) + # define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) +@@ -966,12 +1152,34 @@ STACK_OF(type) \ + # define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) + # define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) + # define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) ++# define sk_KRB5_TKTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_TKTBODY, (st), (copy_func), (free_func)) + # define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) + # define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) + # define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) + # define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) +- +-# define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) ++# define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) ++# define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) ++# define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i)) ++# define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val)) ++# define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val)) ++# define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val)) ++# define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val)) ++# define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val)) ++# define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i)) ++# define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr)) ++# define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i)) ++# define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp)) ++# define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st) ++# define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func)) ++# define sk_MEM_OBJECT_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MEM_OBJECT_DATA, (st), (copy_func), (free_func)) ++# define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) ++# define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) + # define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) + # define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) + # define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) +@@ -988,12 +1196,12 @@ STACK_OF(type) \ + # define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) + # define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) + # define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) ++# define sk_MIME_HEADER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_HEADER, (st), (copy_func), (free_func)) + # define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) + # define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) + # define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) + # define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) +- +-# define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) + # define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) + # define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) + # define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) +@@ -1010,12 +1218,12 @@ STACK_OF(type) \ + # define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) + # define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) + # define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) ++# define sk_MIME_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_PARAM, (st), (copy_func), (free_func)) + # define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) + # define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) + # define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) + # define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) +- +-# define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) + # define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) + # define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) + # define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) +@@ -1032,12 +1240,12 @@ STACK_OF(type) \ + # define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) + # define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) + # define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) ++# define sk_NAME_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(NAME_FUNCS, (st), (copy_func), (free_func)) + # define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) + # define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) + # define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) + # define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) +- +-# define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) + # define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) + # define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) + # define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) +@@ -1054,12 +1262,12 @@ STACK_OF(type) \ + # define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) + # define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) + # define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) ++# define sk_OCSP_CERTID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_CERTID, (st), (copy_func), (free_func)) + # define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) + # define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) + # define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) + # define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) +- +-# define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) + # define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) + # define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) + # define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) +@@ -1076,12 +1284,12 @@ STACK_OF(type) \ + # define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) + # define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) + # define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) ++# define sk_OCSP_ONEREQ_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_ONEREQ, (st), (copy_func), (free_func)) + # define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) + # define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) + # define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) + # define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) +- +-# define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) + # define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) + # define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) + # define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) +@@ -1098,12 +1306,12 @@ STACK_OF(type) \ + # define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) + # define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) + # define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) ++# define sk_OCSP_RESPID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_RESPID, (st), (copy_func), (free_func)) + # define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) + # define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) + # define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) + # define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) +- +-# define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) + # define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) + # define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) + # define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) +@@ -1120,12 +1328,12 @@ STACK_OF(type) \ + # define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) + # define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) + # define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) ++# define sk_OCSP_SINGLERESP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_SINGLERESP, (st), (copy_func), (free_func)) + # define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) + # define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) + # define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) + # define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) +- +-# define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) + # define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) + # define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) + # define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) +@@ -1142,12 +1350,12 @@ STACK_OF(type) \ + # define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) + # define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) + # define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) ++# define sk_PKCS12_SAFEBAG_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS12_SAFEBAG, (st), (copy_func), (free_func)) + # define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) + # define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) + # define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) + # define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) +- +-# define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) ++# define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) + # define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) + # define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) + # define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) +@@ -1164,12 +1372,12 @@ STACK_OF(type) \ + # define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) + # define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) + # define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) ++# define sk_PKCS7_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7, (st), (copy_func), (free_func)) + # define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) + # define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) + # define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) + # define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) +- +-# define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) + # define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) + # define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) + # define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) +@@ -1186,12 +1394,12 @@ STACK_OF(type) \ + # define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) + # define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) + # define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) ++# define sk_PKCS7_RECIP_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_RECIP_INFO, (st), (copy_func), (free_func)) + # define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) + # define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) + # define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) + # define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) +- +-# define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) + # define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) + # define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) + # define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) +@@ -1208,12 +1416,12 @@ STACK_OF(type) \ + # define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) + # define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) + # define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) ++# define sk_PKCS7_SIGNER_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_SIGNER_INFO, (st), (copy_func), (free_func)) + # define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) + # define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) + # define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) + # define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) +- +-# define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) ++# define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) + # define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) + # define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) + # define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) +@@ -1230,12 +1438,12 @@ STACK_OF(type) \ + # define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) + # define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) + # define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) ++# define sk_POLICYINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYINFO, (st), (copy_func), (free_func)) + # define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) + # define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) + # define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) + # define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) +- +-# define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) + # define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) + # define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) + # define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) +@@ -1252,12 +1460,12 @@ STACK_OF(type) \ + # define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) + # define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) + # define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) ++# define sk_POLICYQUALINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYQUALINFO, (st), (copy_func), (free_func)) + # define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) + # define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) + # define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) + # define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) +- +-# define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) + # define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) + # define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) + # define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) +@@ -1274,12 +1482,122 @@ STACK_OF(type) \ + # define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) + # define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) + # define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) ++# define sk_POLICY_MAPPING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICY_MAPPING, (st), (copy_func), (free_func)) + # define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) + # define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) + # define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) + # define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) +- +-# define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) ++# define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) ++# define sk_SCT_new_null() SKM_sk_new_null(SCT) ++# define sk_SCT_free(st) SKM_sk_free(SCT, (st)) ++# define sk_SCT_num(st) SKM_sk_num(SCT, (st)) ++# define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) ++# define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) ++# define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) ++# define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) ++# define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) ++# define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) ++# define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) ++# define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) ++# define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) ++# define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) ++# define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) ++# define sk_SCT_dup(st) SKM_sk_dup(SCT, st) ++# define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) ++# define sk_SCT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SCT, (st), (copy_func), (free_func)) ++# define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) ++# define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) ++# define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) ++# define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) ++# define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp)) ++# define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN) ++# define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st)) ++# define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st)) ++# define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i)) ++# define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val)) ++# define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st)) ++# define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val)) ++# define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val)) ++# define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val)) ++# define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val)) ++# define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i)) ++# define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr)) ++# define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i)) ++# define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp)) ++# define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st) ++# define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func)) ++# define sk_SRP_gN_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN, (st), (copy_func), (free_func)) ++# define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st)) ++# define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st)) ++# define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st)) ++# define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st)) ++# define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp)) ++# define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache) ++# define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i)) ++# define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val)) ++# define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val)) ++# define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val)) ++# define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val)) ++# define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val)) ++# define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i)) ++# define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr)) ++# define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i)) ++# define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp)) ++# define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st) ++# define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func)) ++# define sk_SRP_gN_cache_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN_cache, (st), (copy_func), (free_func)) ++# define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st)) ++# define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp)) ++# define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd) ++# define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i)) ++# define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val)) ++# define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val)) ++# define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val)) ++# define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val)) ++# define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val)) ++# define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i)) ++# define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr)) ++# define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i)) ++# define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp)) ++# define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st) ++# define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func)) ++# define sk_SRP_user_pwd_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_user_pwd, (st), (copy_func), (free_func)) ++# define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) ++# define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) ++# define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i)) ++# define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) ++# define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) ++# define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) ++# define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp)) ++# define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st) ++# define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func)) ++# define sk_SRTP_PROTECTION_PROFILE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRTP_PROTECTION_PROFILE, (st), (copy_func), (free_func)) ++# define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) + # define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) + # define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) + # define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) +@@ -1296,12 +1614,12 @@ STACK_OF(type) \ + # define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) + # define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) + # define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) ++# define sk_SSL_CIPHER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_CIPHER, (st), (copy_func), (free_func)) + # define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) + # define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) + # define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) + # define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) +- +-# define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) ++# define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) + # define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) + # define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) + # define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) +@@ -1318,12 +1636,56 @@ STACK_OF(type) \ + # define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) + # define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) + # define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) ++# define sk_SSL_COMP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_COMP, (st), (copy_func), (free_func)) + # define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) + # define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) + # define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) + # define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) +- +-# define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) ++# define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) ++# define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) ++# define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) ++# define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) ++# define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) ++# define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) ++# define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) ++# define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) ++# define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STACK_OF_X509_NAME_ENTRY, (st), (copy_func), (free_func)) ++# define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) ++# define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) ++# define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) ++# define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) ++# define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) ++# define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) ++# define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) ++# define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) ++# define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) ++# define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) ++# define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) ++# define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) ++# define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) ++# define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) ++# define sk_STORE_ATTR_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_ATTR_INFO, (st), (copy_func), (free_func)) ++# define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) ++# define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) + # define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) + # define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) + # define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +@@ -1340,12 +1702,12 @@ STACK_OF(type) \ + # define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) + # define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) + # define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) ++# define sk_STORE_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_OBJECT, (st), (copy_func), (free_func)) + # define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) + # define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) + # define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) + # define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) +- +-# define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) ++# define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) + # define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) + # define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) + # define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) +@@ -1362,12 +1724,12 @@ STACK_OF(type) \ + # define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) + # define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) + # define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) ++# define sk_SXNETID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SXNETID, (st), (copy_func), (free_func)) + # define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) + # define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) + # define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) + # define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) +- +-# define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) ++# define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) + # define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) + # define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) + # define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) +@@ -1384,12 +1746,12 @@ STACK_OF(type) \ + # define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) + # define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) + # define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) ++# define sk_UI_STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(UI_STRING, (st), (copy_func), (free_func)) + # define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) + # define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) + # define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) + # define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) +- +-# define sk_X509_new(st) SKM_sk_new(X509, (st)) ++# define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) + # define sk_X509_new_null() SKM_sk_new_null(X509) + # define sk_X509_free(st) SKM_sk_free(X509, (st)) + # define sk_X509_num(st) SKM_sk_num(X509, (st)) +@@ -1406,12 +1768,12 @@ STACK_OF(type) \ + # define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) + # define sk_X509_dup(st) SKM_sk_dup(X509, st) + # define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) ++# define sk_X509_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509, (st), (copy_func), (free_func)) + # define sk_X509_shift(st) SKM_sk_shift(X509, (st)) + # define sk_X509_pop(st) SKM_sk_pop(X509, (st)) + # define sk_X509_sort(st) SKM_sk_sort(X509, (st)) + # define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) +- +-# define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) + # define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) + # define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) + # define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) +@@ -1428,12 +1790,12 @@ STACK_OF(type) \ + # define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) + # define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) + # define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) ++# define sk_X509V3_EXT_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509V3_EXT_METHOD, (st), (copy_func), (free_func)) + # define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) + # define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) + # define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) + # define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) +- +-# define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) + # define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) + # define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) + # define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) +@@ -1450,12 +1812,12 @@ STACK_OF(type) \ + # define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) + # define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) + # define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) ++# define sk_X509_ALGOR_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ALGOR, (st), (copy_func), (free_func)) + # define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) + # define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) + # define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) + # define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) +- +-# define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) + # define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) + # define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) + # define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) +@@ -1472,12 +1834,12 @@ STACK_OF(type) \ + # define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) + # define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) + # define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) ++# define sk_X509_ATTRIBUTE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ATTRIBUTE, (st), (copy_func), (free_func)) + # define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) + # define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) + # define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) + # define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) +- +-# define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) ++# define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) + # define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) + # define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) + # define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) +@@ -1494,12 +1856,12 @@ STACK_OF(type) \ + # define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) + # define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) + # define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) ++# define sk_X509_CRL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_CRL, (st), (copy_func), (free_func)) + # define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) + # define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) + # define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) + # define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) +- +-# define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) + # define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) + # define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) + # define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) +@@ -1516,12 +1878,12 @@ STACK_OF(type) \ + # define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) + # define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) + # define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) ++# define sk_X509_EXTENSION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_EXTENSION, (st), (copy_func), (free_func)) + # define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) + # define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) + # define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) + # define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) +- +-# define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) ++# define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) + # define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) + # define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) + # define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) +@@ -1538,12 +1900,12 @@ STACK_OF(type) \ + # define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) + # define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) + # define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) ++# define sk_X509_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_INFO, (st), (copy_func), (free_func)) + # define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) + # define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) + # define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) + # define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) +- +-# define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) + # define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) + # define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) + # define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) +@@ -1560,12 +1922,12 @@ STACK_OF(type) \ + # define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) + # define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) + # define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) ++# define sk_X509_LOOKUP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_LOOKUP, (st), (copy_func), (free_func)) + # define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) + # define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) + # define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) + # define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) +- +-# define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) ++# define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) + # define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) + # define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) + # define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) +@@ -1582,12 +1944,12 @@ STACK_OF(type) \ + # define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) + # define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) + # define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) ++# define sk_X509_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME, (st), (copy_func), (free_func)) + # define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) + # define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) + # define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) + # define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) +- +-# define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) + # define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) + # define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) + # define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) +@@ -1604,12 +1966,12 @@ STACK_OF(type) \ + # define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) + # define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) + # define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) ++# define sk_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME_ENTRY, (st), (copy_func), (free_func)) + # define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) + # define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) + # define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) + # define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) +- +-# define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) + # define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) + # define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) + # define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) +@@ -1626,12 +1988,12 @@ STACK_OF(type) \ + # define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) + # define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) + # define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) ++# define sk_X509_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_OBJECT, (st), (copy_func), (free_func)) + # define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) + # define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) + # define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) + # define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) +- +-# define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) + # define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) + # define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) + # define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) +@@ -1648,12 +2010,12 @@ STACK_OF(type) \ + # define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) + # define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) + # define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) ++# define sk_X509_POLICY_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_DATA, (st), (copy_func), (free_func)) + # define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) + # define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) + # define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) + # define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) +- +-# define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) + # define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) + # define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) + # define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) +@@ -1670,34 +2032,12 @@ STACK_OF(type) \ + # define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) + # define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) + # define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) ++# define sk_X509_POLICY_NODE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_NODE, (st), (copy_func), (free_func)) + # define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) + # define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) + # define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) + # define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) +- +-# define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st)) +-# define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) +-# define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) +-# define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) +-# define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) +-# define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) +-# define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) +-# define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) +-# define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) +-# define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) +-# define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) +-# define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) +-# define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) +-# define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) +-# define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) +-# define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) +-# define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) +-# define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) +-# define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) +-# define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) +-# define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) +- +-# define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) + # define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) + # define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) + # define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) +@@ -1714,12 +2054,12 @@ STACK_OF(type) \ + # define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) + # define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) + # define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) ++# define sk_X509_PURPOSE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_PURPOSE, (st), (copy_func), (free_func)) + # define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) + # define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) + # define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) + # define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) +- +-# define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) + # define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) + # define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) + # define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) +@@ -1736,12 +2076,12 @@ STACK_OF(type) \ + # define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) + # define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) + # define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) ++# define sk_X509_REVOKED_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_REVOKED, (st), (copy_func), (free_func)) + # define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) + # define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) + # define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) + # define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) +- +-# define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) ++# define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) + # define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) + # define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) + # define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) +@@ -1758,12 +2098,12 @@ STACK_OF(type) \ + # define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) + # define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) + # define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) ++# define sk_X509_TRUST_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_TRUST, (st), (copy_func), (free_func)) + # define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) + # define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) + # define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) + # define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) +- +-# define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) + # define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) + # define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) + # define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) +@@ -1780,11 +2120,127 @@ STACK_OF(type) \ + # define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) + # define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) + # define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) ++# define sk_X509_VERIFY_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_VERIFY_PARAM, (st), (copy_func), (free_func)) + # define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) + # define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) + # define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) + # define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) +- ++# define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) ++# define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) ++# define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) ++# define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st)) ++# define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i)) ++# define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val)) ++# define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st)) ++# define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val)) ++# define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val)) ++# define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val)) ++# define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val)) ++# define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i)) ++# define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr)) ++# define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i)) ++# define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp)) ++# define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st) ++# define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func)) ++# define sk_nid_triple_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(nid_triple, (st), (copy_func), (free_func)) ++# define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st)) ++# define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) ++# define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) ++# define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) ++# define sk_void_new(cmp) SKM_sk_new(void, (cmp)) ++# define sk_void_new_null() SKM_sk_new_null(void) ++# define sk_void_free(st) SKM_sk_free(void, (st)) ++# define sk_void_num(st) SKM_sk_num(void, (st)) ++# define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) ++# define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) ++# define sk_void_zero(st) SKM_sk_zero(void, (st)) ++# define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) ++# define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) ++# define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) ++# define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) ++# define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) ++# define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) ++# define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) ++# define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) ++# define sk_void_dup(st) SKM_sk_dup(void, st) ++# define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) ++# define sk_void_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(void, (st), (copy_func), (free_func)) ++# define sk_void_shift(st) SKM_sk_shift(void, (st)) ++# define sk_void_pop(st) SKM_sk_pop(void, (st)) ++# define sk_void_sort(st) SKM_sk_sort(void, (st)) ++# define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) ++# define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) ++# define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) ++# define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) ++# define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) ++# define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC(char, free_func)) ++# define sk_OPENSSL_STRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_COPY_FUNC(char, copy_func), CHECKED_SK_FREE_FUNC(char, free_func))) ++# define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) ++# define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) ++# define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) ++# define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) ++# define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) ++# define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ ++ ((int (*)(const char * const *,const char * const *)) \ ++ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) ++# define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) ++# define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) ++# define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) ++# define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) ++# define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) ++# define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) ++# define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) ++# define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) ++# define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) ++# define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC(void, free_func)) ++# define sk_OPENSSL_BLOCK_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_COPY_FUNC(void, copy_func), CHECKED_SK_FREE_FUNC(void, free_func))) ++# define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) ++# define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) ++# define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) ++# define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) ++# define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) ++# define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ ++ ((int (*)(const void * const *,const void * const *)) \ ++ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) ++# define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) ++# define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) ++# define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) ++# define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) ++# define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) ++# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) ++# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) ++# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) ++# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) ++# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) ++# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) ++# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) ++# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) ++# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) ++# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) ++# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) ++# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ ++ ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ ++ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) ++# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) ++# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) ++# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) ++# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) ++# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) + # define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1793,7 +2249,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1802,7 +2257,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1811,7 +2265,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1820,7 +2273,14 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) +- ++# define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1829,7 +2289,22 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) +- ++# define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1838,7 +2313,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1847,7 +2321,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1856,7 +2329,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1865,7 +2337,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1874,7 +2345,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1883,7 +2353,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1892,7 +2361,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1901,7 +2369,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1910,7 +2377,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1919,7 +2385,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1928,7 +2393,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1937,7 +2401,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1946,7 +2409,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1955,7 +2417,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1964,7 +2425,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1973,7 +2433,6 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) +- + # define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) + # define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +@@ -1982,11 +2441,232 @@ STACK_OF(type) \ + SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) + # define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) +- + # define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ + SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) +- + # define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ + SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) +- ++# define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) ++# define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) ++# define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) ++# define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) ++# define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) ++# define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) ++# define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) ++# define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) ++# define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) ++# define lh_ADDED_OBJ_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) ++# define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) ++# define lh_ADDED_OBJ_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(ADDED_OBJ,lh,out) ++# define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) ++# define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) ++# define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) ++# define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) ++# define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst) ++# define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn) ++# define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg) ++# define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh) ++# define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh) ++# define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh) ++# define lh_APP_INFO_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(APP_INFO,lh,out) ++# define lh_APP_INFO_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(APP_INFO,lh,out) ++# define lh_APP_INFO_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(APP_INFO,lh,out) ++# define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) ++# define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) ++# define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) ++# define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) ++# define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) ++# define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) ++# define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) ++# define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) ++# define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) ++# define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) ++# define lh_CONF_VALUE_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(CONF_VALUE,lh,out) ++# define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) ++# define lh_CONF_VALUE_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(CONF_VALUE,lh,out) ++# define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) ++# define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) ++# define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) ++# define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) ++# define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst) ++# define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn) ++# define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg) ++# define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh) ++# define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh) ++# define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh) ++# define lh_ENGINE_PILE_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(ENGINE_PILE,lh,out) ++# define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out) ++# define lh_ENGINE_PILE_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(ENGINE_PILE,lh,out) ++# define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) ++# define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) ++# define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) ++# define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) ++# define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) ++# define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) ++# define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) ++# define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) ++# define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) ++# define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) ++# define lh_ERR_STATE_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(ERR_STATE,lh,out) ++# define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) ++# define lh_ERR_STATE_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(ERR_STATE,lh,out) ++# define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) ++# define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) ++# define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) ++# define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) ++# define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) ++# define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) ++# define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) ++# define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) ++# define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) ++# define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) ++# define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) ++# define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) ++# define lh_ERR_STRING_DATA_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) ++# define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) ++# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) ++# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) ++# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) ++# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) ++# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) ++# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) ++# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) ++# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) ++# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) ++# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) ++# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) ++# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) ++# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) ++# define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) ++# define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) ++# define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) ++# define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) ++# define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) ++# define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) ++# define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) ++# define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) ++# define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) ++# define lh_FUNCTION_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(FUNCTION,lh,out) ++# define lh_FUNCTION_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) ++# define lh_FUNCTION_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(FUNCTION,lh,out) ++# define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) ++# define lh_MEM_new() LHM_lh_new(MEM,mem) ++# define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) ++# define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) ++# define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst) ++# define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn) ++# define lh_MEM_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg) ++# define lh_MEM_error(lh) LHM_lh_error(MEM,lh) ++# define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh) ++# define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh) ++# define lh_MEM_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(MEM,lh,out) ++# define lh_MEM_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(MEM,lh,out) ++# define lh_MEM_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(MEM,lh,out) ++# define lh_MEM_free(lh) LHM_lh_free(MEM,lh) ++# define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) ++# define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) ++# define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) ++# define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) ++# define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) ++# define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) ++# define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) ++# define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) ++# define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) ++# define lh_OBJ_NAME_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(OBJ_NAME,lh,out) ++# define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) ++# define lh_OBJ_NAME_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(OBJ_NAME,lh,out) ++# define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) ++# define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) ++# define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) ++# define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) ++# define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) ++# define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) ++# define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) ++# define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) ++# define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) ++# define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) ++# define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) ++# define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) ++# define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) ++# define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) ++# define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) ++# define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) ++# define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) ++# define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) ++# define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) ++# define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) ++# define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) ++# define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) ++# define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) ++# define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) ++# define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) ++# define lh_OPENSSL_STRING_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(OPENSSL_STRING,lh,out) ++# define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) ++# define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) ++# define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) ++# define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) ++# define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) ++# define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) ++# define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) ++# define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) ++# define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) ++# define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) ++# define lh_SSL_SESSION_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(SSL_SESSION,lh,out) ++# define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) ++# define lh_SSL_SESSION_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(SSL_SESSION,lh,out) ++# define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) ++#ifdef __cplusplus ++} ++#endif + #endif /* !defined HEADER_SAFESTACK_H */ +diff --git a/Cryptlib/Include/openssl/seed.h b/Cryptlib/Include/openssl/seed.h +new file mode 100644 +index 0000000..8cbf0d9 +--- /dev/null ++++ b/Cryptlib/Include/openssl/seed.h +@@ -0,0 +1,149 @@ ++/* ++ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Neither the name of author nor the names of its contributors may ++ * be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_SEED_H ++# define HEADER_SEED_H ++ ++# include ++# include ++# include ++ ++# ifdef OPENSSL_NO_SEED ++# error SEED is disabled. ++# endif ++ ++/* look whether we need 'long' to get 32 bits */ ++# ifdef AES_LONG ++# ifndef SEED_LONG ++# define SEED_LONG 1 ++# endif ++# endif ++ ++# if !defined(NO_SYS_TYPES_H) ++# include ++# endif ++ ++# define SEED_BLOCK_SIZE 16 ++# define SEED_KEY_LENGTH 16 ++ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++typedef struct seed_key_st { ++# ifdef SEED_LONG ++ unsigned long data[32]; ++# else ++ unsigned int data[32]; ++# endif ++} SEED_KEY_SCHEDULE; ++ ++# ifdef OPENSSL_FIPS ++void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], ++ SEED_KEY_SCHEDULE *ks); ++# endif ++void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], ++ SEED_KEY_SCHEDULE *ks); ++ ++void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], ++ unsigned char d[SEED_BLOCK_SIZE], ++ const SEED_KEY_SCHEDULE *ks); ++void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], ++ unsigned char d[SEED_BLOCK_SIZE], ++ const SEED_KEY_SCHEDULE *ks); ++ ++void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, ++ const SEED_KEY_SCHEDULE *ks, int enc); ++void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, ++ const SEED_KEY_SCHEDULE *ks, ++ unsigned char ivec[SEED_BLOCK_SIZE], int enc); ++void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const SEED_KEY_SCHEDULE *ks, ++ unsigned char ivec[SEED_BLOCK_SIZE], int *num, ++ int enc); ++void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const SEED_KEY_SCHEDULE *ks, ++ unsigned char ivec[SEED_BLOCK_SIZE], int *num); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* HEADER_SEED_H */ +diff --git a/Cryptlib/Include/openssl/sha.h b/Cryptlib/Include/openssl/sha.h +index 8a50878..e5169e4 100644 +--- a/Cryptlib/Include/openssl/sha.h ++++ b/Cryptlib/Include/openssl/sha.h +@@ -81,7 +81,7 @@ extern "C" { + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +-# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# if defined(__LP32__) + # define SHA_LONG unsigned long + # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) + # define SHA_LONG unsigned long +@@ -115,6 +115,9 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); + void SHA_Transform(SHA_CTX *c, const unsigned char *data); + # endif + # ifndef OPENSSL_NO_SHA1 ++# ifdef OPENSSL_FIPS ++int private_SHA1_Init(SHA_CTX *c); ++# endif + int SHA1_Init(SHA_CTX *c); + int SHA1_Update(SHA_CTX *c, const void *data, size_t len); + int SHA1_Final(unsigned char *md, SHA_CTX *c); +@@ -136,6 +139,10 @@ typedef struct SHA256state_st { + } SHA256_CTX; + + # ifndef OPENSSL_NO_SHA256 ++# ifdef OPENSSL_FIPS ++int private_SHA224_Init(SHA256_CTX *c); ++int private_SHA256_Init(SHA256_CTX *c); ++# endif + int SHA224_Init(SHA256_CTX *c); + int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); + int SHA224_Final(unsigned char *md, SHA256_CTX *c); +@@ -185,6 +192,10 @@ typedef struct SHA512state_st { + # endif + + # ifndef OPENSSL_NO_SHA512 ++# ifdef OPENSSL_FIPS ++int private_SHA384_Init(SHA512_CTX *c); ++int private_SHA512_Init(SHA512_CTX *c); ++# endif + int SHA384_Init(SHA512_CTX *c); + int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); + int SHA384_Final(unsigned char *md, SHA512_CTX *c); +diff --git a/Cryptlib/Include/openssl/srp.h b/Cryptlib/Include/openssl/srp.h +new file mode 100644 +index 0000000..d072536 +--- /dev/null ++++ b/Cryptlib/Include/openssl/srp.h +@@ -0,0 +1,169 @@ ++/* crypto/srp/srp.h */ ++/* ++ * Written by Christophe Renou (christophe.renou@edelweb.fr) with the ++ * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the ++ * EdelKey project and contributed to the OpenSSL project 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++#ifndef __SRP_H__ ++# define __SRP_H__ ++ ++# ifndef OPENSSL_NO_SRP ++ ++# include ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# include ++# include ++# include ++ ++typedef struct SRP_gN_cache_st { ++ char *b64_bn; ++ BIGNUM *bn; ++} SRP_gN_cache; ++ ++ ++DECLARE_STACK_OF(SRP_gN_cache) ++ ++typedef struct SRP_user_pwd_st { ++ char *id; ++ BIGNUM *s; ++ BIGNUM *v; ++ const BIGNUM *g; ++ const BIGNUM *N; ++ char *info; ++} SRP_user_pwd; ++ ++DECLARE_STACK_OF(SRP_user_pwd) ++ ++typedef struct SRP_VBASE_st { ++ STACK_OF(SRP_user_pwd) *users_pwd; ++ STACK_OF(SRP_gN_cache) *gN_cache; ++/* to simulate a user */ ++ char *seed_key; ++ BIGNUM *default_g; ++ BIGNUM *default_N; ++} SRP_VBASE; ++ ++/* ++ * Structure interne pour retenir les couples N et g ++ */ ++typedef struct SRP_gN_st { ++ char *id; ++ BIGNUM *g; ++ BIGNUM *N; ++} SRP_gN; ++ ++DECLARE_STACK_OF(SRP_gN) ++ ++SRP_VBASE *SRP_VBASE_new(char *seed_key); ++int SRP_VBASE_free(SRP_VBASE *vb); ++int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); ++SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); ++char *SRP_create_verifier(const char *user, const char *pass, char **salt, ++ char **verifier, const char *N, const char *g); ++int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, ++ BIGNUM **verifier, BIGNUM *N, BIGNUM *g); ++ ++# define SRP_NO_ERROR 0 ++# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 ++# define SRP_ERR_VBASE_BN_LIB 2 ++# define SRP_ERR_OPEN_FILE 3 ++# define SRP_ERR_MEMORY 4 ++ ++# define DB_srptype 0 ++# define DB_srpverifier 1 ++# define DB_srpsalt 2 ++# define DB_srpid 3 ++# define DB_srpgN 4 ++# define DB_srpinfo 5 ++# undef DB_NUMBER ++# define DB_NUMBER 6 ++ ++# define DB_SRP_INDEX 'I' ++# define DB_SRP_VALID 'V' ++# define DB_SRP_REVOKED 'R' ++# define DB_SRP_MODIF 'v' ++ ++/* see srp.c */ ++char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N); ++SRP_gN *SRP_get_default_gN(const char *id); ++ ++/* server side .... */ ++BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, ++ BIGNUM *N); ++BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); ++int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); ++BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N); ++ ++/* client side .... */ ++BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass); ++BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); ++BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, ++ BIGNUM *a, BIGNUM *u); ++int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); ++ ++# define SRP_MINIMAL_N 1024 ++ ++#ifdef __cplusplus ++} ++#endif ++ ++# endif ++#endif +diff --git a/Cryptlib/Include/openssl/srtp.h b/Cryptlib/Include/openssl/srtp.h +new file mode 100644 +index 0000000..2279c32 +--- /dev/null ++++ b/Cryptlib/Include/openssl/srtp.h +@@ -0,0 +1,147 @@ ++/* ssl/srtp.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++/* ++ * DTLS code by Eric Rescorla ++ * ++ * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. ++ */ ++ ++#ifndef HEADER_D1_SRTP_H ++# define HEADER_D1_SRTP_H ++ ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# define SRTP_AES128_CM_SHA1_80 0x0001 ++# define SRTP_AES128_CM_SHA1_32 0x0002 ++# define SRTP_AES128_F8_SHA1_80 0x0003 ++# define SRTP_AES128_F8_SHA1_32 0x0004 ++# define SRTP_NULL_SHA1_80 0x0005 ++# define SRTP_NULL_SHA1_32 0x0006 ++ ++# ifndef OPENSSL_NO_SRTP ++ ++int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); ++int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); ++ ++STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); ++SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); ++ ++# endif ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif +diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h +index ee9944f..6fe1a24 100644 +--- a/Cryptlib/Include/openssl/ssl.h ++++ b/Cryptlib/Include/openssl/ssl.h +@@ -56,7 +56,7 @@ + * [including the GNU Public Licence.] + */ + /* ==================================================================== +- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -109,62 +109,35 @@ + * + */ + /* ==================================================================== +- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. ++ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. ++ * ECC cipher suite support in OpenSSL originally developed by ++ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. ++ */ ++/* ==================================================================== ++ * Copyright 2005 Nokia. All rights reserved. + * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. ++ * The portions of the attached software ("Contribution") is developed by ++ * Nokia Corporation and is licensed pursuant to the OpenSSL open source ++ * license. + * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * The Contribution, originally written by Mika Kousa and Pasi Eronen of ++ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites ++ * support (see RFC 4279) to OpenSSL. + * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== ++ * No patent licenses or other rights except those expressly stated in ++ * the OpenSSL open source license shall be deemed granted or received ++ * expressly, by implication, estoppel, or otherwise. + * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). ++ * No assurances are provided by Nokia that the Contribution does not ++ * infringe the patent or other intellectual property rights of any third ++ * party or that the license provides you with all the necessary rights ++ * to make use of the Contribution. + * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECC cipher suite support in OpenSSL originally developed by +- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. ++ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN ++ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA ++ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY ++ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR ++ * OTHERWISE. + */ + + #ifndef HEADER_SSL_H +@@ -251,56 +224,98 @@ extern "C" { + # define SSL_MAX_MASTER_KEY_LENGTH 48 + + /* These are used to specify which ciphers to use and not to use */ ++ ++# define SSL_TXT_EXP40 "EXPORT40" ++# define SSL_TXT_EXP56 "EXPORT56" + # define SSL_TXT_LOW "LOW" + # define SSL_TXT_MEDIUM "MEDIUM" + # define SSL_TXT_HIGH "HIGH" + # define SSL_TXT_FIPS "FIPS" +-# define SSL_TXT_kFZA "kFZA" +-# define SSL_TXT_aFZA "aFZA" +-# define SSL_TXT_eFZA "eFZA" +-# define SSL_TXT_FZA "FZA" ++ ++# define SSL_TXT_kFZA "kFZA"/* unused! */ ++# define SSL_TXT_aFZA "aFZA"/* unused! */ ++# define SSL_TXT_eFZA "eFZA"/* unused! */ ++# define SSL_TXT_FZA "FZA"/* unused! */ + + # define SSL_TXT_aNULL "aNULL" + # define SSL_TXT_eNULL "eNULL" + # define SSL_TXT_NULL "NULL" + +-# define SSL_TXT_kKRB5 "kKRB5" +-# define SSL_TXT_aKRB5 "aKRB5" +-# define SSL_TXT_KRB5 "KRB5" +- + # define SSL_TXT_kRSA "kRSA" + # define SSL_TXT_kDHr "kDHr" + # define SSL_TXT_kDHd "kDHd" ++# define SSL_TXT_kDH "kDH" + # define SSL_TXT_kEDH "kEDH" ++# define SSL_TXT_kDHE "kDHE"/* alias for kEDH */ ++# define SSL_TXT_kKRB5 "kKRB5" ++# define SSL_TXT_kECDHr "kECDHr" ++# define SSL_TXT_kECDHe "kECDHe" ++# define SSL_TXT_kECDH "kECDH" ++# define SSL_TXT_kEECDH "kEECDH" ++# define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */ ++# define SSL_TXT_kPSK "kPSK" ++# define SSL_TXT_kGOST "kGOST" ++# define SSL_TXT_kSRP "kSRP" ++ + # define SSL_TXT_aRSA "aRSA" + # define SSL_TXT_aDSS "aDSS" + # define SSL_TXT_aDH "aDH" ++# define SSL_TXT_aECDH "aECDH" ++# define SSL_TXT_aKRB5 "aKRB5" ++# define SSL_TXT_aECDSA "aECDSA" ++# define SSL_TXT_aPSK "aPSK" ++# define SSL_TXT_aGOST94 "aGOST94" ++# define SSL_TXT_aGOST01 "aGOST01" ++# define SSL_TXT_aGOST "aGOST" ++# define SSL_TXT_aSRP "aSRP" ++ + # define SSL_TXT_DSS "DSS" + # define SSL_TXT_DH "DH" +-# define SSL_TXT_EDH "EDH" ++# define SSL_TXT_EDH "EDH"/* same as "kEDH:-ADH" */ ++# define SSL_TXT_DHE "DHE"/* alias for EDH */ + # define SSL_TXT_ADH "ADH" + # define SSL_TXT_RSA "RSA" ++# define SSL_TXT_ECDH "ECDH" ++# define SSL_TXT_EECDH "EECDH"/* same as "kEECDH:-AECDH" */ ++# define SSL_TXT_ECDHE "ECDHE"/* alias for ECDHE" */ ++# define SSL_TXT_AECDH "AECDH" ++# define SSL_TXT_ECDSA "ECDSA" ++# define SSL_TXT_KRB5 "KRB5" ++# define SSL_TXT_PSK "PSK" ++# define SSL_TXT_SRP "SRP" ++ + # define SSL_TXT_DES "DES" + # define SSL_TXT_3DES "3DES" + # define SSL_TXT_RC4 "RC4" + # define SSL_TXT_RC2 "RC2" + # define SSL_TXT_IDEA "IDEA" + # define SSL_TXT_SEED "SEED" ++# define SSL_TXT_AES128 "AES128" ++# define SSL_TXT_AES256 "AES256" + # define SSL_TXT_AES "AES" ++# define SSL_TXT_AES_GCM "AESGCM" ++# define SSL_TXT_CAMELLIA128 "CAMELLIA128" ++# define SSL_TXT_CAMELLIA256 "CAMELLIA256" + # define SSL_TXT_CAMELLIA "CAMELLIA" ++ + # define SSL_TXT_MD5 "MD5" + # define SSL_TXT_SHA1 "SHA1" +-# define SSL_TXT_SHA "SHA" +-# define SSL_TXT_EXP "EXP" +-# define SSL_TXT_EXPORT "EXPORT" +-# define SSL_TXT_EXP40 "EXPORT40" +-# define SSL_TXT_EXP56 "EXPORT56" ++# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ ++# define SSL_TXT_GOST94 "GOST94" ++# define SSL_TXT_GOST89MAC "GOST89MAC" ++# define SSL_TXT_SHA256 "SHA256" ++# define SSL_TXT_SHA384 "SHA384" ++ + # define SSL_TXT_SSLV2 "SSLv2" + # define SSL_TXT_SSLV3 "SSLv3" + # define SSL_TXT_TLSV1 "TLSv1" ++# define SSL_TXT_TLSV1_1 "TLSv1.1" ++# define SSL_TXT_TLSV1_2 "TLSv1.2" ++ ++# define SSL_TXT_EXP "EXP" ++# define SSL_TXT_EXPORT "EXPORT" ++ + # define SSL_TXT_ALL "ALL" +-# define SSL_TXT_ECC "ECCdraft"/* ECC ciphersuites are not yet +- * official */ + + /*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) +@@ -323,7 +338,13 @@ extern "C" { + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + */ +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH" ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" ++/* ++ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always ++ * starts with a reasonable order, and all we have to do for DEFAULT is ++ * throwing out anonymous and unencrypted ciphersuites! (The latter are not ++ * actually enabled by ALL, but "ALL:RSA" would enable some of them.) ++ */ + + /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ + # define SSL_SENT_SHUTDOWN 1 +@@ -349,25 +370,72 @@ extern "C" { + * function parameters used to prototype callbacks in SSL_CTX. + */ + typedef struct ssl_st *ssl_crock_st; ++typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; ++typedef struct ssl_method_st SSL_METHOD; ++typedef struct ssl_cipher_st SSL_CIPHER; ++typedef struct ssl_session_st SSL_SESSION; ++typedef struct tls_sigalgs_st TLS_SIGALGS; ++typedef struct ssl_conf_ctx_st SSL_CONF_CTX; ++ ++DECLARE_STACK_OF(SSL_CIPHER) ++ ++/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ ++typedef struct srtp_protection_profile_st { ++ const char *name; ++ unsigned long id; ++} SRTP_PROTECTION_PROFILE; ++ ++DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) ++ ++typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, ++ const unsigned char *data, ++ int len, void *arg); ++typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, ++ int *secret_len, ++ STACK_OF(SSL_CIPHER) *peer_ciphers, ++ SSL_CIPHER **cipher, void *arg); ++ ++# ifndef OPENSSL_NO_TLSEXT ++ ++/* Typedefs for handling custom extensions */ ++ ++typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type, ++ const unsigned char **out, ++ size_t *outlen, int *al, void *add_arg); ++ ++typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type, ++ const unsigned char *out, void *add_arg); ++ ++typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, ++ const unsigned char *in, ++ size_t inlen, int *al, void *parse_arg); ++ ++# endif ++ ++# ifndef OPENSSL_NO_SSL_INTERN + + /* used to hold info on the particular ciphers used */ +-typedef struct ssl_cipher_st { ++struct ssl_cipher_st { + int valid; + const char *name; /* text name */ + unsigned long id; /* id, 4 bytes, first is version */ +- unsigned long algorithms; /* what ciphers are used */ ++ /* ++ * changed in 0.9.9: these four used to be portions of a single value ++ * 'algorithms' ++ */ ++ unsigned long algorithm_mkey; /* key exchange algorithm */ ++ unsigned long algorithm_auth; /* server authentication */ ++ unsigned long algorithm_enc; /* symmetric encryption */ ++ unsigned long algorithm_mac; /* symmetric authentication */ ++ unsigned long algorithm_ssl; /* (major) protocol version */ + unsigned long algo_strength; /* strength and export flags */ + unsigned long algorithm2; /* Extra flags */ + int strength_bits; /* Number of bits really used */ + int alg_bits; /* Number of bits for algorithm */ +- unsigned long mask; /* used for matching */ +- unsigned long mask_strength; /* also used for matching */ +-} SSL_CIPHER; +- +-DECLARE_STACK_OF(SSL_CIPHER) ++}; + + /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ +-typedef struct ssl_method_st { ++struct ssl_method_st { + int version; + int (*ssl_new) (SSL *s); + void (*ssl_clear) (SSL *s); +@@ -388,40 +456,46 @@ typedef struct ssl_method_st { + int (*ssl_dispatch_alert) (SSL *s); + long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); + long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); +- SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); ++ const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); + int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); + int (*ssl_pending) (const SSL *s); + int (*num_ciphers) (void); +- SSL_CIPHER *(*get_cipher) (unsigned ncipher); +- struct ssl_method_st *(*get_ssl_method) (int version); ++ const SSL_CIPHER *(*get_cipher) (unsigned ncipher); ++ const struct ssl_method_st *(*get_ssl_method) (int version); + long (*get_timeout) (void); + struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ + int (*ssl_version) (void); + long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); + long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); +-} SSL_METHOD; ++}; + + /*- + * Lets make this into an ASN.1 type structure as follows + * SSL_SESSION_ID ::= SEQUENCE { + * version INTEGER, -- structure version number + * SSLversion INTEGER, -- SSL version number +- * Cipher OCTET_STRING, -- the 3 byte cipher ID +- * Session_ID OCTET_STRING, -- the Session ID +- * Master_key OCTET_STRING, -- the master key +- * KRB5_principal OCTET_STRING -- optional Kerberos principal +- * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument ++ * Cipher OCTET STRING, -- the 3 byte cipher ID ++ * Session_ID OCTET STRING, -- the Session ID ++ * Master_key OCTET STRING, -- the master key ++ * KRB5_principal OCTET STRING -- optional Kerberos principal ++ * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument + * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time + * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds + * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate +- * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context +- * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' +- * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX ++ * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context ++ * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' ++ * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension ++ * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint ++ * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity ++ * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket ++ * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) ++ * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method ++ * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username + * } + * Look in ssl/ssl_asn1.c for more details + * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). + */ +-typedef struct ssl_session_st { ++struct ssl_session_st { + int ssl_version; /* what ssl version session info is being + * kept in here? */ + /* only really used in SSLv2 */ +@@ -439,10 +513,19 @@ typedef struct ssl_session_st { + */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; +-# ifndef OPENSSL_NO_KRB5 ++# ifndef OPENSSL_NO_KRB5 + unsigned int krb5_client_princ_len; + unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; +-# endif /* OPENSSL_NO_KRB5 */ ++# endif /* OPENSSL_NO_KRB5 */ ++# ifndef OPENSSL_NO_PSK ++ char *psk_identity_hint; ++ char *psk_identity; ++# endif ++ /* ++ * Used to indicate that session resumption is not allowed. Applications ++ * can also set this bit for a new session via not_resumable_session_cb ++ * to disable session caching and tickets. ++ */ + int not_resumable; + /* The cert is the certificate used to establish this connection */ + struct sess_cert_st /* SESS_CERT */ *sess_cert; +@@ -461,8 +544,8 @@ typedef struct ssl_session_st { + int references; + long timeout; + long time; +- int compress_meth; /* Need to lookup the method */ +- SSL_CIPHER *cipher; ++ unsigned int compress_meth; /* Need to lookup the method */ ++ const SSL_CIPHER *cipher; + unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used + * to load the 'cipher' structure */ + STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ +@@ -472,21 +555,32 @@ typedef struct ssl_session_st { + * implement a maximum cache size. + */ + struct ssl_session_st *prev, *next; +-# ifndef OPENSSL_NO_TLSEXT ++# ifndef OPENSSL_NO_TLSEXT + char *tlsext_hostname; ++# ifndef OPENSSL_NO_EC ++ size_t tlsext_ecpointformatlist_length; ++ unsigned char *tlsext_ecpointformatlist; /* peer's list */ ++ size_t tlsext_ellipticcurvelist_length; ++ unsigned char *tlsext_ellipticcurvelist; /* peer's list */ ++# endif /* OPENSSL_NO_EC */ + /* RFC4507 info */ + unsigned char *tlsext_tick; /* Session ticket */ + size_t tlsext_ticklen; /* Session ticket length */ + long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ ++# endif ++# ifndef OPENSSL_NO_SRP ++ char *srp_username; ++# endif ++}; ++ + # endif +-} SSL_SESSION; + + # define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L + # define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L + /* Allow initial connection to servers that don't support RI */ + # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L + # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L +-# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L ++# define SSL_OP_TLSEXT_PADDING 0x00000010L + # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L + # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L + # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L +@@ -495,6 +589,8 @@ typedef struct ssl_session_st { + + /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ + # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 ++/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ ++# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 + + /* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in +@@ -510,7 +606,7 @@ typedef struct ssl_session_st { + * SSL_OP_ALL: various bug workarounds that should be rather harmless. This + * used to be 0x000FFFFFL before 0.9.7. + */ +-# define SSL_OP_ALL 0x00000FFFL ++# define SSL_OP_ALL 0x80000BFFL + + /* DTLS options */ + # define SSL_OP_NO_QUERY_MTU 0x00001000L +@@ -523,6 +619,8 @@ typedef struct ssl_session_st { + + /* As server, disallow session resumption on renegotiation */ + # define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L ++/* Don't use compression even if supported */ ++# define SSL_OP_NO_COMPRESSION 0x00020000L + /* Permit unsafe legacy renegotiation */ + # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L + /* If set, always create a new key when using tmp_ecdh parameters */ +@@ -546,15 +644,34 @@ typedef struct ssl_session_st { + # define SSL_OP_NO_SSLv2 0x01000000L + # define SSL_OP_NO_SSLv3 0x02000000L + # define SSL_OP_NO_TLSv1 0x04000000L ++# define SSL_OP_NO_TLSv1_2 0x08000000L ++# define SSL_OP_NO_TLSv1_1 0x10000000L ++ ++# define SSL_OP_NO_DTLSv1 0x04000000L ++# define SSL_OP_NO_DTLSv1_2 0x08000000L + ++# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ ++ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) ++ ++/* ++ * These next two were never actually used for anything since SSLeay zap so ++ * we have some more flags. ++ */ + /* + * The next flag deliberately changes the ciphertest, this is a check for the + * PKCS#1 attack + */ +-# define SSL_OP_PKCS1_CHECK_1 0x08000000L +-# define SSL_OP_PKCS1_CHECK_2 0x10000000L ++# define SSL_OP_PKCS1_CHECK_1 0x0 ++# define SSL_OP_PKCS1_CHECK_2 0x0 ++ + # define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L + # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L ++/* ++ * Make server add server-hello extension from early version of cryptopro ++ * draft, when GOST ciphersuite is negotiated. Required for interoperability ++ * with CryptoPro CSP 3.x ++ */ ++# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L + + /* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success +@@ -575,6 +692,19 @@ typedef struct ssl_session_st { + /* Don't attempt to automatically build certificate chain */ + # define SSL_MODE_NO_AUTO_CHAIN 0x00000008L + /* ++ * Save RAM by releasing read and write buffers when they're empty. (SSL3 and ++ * TLS only.) "Released" buffers are put onto a free-list in the context or ++ * just freed (depending on the context's setting for freelist_max_len). ++ */ ++# define SSL_MODE_RELEASE_BUFFERS 0x00000010L ++/* ++ * Send the current time in the Random fields of the ClientHello and ++ * ServerHello records for compatibility with hypothetical implementations ++ * that require it. ++ */ ++# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L ++# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L ++/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your +@@ -584,6 +714,69 @@ typedef struct ssl_session_st { + */ + # define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L + ++/* Cert related flags */ ++/* ++ * Many implementations ignore some aspects of the TLS standards such as ++ * enforcing certifcate chain algorithms. When this is set we enforce them. ++ */ ++# define SSL_CERT_FLAG_TLS_STRICT 0x00000001L ++ ++/* Suite B modes, takes same values as certificate verify flags */ ++# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 ++/* Suite B 192 bit only mode */ ++# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 ++/* Suite B 128 bit mode allowing 192 bit algorithms */ ++# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 ++ ++/* Perform all sorts of protocol violations for testing purposes */ ++# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 ++ ++/* Flags for building certificate chains */ ++/* Treat any existing certificates as untrusted CAs */ ++# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 ++/* Don't include root CA in chain */ ++# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 ++/* Just check certificates already there */ ++# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 ++/* Ignore verification errors */ ++# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 ++/* Clear verification errors from queue */ ++# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 ++ ++/* Flags returned by SSL_check_chain */ ++/* Certificate can be used with this session */ ++# define CERT_PKEY_VALID 0x1 ++/* Certificate can also be used for signing */ ++# define CERT_PKEY_SIGN 0x2 ++/* EE certificate signing algorithm OK */ ++# define CERT_PKEY_EE_SIGNATURE 0x10 ++/* CA signature algorithms OK */ ++# define CERT_PKEY_CA_SIGNATURE 0x20 ++/* EE certificate parameters OK */ ++# define CERT_PKEY_EE_PARAM 0x40 ++/* CA certificate parameters OK */ ++# define CERT_PKEY_CA_PARAM 0x80 ++/* Signing explicitly allowed as opposed to SHA1 fallback */ ++# define CERT_PKEY_EXPLICIT_SIGN 0x100 ++/* Client CA issuer names match (always set for server cert) */ ++# define CERT_PKEY_ISSUER_NAME 0x200 ++/* Cert type matches client types (always set for server cert) */ ++# define CERT_PKEY_CERT_TYPE 0x400 ++/* Cert chain suitable to Suite B */ ++# define CERT_PKEY_SUITEB 0x800 ++ ++# define SSL_CONF_FLAG_CMDLINE 0x1 ++# define SSL_CONF_FLAG_FILE 0x2 ++# define SSL_CONF_FLAG_CLIENT 0x4 ++# define SSL_CONF_FLAG_SERVER 0x8 ++# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 ++# define SSL_CONF_FLAG_CERTIFICATE 0x20 ++/* Configuration value types */ ++# define SSL_CONF_TYPE_UNKNOWN 0x0 ++# define SSL_CONF_TYPE_STRING 0x1 ++# define SSL_CONF_TYPE_FILE 0x2 ++# define SSL_CONF_TYPE_DIR 0x3 ++ + /* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. +@@ -616,10 +809,28 @@ typedef struct ssl_session_st { + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) + # define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) ++# define DTLS_set_link_mtu(ssl, mtu) \ ++ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) ++# define DTLS_get_link_min_mtu(ssl) \ ++ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + + # define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + ++# ifndef OPENSSL_NO_HEARTBEATS ++# define SSL_heartbeat(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) ++# endif ++ ++# define SSL_CTX_set_cert_flags(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) ++# define SSL_set_cert_flags(s,op) \ ++ SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) ++# define SSL_CTX_clear_cert_flags(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) ++# define SSL_clear_cert_flags(s,op) \ ++ SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) ++ + void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, +@@ -631,6 +842,41 @@ void SSL_set_msg_callback(SSL *ssl, + # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + ++# ifndef OPENSSL_NO_SRP ++ ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++typedef struct srp_ctx_st { ++ /* param for all the callbacks */ ++ void *SRP_cb_arg; ++ /* set client Hello login callback */ ++ int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); ++ /* set SRP N/g param callback for verification */ ++ int (*SRP_verify_param_callback) (SSL *, void *); ++ /* set SRP client passwd callback */ ++ char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); ++ char *login; ++ BIGNUM *N, *g, *s, *B, *A; ++ BIGNUM *a, *b, *v; ++ char *info; ++ int strength; ++ unsigned long srp_Mask; ++} SRP_CTX; ++ ++# endif ++ ++/* see tls_srp.c */ ++int SSL_SRP_CTX_init(SSL *s); ++int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); ++int SSL_SRP_CTX_free(SSL *ctx); ++int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); ++int SSL_srp_server_param_with_username(SSL *s, int *ad); ++int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); ++int SRP_Calc_A_param(SSL *s); ++int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); ++ ++# endif ++ + # if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) + # define SSL_MAX_CERT_LIST_DEFAULT 1024*30 + /* 30k max cert list :-) */ +@@ -659,25 +905,30 @@ void SSL_set_msg_callback(SSL *ssl, + typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, + unsigned int *id_len); + +-typedef struct ssl_comp_st { ++typedef struct ssl_comp_st SSL_COMP; ++ ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++struct ssl_comp_st { + int id; + const char *name; +-# ifndef OPENSSL_NO_COMP ++# ifndef OPENSSL_NO_COMP + COMP_METHOD *method; +-# else ++# else + char *method; +-# endif +-} SSL_COMP; ++# endif ++}; + + DECLARE_STACK_OF(SSL_COMP) ++DECLARE_LHASH_OF(SSL_SESSION); + + struct ssl_ctx_st { +- SSL_METHOD *method; ++ const SSL_METHOD *method; + STACK_OF(SSL_CIPHER) *cipher_list; + /* same as above but sorted for lookup */ + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + struct x509_store_st /* X509_STORE */ *cert_store; +- struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ ++ LHASH_OF(SSL_SESSION) *sessions; + /* + * Most session-ids that will be cached, default is + * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. +@@ -800,21 +1051,27 @@ struct ssl_ctx_st { + + X509_VERIFY_PARAM *param; + +-# if 0 ++# if 0 + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ +-# endif ++# endif + + int quiet_shutdown; + +-# ifndef OPENSSL_ENGINE ++ /* ++ * Maximum amount of data to send in one fragment. actual record size can ++ * be more than this due to padding and MAC overheads. ++ */ ++ unsigned int max_send_fragment; ++ ++# ifndef OPENSSL_NO_ENGINE + /* + * Engine to pass requests for client certs to + */ + ENGINE *client_cert_engine; +-# endif ++# endif + +-# ifndef OPENSSL_NO_TLSEXT ++# ifndef OPENSSL_NO_TLSEXT + /* TLS extensions servername callback */ + int (*tlsext_servername_callback) (SSL *, int *, void *); + void *tlsext_servername_arg; +@@ -832,10 +1089,102 @@ struct ssl_ctx_st { + /* Callback for status request */ + int (*tlsext_status_cb) (SSL *ssl, void *arg); + void *tlsext_status_arg; +-# endif + ++ /* draft-rescorla-tls-opaque-prf-input-00.txt information */ ++ int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, ++ size_t len, void *arg); ++ void *tlsext_opaque_prf_input_callback_arg; ++# endif ++ ++# ifndef OPENSSL_NO_PSK ++ char *psk_identity_hint; ++ unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, ++ char *identity, ++ unsigned int max_identity_len, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++ unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++# endif ++ ++# ifndef OPENSSL_NO_BUF_FREELISTS ++# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 ++ unsigned int freelist_max_len; ++ struct ssl3_buf_freelist_st *wbuf_freelist; ++ struct ssl3_buf_freelist_st *rbuf_freelist; ++# endif ++# ifndef OPENSSL_NO_SRP ++ SRP_CTX srp_ctx; /* ctx for SRP authentication */ ++# endif ++ ++# ifndef OPENSSL_NO_TLSEXT ++ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ /* Next protocol negotiation information */ ++ /* (for experimental NPN extension). */ ++ ++ /* ++ * For a server, this contains a callback function by which the set of ++ * advertised protocols can be provided. ++ */ ++ int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, ++ unsigned int *len, void *arg); ++ void *next_protos_advertised_cb_arg; ++ /* ++ * For a client, this contains a callback function that selects the next ++ * protocol from the list provided by the server. ++ */ ++ int (*next_proto_select_cb) (SSL *s, unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, void *arg); ++ void *next_proto_select_cb_arg; ++# endif ++ /* SRTP profiles we are willing to do from RFC 5764 */ ++ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; ++ ++ /* ++ * ALPN information (we are in the process of transitioning from NPN to ++ * ALPN.) ++ */ ++ ++ /*- ++ * For a server, this contains a callback function that allows the ++ * server to select the protocol for the connection. ++ * out: on successful return, this must point to the raw protocol ++ * name (without the length prefix). ++ * outlen: on successful return, this contains the length of |*out|. ++ * in: points to the client's list of supported protocols in ++ * wire-format. ++ * inlen: the length of |in|. ++ */ ++ int (*alpn_select_cb) (SSL *s, ++ const unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, void *arg); ++ void *alpn_select_cb_arg; ++ ++ /* ++ * For a client, this contains the list of supported protocols in wire ++ * format. ++ */ ++ unsigned char *alpn_client_proto_list; ++ unsigned alpn_client_proto_list_len; ++ ++# ifndef OPENSSL_NO_EC ++ /* EC extension values inherited by SSL structure */ ++ size_t tlsext_ecpointformatlist_length; ++ unsigned char *tlsext_ecpointformatlist; ++ size_t tlsext_ellipticcurvelist_length; ++ unsigned char *tlsext_ellipticcurvelist; ++# endif /* OPENSSL_NO_EC */ ++# endif + }; + ++# endif ++ + # define SSL_SESS_CACHE_OFF 0x0000 + # define SSL_SESS_CACHE_CLIENT 0x0001 + # define SSL_SESS_CACHE_SERVER 0x0002 +@@ -847,7 +1196,7 @@ struct ssl_ctx_st { + # define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +-struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); ++LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); + # define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) + # define SSL_CTX_sess_connect(ctx) \ +@@ -919,6 +1268,140 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + *cookie, + unsigned int + cookie_len)); ++# ifndef OPENSSL_NO_NEXTPROTONEG ++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, ++ int (*cb) (SSL *ssl, ++ const unsigned char ++ **out, ++ unsigned int *outlen, ++ void *arg), void *arg); ++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, ++ int (*cb) (SSL *ssl, ++ unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, ++ void *arg), void *arg); ++void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, ++ unsigned *len); ++# endif ++ ++# ifndef OPENSSL_NO_TLSEXT ++int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, ++ const unsigned char *in, unsigned int inlen, ++ const unsigned char *client, ++ unsigned int client_len); ++# endif ++ ++# define OPENSSL_NPN_UNSUPPORTED 0 ++# define OPENSSL_NPN_NEGOTIATED 1 ++# define OPENSSL_NPN_NO_OVERLAP 2 ++ ++int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, ++ unsigned protos_len); ++int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, ++ unsigned protos_len); ++void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, ++ int (*cb) (SSL *ssl, ++ const unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, ++ void *arg), void *arg); ++void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, ++ unsigned *len); ++ ++# ifndef OPENSSL_NO_PSK ++/* ++ * the maximum length of the buffer given to callbacks containing the ++ * resulting identity/psk ++ */ ++# define PSK_MAX_IDENTITY_LEN 128 ++# define PSK_MAX_PSK_LEN 256 ++void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, ++ unsigned int (*psk_client_callback) (SSL ++ *ssl, ++ const ++ char ++ *hint, ++ char ++ *identity, ++ unsigned ++ int ++ max_identity_len, ++ unsigned ++ char ++ *psk, ++ unsigned ++ int ++ max_psk_len)); ++void SSL_set_psk_client_callback(SSL *ssl, ++ unsigned int (*psk_client_callback) (SSL ++ *ssl, ++ const ++ char ++ *hint, ++ char ++ *identity, ++ unsigned ++ int ++ max_identity_len, ++ unsigned ++ char ++ *psk, ++ unsigned ++ int ++ max_psk_len)); ++void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, ++ unsigned int (*psk_server_callback) (SSL ++ *ssl, ++ const ++ char ++ *identity, ++ unsigned ++ char ++ *psk, ++ unsigned ++ int ++ max_psk_len)); ++void SSL_set_psk_server_callback(SSL *ssl, ++ unsigned int (*psk_server_callback) (SSL ++ *ssl, ++ const ++ char ++ *identity, ++ unsigned ++ char ++ *psk, ++ unsigned ++ int ++ max_psk_len)); ++int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); ++int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); ++const char *SSL_get_psk_identity_hint(const SSL *s); ++const char *SSL_get_psk_identity(const SSL *s); ++# endif ++ ++# ifndef OPENSSL_NO_TLSEXT ++/* Register callbacks to handle custom TLS Extensions for client or server. */ ++ ++int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, ++ custom_ext_add_cb add_cb, ++ custom_ext_free_cb free_cb, ++ void *add_arg, ++ custom_ext_parse_cb parse_cb, ++ void *parse_arg); ++ ++int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, ++ custom_ext_add_cb add_cb, ++ custom_ext_free_cb free_cb, ++ void *add_arg, ++ custom_ext_parse_cb parse_cb, ++ void *parse_arg); ++ ++int SSL_extension_supported(unsigned int ext_type); ++ ++# endif + + # define SSL_NOTHING 1 + # define SSL_WRITING 2 +@@ -931,6 +1414,11 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + # define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) + # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) + ++# define SSL_MAC_FLAG_READ_MAC_STREAM 1 ++# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 ++ ++# ifndef OPENSSL_NO_SSL_INTERN ++ + struct ssl_st { + /* + * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, +@@ -940,25 +1428,25 @@ struct ssl_st { + /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + int type; + /* SSLv3 */ +- SSL_METHOD *method; ++ const SSL_METHOD *method; + /* + * There are 2 BIO's even though they are normally both the same. This + * is so data can be read and written to different handlers + */ +-# ifndef OPENSSL_NO_BIO ++# ifndef OPENSSL_NO_BIO + /* used by SSL_read */ + BIO *rbio; + /* used by SSL_write */ + BIO *wbio; + /* used during session-id reuse to concatenate messages */ + BIO *bbio; +-# else ++# else + /* used by SSL_read */ + char *rbio; + /* used by SSL_write */ + char *wbio; + char *bbio; +-# endif ++# endif + /* + * This holds a variable that indicates what we were doing when a 0 or -1 + * is returned. This is needed for non-blocking IO so we know what +@@ -978,9 +1466,7 @@ struct ssl_st { + /* are we the server side? - mostly used by SSL_clear */ + int server; + /* +- * 1 if we are to use a new session. +- * 2 if we are a server and are inside a handshake +- * (i.e. not just sending a HelloRequest) ++ * Generate a new session or reuse an old one. + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set +@@ -1013,10 +1499,10 @@ struct ssl_st { + void *msg_callback_arg; + int hit; /* reusing a previous session */ + X509_VERIFY_PARAM *param; +-# if 0 ++# if 0 + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ +-# endif ++# endif + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list; + STACK_OF(SSL_CIPHER) *cipher_list_by_id; +@@ -1024,20 +1510,21 @@ struct ssl_st { + * These are the ones being used, the ones in SSL_SESSION are the ones to + * be 'copied' into these ones + */ ++ int mac_flags; + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ +- const EVP_MD *read_hash; /* used for mac generation */ +-# ifndef OPENSSL_NO_COMP ++ EVP_MD_CTX *read_hash; /* used for mac generation */ ++# ifndef OPENSSL_NO_COMP + COMP_CTX *expand; /* uncompress */ +-# else ++# else + char *expand; +-# endif ++# endif + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ +- const EVP_MD *write_hash; /* used for mac generation */ +-# ifndef OPENSSL_NO_COMP ++ EVP_MD_CTX *write_hash; /* used for mac generation */ ++# ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +-# else ++# else + char *compress; +-# endif ++# endif + /* session info */ + /* client cert? */ + /* This is used to hold the server certificate used */ +@@ -1066,10 +1553,20 @@ struct ssl_st { + int error; + /* actual code */ + int error_code; +-# ifndef OPENSSL_NO_KRB5 ++# ifndef OPENSSL_NO_KRB5 + /* Kerberos 5 context */ + KSSL_CTX *kssl_ctx; +-# endif /* OPENSSL_NO_KRB5 */ ++# endif /* OPENSSL_NO_KRB5 */ ++# ifndef OPENSSL_NO_PSK ++ unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, ++ char *identity, ++ unsigned int max_identity_len, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++ unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++# endif + SSL_CTX *ctx; + /* + * set this flag to 1 and a sleep(1) is put into all SSL_read() and +@@ -1090,7 +1587,8 @@ struct ssl_st { + int first_packet; + /* what was passed, used for SSLv3/TLS rollback check */ + int client_version; +-# ifndef OPENSSL_NO_TLSEXT ++ unsigned int max_send_fragment; ++# ifndef OPENSSL_NO_TLSEXT + /* TLS extension debug callback */ + void (*tlsext_debug_cb) (SSL *s, int client_server, int type, + unsigned char *data, int len, void *arg); +@@ -1116,13 +1614,81 @@ struct ssl_st { + int tlsext_ocsp_resplen; + /* RFC4507 session ticket expected to be received or sent */ + int tlsext_ticket_expected; ++# ifndef OPENSSL_NO_EC ++ size_t tlsext_ecpointformatlist_length; ++ /* our list */ ++ unsigned char *tlsext_ecpointformatlist; ++ size_t tlsext_ellipticcurvelist_length; ++ /* our list */ ++ unsigned char *tlsext_ellipticcurvelist; ++# endif /* OPENSSL_NO_EC */ ++ /* ++ * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for ++ * handshakes ++ */ ++ void *tlsext_opaque_prf_input; ++ size_t tlsext_opaque_prf_input_len; ++ /* TLS Session Ticket extension override */ ++ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; ++ /* TLS Session Ticket extension callback */ ++ tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; ++ void *tls_session_ticket_ext_cb_arg; ++ /* TLS pre-shared secret session resumption */ ++ tls_session_secret_cb_fn tls_session_secret_cb; ++ void *tls_session_secret_cb_arg; + SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ +-# define session_ctx initial_ctx +-# else +-# define session_ctx ctx +-# endif ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ /* ++ * Next protocol negotiation. For the client, this is the protocol that ++ * we sent in NextProtocol and is set when handling ServerHello ++ * extensions. For a server, this is the client's selected_protocol from ++ * NextProtocol and is set when handling the NextProtocol message, before ++ * the Finished message. ++ */ ++ unsigned char *next_proto_negotiated; ++ unsigned char next_proto_negotiated_len; ++# endif ++# define session_ctx initial_ctx ++ /* What we'll do */ ++ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; ++ /* What's been chosen */ ++ SRTP_PROTECTION_PROFILE *srtp_profile; ++ /*- ++ * Is use of the Heartbeat extension negotiated? ++ * 0: disabled ++ * 1: enabled ++ * 2: enabled, but not allowed to send Requests ++ */ ++ unsigned int tlsext_heartbeat; ++ /* Indicates if a HeartbeatRequest is in flight */ ++ unsigned int tlsext_hb_pending; ++ /* HeartbeatRequest sequence number */ ++ unsigned int tlsext_hb_seq; ++# else ++# define session_ctx ctx ++# endif /* OPENSSL_NO_TLSEXT */ ++ /*- ++ * 1 if we are renegotiating. ++ * 2 if we are a server and are inside a handshake ++ * (i.e. not just sending a HelloRequest) ++ */ ++ int renegotiate; ++# ifndef OPENSSL_NO_SRP ++ /* ctx for SRP authentication */ ++ SRP_CTX srp_ctx; ++# endif ++# ifndef OPENSSL_NO_TLSEXT ++ /* ++ * For a client, this contains the list of supported protocols in wire ++ * format. ++ */ ++ unsigned char *alpn_client_proto_list; ++ unsigned alpn_client_proto_list_len; ++# endif /* OPENSSL_NO_TLSEXT */ + }; + ++# endif ++ + #ifdef __cplusplus + } + #endif +@@ -1132,6 +1698,7 @@ struct ssl_st { + # include /* This is mostly sslv3 with a few tweaks */ + # include /* Datagram TLS */ + # include ++# include /* Support for the use_srtp extension */ + + #ifdef __cplusplus + extern "C" { +@@ -1160,6 +1727,7 @@ extern "C" { + # define SSL_ST_BEFORE 0x4000 + # define SSL_ST_OK 0x03 + # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) ++# define SSL_ST_ERR 0x05 + + # define SSL_CB_LOOP 0x01 + # define SSL_CB_EXIT 0x02 +@@ -1234,20 +1802,12 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + # define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) + # define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +-# if 1 /* SSLEAY_MACROS */ +-# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +-# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) +-# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ +- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) +-# define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) +-# define PEM_write_SSL_SESSION(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ +- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) +-# define PEM_write_bio_SSL_SESSION(bp,x) \ +- PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) +-# endif ++# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) ++# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +-# define SSL_AD_REASON_OFFSET 1000 ++DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) ++# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value ++ * from SSL_AD_... */ + /* These alert types are for SSLv3 and TLSv1 */ + # define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY + /* fatal */ +@@ -1295,7 +1855,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + # define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY + /* fatal */ + # define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +- + # define SSL_ERROR_NONE 0 + # define SSL_ERROR_SSL 1 + # define SSL_ERROR_WANT_READ 2 +@@ -1306,7 +1865,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + # define SSL_ERROR_ZERO_RETURN 6 + # define SSL_ERROR_WANT_CONNECT 7 + # define SSL_ERROR_WANT_ACCEPT 8 +- + # define SSL_CTRL_NEED_TMP_RSA 1 + # define SSL_CTRL_SET_TMP_RSA 2 + # define SSL_CTRL_SET_TMP_DH 3 +@@ -1314,7 +1872,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + # define SSL_CTRL_SET_TMP_RSA_CB 5 + # define SSL_CTRL_SET_TMP_DH_CB 6 + # define SSL_CTRL_SET_TMP_ECDH_CB 7 +- + # define SSL_CTRL_GET_SESSION_REUSED 8 + # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 + # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +@@ -1322,10 +1879,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + # define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 + # define SSL_CTRL_GET_FLAGS 13 + # define SSL_CTRL_EXTRA_CHAIN_CERT 14 +- + # define SSL_CTRL_SET_MSG_CALLBACK 15 + # define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +- + /* only applies to datagram connections */ + # define SSL_CTRL_SET_MTU 17 + /* Stats */ +@@ -1343,17 +1898,15 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + # define SSL_CTRL_SESS_CACHE_FULL 31 + # define SSL_CTRL_OPTIONS 32 + # define SSL_CTRL_MODE 33 +- + # define SSL_CTRL_GET_READ_AHEAD 40 + # define SSL_CTRL_SET_READ_AHEAD 41 + # define SSL_CTRL_SET_SESS_CACHE_SIZE 42 + # define SSL_CTRL_GET_SESS_CACHE_SIZE 43 + # define SSL_CTRL_SET_SESS_CACHE_MODE 44 + # define SSL_CTRL_GET_SESS_CACHE_MODE 45 +- + # define SSL_CTRL_GET_MAX_CERT_LIST 50 + # define SSL_CTRL_SET_MAX_CERT_LIST 51 +- ++# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 + /* see tls1.h for macros based on these */ + # ifndef OPENSSL_NO_TLSEXT + # define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +@@ -1363,7 +1916,9 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + # define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 + # define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 + # define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +- ++# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 ++# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 ++# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 + # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 + # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 + # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +@@ -1373,27 +1928,65 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 + # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 + # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +- + # define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +-# endif +- ++# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 ++# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 ++# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 ++# define SSL_CTRL_SET_SRP_ARG 78 ++# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 ++# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 ++# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 ++# ifndef OPENSSL_NO_HEARTBEATS ++# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 ++# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 ++# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 ++# endif ++# endif /* OPENSSL_NO_TLSEXT */ + # define DTLS_CTRL_GET_TIMEOUT 73 + # define DTLS_CTRL_HANDLE_TIMEOUT 74 + # define DTLS_CTRL_LISTEN 75 +- + # define SSL_CTRL_GET_RI_SUPPORT 76 + # define SSL_CTRL_CLEAR_OPTIONS 77 + # define SSL_CTRL_CLEAR_MODE 78 +- ++# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 ++# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 ++# define SSL_CTRL_CHAIN 88 ++# define SSL_CTRL_CHAIN_CERT 89 ++# define SSL_CTRL_GET_CURVES 90 ++# define SSL_CTRL_SET_CURVES 91 ++# define SSL_CTRL_SET_CURVES_LIST 92 ++# define SSL_CTRL_GET_SHARED_CURVE 93 ++# define SSL_CTRL_SET_ECDH_AUTO 94 ++# define SSL_CTRL_SET_SIGALGS 97 ++# define SSL_CTRL_SET_SIGALGS_LIST 98 ++# define SSL_CTRL_CERT_FLAGS 99 ++# define SSL_CTRL_CLEAR_CERT_FLAGS 100 ++# define SSL_CTRL_SET_CLIENT_SIGALGS 101 ++# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 ++# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 ++# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 ++# define SSL_CTRL_BUILD_CERT_CHAIN 105 ++# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 ++# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 ++# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 ++# define SSL_CTRL_GET_SERVER_TMP_KEY 109 ++# define SSL_CTRL_GET_RAW_CIPHERLIST 110 ++# define SSL_CTRL_GET_EC_POINT_FORMATS 111 ++# define SSL_CTRL_GET_CHAIN_CERTS 115 ++# define SSL_CTRL_SELECT_CURRENT_CERT 116 ++# define SSL_CTRL_SET_CURRENT_CERT 117 + # define SSL_CTRL_CHECK_PROTO_VERSION 119 +- ++# define DTLS_CTRL_SET_LINK_MTU 120 ++# define DTLS_CTRL_GET_LINK_MIN_MTU 121 ++# define SSL_CERT_SET_FIRST 1 ++# define SSL_CERT_SET_NEXT 2 ++# define SSL_CERT_SET_SERVER 3 + # define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) + # define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) + # define DTLSv1_listen(ssl, peer) \ + SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) +- + # define SSL_session_reused(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) + # define SSL_num_renegotiations(ssl) \ +@@ -1402,7 +1995,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) + # define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +- + # define SSL_CTX_need_tmp_RSA(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) + # define SSL_CTX_set_tmp_rsa(ctx,rsa) \ +@@ -1411,7 +2003,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) + # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +- + # define SSL_need_tmp_RSA(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) + # define SSL_set_tmp_rsa(ssl,rsa) \ +@@ -1420,10 +2011,112 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) + # define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +- + # define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) +- ++# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) ++# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) ++# define SSL_CTX_clear_extra_chain_certs(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) ++# define SSL_CTX_set0_chain(ctx,sk) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) ++# define SSL_CTX_set1_chain(ctx,sk) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) ++# define SSL_CTX_add0_chain_cert(ctx,x509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) ++# define SSL_CTX_add1_chain_cert(ctx,x509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) ++# define SSL_CTX_get0_chain_certs(ctx,px509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) ++# define SSL_CTX_clear_chain_certs(ctx) \ ++ SSL_CTX_set0_chain(ctx,NULL) ++# define SSL_CTX_build_cert_chain(ctx, flags) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) ++# define SSL_CTX_select_current_cert(ctx,x509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) ++# define SSL_CTX_set_current_cert(ctx, op) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) ++# define SSL_CTX_set0_verify_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) ++# define SSL_CTX_set1_verify_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) ++# define SSL_CTX_set0_chain_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) ++# define SSL_CTX_set1_chain_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) ++# define SSL_set0_chain(ctx,sk) \ ++ SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) ++# define SSL_set1_chain(ctx,sk) \ ++ SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) ++# define SSL_add0_chain_cert(ctx,x509) \ ++ SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) ++# define SSL_add1_chain_cert(ctx,x509) \ ++ SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) ++# define SSL_get0_chain_certs(ctx,px509) \ ++ SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) ++# define SSL_clear_chain_certs(ctx) \ ++ SSL_set0_chain(ctx,NULL) ++# define SSL_build_cert_chain(s, flags) \ ++ SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) ++# define SSL_select_current_cert(ctx,x509) \ ++ SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) ++# define SSL_set_current_cert(ctx,op) \ ++ SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) ++# define SSL_set0_verify_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) ++# define SSL_set1_verify_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) ++# define SSL_set0_chain_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) ++# define SSL_set1_chain_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) ++# define SSL_get1_curves(ctx, s) \ ++ SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s) ++# define SSL_CTX_set1_curves(ctx, clist, clistlen) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) ++# define SSL_CTX_set1_curves_list(ctx, s) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) ++# define SSL_set1_curves(ctx, clist, clistlen) \ ++ SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) ++# define SSL_set1_curves_list(ctx, s) \ ++ SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) ++# define SSL_get_shared_curve(s, n) \ ++ SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) ++# define SSL_CTX_set_ecdh_auto(ctx, onoff) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) ++# define SSL_set_ecdh_auto(s, onoff) \ ++ SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) ++# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) ++# define SSL_CTX_set1_sigalgs_list(ctx, s) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) ++# define SSL_set1_sigalgs(ctx, slist, slistlen) \ ++ SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist) ++# define SSL_set1_sigalgs_list(ctx, s) \ ++ SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) ++# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist) ++# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) ++# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \ ++ SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist) ++# define SSL_set1_client_sigalgs_list(ctx, s) \ ++ SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) ++# define SSL_get0_certificate_types(s, clist) \ ++ SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist) ++# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) ++# define SSL_set1_client_certificate_types(s, clist, clistlen) \ ++ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) ++# define SSL_get_peer_signature_nid(s, pn) \ ++ SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) ++# define SSL_get_server_tmp_key(s, pk) \ ++ SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) ++# define SSL_get0_raw_cipherlist(s, plst) \ ++ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,(char *)plst) ++# define SSL_get0_ec_point_formats(s, plst) \ ++ SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,(char *)plst) + # ifndef OPENSSL_NO_BIO + BIO_METHOD *BIO_f_ssl(void); + BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +@@ -1435,7 +2128,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio); + # endif + + int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); ++SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); + void SSL_CTX_free(SSL_CTX *); + long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); + long SSL_CTX_get_timeout(const SSL_CTX *ctx); +@@ -1446,10 +2139,11 @@ int SSL_clear(SSL *s); + + void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +-SSL_CIPHER *SSL_get_current_cipher(const SSL *s); ++const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); + int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); + char *SSL_CIPHER_get_version(const SSL_CIPHER *c); + const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); ++unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); + + int SSL_get_fd(const SSL *s); + int SSL_get_rfd(const SSL *s); +@@ -1476,6 +2170,7 @@ int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); + void SSL_set_verify(SSL *s, int mode, + int (*callback) (int ok, X509_STORE_CTX *ctx)); + void SSL_set_verify_depth(SSL *s, int depth); ++void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); + # ifndef OPENSSL_NO_RSA + int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); + # endif +@@ -1486,6 +2181,16 @@ int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + int SSL_use_certificate(SSL *ssl, X509 *x); + int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); + ++# ifndef OPENSSL_NO_TLSEXT ++/* Set serverinfo data for the current active cert. */ ++int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, ++ size_t serverinfo_length); ++# ifndef OPENSSL_NO_STDIO ++int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); ++# endif /* NO_STDIO */ ++ ++# endif ++ + # ifndef OPENSSL_NO_STDIO + int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); + int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +@@ -1518,12 +2223,14 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t); + long SSL_SESSION_get_timeout(const SSL_SESSION *s); + long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); + void SSL_copy_session_id(SSL *to, const SSL *from); ++X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); ++int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, ++ unsigned int sid_ctx_len); + + SSL_SESSION *SSL_SESSION_new(void); +-unsigned long SSL_SESSION_hash(const SSL_SESSION *a); +-int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b); + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); ++unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); + # ifndef OPENSSL_NO_FP_API + int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); + # endif +@@ -1558,6 +2265,8 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); ++void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), ++ void *arg); + # ifndef OPENSSL_NO_RSA + int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); + # endif +@@ -1588,6 +2297,37 @@ int SSL_set_purpose(SSL *s, int purpose); + int SSL_CTX_set_trust(SSL_CTX *s, int trust); + int SSL_set_trust(SSL *s, int trust); + ++int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); ++int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); ++ ++X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); ++X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); ++ ++# ifndef OPENSSL_NO_SRP ++int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); ++int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); ++int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); ++int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, ++ char *(*cb) (SSL *, void *)); ++int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, ++ int (*cb) (SSL *, void *)); ++int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, ++ int (*cb) (SSL *, int *, void *)); ++int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); ++ ++int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, ++ BIGNUM *sa, BIGNUM *v, char *info); ++int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, ++ const char *grp); ++ ++BIGNUM *SSL_get_srp_g(SSL *s); ++BIGNUM *SSL_get_srp_N(SSL *s); ++ ++char *SSL_get_srp_username(SSL *s); ++char *SSL_get_srp_userinfo(SSL *s); ++# endif ++ ++void SSL_certs_clear(SSL *s); + void SSL_free(SSL *ssl); + int SSL_accept(SSL *ssl); + int SSL_connect(SSL *ssl); +@@ -1603,37 +2343,62 @@ int SSL_get_error(const SSL *s, int ret_code); + const char *SSL_get_version(const SSL *s); + + /* This sets the 'default' SSL version that SSL_new() will create */ +-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth); ++int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); ++ ++# ifndef OPENSSL_NO_SSL2 ++const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ ++const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ ++const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ ++# endif ++ ++# ifndef OPENSSL_NO_SSL3_METHOD ++const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ ++const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ ++const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ ++# endif ++ ++const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS ++ * version */ ++const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available ++ * SSL/TLS version */ ++const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available ++ * SSL/TLS version */ ++ ++const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ ++const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ ++const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ + +-SSL_METHOD *SSLv2_method(void); /* SSLv2 */ +-SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ +-SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ ++const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ ++const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ ++const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ + +-SSL_METHOD *SSLv3_method(void); /* SSLv3 */ +-SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ +-SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ ++const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ ++const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ ++const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ + +-SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ +-SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ +-SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ ++const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ ++const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ ++const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ + +-SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ +-SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ +-SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ ++const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ ++const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ ++const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ + +-SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ +-SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ +-SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ ++const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ ++const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ ++const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + + STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); + + int SSL_do_handshake(SSL *s); + int SSL_renegotiate(SSL *s); ++int SSL_renegotiate_abbreviated(SSL *s); + int SSL_renegotiate_pending(SSL *s); + int SSL_shutdown(SSL *s); + +-SSL_METHOD *SSL_get_ssl_method(SSL *s); +-int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); ++const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); ++const SSL_METHOD *SSL_get_ssl_method(SSL *s); ++int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); + const char *SSL_alert_type_string_long(int value); + const char *SSL_alert_type_string(int value); + const char *SSL_alert_desc_string_long(int value); +@@ -1661,7 +2426,10 @@ SSL *SSL_dup(SSL *ssl); + X509 *SSL_get_certificate(const SSL *ssl); + /* + * EVP_PKEY +- */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); ++ */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); ++ ++X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); ++EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + + void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); + int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +@@ -1683,6 +2451,7 @@ void SSL_set_info_callback(SSL *ssl, + void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); + int SSL_state(const SSL *ssl); ++void SSL_set_state(SSL *ssl, int state); + + void SSL_set_verify_result(SSL *ssl, long v); + long SSL_get_verify_result(const SSL *ssl); +@@ -1731,6 +2500,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void); + # define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + ++# define SSL_CTX_set_max_send_fragment(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) ++# define SSL_set_max_send_fragment(ssl,m) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) ++ + /* NB: the keylength is only applicable when is_export is true */ + # ifndef OPENSSL_NO_RSA + void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, +@@ -1763,6 +2537,9 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s); + const COMP_METHOD *SSL_get_current_expansion(SSL *s); + const char *SSL_COMP_get_name(const COMP_METHOD *comp); + STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); ++STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) ++ *meths); ++void SSL_COMP_free_compression_methods(void); + int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + # else + const void *SSL_get_current_compression(SSL *s); +@@ -1772,6 +2549,47 @@ void *SSL_COMP_get_compression_methods(void); + int SSL_COMP_add_compression_method(int id, void *cm); + # endif + ++const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); ++ ++/* TLS extensions functions */ ++int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); ++ ++int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, ++ void *arg); ++ ++/* Pre-shared secret session resumption functions */ ++int SSL_set_session_secret_cb(SSL *s, ++ tls_session_secret_cb_fn tls_session_secret_cb, ++ void *arg); ++ ++void SSL_set_debug(SSL *s, int debug); ++int SSL_cache_hit(SSL *s); ++int SSL_is_server(SSL *s); ++ ++SSL_CONF_CTX *SSL_CONF_CTX_new(void); ++int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); ++void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); ++unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); ++unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); ++int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); ++ ++void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); ++void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); ++ ++int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); ++int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); ++int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); ++ ++# ifndef OPENSSL_NO_SSL_TRACE ++void SSL_trace(int write_p, int version, int content_type, ++ const void *buf, size_t len, SSL *ssl, void *arg); ++const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); ++# endif ++ ++# ifndef OPENSSL_NO_UNIT_TEST ++const struct openssl_ssl_test_functions *SSL_test_functions(void); ++# endif ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +@@ -1782,6 +2600,7 @@ void ERR_load_SSL_strings(void); + /* Error codes for the SSL functions. */ + + /* Function codes. */ ++# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 + # define SSL_F_CLIENT_CERTIFICATE 100 + # define SSL_F_CLIENT_FINISHED 167 + # define SSL_F_CLIENT_HELLO 101 +@@ -1790,9 +2609,9 @@ void ERR_load_SSL_strings(void); + # define SSL_F_DO_DTLS1_WRITE 245 + # define SSL_F_DO_SSL3_WRITE 104 + # define SSL_F_DTLS1_ACCEPT 246 +-# define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 ++# define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 + # define SSL_F_DTLS1_BUFFER_RECORD 247 +-# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293 ++# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 + # define SSL_F_DTLS1_CLIENT_HELLO 248 + # define SSL_F_DTLS1_CONNECT 249 + # define SSL_F_DTLS1_ENC 250 +@@ -1800,9 +2619,10 @@ void ERR_load_SSL_strings(void); + # define SSL_F_DTLS1_GET_MESSAGE 252 + # define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 + # define SSL_F_DTLS1_GET_RECORD 254 +-# define SSL_F_DTLS1_HANDLE_TIMEOUT 282 ++# define SSL_F_DTLS1_HANDLE_TIMEOUT 297 ++# define SSL_F_DTLS1_HEARTBEAT 305 + # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 +-# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 ++# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 + # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 + # define SSL_F_DTLS1_PROCESS_RECORD 257 + # define SSL_F_DTLS1_READ_BYTES 258 +@@ -1821,6 +2641,7 @@ void ERR_load_SSL_strings(void); + # define SSL_F_GET_CLIENT_MASTER_KEY 107 + # define SSL_F_GET_SERVER_FINISHED 108 + # define SSL_F_GET_SERVER_HELLO 109 ++# define SSL_F_GET_SERVER_STATIC_DH_KEY 340 + # define SSL_F_GET_SERVER_VERIFY 110 + # define SSL_F_I2D_SSL_SESSION 111 + # define SSL_F_READ_N 112 +@@ -1846,20 +2667,22 @@ void ERR_load_SSL_strings(void); + # define SSL_F_SSL2_SET_CERTIFICATE 126 + # define SSL_F_SSL2_WRITE 127 + # define SSL_F_SSL3_ACCEPT 128 +-# define SSL_F_SSL3_ADD_CERT_TO_BUF 281 ++# define SSL_F_SSL3_ADD_CERT_TO_BUF 296 + # define SSL_F_SSL3_CALLBACK_CTRL 233 + # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 + # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +-# define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 ++# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 ++# define SSL_F_SSL3_CHECK_FINISHED 339 + # define SSL_F_SSL3_CLIENT_HELLO 131 + # define SSL_F_SSL3_CONNECT 132 + # define SSL_F_SSL3_CTRL 213 + # define SSL_F_SSL3_CTX_CTRL 133 +-# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 ++# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 ++# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 + # define SSL_F_SSL3_ENC 134 + # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 + # define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +-# define SSL_F_SSL3_GET_CERT_STATUS 288 ++# define SSL_F_SSL3_GET_CERT_STATUS 289 + # define SSL_F_SSL3_GET_CERT_VERIFY 136 + # define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 + # define SSL_F_SSL3_GET_CLIENT_HELLO 138 +@@ -1868,11 +2691,13 @@ void ERR_load_SSL_strings(void); + # define SSL_F_SSL3_GET_KEY_EXCHANGE 141 + # define SSL_F_SSL3_GET_MESSAGE 142 + # define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 ++# define SSL_F_SSL3_GET_NEXT_PROTO 306 + # define SSL_F_SSL3_GET_RECORD 143 + # define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 + # define SSL_F_SSL3_GET_SERVER_DONE 145 + # define SSL_F_SSL3_GET_SERVER_HELLO 146 +-# define SSL_F_SSL3_NEW_SESSION_TICKET 284 ++# define SSL_F_SSL3_HANDSHAKE_MAC 285 ++# define SSL_F_SSL3_NEW_SESSION_TICKET 287 + # define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 + # define SSL_F_SSL3_PEEK 235 + # define SSL_F_SSL3_READ_BYTES 148 +@@ -1884,34 +2709,43 @@ void ERR_load_SSL_strings(void); + # define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 + # define SSL_F_SSL3_SEND_SERVER_HELLO 242 + # define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 +-# define SSL_F_SSL3_SETUP_BUFFERS 156 + # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 ++# define SSL_F_SSL3_SETUP_READ_BUFFER 156 ++# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 + # define SSL_F_SSL3_WRITE_BYTES 158 + # define SSL_F_SSL3_WRITE_PENDING 159 +-# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 +-# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 ++# define SSL_F_SSL_ADD_CERT_CHAIN 318 ++# define SSL_F_SSL_ADD_CERT_TO_BUF 319 ++# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 ++# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 ++# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 + # define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 + # define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +-# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 +-# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 ++# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 ++# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 ++# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 + # define SSL_F_SSL_BAD_METHOD 160 ++# define SSL_F_SSL_BUILD_CERT_CHAIN 332 + # define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 + # define SSL_F_SSL_CERT_DUP 221 + # define SSL_F_SSL_CERT_INST 222 + # define SSL_F_SSL_CERT_INSTANTIATE 214 + # define SSL_F_SSL_CERT_NEW 162 + # define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +-# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 ++# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 ++# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 + # define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 + # define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 + # define SSL_F_SSL_CLEAR 164 + # define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 ++# define SSL_F_SSL_CONF_CMD 334 + # define SSL_F_SSL_CREATE_CIPHER_LIST 166 + # define SSL_F_SSL_CTRL 232 + # define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 ++# define SSL_F_SSL_CTX_MAKE_PROFILES 309 + # define SSL_F_SSL_CTX_NEW 169 + # define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +-# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 ++# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 + # define SSL_F_SSL_CTX_SET_PURPOSE 226 + # define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 + # define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +@@ -1923,30 +2757,40 @@ void ERR_load_SSL_strings(void); + # define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 + # define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 + # define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 ++# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 + # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 + # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 + # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 ++# define SSL_F_SSL_CTX_USE_SERVERINFO 336 ++# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 + # define SSL_F_SSL_DO_HANDSHAKE 180 + # define SSL_F_SSL_GET_NEW_SESSION 181 + # define SSL_F_SSL_GET_PREV_SESSION 217 ++# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 + # define SSL_F_SSL_GET_SERVER_SEND_CERT 182 + # define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 + # define SSL_F_SSL_GET_SIGN_PKEY 183 + # define SSL_F_SSL_INIT_WBIO_BUFFER 184 + # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 + # define SSL_F_SSL_NEW 186 +-# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 +-# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 +-# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 +-# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 ++# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 ++# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 ++# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 ++# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 ++# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 ++# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 + # define SSL_F_SSL_PEEK 270 +-# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 +-# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 ++# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 ++# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 + # define SSL_F_SSL_READ 223 + # define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 + # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 ++# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 ++# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 ++# define SSL_F_SSL_SESSION_DUP 348 + # define SSL_F_SSL_SESSION_NEW 189 + # define SSL_F_SSL_SESSION_PRINT_FP 190 ++# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 + # define SSL_F_SSL_SESS_CERT_NEW 225 + # define SSL_F_SSL_SET_CERT 191 + # define SSL_F_SSL_SET_CIPHER_LIST 271 +@@ -1956,9 +2800,11 @@ void ERR_load_SSL_strings(void); + # define SSL_F_SSL_SET_RFD 194 + # define SSL_F_SSL_SET_SESSION 195 + # define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 ++# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 + # define SSL_F_SSL_SET_TRUST 228 + # define SSL_F_SSL_SET_WFD 196 + # define SSL_F_SSL_SHUTDOWN 224 ++# define SSL_F_SSL_SRP_CTX_INIT 313 + # define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 + # define SSL_F_SSL_UNDEFINED_FUNCTION 197 + # define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +@@ -1968,14 +2814,25 @@ void ERR_load_SSL_strings(void); + # define SSL_F_SSL_USE_PRIVATEKEY 201 + # define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 + # define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 ++# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 + # define SSL_F_SSL_USE_RSAPRIVATEKEY 204 + # define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 + # define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 + # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 + # define SSL_F_SSL_WRITE 208 ++# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 ++# define SSL_F_TLS1_CERT_VERIFY_MAC 286 + # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 ++# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 + # define SSL_F_TLS1_ENC 210 ++# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 ++# define SSL_F_TLS1_GET_CURVELIST 338 ++# define SSL_F_TLS1_HEARTBEAT 315 ++# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 ++# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 ++# define SSL_F_TLS1_PRF 284 + # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 ++# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 + # define SSL_F_WRITE_PENDING 212 + + /* Reason codes. */ +@@ -1985,6 +2842,7 @@ void ERR_load_SSL_strings(void); + # define SSL_R_BAD_AUTHENTICATION_TYPE 102 + # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 + # define SSL_R_BAD_CHECKSUM 104 ++# define SSL_R_BAD_DATA 390 + # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 + # define SSL_R_BAD_DECOMPRESSION 107 + # define SSL_R_BAD_DH_G_LENGTH 108 +@@ -1995,12 +2853,15 @@ void ERR_load_SSL_strings(void); + # define SSL_R_BAD_ECC_CERT 304 + # define SSL_R_BAD_ECDSA_SIGNATURE 305 + # define SSL_R_BAD_ECPOINT 306 ++# define SSL_R_BAD_HANDSHAKE_LENGTH 332 + # define SSL_R_BAD_HELLO_REQUEST 105 + # define SSL_R_BAD_LENGTH 271 + # define SSL_R_BAD_MAC_DECODE 113 ++# define SSL_R_BAD_MAC_LENGTH 333 + # define SSL_R_BAD_MESSAGE_TYPE 114 + # define SSL_R_BAD_PACKET_LENGTH 115 + # define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 ++# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 + # define SSL_R_BAD_RESPONSE_ARGUMENT 117 + # define SSL_R_BAD_RSA_DECRYPT 118 + # define SSL_R_BAD_RSA_ENCRYPT 119 +@@ -2008,9 +2869,18 @@ void ERR_load_SSL_strings(void); + # define SSL_R_BAD_RSA_MODULUS_LENGTH 121 + # define SSL_R_BAD_RSA_SIGNATURE 122 + # define SSL_R_BAD_SIGNATURE 123 ++# define SSL_R_BAD_SRP_A_LENGTH 347 ++# define SSL_R_BAD_SRP_B_LENGTH 348 ++# define SSL_R_BAD_SRP_G_LENGTH 349 ++# define SSL_R_BAD_SRP_N_LENGTH 350 ++# define SSL_R_BAD_SRP_PARAMETERS 371 ++# define SSL_R_BAD_SRP_S_LENGTH 351 ++# define SSL_R_BAD_SRTP_MKI_VALUE 352 ++# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 + # define SSL_R_BAD_SSL_FILETYPE 124 + # define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 + # define SSL_R_BAD_STATE 126 ++# define SSL_R_BAD_VALUE 384 + # define SSL_R_BAD_WRITE_RETRY 127 + # define SSL_R_BIO_NOT_SET 128 + # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +@@ -2019,13 +2889,15 @@ void ERR_load_SSL_strings(void); + # define SSL_R_CA_DN_TOO_LONG 132 + # define SSL_R_CCS_RECEIVED_EARLY 133 + # define SSL_R_CERTIFICATE_VERIFY_FAILED 134 ++# define SSL_R_CERT_CB_ERROR 377 + # define SSL_R_CERT_LENGTH_MISMATCH 135 + # define SSL_R_CHALLENGE_IS_DIFFERENT 136 + # define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 + # define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 + # define SSL_R_CIPHER_TABLE_SRC_ERROR 139 +-# define SSL_R_CLIENTHELLO_TLSEXT 157 ++# define SSL_R_CLIENTHELLO_TLSEXT 226 + # define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 ++# define SSL_R_COMPRESSION_DISABLED 343 + # define SSL_R_COMPRESSION_FAILURE 141 + # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 + # define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +@@ -2036,26 +2908,41 @@ void ERR_load_SSL_strings(void); + # define SSL_R_DATA_LENGTH_TOO_LONG 146 + # define SSL_R_DECRYPTION_FAILED 147 + # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 ++# define SSL_R_DH_KEY_TOO_SMALL 372 + # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 + # define SSL_R_DIGEST_CHECK_FAILED 149 +-# define SSL_R_DTLS_MESSAGE_TOO_BIG 318 ++# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 + # define SSL_R_DUPLICATE_COMPRESSION_ID 309 ++# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 ++# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 ++# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 ++# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 ++# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 + # define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 ++# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 + # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 + # define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 + # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 + # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 + # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 + # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 ++# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 ++# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 + # define SSL_R_HTTPS_PROXY_REQUEST 155 + # define SSL_R_HTTP_REQUEST 156 + # define SSL_R_ILLEGAL_PADDING 283 ++# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 + # define SSL_R_INAPPROPRIATE_FALLBACK 373 ++# define SSL_R_INCONSISTENT_COMPRESSION 340 + # define SSL_R_INVALID_CHALLENGE_LENGTH 158 + # define SSL_R_INVALID_COMMAND 280 ++# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 ++# define SSL_R_INVALID_NULL_CMD_NAME 385 + # define SSL_R_INVALID_PURPOSE 278 +-# define SSL_R_INVALID_STATUS_RESPONSE 316 +-# define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 ++# define SSL_R_INVALID_SERVERINFO_DATA 388 ++# define SSL_R_INVALID_SRP_USERNAME 357 ++# define SSL_R_INVALID_STATUS_RESPONSE 328 ++# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 + # define SSL_R_INVALID_TRUST 279 + # define SSL_R_KEY_ARG_TOO_LONG 284 + # define SSL_R_KRB5 285 +@@ -2078,17 +2965,20 @@ void ERR_load_SSL_strings(void); + # define SSL_R_MISSING_DH_KEY 163 + # define SSL_R_MISSING_DH_RSA_CERT 164 + # define SSL_R_MISSING_DSA_SIGNING_CERT 165 ++# define SSL_R_MISSING_ECDH_CERT 382 ++# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 + # define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 + # define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 + # define SSL_R_MISSING_RSA_CERTIFICATE 168 + # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 + # define SSL_R_MISSING_RSA_SIGNING_CERT 170 ++# define SSL_R_MISSING_SRP_PARAM 358 + # define SSL_R_MISSING_TMP_DH_KEY 171 + # define SSL_R_MISSING_TMP_ECDH_KEY 311 + # define SSL_R_MISSING_TMP_RSA_KEY 172 + # define SSL_R_MISSING_TMP_RSA_PKEY 173 + # define SSL_R_MISSING_VERIFY_MESSAGE 174 +-# define SSL_R_MULTIPLE_SGC_RESTARTS 325 ++# define SSL_R_MULTIPLE_SGC_RESTARTS 346 + # define SSL_R_NON_SSLV2_INITIAL_PACKET 175 + # define SSL_R_NO_CERTIFICATES_RETURNED 176 + # define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +@@ -2100,23 +2990,32 @@ void ERR_load_SSL_strings(void); + # define SSL_R_NO_CIPHERS_SPECIFIED 183 + # define SSL_R_NO_CIPHER_LIST 184 + # define SSL_R_NO_CIPHER_MATCH 185 +-# define SSL_R_NO_CLIENT_CERT_METHOD 317 ++# define SSL_R_NO_CLIENT_CERT_METHOD 331 + # define SSL_R_NO_CLIENT_CERT_RECEIVED 186 + # define SSL_R_NO_COMPRESSION_SPECIFIED 187 ++# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 + # define SSL_R_NO_METHOD_SPECIFIED 188 ++# define SSL_R_NO_PEM_EXTENSIONS 389 + # define SSL_R_NO_PRIVATEKEY 189 + # define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 + # define SSL_R_NO_PROTOCOLS_AVAILABLE 191 + # define SSL_R_NO_PUBLICKEY 192 +-# define SSL_R_NO_RENEGOTIATION 319 ++# define SSL_R_NO_RENEGOTIATION 339 ++# define SSL_R_NO_REQUIRED_DIGEST 324 + # define SSL_R_NO_SHARED_CIPHER 193 ++# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 ++# define SSL_R_NO_SRTP_PROFILES 359 + # define SSL_R_NO_VERIFY_CALLBACK 194 + # define SSL_R_NULL_SSL_CTX 195 + # define SSL_R_NULL_SSL_METHOD_PASSED 196 + # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 ++# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 ++# define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387 ++# define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379 + # define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 ++# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 + # define SSL_R_PACKET_LENGTH_TOO_LONG 198 +-# define SSL_R_PARSE_TLSEXT 223 ++# define SSL_R_PARSE_TLSEXT 227 + # define SSL_R_PATH_TOO_LONG 270 + # define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 + # define SSL_R_PEER_ERROR 200 +@@ -2124,9 +3023,14 @@ void ERR_load_SSL_strings(void); + # define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 + # define SSL_R_PEER_ERROR_NO_CIPHER 203 + # define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 ++# define SSL_R_PEM_NAME_BAD_PREFIX 391 ++# define SSL_R_PEM_NAME_TOO_SHORT 392 + # define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 + # define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 + # define SSL_R_PROTOCOL_IS_SHUTDOWN 207 ++# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 ++# define SSL_R_PSK_NO_CLIENT_CB 224 ++# define SSL_R_PSK_NO_SERVER_CB 225 + # define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 + # define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 + # define SSL_R_PUBLIC_KEY_NOT_RSA 210 +@@ -2136,22 +3040,29 @@ void ERR_load_SSL_strings(void); + # define SSL_R_RECORD_LENGTH_MISMATCH 213 + # define SSL_R_RECORD_TOO_LARGE 214 + # define SSL_R_RECORD_TOO_SMALL 298 +-# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 +-# define SSL_R_RENEGOTIATION_ENCODING_ERR 321 +-# define SSL_R_RENEGOTIATION_MISMATCH 322 ++# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 ++# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 ++# define SSL_R_RENEGOTIATION_MISMATCH 337 + # define SSL_R_REQUIRED_CIPHER_MISSING 215 ++# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 + # define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 + # define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 + # define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 +-# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 +-# define SSL_R_SERVERHELLO_TLSEXT 224 ++# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 ++# define SSL_R_SERVERHELLO_TLSEXT 275 + # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 + # define SSL_R_SHORT_READ 219 ++# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 + # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 ++# define SSL_R_SRP_A_CALC 361 ++# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 ++# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 ++# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 + # define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 + # define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 +-# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 +-# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 ++# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 ++# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 ++# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 + # define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 + # define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 + # define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +@@ -2192,7 +3103,10 @@ void ERR_load_SSL_strings(void); + # define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 + # define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 + # define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 +-# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 ++# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 ++# define SSL_R_TLS_HEARTBEAT_PENDING 366 ++# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 ++# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 + # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 + # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 + # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 +@@ -2213,25 +3127,32 @@ void ERR_load_SSL_strings(void); + # define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 + # define SSL_R_UNKNOWN_CIPHER_RETURNED 248 + # define SSL_R_UNKNOWN_CIPHER_TYPE 249 ++# define SSL_R_UNKNOWN_CMD_NAME 386 ++# define SSL_R_UNKNOWN_DIGEST 368 + # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 + # define SSL_R_UNKNOWN_PKEY_TYPE 251 + # define SSL_R_UNKNOWN_PROTOCOL 252 + # define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 + # define SSL_R_UNKNOWN_SSL_VERSION 254 + # define SSL_R_UNKNOWN_STATE 255 +-# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 ++# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 + # define SSL_R_UNSUPPORTED_CIPHER 256 + # define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 ++# define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 + # define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 + # define SSL_R_UNSUPPORTED_PROTOCOL 258 + # define SSL_R_UNSUPPORTED_SSL_VERSION 259 + # define SSL_R_UNSUPPORTED_STATUS_TYPE 329 ++# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 + # define SSL_R_WRITE_BIO_NOT_SET 260 ++# define SSL_R_WRONG_CERTIFICATE_TYPE 383 + # define SSL_R_WRONG_CIPHER_RETURNED 261 ++# define SSL_R_WRONG_CURVE 378 + # define SSL_R_WRONG_MESSAGE_TYPE 262 + # define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 + # define SSL_R_WRONG_SIGNATURE_LENGTH 264 + # define SSL_R_WRONG_SIGNATURE_SIZE 265 ++# define SSL_R_WRONG_SIGNATURE_TYPE 370 + # define SSL_R_WRONG_SSL_VERSION 266 + # define SSL_R_WRONG_VERSION_NUMBER 267 + # define SSL_R_X509_LIB 268 +diff --git a/Cryptlib/Include/openssl/ssl2.h b/Cryptlib/Include/openssl/ssl2.h +index d399676..03c7dd8 100644 +--- a/Cryptlib/Include/openssl/ssl2.h ++++ b/Cryptlib/Include/openssl/ssl2.h +@@ -158,6 +158,8 @@ extern "C" { + # define CERT char + # endif + ++# ifndef OPENSSL_NO_SSL_INTERN ++ + typedef struct ssl2_state_st { + int three_byte_header; + int clear_text; /* clear text */ +@@ -213,6 +215,8 @@ typedef struct ssl2_state_st { + } tmp; + } SSL2_STATE; + ++# endif ++ + /* SSLv2 */ + /* client */ + # define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) +diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h +index 761a0e2..e681d50 100644 +--- a/Cryptlib/Include/openssl/ssl3.h ++++ b/Cryptlib/Include/openssl/ssl3.h +@@ -123,7 +123,6 @@ + # include + # include + # include +-# include + + #ifdef __cplusplus + extern "C" { +@@ -160,11 +159,17 @@ extern "C" { + # define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + + # define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 ++# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA SSL3_CK_EDH_DSS_DES_40_CBC_SHA + # define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 ++# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA SSL3_CK_EDH_DSS_DES_64_CBC_SHA + # define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 ++# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA SSL3_CK_EDH_DSS_DES_192_CBC3_SHA + # define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 ++# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA SSL3_CK_EDH_RSA_DES_40_CBC_SHA + # define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 ++# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA SSL3_CK_EDH_RSA_DES_64_CBC_SHA + # define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 ++# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA SSL3_CK_EDH_RSA_DES_192_CBC3_SHA + + # define SSL3_CK_ADH_RC4_40_MD5 0x03000017 + # define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +@@ -172,14 +177,16 @@ extern "C" { + # define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A + # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +-# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C +-# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D +-# if 0 /* Because it clashes with KRB5, is never ++# if 0 ++# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C ++# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D ++# if 0 /* Because it clashes with KRB5, is never + * used any more, and is safe to remove + * according to David Hopwood + * of the + * ietf-tls list */ +-# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E ++# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E ++# endif + # endif + + /* +@@ -219,6 +226,18 @@ extern "C" { + # define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" + # define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + ++# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" ++# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" ++# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" ++# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" ++# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" ++# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" ++ ++/* ++ * This next block of six "EDH" labels is for backward compatibility with ++ * older versions of OpenSSL. New code should use the six "DHE" labels above ++ * instead: ++ */ + # define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" + # define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" + # define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +@@ -232,9 +251,11 @@ extern "C" { + # define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" + # define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +-# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" +-# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" +-# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" ++# if 0 ++# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" ++# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" ++# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" ++# endif + + # define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" + # define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +@@ -260,23 +281,73 @@ extern "C" { + # define SSL3_SESSION_ID_SIZE 32 + # define SSL3_RT_HEADER_LENGTH 5 + +-/* Due to MS stuffing up, this can change.... */ +-# if defined(OPENSSL_SYS_WIN16) || \ +- (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) +-# define SSL3_RT_MAX_EXTRA (14000) ++# define SSL3_HM_HEADER_LENGTH 4 ++ ++# ifndef SSL3_ALIGN_PAYLOAD ++ /* ++ * Some will argue that this increases memory footprint, but it's not ++ * actually true. Point is that malloc has to return at least 64-bit aligned ++ * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. ++ * Suggested pre-gaping simply moves these wasted bytes from the end of ++ * allocated region to its front, but makes data payload aligned, which ++ * improves performance:-) ++ */ ++# define SSL3_ALIGN_PAYLOAD 8 + # else +-# define SSL3_RT_MAX_EXTRA (16384) ++# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 ++# error "insane SSL3_ALIGN_PAYLOAD" ++# undef SSL3_ALIGN_PAYLOAD ++# endif + # endif + ++/* ++ * This is the maximum MAC (digest) size used by the SSL library. Currently ++ * maximum of 20 is used by SHA1, but we reserve for future extension for ++ * 512-bit hashes. ++ */ ++ ++# define SSL3_RT_MAX_MD_SIZE 64 ++ ++/* ++ * Maximum block size used in all ciphersuites. Currently 16 for AES. ++ */ ++ ++# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 ++ ++# define SSL3_RT_MAX_EXTRA (16384) ++ ++/* Maximum plaintext length: defined by SSL/TLS standards */ + # define SSL3_RT_MAX_PLAIN_LENGTH 16384 ++/* Maximum compression overhead: defined by SSL/TLS standards */ ++# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 ++ ++/* ++ * The standards give a maximum encryption overhead of 1024 bytes. In ++ * practice the value is lower than this. The overhead is the maximum number ++ * of padding bytes (256) plus the mac size. ++ */ ++# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) ++ ++/* ++ * OpenSSL currently only uses a padding length of at most one block so the ++ * send overhead is smaller. ++ */ ++ ++# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ ++ (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) ++ ++/* If compression isn't used don't include the compression overhead */ ++ + # ifdef OPENSSL_NO_COMP +-# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH ++# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH + # else +-# define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) ++# define SSL3_RT_MAX_COMPRESSED_LENGTH \ ++ (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) + # endif +-# define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) +-# define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) +-# define SSL3_RT_MAX_DATA_SIZE (1024*1024) ++# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ ++ (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) ++# define SSL3_RT_MAX_PACKET_SIZE \ ++ (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + + # define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" + # define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" +@@ -289,6 +360,24 @@ extern "C" { + # define SSL3_RT_ALERT 21 + # define SSL3_RT_HANDSHAKE 22 + # define SSL3_RT_APPLICATION_DATA 23 ++# define TLS1_RT_HEARTBEAT 24 ++ ++/* Pseudo content types to indicate additional parameters */ ++# define TLS1_RT_CRYPTO 0x1000 ++# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) ++# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) ++# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) ++# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) ++ ++# define TLS1_RT_CRYPTO_READ 0x0000 ++# define TLS1_RT_CRYPTO_WRITE 0x0100 ++# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) ++# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) ++# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) ++# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) ++ ++/* Pseudo content type for SSL/TLS header info */ ++# define SSL3_RT_HEADER 0x100 + + # define SSL3_AL_WARNING 1 + # define SSL3_AL_FATAL 2 +@@ -306,6 +395,11 @@ extern "C" { + # define SSL3_AD_CERTIFICATE_UNKNOWN 46 + # define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + ++# define TLS1_HB_REQUEST 1 ++# define TLS1_HB_RESPONSE 2 ++ ++# ifndef OPENSSL_NO_SSL_INTERN ++ + typedef struct ssl3_record_st { + /* type of record */ + /* +@@ -338,7 +432,7 @@ typedef struct ssl3_record_st { + /* sequence number, needed by DTLS1 */ + /* + * r +- */ PQ_64BIT seq_num; ++ */ unsigned char seq_num[8]; + } SSL3_RECORD; + + typedef struct ssl3_buffer_st { +@@ -352,6 +446,8 @@ typedef struct ssl3_buffer_st { + int left; + } SSL3_BUFFER; + ++# endif ++ + # define SSL3_CT_RSA_SIGN 1 + # define SSL3_CT_DSS_SIGN 2 + # define SSL3_CT_RSA_FIXED_DH 3 +@@ -363,36 +459,41 @@ typedef struct ssl3_buffer_st { + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined either for SSLv3 and TLSv1. + */ +-# define SSL3_CT_NUMBER 7 ++# define SSL3_CT_NUMBER 9 + + # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 + # define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 + # define SSL3_FLAGS_POP_BUFFER 0x0004 + # define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +-# define SSL3_FLAGS_CCS_OK 0x0080 +- ++# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 ++# define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 + /* +- * SSL3_FLAGS_SGC_RESTART_DONE is set when we restart a handshake because of +- * MS SGC and so prevents us from restarting the handshake in a loop. It's +- * reset on a renegotiation, so effectively limits the client to one restart +- * per negotiation. This limits the possibility of a DDoS attack where the +- * client handshakes in a loop using SGC to restart. Servers which permit +- * renegotiation can still be effected, but we can't prevent that. ++ * Set when the handshake is ready to process peer's ChangeCipherSpec message. ++ * Cleared after the message has been processed. + */ ++# define SSL3_FLAGS_CCS_OK 0x0080 ++ ++/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */ + # define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 + ++# ifndef OPENSSL_NO_SSL_INTERN ++ + typedef struct ssl3_state_st { + long flags; + int delay_buf_pop_ret; + unsigned char read_sequence[8]; ++ int read_mac_secret_size; + unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char write_sequence[8]; ++ int write_mac_secret_size; + unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; + /* flags for countermeasure against known-IV weakness */ + int need_empty_fragments; + int empty_fragment_done; ++ /* The value of 'extra' when the buffers were initialized */ ++ int init_extra; + SSL3_BUFFER rbuf; /* read IO goes into here */ + SSL3_BUFFER wbuf; /* write IO goes into here */ + SSL3_RECORD rrec; /* each decoded record goes in here */ +@@ -412,11 +513,16 @@ typedef struct ssl3_state_st { + int wpend_ret; /* number of bytes submitted */ + const unsigned char *wpend_buf; + /* used during startup, digest all incoming/outgoing packets */ +- EVP_MD_CTX finish_dgst1; +- EVP_MD_CTX finish_dgst2; ++ BIO *handshake_buffer; + /* +- * this is set whenerver we see a change_cipher_spec message come in when +- * we are not looking for one ++ * When set of handshake digests is determined, buffer is hashed and ++ * freed and MD_CTX-es for all required digests are stored in this array ++ */ ++ EVP_MD_CTX **handshake_dgst; ++ /* ++ * Set whenever an expected ChangeCipherSpec message is processed. ++ * Unset when the peer's Finished message is received. ++ * Unexpected ChangeCipherSpec messages trigger a fatal alert. + */ + int change_cipher_spec; + int warn_alert; +@@ -435,6 +541,15 @@ typedef struct ssl3_state_st { + int total_renegotiations; + int num_renegotiations; + int in_read_app_data; ++ /* ++ * Opaque PRF input as used for the current handshake. These fields are ++ * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they ++ * are merely present to improve binary compatibility) ++ */ ++ void *client_opaque_prf_input; ++ size_t client_opaque_prf_input_len; ++ void *server_opaque_prf_input; ++ size_t server_opaque_prf_input_len; + struct { + /* actually only needs to be 16+20 */ + unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; +@@ -446,13 +561,13 @@ typedef struct ssl3_state_st { + unsigned long message_size; + int message_type; + /* used to hold the new cipher we are going to use */ +- SSL_CIPHER *new_cipher; +-# ifndef OPENSSL_NO_DH ++ const SSL_CIPHER *new_cipher; ++# ifndef OPENSSL_NO_DH + DH *dh; +-# endif +-# ifndef OPENSSL_NO_ECDH ++# endif ++# ifndef OPENSSL_NO_ECDH + EC_KEY *ecdh; /* holds short lived ECDH key */ +-# endif ++# endif + /* used when SSL_ST_FLUSH_DATA is entered */ + int next_state; + int reuse_message; +@@ -466,11 +581,13 @@ typedef struct ssl3_state_st { + unsigned char *key_block; + const EVP_CIPHER *new_sym_enc; + const EVP_MD *new_hash; +-# ifndef OPENSSL_NO_COMP ++ int new_mac_pkey_type; ++ int new_mac_secret_size; ++# ifndef OPENSSL_NO_COMP + const SSL_COMP *new_compression; +-# else ++# else + char *new_compression; +-# endif ++# endif + int cert_request; + } tmp; + +@@ -481,24 +598,50 @@ typedef struct ssl3_state_st { + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ + +-# ifndef OPENSSL_NO_TLSEXT +-# ifndef OPENSSL_NO_EC ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ /* ++ * Set if we saw the Next Protocol Negotiation extension from our peer. ++ */ ++ int next_proto_neg_seen; ++# endif ++ ++# ifndef OPENSSL_NO_TLSEXT ++# ifndef OPENSSL_NO_EC + /* + * This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari on + * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. + */ + char is_probably_safari; +-# endif /* !OPENSSL_NO_EC */ +-# endif /* !OPENSSL_NO_TLSEXT */ ++# endif /* !OPENSSL_NO_EC */ ++ ++ /* ++ * ALPN information (we are in the process of transitioning from NPN to ++ * ALPN.) ++ */ ++ ++ /* ++ * In a server these point to the selected ALPN protocol after the ++ * ClientHello has been processed. In a client these contain the protocol ++ * that the server selected once the ServerHello has been processed. ++ */ ++ unsigned char *alpn_selected; ++ unsigned alpn_selected_len; ++# endif /* OPENSSL_NO_TLSEXT */ + } SSL3_STATE; + ++# endif ++ + /* SSLv3 */ + /* + * client + */ + /* extra state */ + # define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) ++# ifndef OPENSSL_NO_SCTP ++# define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) ++# define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) ++# endif + /* write to server */ + # define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) + # define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) +@@ -526,6 +669,10 @@ typedef struct ssl3_state_st { + # define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) + # define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) + # define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) ++# ifndef OPENSSL_NO_NEXTPROTONEG ++# define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) ++# define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) ++# endif + # define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) + # define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) + /* read from server */ +@@ -541,11 +688,16 @@ typedef struct ssl3_state_st { + /* server */ + /* extra state */ + # define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) ++# ifndef OPENSSL_NO_SCTP ++# define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) ++# define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) ++# endif + /* read from client */ + /* Do not change the number values, they do matter */ + # define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) + # define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) + # define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) + /* write to client */ + # define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) + # define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) +@@ -571,6 +723,10 @@ typedef struct ssl3_state_st { + # define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) + # define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) + # define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) ++# ifndef OPENSSL_NO_NEXTPROTONEG ++# define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) ++# endif + # define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) + # define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) + /* write to client */ +@@ -595,6 +751,9 @@ typedef struct ssl3_state_st { + # define SSL3_MT_CLIENT_KEY_EXCHANGE 16 + # define SSL3_MT_FINISHED 20 + # define SSL3_MT_CERTIFICATE_STATUS 22 ++# ifndef OPENSSL_NO_NEXTPROTONEG ++# define SSL3_MT_NEXT_PROTO 67 ++# endif + # define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + + # define SSL3_MT_CCS 1 +diff --git a/Cryptlib/Include/openssl/stack.h b/Cryptlib/Include/openssl/stack.h +index 5ce8250..eb07216 100644 +--- a/Cryptlib/Include/openssl/stack.h ++++ b/Cryptlib/Include/openssl/stack.h +@@ -68,37 +68,37 @@ typedef struct stack_st { + char **data; + int sorted; + int num_alloc; +- int (*comp) (const char *const *, const char *const *); +-} STACK; ++ int (*comp) (const void *, const void *); ++} _STACK; /* Use STACK_OF(...) instead */ + + # define M_sk_num(sk) ((sk) ? (sk)->num:-1) + # define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) + +-int sk_num(const STACK *); +-char *sk_value(const STACK *, int); ++int sk_num(const _STACK *); ++void *sk_value(const _STACK *, int); + +-char *sk_set(STACK *, int, char *); ++void *sk_set(_STACK *, int, void *); + +-STACK *sk_new(int (*cmp) (const char *const *, const char *const *)); +-STACK *sk_new_null(void); +-void sk_free(STACK *); +-void sk_pop_free(STACK * st, void (*func) (void *)); +-int sk_insert(STACK * sk, char *data, int where); +-char *sk_delete(STACK * st, int loc); +-char *sk_delete_ptr(STACK * st, char *p); +-int sk_find(STACK * st, char *data); +-int sk_find_ex(STACK * st, char *data); +-int sk_push(STACK * st, char *data); +-int sk_unshift(STACK * st, char *data); +-char *sk_shift(STACK * st); +-char *sk_pop(STACK * st); +-void sk_zero(STACK * st); +-int (*sk_set_cmp_func(STACK * sk, int (*c) (const char *const *, +- const char *const *))) +- (const char *const *, const char *const *); +-STACK *sk_dup(STACK * st); +-void sk_sort(STACK * st); +-int sk_is_sorted(const STACK * st); ++_STACK *sk_new(int (*cmp) (const void *, const void *)); ++_STACK *sk_new_null(void); ++void sk_free(_STACK *); ++void sk_pop_free(_STACK *st, void (*func) (void *)); ++_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *)); ++int sk_insert(_STACK *sk, void *data, int where); ++void *sk_delete(_STACK *st, int loc); ++void *sk_delete_ptr(_STACK *st, void *p); ++int sk_find(_STACK *st, void *data); ++int sk_find_ex(_STACK *st, void *data); ++int sk_push(_STACK *st, void *data); ++int sk_unshift(_STACK *st, void *data); ++void *sk_shift(_STACK *st); ++void *sk_pop(_STACK *st); ++void sk_zero(_STACK *st); ++int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *))) ++ (const void *, const void *); ++_STACK *sk_dup(_STACK *st); ++void sk_sort(_STACK *st); ++int sk_is_sorted(const _STACK *st); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/store.h b/Cryptlib/Include/openssl/store.h +deleted file mode 100644 +index 715d470..0000000 +--- a/Cryptlib/Include/openssl/store.h ++++ /dev/null +@@ -1,651 +0,0 @@ +-/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ +-/* +- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project +- * 2003. +- */ +-/* ==================================================================== +- * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#ifndef HEADER_STORE_H +-# define HEADER_STORE_H +- +-# include +-# ifndef OPENSSL_NO_DEPRECATED +-# include +-# include +-# include +-# endif +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* Already defined in ossl_typ.h */ +-/* typedef struct store_st STORE; */ +-/* typedef struct store_method_st STORE_METHOD; */ +- +-/* +- * All the following functions return 0, a negative number or NULL on error. +- * When everything is fine, they return a positive value or a non-NULL +- * pointer, all depending on their purpose. +- */ +- +-/* Creators and destructor. */ +-STORE *STORE_new_method(const STORE_METHOD *method); +-STORE *STORE_new_engine(ENGINE *engine); +-void STORE_free(STORE *ui); +- +-/* +- * Give a user interface parametrised control commands. This can be used to +- * send down an integer, a data pointer or a function pointer, as well as be +- * used to get information from a STORE. +- */ +-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void)); +- +-/* +- * A control to set the directory with keys and certificates. Used by the +- * built-in directory level method. +- */ +-# define STORE_CTRL_SET_DIRECTORY 0x0001 +-/* +- * A control to set a file to load. Used by the built-in file level method. +- */ +-# define STORE_CTRL_SET_FILE 0x0002 +-/* +- * A control to set a configuration file to load. Can be used by any method +- * that wishes to load a configuration file. +- */ +-# define STORE_CTRL_SET_CONF_FILE 0x0003 +-/* +- * A control to set a the section of the loaded configuration file. Can be +- * used by any method that wishes to load a configuration file. +- */ +-# define STORE_CTRL_SET_CONF_SECTION 0x0004 +- +-/* Some methods may use extra data */ +-# define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) +-# define STORE_get_app_data(s) STORE_get_ex_data(s,0) +-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, +- CRYPTO_EX_free *free_func); +-int STORE_set_ex_data(STORE *r, int idx, void *arg); +-void *STORE_get_ex_data(STORE *r, int idx); +- +-/* Use specific methods instead of the built-in one */ +-const STORE_METHOD *STORE_get_method(STORE *store); +-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); +- +-/* The standard OpenSSL methods. */ +-/* +- * This is the in-memory method. It does everything except revoking and +- * updating, and is of course volatile. It's used by other methods that have +- * an in-memory cache. +- */ +-const STORE_METHOD *STORE_Memory(void); +-# if 0 /* Not yet implemented */ +-/* +- * This is the directory store. It does everything except revoking and +- * updating, and uses STORE_Memory() to cache things in memory. +- */ +-const STORE_METHOD *STORE_Directory(void); +-/* +- * This is the file store. It does everything except revoking and updating, +- * and uses STORE_Memory() to cache things in memory. Certificates are added +- * to it with the store operation, and it will only get cached certificates. +- */ +-const STORE_METHOD *STORE_File(void); +-# endif +- +-/* +- * Store functions take a type code for the type of data they should store or +- * fetch +- */ +-typedef enum STORE_object_types { +- STORE_OBJECT_TYPE_X509_CERTIFICATE = 0x01, /* X509 * */ +- STORE_OBJECT_TYPE_X509_CRL = 0x02, /* X509_CRL * */ +- STORE_OBJECT_TYPE_PRIVATE_KEY = 0x03, /* EVP_PKEY * */ +- STORE_OBJECT_TYPE_PUBLIC_KEY = 0x04, /* EVP_PKEY * */ +- STORE_OBJECT_TYPE_NUMBER = 0x05, /* BIGNUM * */ +- STORE_OBJECT_TYPE_ARBITRARY = 0x06, /* BUF_MEM * */ +- STORE_OBJECT_TYPE_NUM = 0x06 /* The amount of known object types */ +-} STORE_OBJECT_TYPES; +-/* List of text strings corresponding to the object types. */ +-extern const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1]; +- +-/* +- * Some store functions take a parameter list. Those parameters come with +- * one of the following codes. The comments following the codes below +- * indicate what type the value should be a pointer to. +- */ +-typedef enum STORE_params { +- STORE_PARAM_EVP_TYPE = 0x01, /* int */ +- STORE_PARAM_BITS = 0x02, /* size_t */ +- STORE_PARAM_KEY_PARAMETERS = 0x03, /* ??? */ +- STORE_PARAM_KEY_NO_PARAMETERS = 0x04, /* N/A */ +- STORE_PARAM_AUTH_PASSPHRASE = 0x05, /* char * */ +- STORE_PARAM_AUTH_KRB5_TICKET = 0x06, /* void * */ +- STORE_PARAM_TYPE_NUM = 0x06 /* The amount of known parameter types */ +-} STORE_PARAM_TYPES; +-/* +- * Parameter value sizes. -1 means unknown, anything else is the required +- * size. +- */ +-extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1]; +- +-/* +- * Store functions take attribute lists. Those attributes come with codes. +- * The comments following the codes below indicate what type the value should +- * be a pointer to. +- */ +-typedef enum STORE_attribs { +- STORE_ATTR_END = 0x00, +- STORE_ATTR_FRIENDLYNAME = 0x01, /* C string */ +- STORE_ATTR_KEYID = 0x02, /* 160 bit string (SHA1) */ +- STORE_ATTR_ISSUERKEYID = 0x03, /* 160 bit string (SHA1) */ +- STORE_ATTR_SUBJECTKEYID = 0x04, /* 160 bit string (SHA1) */ +- STORE_ATTR_ISSUERSERIALHASH = 0x05, /* 160 bit string (SHA1) */ +- STORE_ATTR_ISSUER = 0x06, /* X509_NAME * */ +- STORE_ATTR_SERIAL = 0x07, /* BIGNUM * */ +- STORE_ATTR_SUBJECT = 0x08, /* X509_NAME * */ +- STORE_ATTR_CERTHASH = 0x09, /* 160 bit string (SHA1) */ +- STORE_ATTR_EMAIL = 0x0a, /* C string */ +- STORE_ATTR_FILENAME = 0x0b, /* C string */ +- STORE_ATTR_TYPE_NUM = 0x0b, /* The amount of known attribute types */ +- STORE_ATTR_OR = 0xff /* This is a special separator, which +- * expresses the OR operation. */ +-} STORE_ATTR_TYPES; +-/* +- * Attribute value sizes. -1 means unknown, anything else is the required +- * size. +- */ +-extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1]; +- +-typedef enum STORE_certificate_status { +- STORE_X509_VALID = 0x00, +- STORE_X509_EXPIRED = 0x01, +- STORE_X509_SUSPENDED = 0x02, +- STORE_X509_REVOKED = 0x03 +-} STORE_CERTIFICATE_STATUS; +- +-/* +- * Engine store functions will return a structure that contains all the +- * necessary information, including revokation status for certificates. This +- * is really not needed for application authors, as the ENGINE framework +- * functions will extract the OpenSSL-specific information when at all +- * possible. However, for engine authors, it's crucial to know this +- * structure. +- */ +-typedef struct STORE_OBJECT_st { +- STORE_OBJECT_TYPES type; +- union { +- struct { +- STORE_CERTIFICATE_STATUS status; +- X509 *certificate; +- } x509; +- X509_CRL *crl; +- EVP_PKEY *key; +- BIGNUM *number; +- BUF_MEM *arbitrary; +- } data; +-} STORE_OBJECT; +-DECLARE_STACK_OF(STORE_OBJECT) +-STORE_OBJECT *STORE_OBJECT_new(void); +-void STORE_OBJECT_free(STORE_OBJECT *data); +- +-/* +- * The following functions handle the storage. They return 0, a negative +- * number or NULL on error, anything else on success. +- */ +-X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-X509 *STORE_list_certificate_next(STORE *e, void *handle); +-int STORE_list_certificate_end(STORE *e, void *handle); +-int STORE_list_certificate_endp(STORE *e, void *handle); +-EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_store_private_key(STORE *e, EVP_PKEY *data, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); +-int STORE_list_private_key_end(STORE *e, void *handle); +-int STORE_list_private_key_endp(STORE *e, void *handle); +-EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_store_public_key(STORE *e, EVP_PKEY *data, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); +-int STORE_list_public_key_end(STORE *e, void *handle); +-int STORE_list_public_key_endp(STORE *e, void *handle); +-X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-X509_CRL *STORE_list_crl_next(STORE *e, void *handle); +-int STORE_list_crl_end(STORE *e, void *handle); +-int STORE_list_crl_endp(STORE *e, void *handle); +-int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]); +-BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]); +-BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +- +-/* Create and manipulate methods */ +-STORE_METHOD *STORE_create_method(char *name); +-void STORE_destroy_method(STORE_METHOD *store_method); +- +-/* These callback types are use for store handlers */ +-typedef int (*STORE_INITIALISE_FUNC_PTR) (STORE *); +-typedef void (*STORE_CLEANUP_FUNC_PTR) (STORE *); +-typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, +- STORE_OBJECT_TYPES +- type, +- OPENSSL_ITEM +- attributes[], +- OPENSSL_ITEM +- parameters[]); +-typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, +- STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); +-typedef int (*STORE_END_OBJECT_FUNC_PTR) (STORE *, void *handle); +-typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-typedef int (*STORE_STORE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, +- STORE_OBJECT *data, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]); +-typedef int (*STORE_GENERIC_FUNC_PTR) (STORE *, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-typedef int (*STORE_CTRL_FUNC_PTR) (STORE *, int cmd, long l, void *p, +- void (*f) (void)); +- +-int STORE_method_set_initialise_function(STORE_METHOD *sm, +- STORE_INITIALISE_FUNC_PTR init_f); +-int STORE_method_set_cleanup_function(STORE_METHOD *sm, +- STORE_CLEANUP_FUNC_PTR clean_f); +-int STORE_method_set_generate_function(STORE_METHOD *sm, +- STORE_GENERATE_OBJECT_FUNC_PTR +- generate_f); +-int STORE_method_set_get_function(STORE_METHOD *sm, +- STORE_GET_OBJECT_FUNC_PTR get_f); +-int STORE_method_set_store_function(STORE_METHOD *sm, +- STORE_STORE_OBJECT_FUNC_PTR store_f); +-int STORE_method_set_modify_function(STORE_METHOD *sm, +- STORE_MODIFY_OBJECT_FUNC_PTR store_f); +-int STORE_method_set_revoke_function(STORE_METHOD *sm, +- STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); +-int STORE_method_set_delete_function(STORE_METHOD *sm, +- STORE_HANDLE_OBJECT_FUNC_PTR delete_f); +-int STORE_method_set_list_start_function(STORE_METHOD *sm, +- STORE_START_OBJECT_FUNC_PTR +- list_start_f); +-int STORE_method_set_list_next_function(STORE_METHOD *sm, +- STORE_NEXT_OBJECT_FUNC_PTR +- list_next_f); +-int STORE_method_set_list_end_function(STORE_METHOD *sm, +- STORE_END_OBJECT_FUNC_PTR list_end_f); +-int STORE_method_set_update_store_function(STORE_METHOD *sm, +- STORE_GENERIC_FUNC_PTR); +-int STORE_method_set_lock_store_function(STORE_METHOD *sm, +- STORE_GENERIC_FUNC_PTR); +-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, +- STORE_GENERIC_FUNC_PTR); +-int STORE_method_set_ctrl_function(STORE_METHOD *sm, +- STORE_CTRL_FUNC_PTR ctrl_f); +- +-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD +- *sm); +-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm); +-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD +- *sm); +-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm); +-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm); +-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD +- *sm); +-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD +- *sm); +-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD +- *sm); +-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD +- *sm); +-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD +- *sm); +-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD +- *sm); +-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD +- *sm); +-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm); +-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD +- *sm); +-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm); +- +-/* Method helper structures and functions. */ +- +-/* +- * This structure is the result of parsing through the information in a list +- * of OPENSSL_ITEMs. It stores all the necessary information in a structured +- * way. +- */ +-typedef struct STORE_attr_info_st STORE_ATTR_INFO; +- +-/* +- * Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. +- * Note that we do this in the list form, since the list of OPENSSL_ITEMs can +- * come in blocks separated with STORE_ATTR_OR. Note that the value returned +- * by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). +- */ +-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes); +-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle); +-int STORE_parse_attrs_end(void *handle); +-int STORE_parse_attrs_endp(void *handle); +- +-/* Creator and destructor */ +-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void); +-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs); +- +-/* Manipulators */ +-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code); +-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code); +-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code); +-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code); +-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- char *cstr, size_t cstr_size); +-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- unsigned char *sha1str, size_t sha1str_size); +-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- X509_NAME *dn); +-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- BIGNUM *number); +-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- char *cstr, size_t cstr_size); +-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code, +- unsigned char *sha1str, +- size_t sha1str_size); +-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- X509_NAME *dn); +-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code, BIGNUM *number); +- +-/* +- * Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in +- * each contained attribute. +- */ +-int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +-/* +- * Check if the set of attributes in a is within the range of attributes set +- * in b. +- */ +-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +-/* Check if the set of attributes in a are also set in b. */ +-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +-/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ +-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +- +-/* BEGIN ERROR CODES */ +-/* +- * The following lines are auto generated by the script mkerr.pl. Any changes +- * made after this point may be overwritten when the script is next run. +- */ +-void ERR_load_STORE_strings(void); +- +-/* Error codes for the STORE functions. */ +- +-/* Function codes. */ +-# define STORE_F_MEM_DELETE 134 +-# define STORE_F_MEM_GENERATE 135 +-# define STORE_F_MEM_LIST_END 168 +-# define STORE_F_MEM_LIST_NEXT 136 +-# define STORE_F_MEM_LIST_START 137 +-# define STORE_F_MEM_MODIFY 169 +-# define STORE_F_MEM_STORE 138 +-# define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 +-# define STORE_F_STORE_ATTR_INFO_GET0_DN 140 +-# define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 +-# define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 +-# define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 +-# define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 +-# define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 +-# define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 +-# define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 +-# define STORE_F_STORE_ATTR_INFO_SET_DN 148 +-# define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 +-# define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 +-# define STORE_F_STORE_CERTIFICATE 170 +-# define STORE_F_STORE_CTRL 161 +-# define STORE_F_STORE_DELETE_ARBITRARY 158 +-# define STORE_F_STORE_DELETE_CERTIFICATE 102 +-# define STORE_F_STORE_DELETE_CRL 103 +-# define STORE_F_STORE_DELETE_NUMBER 104 +-# define STORE_F_STORE_DELETE_PRIVATE_KEY 105 +-# define STORE_F_STORE_DELETE_PUBLIC_KEY 106 +-# define STORE_F_STORE_GENERATE_CRL 107 +-# define STORE_F_STORE_GENERATE_KEY 108 +-# define STORE_F_STORE_GET_ARBITRARY 159 +-# define STORE_F_STORE_GET_CERTIFICATE 109 +-# define STORE_F_STORE_GET_CRL 110 +-# define STORE_F_STORE_GET_NUMBER 111 +-# define STORE_F_STORE_GET_PRIVATE_KEY 112 +-# define STORE_F_STORE_GET_PUBLIC_KEY 113 +-# define STORE_F_STORE_LIST_CERTIFICATE_END 114 +-# define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153 +-# define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 +-# define STORE_F_STORE_LIST_CERTIFICATE_START 116 +-# define STORE_F_STORE_LIST_CRL_END 117 +-# define STORE_F_STORE_LIST_CRL_ENDP 154 +-# define STORE_F_STORE_LIST_CRL_NEXT 118 +-# define STORE_F_STORE_LIST_CRL_START 119 +-# define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 +-# define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155 +-# define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 +-# define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 +-# define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 +-# define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 +-# define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 +-# define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 +-# define STORE_F_STORE_MODIFY_ARBITRARY 162 +-# define STORE_F_STORE_MODIFY_CERTIFICATE 163 +-# define STORE_F_STORE_MODIFY_CRL 164 +-# define STORE_F_STORE_MODIFY_NUMBER 165 +-# define STORE_F_STORE_MODIFY_PRIVATE_KEY 166 +-# define STORE_F_STORE_MODIFY_PUBLIC_KEY 167 +-# define STORE_F_STORE_NEW_ENGINE 133 +-# define STORE_F_STORE_NEW_METHOD 132 +-# define STORE_F_STORE_PARSE_ATTRS_END 151 +-# define STORE_F_STORE_PARSE_ATTRS_ENDP 172 +-# define STORE_F_STORE_PARSE_ATTRS_NEXT 152 +-# define STORE_F_STORE_PARSE_ATTRS_START 171 +-# define STORE_F_STORE_REVOKE_CERTIFICATE 129 +-# define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 +-# define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 +-# define STORE_F_STORE_STORE_ARBITRARY 157 +-# define STORE_F_STORE_STORE_CERTIFICATE 100 +-# define STORE_F_STORE_STORE_CRL 101 +-# define STORE_F_STORE_STORE_NUMBER 126 +-# define STORE_F_STORE_STORE_PRIVATE_KEY 127 +-# define STORE_F_STORE_STORE_PUBLIC_KEY 128 +- +-/* Reason codes. */ +-# define STORE_R_ALREADY_HAS_A_VALUE 127 +-# define STORE_R_FAILED_DELETING_ARBITRARY 132 +-# define STORE_R_FAILED_DELETING_CERTIFICATE 100 +-# define STORE_R_FAILED_DELETING_KEY 101 +-# define STORE_R_FAILED_DELETING_NUMBER 102 +-# define STORE_R_FAILED_GENERATING_CRL 103 +-# define STORE_R_FAILED_GENERATING_KEY 104 +-# define STORE_R_FAILED_GETTING_ARBITRARY 133 +-# define STORE_R_FAILED_GETTING_CERTIFICATE 105 +-# define STORE_R_FAILED_GETTING_KEY 106 +-# define STORE_R_FAILED_GETTING_NUMBER 107 +-# define STORE_R_FAILED_LISTING_CERTIFICATES 108 +-# define STORE_R_FAILED_LISTING_KEYS 109 +-# define STORE_R_FAILED_MODIFYING_ARBITRARY 138 +-# define STORE_R_FAILED_MODIFYING_CERTIFICATE 139 +-# define STORE_R_FAILED_MODIFYING_CRL 140 +-# define STORE_R_FAILED_MODIFYING_NUMBER 141 +-# define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142 +-# define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143 +-# define STORE_R_FAILED_REVOKING_CERTIFICATE 110 +-# define STORE_R_FAILED_REVOKING_KEY 111 +-# define STORE_R_FAILED_STORING_ARBITRARY 134 +-# define STORE_R_FAILED_STORING_CERTIFICATE 112 +-# define STORE_R_FAILED_STORING_KEY 113 +-# define STORE_R_FAILED_STORING_NUMBER 114 +-# define STORE_R_NOT_IMPLEMENTED 128 +-# define STORE_R_NO_CONTROL_FUNCTION 144 +-# define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 +-# define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 +-# define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 +-# define STORE_R_NO_GENERATE_CRL_FUNCTION 117 +-# define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 +-# define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136 +-# define STORE_R_NO_GET_OBJECT_FUNCTION 119 +-# define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 +-# define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 +-# define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 +-# define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 +-# define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 +-# define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145 +-# define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 +-# define STORE_R_NO_STORE 129 +-# define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 +-# define STORE_R_NO_STORE_OBJECT_FUNCTION 125 +-# define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 +-# define STORE_R_NO_VALUE 130 +- +-#ifdef __cplusplus +-} +-#endif +-#endif +diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h +index b8a6ddf..239fa4f 100644 +--- a/Cryptlib/Include/openssl/symhacks.h ++++ b/Cryptlib/Include/openssl/symhacks.h +@@ -71,10 +71,6 @@ + */ + # ifdef OPENSSL_SYS_VMS + +-/* Hack a long name in crypto/cryptlib.c */ +-# undef int_CRYPTO_set_do_dynlock_callback +-# define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb +- + /* Hack a long name in crypto/ex_data.c */ + # undef CRYPTO_get_ex_data_implementation + # define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl +@@ -170,7 +166,7 @@ + # undef CRYPTO_get_locked_mem_ex_functions + # define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs + +-/* Hack some long SSL names */ ++/* Hack some long SSL/TLS names */ + # undef SSL_CTX_set_default_verify_paths + # define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths + # undef SSL_get_ex_data_X509_STORE_CTX_idx +@@ -187,7 +183,10 @@ + # define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud + # undef SSL_COMP_get_compression_methods + # define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods +- ++# undef SSL_COMP_set0_compression_methods ++# define SSL_COMP_set0_compression_methods SSL_COMP_set0_compress_methods ++# undef SSL_COMP_free_compression_methods ++# define SSL_COMP_free_compression_methods SSL_COMP_free_compress_methods + # undef ssl_add_clienthello_renegotiate_ext + # define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext + # undef ssl_add_serverhello_renegotiate_ext +@@ -196,6 +195,35 @@ + # define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext + # undef ssl_parse_serverhello_renegotiate_ext + # define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext ++# undef SSL_srp_server_param_with_username ++# define SSL_srp_server_param_with_username SSL_srp_server_param_with_un ++# undef SSL_CTX_set_srp_client_pwd_callback ++# define SSL_CTX_set_srp_client_pwd_callback SSL_CTX_set_srp_client_pwd_cb ++# undef SSL_CTX_set_srp_verify_param_callback ++# define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb ++# undef SSL_CTX_set_srp_username_callback ++# define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb ++# undef ssl_add_clienthello_use_srtp_ext ++# define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext ++# undef ssl_add_serverhello_use_srtp_ext ++# define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext ++# undef ssl_parse_clienthello_use_srtp_ext ++# define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext ++# undef ssl_parse_serverhello_use_srtp_ext ++# define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext ++# undef SSL_CTX_set_next_protos_advertised_cb ++# define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb ++# undef SSL_CTX_set_next_proto_select_cb ++# define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb ++ ++# undef tls1_send_server_supplemental_data ++# define tls1_send_server_supplemental_data tls1_send_server_suppl_data ++# undef tls1_send_client_supplemental_data ++# define tls1_send_client_supplemental_data tls1_send_client_suppl_data ++# undef tls1_get_server_supplemental_data ++# define tls1_get_server_supplemental_data tls1_get_server_suppl_data ++# undef tls1_get_client_supplemental_data ++# define tls1_get_client_supplemental_data tls1_get_client_suppl_data + + # undef ssl3_cbc_record_digest_supported + # define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support +@@ -204,7 +232,11 @@ + # undef ssl_check_clienthello_tlsext_early + # define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early + +-/* Hack some long ENGINE names */ ++/* Hack some RSA long names */ ++# undef RSA_padding_check_PKCS1_OAEP_mgf1 ++# define RSA_padding_check_PKCS1_OAEP_mgf1 RSA_pad_check_PKCS1_OAEP_mgf1 ++ ++/* Hack some ENGINE long names */ + # undef ENGINE_get_default_BN_mod_exp_crt + # define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt + # undef ENGINE_set_default_BN_mod_exp_crt +@@ -213,6 +245,14 @@ + # define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn + # undef ENGINE_get_load_privkey_function + # define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn ++# undef ENGINE_unregister_pkey_asn1_meths ++# define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths ++# undef ENGINE_register_all_pkey_asn1_meths ++# define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths ++# undef ENGINE_set_default_pkey_asn1_meths ++# define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths ++# undef ENGINE_get_pkey_asn1_meth_engine ++# define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng + # undef ENGINE_set_load_ssl_client_cert_function + # define ENGINE_set_load_ssl_client_cert_function \ + ENGINE_set_ld_ssl_clnt_cert_fn +@@ -238,6 +278,8 @@ + # define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf + # undef OPENSSL_add_all_algorithms_conf + # define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf ++# undef EVP_PKEY_meth_set_verify_recover ++# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover + + /* Hack some long EC names */ + # undef EC_GROUP_set_point_conversion_form +@@ -246,6 +288,9 @@ + # define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form + # undef EC_GROUP_clear_free_all_extra_data + # define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data ++# undef EC_KEY_set_public_key_affine_coordinates ++# define EC_KEY_set_public_key_affine_coordinates \ ++ EC_KEY_set_pub_key_aff_coords + # undef EC_POINT_set_Jprojective_coordinates_GFp + # define EC_POINT_set_Jprojective_coordinates_GFp \ + EC_POINT_set_Jproj_coords_GFp +@@ -379,6 +424,14 @@ + # undef STORE_method_get_unlock_store_function + # define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn + ++/* Hack some long TS names */ ++# undef TS_RESP_CTX_set_status_info_cond ++# define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond ++# undef TS_RESP_CTX_set_clock_precision_digits ++# define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits ++# undef TS_CONF_set_clock_precision_digits ++# define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits ++ + /* Hack some long CMS names */ + # undef CMS_RecipientInfo_ktri_get0_algs + # define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs +@@ -392,15 +445,39 @@ + # define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it + # undef cms_SignerIdentifier_get0_signer_id + # define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id ++# undef CMS_RecipientInfo_kari_get0_orig_id ++# define CMS_RecipientInfo_kari_get0_orig_id CMS_RecipInfo_kari_get0_orig_id ++# undef CMS_RecipientInfo_kari_get0_reks ++# define CMS_RecipientInfo_kari_get0_reks CMS_RecipInfo_kari_get0_reks ++# undef CMS_RecipientEncryptedKey_cert_cmp ++# define CMS_RecipientEncryptedKey_cert_cmp CMS_RecipEncryptedKey_cert_cmp ++# undef CMS_RecipientInfo_kari_set0_pkey ++# define CMS_RecipientInfo_kari_set0_pkey CMS_RecipInfo_kari_set0_pkey ++# undef CMS_RecipientEncryptedKey_get0_id ++# define CMS_RecipientEncryptedKey_get0_id CMS_RecipEncryptedKey_get0_id ++# undef CMS_RecipientInfo_kari_orig_id_cmp ++# define CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipInfo_kari_orig_id_cmp + + /* Hack some long DTLS1 names */ + # undef dtls1_retransmit_buffered_messages + # define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs + ++/* Hack some long SRP names */ ++# undef SRP_generate_server_master_secret ++# define SRP_generate_server_master_secret SRP_gen_server_master_secret ++# undef SRP_generate_client_master_secret ++# define SRP_generate_client_master_secret SRP_gen_client_master_secret ++ ++/* Hack some long UI names */ ++# undef UI_method_get_prompt_constructor ++# define UI_method_get_prompt_constructor UI_method_get_prompt_constructr ++# undef UI_method_set_prompt_constructor ++# define UI_method_set_prompt_constructor UI_method_set_prompt_constructr ++ + # endif /* defined OPENSSL_SYS_VMS */ + +-/* Case insensiteve linking causes problems.... */ +-# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ++/* Case insensitive linking causes problems.... */ ++# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) + # undef ERR_load_CRYPTO_strings + # define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings + # undef OCSP_crlID_new +@@ -430,9 +507,10 @@ + # undef X509v3_add_standard_extensions + # define X509v3_add_standard_extensions oX509v3_add_standard_extensions + ++/* This one clashes with CMS_data_create */ ++# undef cms_Data_create ++# define cms_Data_create priv_cms_Data_create ++ + # endif + + #endif /* ! defined HEADER_VMS_IDHACKS_H */ +-/* This one clashes with CMS_data_create */ +-#undef cms_Data_create +-#define cms_Data_create priv_cms_Data_create +diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h +index fd8a034..5929607 100644 +--- a/Cryptlib/Include/openssl/tls1.h ++++ b/Cryptlib/Include/openssl/tls1.h +@@ -56,6 +56,59 @@ + * [including the GNU Public Licence.] + */ + /* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by +@@ -68,6 +121,32 @@ + * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. + * + */ ++/* ==================================================================== ++ * Copyright 2005 Nokia. All rights reserved. ++ * ++ * The portions of the attached software ("Contribution") is developed by ++ * Nokia Corporation and is licensed pursuant to the OpenSSL open source ++ * license. ++ * ++ * The Contribution, originally written by Mika Kousa and Pasi Eronen of ++ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites ++ * support (see RFC 4279) to OpenSSL. ++ * ++ * No patent licenses or other rights except those expressly stated in ++ * the OpenSSL open source license shall be deemed granted or received ++ * expressly, by implication, estoppel, or otherwise. ++ * ++ * No assurances are provided by Nokia that the Contribution does not ++ * infringe the patent or other intellectual property rights of any third ++ * party or that the license provides you with all the necessary rights ++ * to make use of the Contribution. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN ++ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA ++ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY ++ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR ++ * OTHERWISE. ++ */ + + #ifndef HEADER_TLS1_H + # define HEADER_TLS1_H +@@ -83,13 +162,7 @@ extern "C" { + # define TLS1_VERSION 0x0301 + # define TLS1_1_VERSION 0x0302 + # define TLS1_2_VERSION 0x0303 +-/* +- * TLS 1.1 and 1.2 are not supported by this version of OpenSSL, so +- * TLS_MAX_VERSION indicates TLS 1.0 regardless of the above definitions. +- * (s23_clnt.c and s23_srvr.c have an OPENSSL_assert() check that would catch +- * the error if TLS_MAX_VERSION was too low.) +- */ +-# define TLS_MAX_VERSION TLS1_VERSION ++# define TLS_MAX_VERSION TLS1_2_VERSION + + # define TLS1_VERSION_MAJOR 0x03 + # define TLS1_VERSION_MINOR 0x01 +@@ -127,31 +200,137 @@ extern "C" { + # define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 + # define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ + +-/* ExtensionType values from RFC 3546 */ ++/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ + # define TLSEXT_TYPE_server_name 0 + # define TLSEXT_TYPE_max_fragment_length 1 + # define TLSEXT_TYPE_client_certificate_url 2 + # define TLSEXT_TYPE_trusted_ca_keys 3 + # define TLSEXT_TYPE_truncated_hmac 4 + # define TLSEXT_TYPE_status_request 5 ++/* ExtensionType values from RFC4681 */ ++# define TLSEXT_TYPE_user_mapping 6 ++/* ExtensionType values from RFC5878 */ ++# define TLSEXT_TYPE_client_authz 7 ++# define TLSEXT_TYPE_server_authz 8 ++/* ExtensionType values from RFC6091 */ ++# define TLSEXT_TYPE_cert_type 9 ++ ++/* ExtensionType values from RFC4492 */ + # define TLSEXT_TYPE_elliptic_curves 10 + # define TLSEXT_TYPE_ec_point_formats 11 ++ ++/* ExtensionType value from RFC5054 */ ++# define TLSEXT_TYPE_srp 12 ++ ++/* ExtensionType values from RFC5246 */ ++# define TLSEXT_TYPE_signature_algorithms 13 ++ ++/* ExtensionType value from RFC5764 */ ++# define TLSEXT_TYPE_use_srtp 14 ++ ++/* ExtensionType value from RFC5620 */ ++# define TLSEXT_TYPE_heartbeat 15 ++ ++/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */ ++# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 ++ ++/* ++ * ExtensionType value for TLS padding extension. ++ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml ++ * http://tools.ietf.org/html/draft-agl-tls-padding-03 ++ */ ++# define TLSEXT_TYPE_padding 21 ++ ++/* ExtensionType value from RFC4507 */ + # define TLSEXT_TYPE_session_ticket 35 + ++/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ ++# if 0 ++/* ++ * will have to be provided externally for now , ++ * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 ++ * using whatever extension number you'd like to try ++ */ ++# define TLSEXT_TYPE_opaque_prf_input ?? ++# endif ++ + /* Temporary extension type */ + # define TLSEXT_TYPE_renegotiate 0xff01 + ++# ifndef OPENSSL_NO_NEXTPROTONEG ++/* This is not an IANA defined extension number */ ++# define TLSEXT_TYPE_next_proto_neg 13172 ++# endif ++ + /* NameType value from RFC 3546 */ + # define TLSEXT_NAMETYPE_host_name 0 + /* status request value from RFC 3546 */ + # define TLSEXT_STATUSTYPE_ocsp 1 + ++/* ECPointFormat values from draft-ietf-tls-ecc-12 */ ++# define TLSEXT_ECPOINTFORMAT_first 0 ++# define TLSEXT_ECPOINTFORMAT_uncompressed 0 ++# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 ++# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 ++# define TLSEXT_ECPOINTFORMAT_last 2 ++ ++/* Signature and hash algorithms from RFC 5246 */ ++ ++# define TLSEXT_signature_anonymous 0 ++# define TLSEXT_signature_rsa 1 ++# define TLSEXT_signature_dsa 2 ++# define TLSEXT_signature_ecdsa 3 ++ ++/* Total number of different signature algorithms */ ++# define TLSEXT_signature_num 4 ++ ++# define TLSEXT_hash_none 0 ++# define TLSEXT_hash_md5 1 ++# define TLSEXT_hash_sha1 2 ++# define TLSEXT_hash_sha224 3 ++# define TLSEXT_hash_sha256 4 ++# define TLSEXT_hash_sha384 5 ++# define TLSEXT_hash_sha512 6 ++ ++/* Total number of different digest algorithms */ ++ ++# define TLSEXT_hash_num 7 ++ ++/* Flag set for unrecognised algorithms */ ++# define TLSEXT_nid_unknown 0x1000000 ++ ++/* ECC curves */ ++ ++# define TLSEXT_curve_P_256 23 ++# define TLSEXT_curve_P_384 24 ++ + # ifndef OPENSSL_NO_TLSEXT + + # define TLSEXT_MAXLEN_host_name 255 + + const char *SSL_get_servername(const SSL *s, const int type); + int SSL_get_servername_type(const SSL *s); ++/* ++ * SSL_export_keying_material exports a value derived from the master secret, ++ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and ++ * optional context. (Since a zero length context is allowed, the |use_context| ++ * flag controls whether a context is included.) It returns 1 on success and ++ * zero otherwise. ++ */ ++int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, ++ const char *label, size_t llen, ++ const unsigned char *p, size_t plen, ++ int use_context); ++ ++int SSL_get_sigalgs(SSL *s, int idx, ++ int *psign, int *phash, int *psignandhash, ++ unsigned char *rsig, unsigned char *rhash); ++ ++int SSL_get_shared_sigalgs(SSL *s, int idx, ++ int *psign, int *phash, int *psignandhash, ++ unsigned char *rsig, unsigned char *rhash); ++ ++int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + + # define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) +@@ -205,19 +384,45 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + ++# define SSL_set_tlsext_opaque_prf_input(s, src, len) \ ++SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) ++# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ ++SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) ++# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ ++SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) ++ + # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + ++# ifndef OPENSSL_NO_HEARTBEATS ++# define SSL_TLSEXT_HB_ENABLED 0x01 ++# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 ++# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 ++ ++# define SSL_get_tlsext_heartbeat_pending(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) ++# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ ++ SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) ++# endif + # endif + ++/* PSK ciphersuites from 4279 */ ++# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A ++# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B ++# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C ++# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D ++ + /* +- * Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt +- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see +- * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably +- * shouldn't. ++ * Additional TLS ciphersuites from expired Internet Draft ++ * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if ++ * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c). We ++ * actually treat them like SSL 3.0 ciphers, which we probably shouldn't. ++ * Note that the first two are actually not in the IDs. + */ +-# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 +-# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 ++# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060/* not in ++ * ID */ ++# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061/* not in ++ * ID */ + # define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 + # define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 + # define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 +@@ -240,6 +445,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 + # define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + ++/* TLS v1.2 ciphersuites */ ++# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B ++# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C ++# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D ++# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E ++# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F ++# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 ++ + /* Camellia ciphersuites from RFC4132 */ + # define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 + # define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +@@ -248,6 +461,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 + # define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + ++/* TLS v1.2 ciphersuites */ ++# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 ++# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 ++# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 ++# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A ++# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B ++# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C ++# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D ++ ++/* Camellia ciphersuites from RFC4132 */ + # define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 + # define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 + # define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +@@ -263,6 +486,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A + # define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + ++/* TLS v1.2 GCM ciphersuites from RFC5288 */ ++# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C ++# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D ++# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E ++# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F ++# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 ++# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 ++# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 ++# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 ++# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 ++# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 ++# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 ++# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 ++ + /* + * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in + * draft 13 +@@ -297,12 +534,43 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 + # define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + ++/* SRP ciphersuites from RFC 5054 */ ++# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A ++# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B ++# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C ++# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D ++# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E ++# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F ++# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 ++# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 ++# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 ++ ++/* ECDH HMAC based ciphersuites from RFC5289 */ ++ ++# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 ++# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 ++# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 ++# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 ++# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 ++# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 ++# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 ++# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A ++ ++/* ECDH GCM based ciphersuites from RFC5289 */ ++# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B ++# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C ++# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D ++# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E ++# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F ++# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 ++# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 ++# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 ++ + /* +- * XXX Inconsistency alert: The OpenSSL names of ciphers with ephemeral DH +- * here include the string "DHE", while elsewhere it has always been "EDH". +- * (The alias for the list of all such ciphers also is "EDH".) The +- * specifications speak of "EDH"; maybe we should allow both forms for +- * everything. ++ * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave ++ * some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we ++ * should be using DHE + * everywhere, though we may indefinitely maintain ++ * aliases for users + * or configurations that used "EDH" + + */ + # define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" + # define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" +@@ -358,6 +626,23 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" + # define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + ++/* PSK ciphersuites from RFC 4279 */ ++# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" ++# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" ++# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" ++# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" ++ ++/* SRP ciphersuite from RFC 5054 */ ++# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" ++# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" ++# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" ++# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" ++# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" ++# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" ++# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" ++# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" ++# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" ++ + /* Camellia ciphersuites from RFC4132 */ + # define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" + # define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +@@ -381,6 +666,56 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" + # define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + ++/* TLS v1.2 ciphersuites */ ++# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" ++# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" ++# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" ++# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" ++# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" ++# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" ++# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" ++# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" ++# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" ++# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" ++# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" ++# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" ++# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" ++ ++/* TLS v1.2 GCM ciphersuites from RFC5288 */ ++# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" ++# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" ++# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" ++# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" ++# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" ++# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" ++# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" ++# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" ++# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" ++# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" ++# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" ++# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" ++ ++/* ECDH HMAC based ciphersuites from RFC5289 */ ++ ++# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" ++# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" ++# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" ++# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" ++# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" ++# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" ++# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" ++# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" ++ ++/* ECDH GCM based ciphersuites from RFC5289 */ ++# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" ++# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" ++# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" ++# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" ++# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" ++# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" ++# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" ++# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" ++ + # define TLS_CT_RSA_SIGN 1 + # define TLS_CT_DSS_SIGN 2 + # define TLS_CT_RSA_FIXED_DH 3 +@@ -388,7 +723,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS_CT_ECDSA_SIGN 64 + # define TLS_CT_RSA_FIXED_ECDH 65 + # define TLS_CT_ECDSA_FIXED_ECDH 66 +-# define TLS_CT_NUMBER 7 ++# define TLS_CT_GOST94_SIGN 21 ++# define TLS_CT_GOST01_SIGN 22 ++/* ++ * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see ++ * comment there) ++ */ ++# define TLS_CT_NUMBER 9 + + # define TLS1_FINISH_MAC_LENGTH 12 + +@@ -460,6 +801,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" + # endif + ++/* TLS Session Ticket extension struct */ ++struct tls_session_ticket_ext_st { ++ unsigned short length; ++ void *data; ++}; ++ + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/Include/openssl/tmdiff.h b/Cryptlib/Include/openssl/tmdiff.h +deleted file mode 100644 +index 33c901e..0000000 +--- a/Cryptlib/Include/openssl/tmdiff.h ++++ /dev/null +@@ -1,91 +0,0 @@ +-/* crypto/tmdiff.h */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-/* +- * Header for dynamic hash table routines Author - Eric Young +- */ +-/* +- * ... erm yeah, "dynamic hash tables" you say? And what would dynamic hash +- * tables have to do with any of this code *now*? AFAICS, this code is only +- * referenced by crypto/bn/exp.c which is an unused file that I doubt +- * compiles any more. speed.c is the only thing that could use this (and it +- * has nothing to do with hash tables), yet it instead has its own +- * duplication of all this stuff and looks, if anything, more complete. See +- * the corresponding note in apps/speed.c. The Bemused - Geoff +- */ +- +-#ifndef HEADER_TMDIFF_H +-# define HEADER_TMDIFF_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-typedef struct ms_tm MS_TM; +- +-MS_TM *ms_time_new(void); +-void ms_time_free(MS_TM * a); +-void ms_time_get(MS_TM * a); +-double ms_time_diff(MS_TM * start, MS_TM * end); +-int ms_time_cmp(const MS_TM * ap, const MS_TM * bp); +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/Cryptlib/Include/openssl/ts.h b/Cryptlib/Include/openssl/ts.h +new file mode 100644 +index 0000000..16eccbb +--- /dev/null ++++ b/Cryptlib/Include/openssl/ts.h +@@ -0,0 +1,862 @@ ++/* crypto/ts/ts.h */ ++/* ++ * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project ++ * 2002, 2003, 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_TS_H ++# define HEADER_TS_H ++ ++# include ++# include ++# ifndef OPENSSL_NO_BUFFER ++# include ++# endif ++# ifndef OPENSSL_NO_EVP ++# include ++# endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# include ++# include ++# include ++ ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++ ++# ifndef OPENSSL_NO_DSA ++# include ++# endif ++ ++# ifndef OPENSSL_NO_DH ++# include ++# endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# ifdef WIN32 ++/* Under Win32 this is defined in wincrypt.h */ ++# undef X509_NAME ++# endif ++ ++# include ++# include ++ ++/*- ++MessageImprint ::= SEQUENCE { ++ hashAlgorithm AlgorithmIdentifier, ++ hashedMessage OCTET STRING } ++*/ ++ ++typedef struct TS_msg_imprint_st { ++ X509_ALGOR *hash_algo; ++ ASN1_OCTET_STRING *hashed_msg; ++} TS_MSG_IMPRINT; ++ ++/*- ++TimeStampReq ::= SEQUENCE { ++ version INTEGER { v1(1) }, ++ messageImprint MessageImprint, ++ --a hash algorithm OID and the hash value of the data to be ++ --time-stamped ++ reqPolicy TSAPolicyId OPTIONAL, ++ nonce INTEGER OPTIONAL, ++ certReq BOOLEAN DEFAULT FALSE, ++ extensions [0] IMPLICIT Extensions OPTIONAL } ++*/ ++ ++typedef struct TS_req_st { ++ ASN1_INTEGER *version; ++ TS_MSG_IMPRINT *msg_imprint; ++ ASN1_OBJECT *policy_id; /* OPTIONAL */ ++ ASN1_INTEGER *nonce; /* OPTIONAL */ ++ ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ ++ STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ ++} TS_REQ; ++ ++/*- ++Accuracy ::= SEQUENCE { ++ seconds INTEGER OPTIONAL, ++ millis [0] INTEGER (1..999) OPTIONAL, ++ micros [1] INTEGER (1..999) OPTIONAL } ++*/ ++ ++typedef struct TS_accuracy_st { ++ ASN1_INTEGER *seconds; ++ ASN1_INTEGER *millis; ++ ASN1_INTEGER *micros; ++} TS_ACCURACY; ++ ++/*- ++TSTInfo ::= SEQUENCE { ++ version INTEGER { v1(1) }, ++ policy TSAPolicyId, ++ messageImprint MessageImprint, ++ -- MUST have the same value as the similar field in ++ -- TimeStampReq ++ serialNumber INTEGER, ++ -- Time-Stamping users MUST be ready to accommodate integers ++ -- up to 160 bits. ++ genTime GeneralizedTime, ++ accuracy Accuracy OPTIONAL, ++ ordering BOOLEAN DEFAULT FALSE, ++ nonce INTEGER OPTIONAL, ++ -- MUST be present if the similar field was present ++ -- in TimeStampReq. In that case it MUST have the same value. ++ tsa [0] GeneralName OPTIONAL, ++ extensions [1] IMPLICIT Extensions OPTIONAL } ++*/ ++ ++typedef struct TS_tst_info_st { ++ ASN1_INTEGER *version; ++ ASN1_OBJECT *policy_id; ++ TS_MSG_IMPRINT *msg_imprint; ++ ASN1_INTEGER *serial; ++ ASN1_GENERALIZEDTIME *time; ++ TS_ACCURACY *accuracy; ++ ASN1_BOOLEAN ordering; ++ ASN1_INTEGER *nonce; ++ GENERAL_NAME *tsa; ++ STACK_OF(X509_EXTENSION) *extensions; ++} TS_TST_INFO; ++ ++/*- ++PKIStatusInfo ::= SEQUENCE { ++ status PKIStatus, ++ statusString PKIFreeText OPTIONAL, ++ failInfo PKIFailureInfo OPTIONAL } ++ ++From RFC 1510 - section 3.1.1: ++PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String ++ -- text encoded as UTF-8 String (note: each UTF8String SHOULD ++ -- include an RFC 1766 language tag to indicate the language ++ -- of the contained text) ++*/ ++ ++/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ ++ ++# define TS_STATUS_GRANTED 0 ++# define TS_STATUS_GRANTED_WITH_MODS 1 ++# define TS_STATUS_REJECTION 2 ++# define TS_STATUS_WAITING 3 ++# define TS_STATUS_REVOCATION_WARNING 4 ++# define TS_STATUS_REVOCATION_NOTIFICATION 5 ++ ++/* ++ * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c ++ */ ++ ++# define TS_INFO_BAD_ALG 0 ++# define TS_INFO_BAD_REQUEST 2 ++# define TS_INFO_BAD_DATA_FORMAT 5 ++# define TS_INFO_TIME_NOT_AVAILABLE 14 ++# define TS_INFO_UNACCEPTED_POLICY 15 ++# define TS_INFO_UNACCEPTED_EXTENSION 16 ++# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 ++# define TS_INFO_SYSTEM_FAILURE 25 ++ ++typedef struct TS_status_info_st { ++ ASN1_INTEGER *status; ++ STACK_OF(ASN1_UTF8STRING) *text; ++ ASN1_BIT_STRING *failure_info; ++} TS_STATUS_INFO; ++ ++DECLARE_STACK_OF(ASN1_UTF8STRING) ++DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) ++ ++/*- ++TimeStampResp ::= SEQUENCE { ++ status PKIStatusInfo, ++ timeStampToken TimeStampToken OPTIONAL } ++*/ ++ ++typedef struct TS_resp_st { ++ TS_STATUS_INFO *status_info; ++ PKCS7 *token; ++ TS_TST_INFO *tst_info; ++} TS_RESP; ++ ++/* The structure below would belong to the ESS component. */ ++ ++/*- ++IssuerSerial ::= SEQUENCE { ++ issuer GeneralNames, ++ serialNumber CertificateSerialNumber ++ } ++*/ ++ ++typedef struct ESS_issuer_serial { ++ STACK_OF(GENERAL_NAME) *issuer; ++ ASN1_INTEGER *serial; ++} ESS_ISSUER_SERIAL; ++ ++/*- ++ESSCertID ::= SEQUENCE { ++ certHash Hash, ++ issuerSerial IssuerSerial OPTIONAL ++} ++*/ ++ ++typedef struct ESS_cert_id { ++ ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ ++ ESS_ISSUER_SERIAL *issuer_serial; ++} ESS_CERT_ID; ++ ++DECLARE_STACK_OF(ESS_CERT_ID) ++DECLARE_ASN1_SET_OF(ESS_CERT_ID) ++ ++/*- ++SigningCertificate ::= SEQUENCE { ++ certs SEQUENCE OF ESSCertID, ++ policies SEQUENCE OF PolicyInformation OPTIONAL ++} ++*/ ++ ++typedef struct ESS_signing_cert { ++ STACK_OF(ESS_CERT_ID) *cert_ids; ++ STACK_OF(POLICYINFO) *policy_info; ++} ESS_SIGNING_CERT; ++ ++TS_REQ *TS_REQ_new(void); ++void TS_REQ_free(TS_REQ *a); ++int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); ++TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); ++ ++TS_REQ *TS_REQ_dup(TS_REQ *a); ++ ++TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); ++int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); ++TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); ++int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); ++ ++TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); ++void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); ++int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); ++TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, ++ const unsigned char **pp, long length); ++ ++TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); ++ ++TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); ++int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); ++TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); ++int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); ++ ++TS_RESP *TS_RESP_new(void); ++void TS_RESP_free(TS_RESP *a); ++int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); ++TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); ++TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); ++TS_RESP *TS_RESP_dup(TS_RESP *a); ++ ++TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); ++int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); ++TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); ++int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); ++ ++TS_STATUS_INFO *TS_STATUS_INFO_new(void); ++void TS_STATUS_INFO_free(TS_STATUS_INFO *a); ++int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); ++TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, ++ const unsigned char **pp, long length); ++TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); ++ ++TS_TST_INFO *TS_TST_INFO_new(void); ++void TS_TST_INFO_free(TS_TST_INFO *a); ++int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); ++TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, ++ long length); ++TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); ++ ++TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); ++int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); ++TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); ++int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); ++ ++TS_ACCURACY *TS_ACCURACY_new(void); ++void TS_ACCURACY_free(TS_ACCURACY *a); ++int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); ++TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, ++ long length); ++TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); ++ ++ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); ++void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); ++int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp); ++ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, ++ const unsigned char **pp, ++ long length); ++ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); ++ ++ESS_CERT_ID *ESS_CERT_ID_new(void); ++void ESS_CERT_ID_free(ESS_CERT_ID *a); ++int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); ++ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, ++ long length); ++ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); ++ ++ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); ++void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); ++int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp); ++ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, ++ const unsigned char **pp, long length); ++ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); ++ ++void ERR_load_TS_strings(void); ++ ++int TS_REQ_set_version(TS_REQ *a, long version); ++long TS_REQ_get_version(const TS_REQ *a); ++ ++int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); ++TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); ++ ++int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); ++X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); ++ ++int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); ++ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); ++ ++int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); ++ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); ++ ++int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); ++const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); ++ ++int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); ++int TS_REQ_get_cert_req(const TS_REQ *a); ++ ++STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); ++void TS_REQ_ext_free(TS_REQ *a); ++int TS_REQ_get_ext_count(TS_REQ *a); ++int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); ++int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); ++int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); ++X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); ++X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); ++int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); ++void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); ++ ++/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ ++ ++int TS_REQ_print_bio(BIO *bio, TS_REQ *a); ++ ++/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ ++ ++int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); ++TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); ++ ++/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ ++void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); ++PKCS7 *TS_RESP_get_token(TS_RESP *a); ++TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); ++ ++int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); ++long TS_TST_INFO_get_version(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); ++ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); ++TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); ++const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); ++const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); ++TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); ++ ++int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); ++const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); ++ ++int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); ++const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); ++ ++int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); ++const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); ++ ++int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); ++int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); ++const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); ++GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); ++ ++STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); ++void TS_TST_INFO_ext_free(TS_TST_INFO *a); ++int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); ++int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); ++int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); ++int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); ++X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); ++X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); ++int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); ++void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); ++ ++/* ++ * Declarations related to response generation, defined in ts/ts_resp_sign.c. ++ */ ++ ++/* Optional flags for response generation. */ ++ ++/* Don't include the TSA name in response. */ ++# define TS_TSA_NAME 0x01 ++ ++/* Set ordering to true in response. */ ++# define TS_ORDERING 0x02 ++ ++/* ++ * Include the signer certificate and the other specified certificates in ++ * the ESS signing certificate attribute beside the PKCS7 signed data. ++ * Only the signer certificates is included by default. ++ */ ++# define TS_ESS_CERT_ID_CHAIN 0x04 ++ ++/* Forward declaration. */ ++struct TS_resp_ctx; ++ ++/* This must return a unique number less than 160 bits long. */ ++typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); ++ ++/* ++ * This must return the seconds and microseconds since Jan 1, 1970 in the sec ++ * and usec variables allocated by the caller. Return non-zero for success ++ * and zero for failure. ++ */ ++typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, ++ long *usec); ++ ++/* ++ * This must process the given extension. It can modify the TS_TST_INFO ++ * object of the context. Return values: !0 (processed), 0 (error, it must ++ * set the status info/failure info of the response). ++ */ ++typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, ++ void *); ++ ++typedef struct TS_resp_ctx { ++ X509 *signer_cert; ++ EVP_PKEY *signer_key; ++ STACK_OF(X509) *certs; /* Certs to include in signed data. */ ++ STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ ++ ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ ++ STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ ++ ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ ++ ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ ++ ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ ++ unsigned clock_precision_digits; /* fraction of seconds in time stamp ++ * token. */ ++ unsigned flags; /* Optional info, see values above. */ ++ /* Callback functions. */ ++ TS_serial_cb serial_cb; ++ void *serial_cb_data; /* User data for serial_cb. */ ++ TS_time_cb time_cb; ++ void *time_cb_data; /* User data for time_cb. */ ++ TS_extension_cb extension_cb; ++ void *extension_cb_data; /* User data for extension_cb. */ ++ /* These members are used only while creating the response. */ ++ TS_REQ *request; ++ TS_RESP *response; ++ TS_TST_INFO *tst_info; ++} TS_RESP_CTX; ++ ++DECLARE_STACK_OF(EVP_MD) ++DECLARE_ASN1_SET_OF(EVP_MD) ++ ++/* Creates a response context that can be used for generating responses. */ ++TS_RESP_CTX *TS_RESP_CTX_new(void); ++void TS_RESP_CTX_free(TS_RESP_CTX *ctx); ++ ++/* This parameter must be set. */ ++int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); ++ ++/* This parameter must be set. */ ++int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); ++ ++/* This parameter must be set. */ ++int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); ++ ++/* No additional certs are included in the response by default. */ ++int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); ++ ++/* ++ * Adds a new acceptable policy, only the default policy is accepted by ++ * default. ++ */ ++int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); ++ ++/* ++ * Adds a new acceptable message digest. Note that no message digests are ++ * accepted by default. The md argument is shared with the caller. ++ */ ++int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); ++ ++/* Accuracy is not included by default. */ ++int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, ++ int secs, int millis, int micros); ++ ++/* ++ * Clock precision digits, i.e. the number of decimal digits: '0' means sec, ++ * '3' msec, '6' usec, and so on. Default is 0. ++ */ ++int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, ++ unsigned clock_precision_digits); ++/* At most we accept usec precision. */ ++# define TS_MAX_CLOCK_PRECISION_DIGITS 6 ++ ++/* No flags are set by default. */ ++void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); ++ ++/* Default callback always returns a constant. */ ++void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); ++ ++/* Default callback uses the gettimeofday() and gmtime() system calls. */ ++void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); ++ ++/* ++ * Default callback rejects all extensions. The extension callback is called ++ * when the TS_TST_INFO object is already set up and not signed yet. ++ */ ++/* FIXME: extension handling is not tested yet. */ ++void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, ++ TS_extension_cb cb, void *data); ++ ++/* The following methods can be used in the callbacks. */ ++int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, ++ int status, const char *text); ++ ++/* Sets the status info only if it is still TS_STATUS_GRANTED. */ ++int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, ++ int status, const char *text); ++ ++int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); ++ ++/* The get methods below can be used in the extension callback. */ ++TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); ++ ++TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); ++ ++/* ++ * Creates the signed TS_TST_INFO and puts it in TS_RESP. ++ * In case of errors it sets the status info properly. ++ * Returns NULL only in case of memory allocation/fatal error. ++ */ ++TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); ++ ++/* ++ * Declarations related to response verification, ++ * they are defined in ts/ts_resp_verify.c. ++ */ ++ ++int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, ++ X509_STORE *store, X509 **signer_out); ++ ++/* Context structure for the generic verify method. */ ++ ++/* Verify the signer's certificate and the signature of the response. */ ++# define TS_VFY_SIGNATURE (1u << 0) ++/* Verify the version number of the response. */ ++# define TS_VFY_VERSION (1u << 1) ++/* Verify if the policy supplied by the user matches the policy of the TSA. */ ++# define TS_VFY_POLICY (1u << 2) ++/* ++ * Verify the message imprint provided by the user. This flag should not be ++ * specified with TS_VFY_DATA. ++ */ ++# define TS_VFY_IMPRINT (1u << 3) ++/* ++ * Verify the message imprint computed by the verify method from the user ++ * provided data and the MD algorithm of the response. This flag should not ++ * be specified with TS_VFY_IMPRINT. ++ */ ++# define TS_VFY_DATA (1u << 4) ++/* Verify the nonce value. */ ++# define TS_VFY_NONCE (1u << 5) ++/* Verify if the TSA name field matches the signer certificate. */ ++# define TS_VFY_SIGNER (1u << 6) ++/* Verify if the TSA name field equals to the user provided name. */ ++# define TS_VFY_TSA_NAME (1u << 7) ++ ++/* You can use the following convenience constants. */ ++# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ ++ | TS_VFY_VERSION \ ++ | TS_VFY_POLICY \ ++ | TS_VFY_IMPRINT \ ++ | TS_VFY_NONCE \ ++ | TS_VFY_SIGNER \ ++ | TS_VFY_TSA_NAME) ++# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ ++ | TS_VFY_VERSION \ ++ | TS_VFY_POLICY \ ++ | TS_VFY_DATA \ ++ | TS_VFY_NONCE \ ++ | TS_VFY_SIGNER \ ++ | TS_VFY_TSA_NAME) ++ ++typedef struct TS_verify_ctx { ++ /* Set this to the union of TS_VFY_... flags you want to carry out. */ ++ unsigned flags; ++ /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ ++ X509_STORE *store; ++ STACK_OF(X509) *certs; ++ /* Must be set only with TS_VFY_POLICY. */ ++ ASN1_OBJECT *policy; ++ /* ++ * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the ++ * algorithm from the response is used. ++ */ ++ X509_ALGOR *md_alg; ++ unsigned char *imprint; ++ unsigned imprint_len; ++ /* Must be set only with TS_VFY_DATA. */ ++ BIO *data; ++ /* Must be set only with TS_VFY_TSA_NAME. */ ++ ASN1_INTEGER *nonce; ++ /* Must be set only with TS_VFY_TSA_NAME. */ ++ GENERAL_NAME *tsa_name; ++} TS_VERIFY_CTX; ++ ++int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); ++int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); ++ ++/* ++ * Declarations related to response verification context, ++ * they are defined in ts/ts_verify_ctx.c. ++ */ ++ ++/* Set all fields to zero. */ ++TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); ++void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); ++void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); ++void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); ++ ++/*- ++ * If ctx is NULL, it allocates and returns a new object, otherwise ++ * it returns ctx. It initialises all the members as follows: ++ * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) ++ * certs = NULL ++ * store = NULL ++ * policy = policy from the request or NULL if absent (in this case ++ * TS_VFY_POLICY is cleared from flags as well) ++ * md_alg = MD algorithm from request ++ * imprint, imprint_len = imprint from request ++ * data = NULL ++ * nonce, nonce_len = nonce from the request or NULL if absent (in this case ++ * TS_VFY_NONCE is cleared from flags as well) ++ * tsa_name = NULL ++ * Important: after calling this method TS_VFY_SIGNATURE should be added! ++ */ ++TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); ++ ++/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ ++ ++int TS_RESP_print_bio(BIO *bio, TS_RESP *a); ++int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); ++int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); ++ ++/* Common utility functions defined in ts/ts_lib.c */ ++ ++int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); ++int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); ++int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); ++int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); ++int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); ++ ++/* ++ * Function declarations for handling configuration options, defined in ++ * ts/ts_conf.c ++ */ ++ ++X509 *TS_CONF_load_cert(const char *file); ++STACK_OF(X509) *TS_CONF_load_certs(const char *file); ++EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); ++const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); ++int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, ++ TS_RESP_CTX *ctx); ++int TS_CONF_set_crypto_device(CONF *conf, const char *section, ++ const char *device); ++int TS_CONF_set_default_engine(const char *name); ++int TS_CONF_set_signer_cert(CONF *conf, const char *section, ++ const char *cert, TS_RESP_CTX *ctx); ++int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, ++ TS_RESP_CTX *ctx); ++int TS_CONF_set_signer_key(CONF *conf, const char *section, ++ const char *key, const char *pass, ++ TS_RESP_CTX *ctx); ++int TS_CONF_set_def_policy(CONF *conf, const char *section, ++ const char *policy, TS_RESP_CTX *ctx); ++int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, ++ TS_RESP_CTX *ctx); ++int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, ++ TS_RESP_CTX *ctx); ++ ++/* -------------------------------------------------- */ ++/* BEGIN ERROR CODES */ ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++void ERR_load_TS_strings(void); ++ ++/* Error codes for the TS functions. */ ++ ++/* Function codes. */ ++# define TS_F_D2I_TS_RESP 147 ++# define TS_F_DEF_SERIAL_CB 110 ++# define TS_F_DEF_TIME_CB 111 ++# define TS_F_ESS_ADD_SIGNING_CERT 112 ++# define TS_F_ESS_CERT_ID_NEW_INIT 113 ++# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 ++# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 ++# define TS_F_PKCS7_TO_TS_TST_INFO 148 ++# define TS_F_TS_ACCURACY_SET_MICROS 115 ++# define TS_F_TS_ACCURACY_SET_MILLIS 116 ++# define TS_F_TS_ACCURACY_SET_SECONDS 117 ++# define TS_F_TS_CHECK_IMPRINTS 100 ++# define TS_F_TS_CHECK_NONCES 101 ++# define TS_F_TS_CHECK_POLICY 102 ++# define TS_F_TS_CHECK_SIGNING_CERTS 103 ++# define TS_F_TS_CHECK_STATUS_INFO 104 ++# define TS_F_TS_COMPUTE_IMPRINT 145 ++# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 ++# define TS_F_TS_GET_STATUS_TEXT 105 ++# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 ++# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 ++# define TS_F_TS_REQ_SET_NONCE 120 ++# define TS_F_TS_REQ_SET_POLICY_ID 121 ++# define TS_F_TS_RESP_CREATE_RESPONSE 122 ++# define TS_F_TS_RESP_CREATE_TST_INFO 123 ++# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 ++# define TS_F_TS_RESP_CTX_ADD_MD 125 ++# define TS_F_TS_RESP_CTX_ADD_POLICY 126 ++# define TS_F_TS_RESP_CTX_NEW 127 ++# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 ++# define TS_F_TS_RESP_CTX_SET_CERTS 129 ++# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 ++# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 ++# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 ++# define TS_F_TS_RESP_GET_POLICY 133 ++# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 ++# define TS_F_TS_RESP_SET_STATUS_INFO 135 ++# define TS_F_TS_RESP_SET_TST_INFO 150 ++# define TS_F_TS_RESP_SIGN 136 ++# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 ++# define TS_F_TS_RESP_VERIFY_TOKEN 107 ++# define TS_F_TS_TST_INFO_SET_ACCURACY 137 ++# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 ++# define TS_F_TS_TST_INFO_SET_NONCE 139 ++# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 ++# define TS_F_TS_TST_INFO_SET_SERIAL 141 ++# define TS_F_TS_TST_INFO_SET_TIME 142 ++# define TS_F_TS_TST_INFO_SET_TSA 143 ++# define TS_F_TS_VERIFY 108 ++# define TS_F_TS_VERIFY_CERT 109 ++# define TS_F_TS_VERIFY_CTX_NEW 144 ++ ++/* Reason codes. */ ++# define TS_R_BAD_PKCS7_TYPE 132 ++# define TS_R_BAD_TYPE 133 ++# define TS_R_CERTIFICATE_VERIFY_ERROR 100 ++# define TS_R_COULD_NOT_SET_ENGINE 127 ++# define TS_R_COULD_NOT_SET_TIME 115 ++# define TS_R_D2I_TS_RESP_INT_FAILED 128 ++# define TS_R_DETACHED_CONTENT 134 ++# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 ++# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 ++# define TS_R_INVALID_NULL_POINTER 102 ++# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 ++# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 ++# define TS_R_NONCE_MISMATCH 104 ++# define TS_R_NONCE_NOT_RETURNED 105 ++# define TS_R_NO_CONTENT 106 ++# define TS_R_NO_TIME_STAMP_TOKEN 107 ++# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 ++# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 ++# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 ++# define TS_R_POLICY_MISMATCH 108 ++# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 ++# define TS_R_RESPONSE_SETUP_ERROR 121 ++# define TS_R_SIGNATURE_FAILURE 109 ++# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 ++# define TS_R_TIME_SYSCALL_ERROR 122 ++# define TS_R_TOKEN_NOT_PRESENT 130 ++# define TS_R_TOKEN_PRESENT 131 ++# define TS_R_TSA_NAME_MISMATCH 111 ++# define TS_R_TSA_UNTRUSTED 112 ++# define TS_R_TST_INFO_SETUP_ERROR 123 ++# define TS_R_TS_DATASIGN 124 ++# define TS_R_UNACCEPTABLE_POLICY 125 ++# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 ++# define TS_R_UNSUPPORTED_VERSION 113 ++# define TS_R_WRONG_CONTENT_TYPE 114 ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/Include/openssl/txt_db.h b/Cryptlib/Include/openssl/txt_db.h +index f1145a7..98e23a2 100644 +--- a/Cryptlib/Include/openssl/txt_db.h ++++ b/Cryptlib/Include/openssl/txt_db.h +@@ -77,15 +77,18 @@ + extern "C" { + #endif + ++typedef OPENSSL_STRING *OPENSSL_PSTRING; ++DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) ++ + typedef struct txt_db_st { + int num_fields; +- STACK /* char ** */ * data; +- LHASH **index; +- int (**qual) (char **); ++ STACK_OF(OPENSSL_PSTRING) *data; ++ LHASH_OF(OPENSSL_STRING) **index; ++ int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; +- char **arg_row; ++ OPENSSL_STRING *arg_row; + } TXT_DB; + + # ifndef OPENSSL_NO_BIO +@@ -95,11 +98,12 @@ long TXT_DB_write(BIO *out, TXT_DB *db); + TXT_DB *TXT_DB_read(char *in, int num); + long TXT_DB_write(char *out, TXT_DB *db); + # endif +-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **), ++int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); + void TXT_DB_free(TXT_DB *db); +-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); +-int TXT_DB_insert(TXT_DB *db, char **value); ++OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, ++ OPENSSL_STRING *value); ++int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ui.h b/Cryptlib/Include/openssl/ui.h +index 1f0c2ea..b917eda 100644 +--- a/Cryptlib/Include/openssl/ui.h ++++ b/Cryptlib/Include/openssl/ui.h +@@ -301,8 +301,8 @@ UI_METHOD *UI_OpenSSL(void); + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +-DECLARE_STACK_OF(UI_STRING) + typedef struct ui_string_st UI_STRING; ++DECLARE_STACK_OF(UI_STRING) + + /* + * The different types of strings that are currently supported. This is only +@@ -327,11 +327,20 @@ int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); + int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); + int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); ++int UI_method_set_prompt_constructor(UI_METHOD *method, ++ char *(*prompt_constructor) (UI *ui, ++ const char ++ *object_desc, ++ const char ++ *object_name)); + int (*UI_method_get_opener(UI_METHOD *method)) (UI *); + int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *); + int (*UI_method_get_flusher(UI_METHOD *method)) (UI *); + int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *); + int (*UI_method_get_closer(UI_METHOD *method)) (UI *); ++char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *, ++ const char *, ++ const char *); + + /* + * The following functions are helpers for method writers to access relevant +diff --git a/Cryptlib/Include/openssl/whrlpool.h b/Cryptlib/Include/openssl/whrlpool.h +new file mode 100644 +index 0000000..73c749d +--- /dev/null ++++ b/Cryptlib/Include/openssl/whrlpool.h +@@ -0,0 +1,41 @@ ++#ifndef HEADER_WHRLPOOL_H ++# define HEADER_WHRLPOOL_H ++ ++# include ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# define WHIRLPOOL_DIGEST_LENGTH (512/8) ++# define WHIRLPOOL_BBLOCK 512 ++# define WHIRLPOOL_COUNTER (256/8) ++ ++typedef struct { ++ union { ++ unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; ++ /* double q is here to ensure 64-bit alignment */ ++ double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; ++ } H; ++ unsigned char data[WHIRLPOOL_BBLOCK / 8]; ++ unsigned int bitoff; ++ size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; ++} WHIRLPOOL_CTX; ++ ++# ifndef OPENSSL_NO_WHIRLPOOL ++# ifdef OPENSSL_FIPS ++int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); ++# endif ++int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); ++int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); ++void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); ++int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); ++unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); ++# endif ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif +diff --git a/Cryptlib/Include/openssl/x509.h b/Cryptlib/Include/openssl/x509.h +index 51cccbf..99337b8 100644 +--- a/Cryptlib/Include/openssl/x509.h ++++ b/Cryptlib/Include/openssl/x509.h +@@ -154,11 +154,11 @@ typedef struct X509_val_st { + ASN1_TIME *notAfter; + } X509_VAL; + +-typedef struct X509_pubkey_st { ++struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + EVP_PKEY *pkey; +-} X509_PUBKEY; ++}; + + typedef struct X509_sig_st { + X509_ALGOR *algor; +@@ -184,7 +184,9 @@ struct X509_name_st { + # else + char *bytes; + # endif +- unsigned long hash; /* Keep the hash around for lookups */ ++/* unsigned long hash; Keep the hash around for lookups */ ++ unsigned char *canon_enc; ++ int canon_enclen; + } /* X509_NAME */ ; + + DECLARE_STACK_OF(X509_NAME) +@@ -281,8 +283,11 @@ struct x509_st { + unsigned long ex_xkusage; + unsigned long ex_nscert; + ASN1_OCTET_STRING *skid; +- struct AUTHORITY_KEYID_st *akid; ++ AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; ++ STACK_OF(DIST_POINT) *crldp; ++ STACK_OF(GENERAL_NAME) *altname; ++ NAME_CONSTRAINTS *nc; + # ifndef OPENSSL_NO_RFC3779 + STACK_OF(IPAddressFamily) *rfc3779_addr; + struct ASIdentifiers_st *rfc3779_asid; +@@ -325,10 +330,11 @@ typedef struct x509_cert_pair_st { + # define X509_TRUST_OBJECT_SIGN 5 + # define X509_TRUST_OCSP_SIGN 6 + # define X509_TRUST_OCSP_REQUEST 7 ++# define X509_TRUST_TSA 8 + + /* Keep these up to date! */ + # define X509_TRUST_MIN 1 +-# define X509_TRUST_MAX 7 ++# define X509_TRUST_MAX 8 + + /* trust_flags values */ + # define X509_TRUST_DYNAMIC 1 +@@ -355,6 +361,7 @@ typedef struct x509_cert_pair_st { + # define X509_FLAG_NO_SIGDUMP (1L << 9) + # define X509_FLAG_NO_AUX (1L << 10) + # define X509_FLAG_NO_ATTRIBUTES (1L << 11) ++# define X509_FLAG_NO_IDS (1L << 12) + + /* Flags specific to X509_NAME_print_ex() */ + +@@ -417,12 +424,16 @@ typedef struct x509_cert_pair_st { + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +-typedef struct X509_revoked_st { ++struct x509_revoked_st { + ASN1_INTEGER *serialNumber; + ASN1_TIME *revocationDate; + STACK_OF(X509_EXTENSION) /* optional */ *extensions; ++ /* Set up if indirect CRL */ ++ STACK_OF(GENERAL_NAME) *issuer; ++ /* Revocation reason */ ++ int reason; + int sequence; /* load sequence */ +-} X509_REVOKED; ++}; + + DECLARE_STACK_OF(X509_REVOKED) + DECLARE_ASN1_SET_OF(X509_REVOKED) +@@ -444,6 +455,22 @@ struct X509_crl_st { + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; ++ int flags; ++ /* Copies of various extensions */ ++ AUTHORITY_KEYID *akid; ++ ISSUING_DIST_POINT *idp; ++ /* Convenient breakdown of IDP */ ++ int idp_flags; ++ int idp_reasons; ++ /* CRL and base CRL numbers for delta processing */ ++ ASN1_INTEGER *crl_number; ++ ASN1_INTEGER *base_crl_number; ++# ifndef OPENSSL_NO_SHA ++ unsigned char sha1_hash[SHA_DIGEST_LENGTH]; ++# endif ++ STACK_OF(GENERAL_NAMES) *issuers; ++ const X509_CRL_METHOD *meth; ++ void *meth_data; + } /* X509_CRL */ ; + + DECLARE_STACK_OF(X509_CRL) +@@ -532,19 +559,20 @@ typedef struct PBKDF2PARAM_st { + + /* PKCS#8 private key info structure */ + +-typedef struct pkcs8_priv_key_info_st { ++struct pkcs8_priv_key_info_st { + /* Flag for various broken formats */ + int broken; + # define PKCS8_OK 0 + # define PKCS8_NO_OCTET 1 + # define PKCS8_EMBEDDED_PARAM 2 + # define PKCS8_NS_DB 3 ++# define PKCS8_NEG_PRIVKEY 4 + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + /* Should be OCTET STRING but some are broken */ + ASN1_TYPE *pkey; + STACK_OF(X509_ATTRIBUTE) *attributes; +-} PKCS8_PRIV_KEY_INFO; ++}; + + #ifdef __cplusplus + } +@@ -557,151 +585,6 @@ typedef struct pkcs8_priv_key_info_st { + extern "C" { + #endif + +-# ifdef SSLEAY_MACROS +-# define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ +- a->signature,(char *)a->cert_info,r) +-# define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ +- a->sig_alg,a->signature,(char *)a->req_info,r) +-# define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ +- a->sig_alg, a->signature,(char *)a->crl,r) +- +-# define X509_sign(x,pkey,md) \ +- ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ +- x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) +-# define X509_REQ_sign(x,pkey,md) \ +- ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ +- x->signature, (char *)x->req_info,pkey,md) +-# define X509_CRL_sign(x,pkey,md) \ +- ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ +- x->signature, (char *)x->crl,pkey,md) +-# define NETSCAPE_SPKI_sign(x,pkey,md) \ +- ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ +- x->signature, (char *)x->spkac,pkey,md) +- +-# define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ +- (char *(*)())d2i_X509,(char *)x509) +-# define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ +- (int (*)())i2d_X509_ATTRIBUTE, \ +- (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) +-# define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ +- (int (*)())i2d_X509_EXTENSION, \ +- (char *(*)())d2i_X509_EXTENSION,(char *)ex) +-# define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ +- (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) +-# define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) +-# define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ +- (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) +-# define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) +- +-# define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ +- (char *(*)())d2i_X509_CRL,(char *)crl) +-# define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ +- X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ +- (unsigned char **)(crl)) +-# define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ +- (unsigned char *)crl) +-# define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ +- X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ +- (unsigned char **)(crl)) +-# define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ +- (unsigned char *)crl) +- +-# define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ +- (char *(*)())d2i_PKCS7,(char *)p7) +-# define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ +- PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ +- (unsigned char **)(p7)) +-# define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ +- (unsigned char *)p7) +-# define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ +- PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ +- (unsigned char **)(p7)) +-# define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ +- (unsigned char *)p7) +- +-# define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ +- (char *(*)())d2i_X509_REQ,(char *)req) +-# define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ +- X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ +- (unsigned char **)(req)) +-# define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ +- (unsigned char *)req) +-# define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ +- X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ +- (unsigned char **)(req)) +-# define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ +- (unsigned char *)req) +- +-# define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ +- (char *(*)())d2i_RSAPublicKey,(char *)rsa) +-# define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ +- (char *(*)())d2i_RSAPrivateKey,(char *)rsa) +- +-# define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ +- RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ +- (unsigned char **)(rsa)) +-# define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ +- (unsigned char *)rsa) +-# define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ +- RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ +- (unsigned char **)(rsa)) +-# define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ +- (unsigned char *)rsa) +- +-# define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ +- RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ +- (unsigned char **)(rsa)) +-# define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ +- (unsigned char *)rsa) +-# define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ +- RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ +- (unsigned char **)(rsa)) +-# define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ +- (unsigned char *)rsa) +- +-# define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ +- DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ +- (unsigned char **)(dsa)) +-# define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ +- (unsigned char *)dsa) +-# define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ +- DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ +- (unsigned char **)(dsa)) +-# define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ +- (unsigned char *)dsa) +- +-# define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ +- EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ +- (unsigned char **)(ecdsa)) +-# define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ +- (unsigned char *)ecdsa) +-# define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ +- EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ +- (unsigned char **)(ecdsa)) +-# define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ +- (unsigned char *)ecdsa) +- +-# define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ +- (char *(*)())d2i_X509_ALGOR,(char *)xn) +- +-# define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ +- (char *(*)())d2i_X509_NAME,(char *)xn) +-# define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ +- (int (*)())i2d_X509_NAME_ENTRY, \ +- (char *(*)())d2i_X509_NAME_ENTRY,\ +- (char *)ne) +- +-# define X509_digest(data,type,md,len) \ +- ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) +-# define X509_NAME_digest(data,type,md,len) \ +- ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) +-# ifndef PKCS7_ISSUER_AND_SERIAL_digest +-# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ +- ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ +- (char *)data,md,len) +-# endif +-# endif +- + # define X509_EXT_PACK_UNKNOWN 1 + # define X509_EXT_PACK_STRING 2 + +@@ -722,6 +605,20 @@ extern "C" { + # define X509_CRL_get_issuer(x) ((x)->crl->issuer) + # define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) + ++void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); ++X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), ++ int (*crl_free) (X509_CRL *crl), ++ int (*crl_lookup) (X509_CRL *crl, ++ X509_REVOKED **ret, ++ ASN1_INTEGER *ser, ++ X509_NAME *issuer), ++ int (*crl_verify) (X509_CRL *crl, ++ EVP_PKEY *pk)); ++void X509_CRL_METHOD_free(X509_CRL_METHOD *m); ++ ++void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); ++void *X509_CRL_get_meth_data(X509_CRL *crl); ++ + /* + * This one is only used so that a binary form can output, as in + * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) +@@ -730,8 +627,7 @@ extern "C" { + + const char *X509_verify_cert_error_string(long n); + +-# ifndef SSLEAY_MACROS +-# ifndef OPENSSL_NO_EVP ++# ifndef OPENSSL_NO_EVP + int X509_verify(X509 *a, EVP_PKEY *r); + + int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +@@ -745,11 +641,17 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + + int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + ++int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); + int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig); + + int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); ++int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); ++int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); + int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); ++int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); + int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); ++int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); ++int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); + int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + + int X509_pubkey_digest(const X509 *data, const EVP_MD *type, +@@ -762,35 +664,35 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +-# endif ++# endif + +-# ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + X509 *d2i_X509_fp(FILE *fp, X509 **x509); + int i2d_X509_fp(FILE *fp, X509 *x509); + X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); + int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); + X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); + int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); +-# ifndef OPENSSL_NO_RSA ++# ifndef OPENSSL_NO_RSA + RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); + int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); + RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); + int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); + RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); + int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); +-# endif +-# ifndef OPENSSL_NO_DSA ++# endif ++# ifndef OPENSSL_NO_DSA + DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); + int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); + DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); + int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +-# endif +-# ifndef OPENSSL_NO_EC ++# endif ++# ifndef OPENSSL_NO_EC + EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); + int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); + EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); + int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +-# endif ++# endif + X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); + int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); + PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, +@@ -801,35 +703,35 @@ int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); + int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +-# endif ++# endif + +-# ifndef OPENSSL_NO_BIO ++# ifndef OPENSSL_NO_BIO + X509 *d2i_X509_bio(BIO *bp, X509 **x509); + int i2d_X509_bio(BIO *bp, X509 *x509); + X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); + int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); + X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); + int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); +-# ifndef OPENSSL_NO_RSA ++# ifndef OPENSSL_NO_RSA + RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); + int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); + RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); + int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); + RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); + int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); +-# endif +-# ifndef OPENSSL_NO_DSA ++# endif ++# ifndef OPENSSL_NO_DSA + DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); + int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); + DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); + int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +-# endif +-# ifndef OPENSSL_NO_EC ++# endif ++# ifndef OPENSSL_NO_EC + EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); + int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); + EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); + int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +-# endif ++# endif + X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); + int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); + PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, +@@ -840,28 +742,30 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); + int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +-# endif ++# endif + + X509 *X509_dup(X509 *x509); + X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); + X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); + X509_CRL *X509_CRL_dup(X509_CRL *crl); ++X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); + X509_REQ *X509_REQ_dup(X509_REQ *req); + X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); + int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); + void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, + X509_ALGOR *algor); ++void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); + int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + + X509_NAME *X509_NAME_dup(X509_NAME *xn); + X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +-# endif /* !SSLEAY_MACROS */ +- +-int X509_cmp_time(ASN1_TIME *s, time_t *t); +-int X509_cmp_current_time(ASN1_TIME *s); ++int X509_cmp_time(const ASN1_TIME *s, time_t *t); ++int X509_cmp_current_time(const ASN1_TIME *s); + ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); ++ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, ++ int offset_day, long offset_sec, time_t *t); + ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + + const char *X509_get_default_cert_area(void); +@@ -928,6 +832,12 @@ void *X509_get_ex_data(X509 *r, int idx); + int i2d_X509_AUX(X509 *a, unsigned char **pp); + X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); + ++int i2d_re_X509_tbs(X509 *x, unsigned char **pp); ++ ++void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, ++ const X509 *x); ++int X509_get_signature_nid(const X509 *x); ++ + int X509_alias_set1(X509 *x, unsigned char *name, int len); + int X509_keyid_set1(X509 *x, unsigned char *id, int len); + unsigned char *X509_alias_get0(X509 *x, int *len); +@@ -945,6 +855,9 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) + DECLARE_ASN1_FUNCTIONS(X509_CRL) + + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); ++int X509_CRL_get0_by_serial(X509_CRL *crl, ++ X509_REVOKED **ret, ASN1_INTEGER *serial); ++int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + + X509_PKEY *X509_PKEY_new(void); + void X509_PKEY_free(X509_PKEY *a); +@@ -980,6 +893,9 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); ++int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, ++ X509_ALGOR *algor2, ASN1_BIT_STRING *signature, ++ void *asn, EVP_MD_CTX *ctx); + # endif + + int X509_set_version(X509 *x, long version); +@@ -989,8 +905,8 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name); + X509_NAME *X509_get_issuer_name(X509 *a); + int X509_set_subject_name(X509 *x, X509_NAME *name); + X509_NAME *X509_get_subject_name(X509 *a); +-int X509_set_notBefore(X509 *x, ASN1_TIME *tm); +-int X509_set_notAfter(X509 *x, ASN1_TIME *tm); ++int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); ++int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); + int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); + EVP_PKEY *X509_get_pubkey(X509 *x); + ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +@@ -1026,16 +942,24 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, + + int X509_CRL_set_version(X509_CRL *x, long version); + int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm); +-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm); ++int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); ++int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); + int X509_CRL_sort(X509_CRL *crl); + + int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); + int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); + ++X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, ++ EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); ++ + int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + + int X509_check_private_key(X509 *x509, EVP_PKEY *pkey); ++int X509_chain_check_suiteb(int *perror_depth, ++ X509 *x, STACK_OF(X509) *chain, ++ unsigned long flags); ++int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); ++STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + + int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); + unsigned long X509_issuer_and_serial_hash(X509 *a); +@@ -1046,11 +970,18 @@ unsigned long X509_issuer_name_hash(X509 *a); + int X509_subject_name_cmp(const X509 *a, const X509 *b); + unsigned long X509_subject_name_hash(X509 *x); + ++# ifndef OPENSSL_NO_MD5 ++unsigned long X509_issuer_name_hash_old(X509 *a); ++unsigned long X509_subject_name_hash_old(X509 *x); ++# endif ++ + int X509_cmp(const X509 *a, const X509 *b); + int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); + unsigned long X509_NAME_hash(X509_NAME *x); ++unsigned long X509_NAME_hash_old(X509_NAME *x); + + int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); ++int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); + # ifndef OPENSSL_NO_FP_API + int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +@@ -1250,10 +1181,19 @@ DECLARE_ASN1_FUNCTIONS(PBEPARAM) + DECLARE_ASN1_FUNCTIONS(PBE2PARAM) + DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) + +-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, +- int saltlen); ++int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, ++ const unsigned char *salt, int saltlen); ++ ++X509_ALGOR *PKCS5_pbe_set(int alg, int iter, ++ const unsigned char *salt, int saltlen); + X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); ++X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, ++ unsigned char *salt, int saltlen, ++ unsigned char *aiv, int prf_nid); ++ ++X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, ++ int prf_nid, int keylen); + + /* PKCS#8 utilities */ + +@@ -1264,6 +1204,20 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); + PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); + PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); + ++int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, ++ int version, int ptype, void *pval, ++ unsigned char *penc, int penclen); ++int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, ++ const unsigned char **pk, int *ppklen, ++ X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8); ++ ++int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, ++ int ptype, void *pval, ++ unsigned char *penc, int penclen); ++int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, ++ const unsigned char **pk, int *ppklen, ++ X509_ALGOR **pa, X509_PUBKEY *pub); ++ + int X509_check_trust(X509 *x, int id, int flags); + int X509_TRUST_get_count(void); + X509_TRUST *X509_TRUST_get0(int idx); +@@ -1300,6 +1254,7 @@ void ERR_load_X509_strings(void); + # define X509_F_X509_ATTRIBUTE_GET0_DATA 139 + # define X509_F_X509_ATTRIBUTE_SET1_DATA 138 + # define X509_F_X509_CHECK_PRIVATE_KEY 128 ++# define X509_F_X509_CRL_DIFF 105 + # define X509_F_X509_CRL_PRINT_FP 147 + # define X509_F_X509_EXTENSION_CREATE_BY_NID 108 + # define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +@@ -1332,19 +1287,29 @@ void ERR_load_X509_strings(void); + # define X509_F_X509_VERIFY_CERT 127 + + /* Reason codes. */ ++# define X509_R_AKID_MISMATCH 110 + # define X509_R_BAD_X509_FILETYPE 100 + # define X509_R_BASE64_DECODE_ERROR 118 + # define X509_R_CANT_CHECK_DH_KEY 114 + # define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 ++# define X509_R_CRL_ALREADY_DELTA 127 ++# define X509_R_CRL_VERIFY_FAILURE 131 + # define X509_R_ERR_ASN1_LIB 102 ++# define X509_R_IDP_MISMATCH 128 + # define X509_R_INVALID_DIRECTORY 113 + # define X509_R_INVALID_FIELD_NAME 119 + # define X509_R_INVALID_TRUST 123 ++# define X509_R_ISSUER_MISMATCH 129 + # define X509_R_KEY_TYPE_MISMATCH 115 + # define X509_R_KEY_VALUES_MISMATCH 116 + # define X509_R_LOADING_CERT_DIR 103 + # define X509_R_LOADING_DEFAULTS 104 ++# define X509_R_METHOD_NOT_SUPPORTED 124 ++# define X509_R_NEWER_CRL_NOT_NEWER 132 + # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 ++# define X509_R_NO_CRL_NUMBER 130 ++# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 ++# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 + # define X509_R_SHOULD_RETRY 106 + # define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 + # define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +diff --git a/Cryptlib/Include/openssl/x509_vfy.h b/Cryptlib/Include/openssl/x509_vfy.h +index 69fab69..bd8613c 100644 +--- a/Cryptlib/Include/openssl/x509_vfy.h ++++ b/Cryptlib/Include/openssl/x509_vfy.h +@@ -79,6 +79,7 @@ + extern "C" { + #endif + ++# if 0 + /* Outer object */ + typedef struct x509_hash_dir_st { + int num_dirs; +@@ -86,6 +87,7 @@ typedef struct x509_hash_dir_st { + int *dirs_type; + int num_dirs_alloced; + } X509_HASH_DIR_CTX; ++# endif + + typedef struct x509_file_st { + int num_paths; /* number of paths to files or directories */ +@@ -154,6 +156,8 @@ typedef struct x509_lookup_method_st { + X509_OBJECT *ret); + } X509_LOOKUP_METHOD; + ++typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; ++ + /* + * This structure hold all parameters associated with a verify operation by + * including an X509_VERIFY_PARAM structure in related structures the +@@ -169,6 +173,7 @@ typedef struct X509_VERIFY_PARAM_st { + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ ++ X509_VERIFY_PARAM_ID *id; /* opaque ID data */ + } X509_VERIFY_PARAM; + + DECLARE_STACK_OF(X509_VERIFY_PARAM) +@@ -202,6 +207,8 @@ struct x509_store_st { + int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); ++ STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); ++ STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup) (X509_STORE_CTX *ctx); + CRYPTO_EX_DATA ex_data; + int references; +@@ -258,6 +265,8 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ + /* Check certificate against CRL */ + int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + int (*check_policy) (X509_STORE_CTX *ctx); ++ STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); ++ STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup) (X509_STORE_CTX *ctx); + /* The following is built up */ + /* if 0, rebuild chain */ +@@ -278,6 +287,12 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ + X509 *current_issuer; + /* current CRL */ + X509_CRL *current_crl; ++ /* score of current CRL */ ++ int current_crl_score; ++ /* Reason mask */ ++ unsigned int current_reasons; ++ /* For CRL path validation: parent context */ ++ X509_STORE_CTX *parent; + CRYPTO_EX_DATA ex_data; + } /* X509_STORE_CTX */ ; + +@@ -345,8 +360,31 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + # define X509_V_ERR_INVALID_EXTENSION 41 + # define X509_V_ERR_INVALID_POLICY_EXTENSION 42 + # define X509_V_ERR_NO_EXPLICIT_POLICY 43 +- +-# define X509_V_ERR_UNNESTED_RESOURCE 44 ++# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 ++# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 ++ ++# define X509_V_ERR_UNNESTED_RESOURCE 46 ++ ++# define X509_V_ERR_PERMITTED_VIOLATION 47 ++# define X509_V_ERR_EXCLUDED_VIOLATION 48 ++# define X509_V_ERR_SUBTREE_MINMAX 49 ++# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 ++# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 ++# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 ++# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 ++ ++/* Suite B mode algorithm violation */ ++# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 ++# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 ++# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 ++# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 ++# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 ++# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 ++ ++/* Host, email and IP check errors */ ++# define X509_V_ERR_HOSTNAME_MISMATCH 62 ++# define X509_V_ERR_EMAIL_MISMATCH 63 ++# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 + + /* The application is not happy */ + # define X509_V_ERR_APPLICATION_VERIFICATION 50 +@@ -377,9 +415,29 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + # define X509_V_FLAG_INHIBIT_MAP 0x400 + /* Notify callback that policy is OK */ + # define X509_V_FLAG_NOTIFY_POLICY 0x800 +- ++/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ ++# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 ++/* Delta CRL support */ ++# define X509_V_FLAG_USE_DELTAS 0x2000 + /* Check selfsigned CA signature */ + # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 ++/* Use trusted store first */ ++# define X509_V_FLAG_TRUSTED_FIRST 0x8000 ++/* Suite B 128 bit only mode: not normally used */ ++# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 ++/* Suite B 192 bit only mode */ ++# define X509_V_FLAG_SUITEB_192_LOS 0x20000 ++/* Suite B 128 bit mode allowing 192 bit algorithms */ ++# define X509_V_FLAG_SUITEB_128_LOS 0x30000 ++ ++/* Allow partial chains if at least one certificate is in trusted store */ ++# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 ++/* ++ * If the initial chain is not trusted, do not attempt to build an alternative ++ * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag ++ * will force the behaviour to match that of previous versions. ++ */ ++# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 + + # define X509_VP_FLAG_DEFAULT 0x1 + # define X509_VP_FLAG_OVERWRITE 0x2 +@@ -404,11 +462,21 @@ void X509_OBJECT_free_contents(X509_OBJECT *a); + X509_STORE *X509_STORE_new(void); + void X509_STORE_free(X509_STORE *v); + ++STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); ++STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); + int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); + int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); + int X509_STORE_set_trust(X509_STORE *ctx, int trust); + int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); + ++void X509_STORE_set_verify_cb(X509_STORE *ctx, ++ int (*verify_cb) (int, X509_STORE_CTX *)); ++ ++void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, ++ STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX ++ *ctx, ++ X509_NAME *nm)); ++ + X509_STORE_CTX *X509_STORE_CTX_new(void); + + int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); +@@ -419,6 +487,8 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); + void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + ++X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); ++ + X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); + + X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +@@ -469,6 +539,9 @@ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); + int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); ++X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); ++X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); ++X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); + STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); + STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +@@ -513,9 +586,27 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); + int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); ++ ++int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, ++ const char *name, size_t namelen); ++int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, ++ const char *name, size_t namelen); ++void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, ++ unsigned int flags); ++char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); ++int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, ++ const char *email, size_t emaillen); ++int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, ++ const unsigned char *ip, size_t iplen); ++int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, ++ const char *ipasc); ++ + int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); ++const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + + int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); ++int X509_VERIFY_PARAM_get_count(void); ++const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); + const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); + void X509_VERIFY_PARAM_table_cleanup(void); + +diff --git a/Cryptlib/Include/openssl/x509v3.h b/Cryptlib/Include/openssl/x509v3.h +index 0eeaa50..f5c6156 100644 +--- a/Cryptlib/Include/openssl/x509v3.h ++++ b/Cryptlib/Include/openssl/x509v3.h +@@ -67,6 +67,13 @@ + extern "C" { + #endif + ++# ifdef OPENSSL_SYS_WIN32 ++/* Under Win32 these are defined in wincrypt.h */ ++# undef X509_NAME ++# undef X509_CERT_PAIR ++# undef X509_EXTENSIONS ++# endif ++ + /* Forward reference */ + struct v3_ext_method; + struct v3_ext_ctx; +@@ -77,19 +84,19 @@ typedef void *(*X509V3_EXT_NEW)(void); + typedef void (*X509V3_EXT_FREE) (void *); + typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); + typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); +-typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (struct v3_ext_method *method, +- void *ext, +- STACK_OF(CONF_VALUE) +- *extlist); +-typedef void *(*X509V3_EXT_V2I)(struct v3_ext_method *method, ++typedef STACK_OF(CONF_VALUE) * ++ (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, ++ STACK_OF(CONF_VALUE) *extlist); ++typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +-typedef char *(*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); +-typedef void *(*X509V3_EXT_S2I)(struct v3_ext_method *method, ++typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, ++ void *ext); ++typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +-typedef int (*X509V3_EXT_I2R) (struct v3_ext_method *method, void *ext, ++typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +-typedef void *(*X509V3_EXT_R2I)(struct v3_ext_method *method, ++typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + + /* V3 extension structure */ +@@ -222,24 +229,41 @@ typedef struct DIST_POINT_NAME_st { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; ++/* If relativename then this contains the full distribution point name */ ++ X509_NAME *dpname; + } DIST_POINT_NAME; +- +-typedef struct DIST_POINT_st { ++/* All existing reasons */ ++# define CRLDP_ALL_REASONS 0x807f ++ ++# define CRL_REASON_NONE -1 ++# define CRL_REASON_UNSPECIFIED 0 ++# define CRL_REASON_KEY_COMPROMISE 1 ++# define CRL_REASON_CA_COMPROMISE 2 ++# define CRL_REASON_AFFILIATION_CHANGED 3 ++# define CRL_REASON_SUPERSEDED 4 ++# define CRL_REASON_CESSATION_OF_OPERATION 5 ++# define CRL_REASON_CERTIFICATE_HOLD 6 ++# define CRL_REASON_REMOVE_FROM_CRL 8 ++# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 ++# define CRL_REASON_AA_COMPROMISE 10 ++ ++struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; +-} DIST_POINT; ++ int dp_reasons; ++}; + + typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + + DECLARE_STACK_OF(DIST_POINT) + DECLARE_ASN1_SET_OF(DIST_POINT) + +-typedef struct AUTHORITY_KEYID_st { ++struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +-} AUTHORITY_KEYID; ++}; + + /* Strong extranet structures */ + +@@ -305,10 +329,10 @@ typedef struct GENERAL_SUBTREE_st { + + DECLARE_STACK_OF(GENERAL_SUBTREE) + +-typedef struct NAME_CONSTRAINTS_st { ++struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +-} NAME_CONSTRAINTS; ++}; + + typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; +@@ -329,6 +353,31 @@ typedef struct PROXY_CERT_INFO_EXTENSION_st { + DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) + DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + ++struct ISSUING_DIST_POINT_st { ++ DIST_POINT_NAME *distpoint; ++ int onlyuser; ++ int onlyCA; ++ ASN1_BIT_STRING *onlysomereasons; ++ int indirectCRL; ++ int onlyattr; ++}; ++ ++/* Values in idp_flags field */ ++/* IDP present */ ++# define IDP_PRESENT 0x1 ++/* IDP values inconsistent */ ++# define IDP_INVALID 0x2 ++/* onlyuser true */ ++# define IDP_ONLYUSER 0x4 ++/* onlyCA true */ ++# define IDP_ONLYCA 0x8 ++/* onlyattr true */ ++# define IDP_ONLYATTR 0x10 ++/* indirectCRL true */ ++# define IDP_INDIRECT 0x20 ++/* onlysomereasons present */ ++# define IDP_REASONS 0x40 ++ + # define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ + ",name:", val->name, ",value:", val->value); + +@@ -363,7 +412,6 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + # define EXFLAG_CA 0x10 + /* Really self issued not necessarily self signed */ + # define EXFLAG_SI 0x20 +-# define EXFLAG_SS 0x20 + # define EXFLAG_V1 0x40 + # define EXFLAG_INVALID 0x80 + # define EXFLAG_SET 0x100 +@@ -371,6 +419,9 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + # define EXFLAG_PROXY 0x400 + + # define EXFLAG_INVALID_POLICY 0x800 ++# define EXFLAG_FRESHEST 0x1000 ++/* Self signed */ ++# define EXFLAG_SS 0x2000 + + # define KU_DIGITAL_SIGNATURE 0x0080 + # define KU_NON_REPUDIATION 0x0040 +@@ -399,6 +450,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + # define XKU_OCSP_SIGN 0x20 + # define XKU_TIMESTAMP 0x40 + # define XKU_DVCS 0x80 ++# define XKU_ANYEKU 0x100 + + # define X509_PURPOSE_DYNAMIC 0x1 + # define X509_PURPOSE_DYNAMIC_NAME 0x2 +@@ -421,9 +473,10 @@ typedef struct x509_purpose_st { + # define X509_PURPOSE_CRL_SIGN 6 + # define X509_PURPOSE_ANY 7 + # define X509_PURPOSE_OCSP_HELPER 8 ++# define X509_PURPOSE_TIMESTAMP_SIGN 9 + + # define X509_PURPOSE_MIN 1 +-# define X509_PURPOSE_MAX 8 ++# define X509_PURPOSE_MAX 9 + + /* Flags for X509V3_EXT_print() */ + +@@ -470,6 +523,8 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + + DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) ++GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); ++int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + + ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, +@@ -488,11 +543,18 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- STACK_OF(CONF_VALUE) *nval); ++GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + + DECLARE_ASN1_FUNCTIONS(OTHERNAME) + DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) ++int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); ++void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); ++void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); ++int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, ++ ASN1_OBJECT *oid, ASN1_TYPE *value); ++int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, ++ ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + + char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + ASN1_OCTET_STRING *ia5); +@@ -511,6 +573,11 @@ DECLARE_ASN1_FUNCTIONS(NOTICEREF) + DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) + DECLARE_ASN1_FUNCTIONS(DIST_POINT) + DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) ++DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) ++ ++int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); ++ ++int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); + + DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) + DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) +@@ -528,12 +595,18 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) + DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + ++GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, ++ const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, int gen_type, char *value, ++ int is_nc); ++ + # ifdef HEADER_CONF_H +-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- CONF_VALUE *cnf); ++GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, CONF_VALUE *cnf); + GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, +- X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- CONF_VALUE *cnf, int is_nc); ++ const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, CONF_VALUE *cnf, ++ int is_nc); + void X509V3_conf_free(CONF_VALUE *val); + + X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, +@@ -549,23 +622,24 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_CRL *crl); + +-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, ++X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, ++ X509V3_CTX *ctx, int ext_nid, + char *value); +-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, +- char *value); +-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +- X509 *cert); +-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +- X509_REQ *req); +-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +- X509_CRL *crl); ++X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, ++ char *name, char *value); ++int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, ++ char *section, X509 *cert); ++int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, ++ char *section, X509_REQ *req); ++int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, ++ char *section, X509_CRL *crl); + + int X509V3_add_value_bool_nf(char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); + int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); + int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); + void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); ++void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); + # endif + + char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); +@@ -593,20 +667,21 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); + int X509V3_EXT_add_alias(int nid_to, int nid_from); + void X509V3_EXT_cleanup(void); + +-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); ++const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); ++const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); + int X509V3_add_standard_extensions(void); + STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); + void *X509V3_EXT_d2i(X509_EXTENSION *ext); + void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); ++int X509V3_EXT_free(int nid, void *ext_data); + + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); + int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +-char *hex_to_string(unsigned char *buffer, long len); +-unsigned char *string_to_hex(char *str, long *len); ++char *hex_to_string(const unsigned char *buffer, long len); ++unsigned char *string_to_hex(const char *str, long *len); + int name_cmp(const char *name, const char *cmp); + + void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, +@@ -624,6 +699,7 @@ int X509_check_purpose(X509 *x, int id, int ca); + int X509_supported_extension(X509_EXTENSION *ex); + int X509_PURPOSE_set(int *p, int purpose); + int X509_check_issued(X509 *issuer, X509 *subject); ++int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); + int X509_PURPOSE_get_count(void); + X509_PURPOSE *X509_PURPOSE_get0(int idx); + int X509_PURPOSE_get_by_sname(char *sname); +@@ -637,10 +713,38 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp); + void X509_PURPOSE_cleanup(void); + int X509_PURPOSE_get_id(X509_PURPOSE *); + +-STACK *X509_get1_email(X509 *x); +-STACK *X509_REQ_get1_email(X509_REQ *x); +-void X509_email_free(STACK * sk); +-STACK *X509_get1_ocsp(X509 *x); ++STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); ++STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); ++void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); ++STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); ++/* Flags for X509_check_* functions */ ++ ++/* ++ * Always check subject name for host match even if subject alt names present ++ */ ++# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 ++/* Disable wildcard matching for dnsName fields and common name. */ ++# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 ++/* Wildcards must not match a partial label. */ ++# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 ++/* Allow (non-partial) wildcards to match multiple labels. */ ++# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 ++/* Constraint verifier subdomain patterns to match a single labels. */ ++# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 ++/* ++ * Match reference identifiers starting with "." to any sub-domain. ++ * This is a non-public flag, turned on implicitly when the subject ++ * reference identity is a DNS name. ++ */ ++# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 ++ ++int X509_check_host(X509 *x, const char *chk, size_t chklen, ++ unsigned int flags, char **peername); ++int X509_check_email(X509 *x, const char *chk, size_t chklen, ++ unsigned int flags); ++int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, ++ unsigned int flags); ++int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + + ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); + ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +@@ -649,6 +753,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + + void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); ++DECLARE_STACK_OF(X509_POLICY_NODE) + + # ifndef OPENSSL_NO_RFC3779 + +@@ -806,8 +911,9 @@ void ERR_load_X509V3_strings(void); + /* Error codes for the X509V3 functions. */ + + /* Function codes. */ +-# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 +-# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 ++# define X509V3_F_A2I_GENERAL_NAME 164 ++# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 ++# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 + # define X509V3_F_COPY_EMAIL 122 + # define X509V3_F_COPY_ISSUER 123 + # define X509V3_F_DO_DIRNAME 144 +@@ -815,6 +921,7 @@ void ERR_load_X509V3_strings(void); + # define X509V3_F_DO_EXT_I2D 135 + # define X509V3_F_DO_EXT_NCONF 151 + # define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 ++# define X509V3_F_GNAMES_FROM_SECTNAME 156 + # define X509V3_F_HEX_TO_STRING 111 + # define X509V3_F_I2S_ASN1_ENUMERATED 121 + # define X509V3_F_I2S_ASN1_IA5STRING 149 +@@ -831,13 +938,14 @@ void ERR_load_X509V3_strings(void); + # define X509V3_F_S2I_ASN1_OCTET_STRING 112 + # define X509V3_F_S2I_ASN1_SKEY_ID 114 + # define X509V3_F_S2I_SKEY_ID 115 ++# define X509V3_F_SET_DIST_POINT_NAME 158 + # define X509V3_F_STRING_TO_HEX 113 + # define X509V3_F_SXNET_ADD_ID_ASC 125 + # define X509V3_F_SXNET_ADD_ID_INTEGER 126 + # define X509V3_F_SXNET_ADD_ID_ULONG 127 + # define X509V3_F_SXNET_GET_ID_ASC 128 + # define X509V3_F_SXNET_GET_ID_ULONG 129 +-# define X509V3_F_V2I_ASIDENTIFIERS 158 ++# define X509V3_F_V2I_ASIDENTIFIERS 163 + # define X509V3_F_V2I_ASN1_BIT_STRING 101 + # define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 + # define X509V3_F_V2I_AUTHORITY_KEYID 119 +@@ -846,6 +954,7 @@ void ERR_load_X509V3_strings(void); + # define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 + # define X509V3_F_V2I_GENERAL_NAMES 118 + # define X509V3_F_V2I_GENERAL_NAME_EX 117 ++# define X509V3_F_V2I_IDP 157 + # define X509V3_F_V2I_IPADDRBLOCKS 159 + # define X509V3_F_V2I_ISSUER_ALT 153 + # define X509V3_F_V2I_NAME_CONSTRAINTS 147 +@@ -859,6 +968,7 @@ void ERR_load_X509V3_strings(void); + # define X509V3_F_X509V3_EXT_ADD 104 + # define X509V3_F_X509V3_EXT_ADD_ALIAS 106 + # define X509V3_F_X509V3_EXT_CONF 107 ++# define X509V3_F_X509V3_EXT_FREE 165 + # define X509V3_F_X509V3_EXT_I2D 136 + # define X509V3_F_X509V3_EXT_NCONF 152 + # define X509V3_F_X509V3_GET_SECTION 142 +@@ -873,7 +983,9 @@ void ERR_load_X509V3_strings(void); + # define X509V3_R_BAD_OBJECT 119 + # define X509V3_R_BN_DEC2BN_ERROR 100 + # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 ++# define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168 + # define X509V3_R_DIRNAME_ERROR 149 ++# define X509V3_R_DISTPOINT_ALREADY_SET 160 + # define X509V3_R_DUPLICATE_ZONE_ID 133 + # define X509V3_R_ERROR_CONVERTING_ZONE 131 + # define X509V3_R_ERROR_CREATING_EXTENSION 144 +@@ -887,12 +999,13 @@ void ERR_load_X509V3_strings(void); + # define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 + # define X509V3_R_ILLEGAL_HEX_DIGIT 113 + # define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +-# define X509V3_R_INVALID_ASNUMBER 160 +-# define X509V3_R_INVALID_ASRANGE 161 ++# define X509V3_R_INVALID_ASNUMBER 162 ++# define X509V3_R_INVALID_ASRANGE 163 + # define X509V3_R_INVALID_BOOLEAN_STRING 104 + # define X509V3_R_INVALID_EXTENSION_STRING 105 +-# define X509V3_R_INVALID_INHERITANCE 162 +-# define X509V3_R_INVALID_IPADDRESS 163 ++# define X509V3_R_INVALID_INHERITANCE 165 ++# define X509V3_R_INVALID_IPADDRESS 166 ++# define X509V3_R_INVALID_MULTIPLE_RDNS 161 + # define X509V3_R_INVALID_NAME 106 + # define X509V3_R_INVALID_NULL_ARGUMENT 107 + # define X509V3_R_INVALID_NULL_NAME 108 +@@ -920,9 +1033,9 @@ void ERR_load_X509V3_strings(void); + # define X509V3_R_ODD_NUMBER_OF_DIGITS 112 + # define X509V3_R_OPERATION_NOT_DEFINED 148 + # define X509V3_R_OTHERNAME_ERROR 147 +-# define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 ++# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 + # define X509V3_R_POLICY_PATH_LENGTH 156 +-# define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 ++# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 + # define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 + # define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 + # define X509V3_R_SECTION_NOT_FOUND 150 +@@ -933,6 +1046,7 @@ void ERR_load_X509V3_strings(void); + # define X509V3_R_UNKNOWN_EXTENSION_NAME 130 + # define X509V3_R_UNKNOWN_OPTION 120 + # define X509V3_R_UNSUPPORTED_OPTION 117 ++# define X509V3_R_UNSUPPORTED_TYPE 167 + # define X509V3_R_USER_TOO_LONG 132 + + #ifdef __cplusplus +diff --git a/Cryptlib/Library/BaseCryptLib.h b/Cryptlib/Library/BaseCryptLib.h +index 715a8e2..e9ee62c 100644 +--- a/Cryptlib/Library/BaseCryptLib.h ++++ b/Cryptlib/Library/BaseCryptLib.h +@@ -4,7 +4,7 @@ + primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security + functionality enabling. + +-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
++Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -43,6 +43,16 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + #define SHA256_DIGEST_SIZE 32 + + /// ++/// SHA-384 digest size in bytes ++/// ++#define SHA384_DIGEST_SIZE 48 ++ ++/// ++/// SHA-512 digest size in bytes ++/// ++#define SHA512_DIGEST_SIZE 64 ++ ++/// + /// TDES block size in bytes + /// + #define TDES_BLOCK_SIZE 8 +@@ -73,7 +83,10 @@ typedef enum { + /** + Retrieves the size, in bytes, of the context buffer required for MD4 hash operations. + ++ If this interface is not supported, then return zero. ++ + @return The size, in bytes, of the context buffer required for MD4 hash operations. ++ @retval 0 This interface is not supported. + + **/ + UINTN +@@ -87,11 +100,13 @@ Md4GetContextSize ( + subsequent use. + + If Md4Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[out] Md4Context Pointer to MD4 context being initialized. + + @retval TRUE MD4 context initialization succeeded. + @retval FALSE MD4 context initialization failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -105,12 +120,14 @@ Md4Init ( + + If Md4Context is NULL, then return FALSE. + If NewMd4Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] Md4Context Pointer to MD4 context being copied. + @param[out] NewMd4Context Pointer to new MD4 context. + + @retval TRUE MD4 context copy succeeded. + @retval FALSE MD4 context copy failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -129,6 +146,7 @@ Md4Duplicate ( + by Md4Final(). Behavior with invalid context is undefined. + + If Md4Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] Md4Context Pointer to the MD4 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. +@@ -136,6 +154,7 @@ Md4Duplicate ( + + @retval TRUE MD4 data digest succeeded. + @retval FALSE MD4 data digest failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -157,6 +176,7 @@ Md4Update ( + + If Md4Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] Md4Context Pointer to the MD4 context. + @param[out] HashValue Pointer to a buffer that receives the MD4 digest +@@ -164,6 +184,7 @@ Md4Update ( + + @retval TRUE MD4 digest computation succeeded. + @retval FALSE MD4 digest computation failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -176,7 +197,10 @@ Md4Final ( + /** + Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. + ++ If this interface is not supported, then return zero. ++ + @return The size, in bytes, of the context buffer required for MD5 hash operations. ++ @retval 0 This interface is not supported. + + **/ + UINTN +@@ -190,11 +214,13 @@ Md5GetContextSize ( + subsequent use. + + If Md5Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[out] Md5Context Pointer to MD5 context being initialized. + + @retval TRUE MD5 context initialization succeeded. + @retval FALSE MD5 context initialization failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -208,12 +234,14 @@ Md5Init ( + + If Md5Context is NULL, then return FALSE. + If NewMd5Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] Md5Context Pointer to MD5 context being copied. + @param[out] NewMd5Context Pointer to new MD5 context. + + @retval TRUE MD5 context copy succeeded. + @retval FALSE MD5 context copy failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -232,6 +260,7 @@ Md5Duplicate ( + by Md5Final(). Behavior with invalid context is undefined. + + If Md5Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] Md5Context Pointer to the MD5 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. +@@ -239,6 +268,7 @@ Md5Duplicate ( + + @retval TRUE MD5 data digest succeeded. + @retval FALSE MD5 data digest failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -260,6 +290,7 @@ Md5Update ( + + If Md5Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] Md5Context Pointer to the MD5 context. + @param[out] HashValue Pointer to a buffer that receives the MD5 digest +@@ -267,6 +298,7 @@ Md5Update ( + + @retval TRUE MD5 digest computation succeeded. + @retval FALSE MD5 digest computation failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -279,7 +311,10 @@ Md5Final ( + /** + Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations. + ++ If this interface is not supported, then return zero. ++ + @return The size, in bytes, of the context buffer required for SHA-1 hash operations. ++ @retval 0 This interface is not supported. + + **/ + UINTN +@@ -293,11 +328,13 @@ Sha1GetContextSize ( + subsequent use. + + If Sha1Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[out] Sha1Context Pointer to SHA-1 context being initialized. + + @retval TRUE SHA-1 context initialization succeeded. + @retval FALSE SHA-1 context initialization failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -311,12 +348,14 @@ Sha1Init ( + + If Sha1Context is NULL, then return FALSE. + If NewSha1Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] Sha1Context Pointer to SHA-1 context being copied. + @param[out] NewSha1Context Pointer to new SHA-1 context. + + @retval TRUE SHA-1 context copy succeeded. + @retval FALSE SHA-1 context copy failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -335,6 +374,7 @@ Sha1Duplicate ( + by Sha1Final(). Behavior with invalid context is undefined. + + If Sha1Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] Sha1Context Pointer to the SHA-1 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. +@@ -342,6 +382,7 @@ Sha1Duplicate ( + + @retval TRUE SHA-1 data digest succeeded. + @retval FALSE SHA-1 data digest failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -363,6 +404,7 @@ Sha1Update ( + + If Sha1Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] Sha1Context Pointer to the SHA-1 context. + @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest +@@ -370,6 +412,7 @@ Sha1Update ( + + @retval TRUE SHA-1 digest computation succeeded. + @retval FALSE SHA-1 digest computation failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -414,12 +457,14 @@ Sha256Init ( + + If Sha256Context is NULL, then return FALSE. + If NewSha256Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] Sha256Context Pointer to SHA-256 context being copied. + @param[out] NewSha256Context Pointer to new SHA-256 context. + + @retval TRUE SHA-256 context copy succeeded. + @retval FALSE SHA-256 context copy failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -482,6 +527,215 @@ Sha256Final ( + OUT UINT8 *HashValue + ); + ++/** ++ Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations. ++ ++ @return The size, in bytes, of the context buffer required for SHA-384 hash operations. ++ ++**/ ++UINTN ++EFIAPI ++Sha384GetContextSize ( ++ VOID ++ ); ++ ++/** ++ Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for ++ subsequent use. ++ ++ If Sha384Context is NULL, then return FALSE. ++ ++ @param[out] Sha384Context Pointer to SHA-384 context being initialized. ++ ++ @retval TRUE SHA-384 context initialization succeeded. ++ @retval FALSE SHA-384 context initialization failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha384Init ( ++ OUT VOID *Sha384Context ++ ); ++ ++/** ++ Makes a copy of an existing SHA-384 context. ++ ++ If Sha384Context is NULL, then return FALSE. ++ If NewSha384Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ ++ @param[in] Sha384Context Pointer to SHA-384 context being copied. ++ @param[out] NewSha384Context Pointer to new SHA-384 context. ++ ++ @retval TRUE SHA-384 context copy succeeded. ++ @retval FALSE SHA-384 context copy failed. ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha384Duplicate ( ++ IN CONST VOID *Sha384Context, ++ OUT VOID *NewSha384Context ++ ); ++ ++/** ++ Digests the input data and updates SHA-384 context. ++ ++ This function performs SHA-384 digest on a data buffer of the specified size. ++ It can be called multiple times to compute the digest of long or discontinuous data streams. ++ SHA-384 context should be already correctly intialized by Sha384Init(), and should not be finalized ++ by Sha384Final(). Behavior with invalid context is undefined. ++ ++ If Sha384Context is NULL, then return FALSE. ++ ++ @param[in, out] Sha384Context Pointer to the SHA-384 context. ++ @param[in] Data Pointer to the buffer containing the data to be hashed. ++ @param[in] DataSize Size of Data buffer in bytes. ++ ++ @retval TRUE SHA-384 data digest succeeded. ++ @retval FALSE SHA-384 data digest failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha384Update ( ++ IN OUT VOID *Sha384Context, ++ IN CONST VOID *Data, ++ IN UINTN DataSize ++ ); ++ ++/** ++ Completes computation of the SHA-384 digest value. ++ ++ This function completes SHA-384 hash computation and retrieves the digest value into ++ the specified memory. After this function has been called, the SHA-384 context cannot ++ be used again. ++ SHA-384 context should be already correctly intialized by Sha384Init(), and should not be ++ finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined. ++ ++ If Sha384Context is NULL, then return FALSE. ++ If HashValue is NULL, then return FALSE. ++ ++ @param[in, out] Sha384Context Pointer to the SHA-384 context. ++ @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest ++ value (48 bytes). ++ ++ @retval TRUE SHA-384 digest computation succeeded. ++ @retval FALSE SHA-384 digest computation failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha384Final ( ++ IN OUT VOID *Sha384Context, ++ OUT UINT8 *HashValue ++ ); ++ ++/** ++ Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations. ++ ++ @return The size, in bytes, of the context buffer required for SHA-512 hash operations. ++ ++**/ ++UINTN ++EFIAPI ++Sha512GetContextSize ( ++ VOID ++ ); ++ ++/** ++ Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for ++ subsequent use. ++ ++ If Sha512Context is NULL, then return FALSE. ++ ++ @param[out] Sha512Context Pointer to SHA-512 context being initialized. ++ ++ @retval TRUE SHA-512 context initialization succeeded. ++ @retval FALSE SHA-512 context initialization failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha512Init ( ++ OUT VOID *Sha512Context ++ ); ++ ++/** ++ Makes a copy of an existing SHA-512 context. ++ ++ If Sha512Context is NULL, then return FALSE. ++ If NewSha512Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ ++ @param[in] Sha512Context Pointer to SHA-512 context being copied. ++ @param[out] NewSha512Context Pointer to new SHA-512 context. ++ ++ @retval TRUE SHA-512 context copy succeeded. ++ @retval FALSE SHA-512 context copy failed. ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha512Duplicate ( ++ IN CONST VOID *Sha512Context, ++ OUT VOID *NewSha512Context ++ ); ++ ++/** ++ Digests the input data and updates SHA-512 context. ++ ++ This function performs SHA-512 digest on a data buffer of the specified size. ++ It can be called multiple times to compute the digest of long or discontinuous data streams. ++ SHA-512 context should be already correctly intialized by Sha512Init(), and should not be finalized ++ by Sha512Final(). Behavior with invalid context is undefined. ++ ++ If Sha512Context is NULL, then return FALSE. ++ ++ @param[in, out] Sha512Context Pointer to the SHA-512 context. ++ @param[in] Data Pointer to the buffer containing the data to be hashed. ++ @param[in] DataSize Size of Data buffer in bytes. ++ ++ @retval TRUE SHA-512 data digest succeeded. ++ @retval FALSE SHA-512 data digest failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha512Update ( ++ IN OUT VOID *Sha512Context, ++ IN CONST VOID *Data, ++ IN UINTN DataSize ++ ); ++ ++/** ++ Completes computation of the SHA-512 digest value. ++ ++ This function completes SHA-512 hash computation and retrieves the digest value into ++ the specified memory. After this function has been called, the SHA-512 context cannot ++ be used again. ++ SHA-512 context should be already correctly intialized by Sha512Init(), and should not be ++ finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined. ++ ++ If Sha512Context is NULL, then return FALSE. ++ If HashValue is NULL, then return FALSE. ++ ++ @param[in, out] Sha512Context Pointer to the SHA-512 context. ++ @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest ++ value (64 bytes). ++ ++ @retval TRUE SHA-512 digest computation succeeded. ++ @retval FALSE SHA-512 digest computation failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Sha512Final ( ++ IN OUT VOID *Sha512Context, ++ OUT UINT8 *HashValue ++ ); + + //===================================================================================== + // MAC (Message Authentication Code) Primitive +@@ -490,7 +744,10 @@ Sha256Final ( + /** + Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations. + ++ If this interface is not supported, then return zero. ++ + @return The size, in bytes, of the context buffer required for HMAC-MD5 operations. ++ @retval 0 This interface is not supported. + + **/ + UINTN +@@ -504,6 +761,7 @@ HmacMd5GetContextSize ( + subsequent use. + + If HmacMd5Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized. + @param[in] Key Pointer to the user-supplied key. +@@ -511,6 +769,7 @@ HmacMd5GetContextSize ( + + @retval TRUE HMAC-MD5 context initialization succeeded. + @retval FALSE HMAC-MD5 context initialization failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -526,12 +785,14 @@ HmacMd5Init ( + + If HmacMd5Context is NULL, then return FALSE. + If NewHmacMd5Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. + @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. + + @retval TRUE HMAC-MD5 context copy succeeded. + @retval FALSE HMAC-MD5 context copy failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -550,6 +811,7 @@ HmacMd5Duplicate ( + finalized by HmacMd5Final(). Behavior with invalid context is undefined. + + If HmacMd5Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. + @param[in] Data Pointer to the buffer containing the data to be digested. +@@ -557,6 +819,7 @@ HmacMd5Duplicate ( + + @retval TRUE HMAC-MD5 data digest succeeded. + @retval FALSE HMAC-MD5 data digest failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -578,6 +841,7 @@ HmacMd5Update ( + + If HmacMd5Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. + @param[out] HashValue Pointer to a buffer that receives the HMAC-MD5 digest +@@ -585,6 +849,7 @@ HmacMd5Update ( + + @retval TRUE HMAC-MD5 digest computation succeeded. + @retval FALSE HMAC-MD5 digest computation failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -597,7 +862,10 @@ HmacMd5Final ( + /** + Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations. + ++ If this interface is not supported, then return zero. ++ + @return The size, in bytes, of the context buffer required for HMAC-SHA1 operations. ++ @retval 0 This interface is not supported. + + **/ + UINTN +@@ -611,6 +879,7 @@ HmacSha1GetContextSize ( + subsequent use. + + If HmacSha1Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized. + @param[in] Key Pointer to the user-supplied key. +@@ -618,6 +887,7 @@ HmacSha1GetContextSize ( + + @retval TRUE HMAC-SHA1 context initialization succeeded. + @retval FALSE HMAC-SHA1 context initialization failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -633,12 +903,14 @@ HmacSha1Init ( + + If HmacSha1Context is NULL, then return FALSE. + If NewHmacSha1Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. + @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. + + @retval TRUE HMAC-SHA1 context copy succeeded. + @retval FALSE HMAC-SHA1 context copy failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -657,6 +929,7 @@ HmacSha1Duplicate ( + be finalized by HmacSha1Final(). Behavior with invalid context is undefined. + + If HmacSha1Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. + @param[in] Data Pointer to the buffer containing the data to be digested. +@@ -664,6 +937,7 @@ HmacSha1Duplicate ( + + @retval TRUE HMAC-SHA1 data digest succeeded. + @retval FALSE HMAC-SHA1 data digest failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -685,6 +959,7 @@ HmacSha1Update ( + + If HmacSha1Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. + @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA1 digest +@@ -692,6 +967,7 @@ HmacSha1Update ( + + @retval TRUE HMAC-SHA1 digest computation succeeded. + @retval FALSE HMAC-SHA1 digest computation failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -701,7 +977,6 @@ HmacSha1Final ( + OUT UINT8 *HmacValue + ); + +- + //===================================================================================== + // Symmetric Cryptography Primitive + //===================================================================================== +@@ -709,7 +984,10 @@ HmacSha1Final ( + /** + Retrieves the size, in bytes, of the context buffer required for TDES operations. + ++ If this interface is not supported, then return zero. ++ + @return The size, in bytes, of the context buffer required for TDES operations. ++ @retval 0 This interface is not supported. + + **/ + UINTN +@@ -722,7 +1000,7 @@ TdesGetContextSize ( + Initializes user-supplied memory as TDES context for subsequent use. + + This function initializes user-supplied memory pointed by TdesContext as TDES context. +- In addtion, it sets up all TDES key materials for subsequent encryption and decryption ++ In addition, it sets up all TDES key materials for subsequent encryption and decryption + operations. + There are 3 key options as follows: + KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES) +@@ -732,6 +1010,7 @@ TdesGetContextSize ( + If TdesContext is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeyLength is not valid, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[out] TdesContext Pointer to TDES context being initialized. + @param[in] Key Pointer to the user-supplied TDES key. +@@ -739,6 +1018,7 @@ TdesGetContextSize ( + + @retval TRUE TDES context initialization succeeded. + @retval FALSE TDES context initialization failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -763,6 +1043,7 @@ TdesInit ( + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. +@@ -771,6 +1052,7 @@ TdesInit ( + + @retval TRUE TDES encryption succeeded. + @retval FALSE TDES encryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -796,6 +1078,7 @@ TdesEcbEncrypt ( + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. +@@ -804,6 +1087,7 @@ TdesEcbEncrypt ( + + @retval TRUE TDES decryption succeeded. + @retval FALSE TDES decryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -831,6 +1115,7 @@ TdesEcbDecrypt ( + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. +@@ -840,6 +1125,7 @@ TdesEcbDecrypt ( + + @retval TRUE TDES encryption succeeded. + @retval FALSE TDES encryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -868,6 +1154,7 @@ TdesCbcEncrypt ( + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. +@@ -877,6 +1164,7 @@ TdesCbcEncrypt ( + + @retval TRUE TDES decryption succeeded. + @retval FALSE TDES decryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -892,7 +1180,10 @@ TdesCbcDecrypt ( + /** + Retrieves the size, in bytes, of the context buffer required for AES operations. + ++ If this interface is not supported, then return zero. ++ + @return The size, in bytes, of the context buffer required for AES operations. ++ @retval 0 This interface is not supported. + + **/ + UINTN +@@ -905,13 +1196,14 @@ AesGetContextSize ( + Initializes user-supplied memory as AES context for subsequent use. + + This function initializes user-supplied memory pointed by AesContext as AES context. +- In addtion, it sets up all AES key materials for subsequent encryption and decryption ++ In addition, it sets up all AES key materials for subsequent encryption and decryption + operations. + There are 3 options for key length, 128 bits, 192 bits, and 256 bits. + + If AesContext is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeyLength is not valid, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[out] AesContext Pointer to AES context being initialized. + @param[in] Key Pointer to the user-supplied AES key. +@@ -919,6 +1211,7 @@ AesGetContextSize ( + + @retval TRUE AES context initialization succeeded. + @retval FALSE AES context initialization failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -943,6 +1236,7 @@ AesInit ( + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. +@@ -951,6 +1245,7 @@ AesInit ( + + @retval TRUE AES encryption succeeded. + @retval FALSE AES encryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -976,6 +1271,7 @@ AesEcbEncrypt ( + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. +@@ -984,6 +1280,7 @@ AesEcbEncrypt ( + + @retval TRUE AES decryption succeeded. + @retval FALSE AES decryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1011,6 +1308,7 @@ AesEcbDecrypt ( + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. +@@ -1020,6 +1318,7 @@ AesEcbDecrypt ( + + @retval TRUE AES encryption succeeded. + @retval FALSE AES encryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1048,6 +1347,7 @@ AesCbcEncrypt ( + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. +@@ -1057,6 +1357,7 @@ AesCbcEncrypt ( + + @retval TRUE AES decryption succeeded. + @retval FALSE AES decryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1072,7 +1373,10 @@ AesCbcDecrypt ( + /** + Retrieves the size, in bytes, of the context buffer required for ARC4 operations. + ++ If this interface is not supported, then return zero. ++ + @return The size, in bytes, of the context buffer required for ARC4 operations. ++ @retval 0 This interface is not supported. + + **/ + UINTN +@@ -1085,12 +1389,13 @@ Arc4GetContextSize ( + Initializes user-supplied memory as ARC4 context for subsequent use. + + This function initializes user-supplied memory pointed by Arc4Context as ARC4 context. +- In addtion, it sets up all ARC4 key materials for subsequent encryption and decryption ++ In addition, it sets up all ARC4 key materials for subsequent encryption and decryption + operations. + + If Arc4Context is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize does not in the range of [5, 256] bytes, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[out] Arc4Context Pointer to ARC4 context being initialized. + @param[in] Key Pointer to the user-supplied ARC4 key. +@@ -1098,6 +1403,7 @@ Arc4GetContextSize ( + + @retval TRUE ARC4 context initialization succeeded. + @retval FALSE ARC4 context initialization failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1119,6 +1425,7 @@ Arc4Init ( + If Arc4Context is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] Arc4Context Pointer to the ARC4 context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. +@@ -1127,6 +1434,7 @@ Arc4Init ( + + @retval TRUE ARC4 encryption succeeded. + @retval FALSE ARC4 encryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1149,6 +1457,7 @@ Arc4Encrypt ( + If Arc4Context is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] Arc4Context Pointer to the ARC4 context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. +@@ -1157,6 +1466,7 @@ Arc4Encrypt ( + + @retval TRUE ARC4 decryption succeeded. + @retval FALSE ARC4 decryption failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1177,11 +1487,13 @@ Arc4Decrypt ( + should be already correctly initialized by ARC4Init(). + + If Arc4Context is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] Arc4Context Pointer to the ARC4 context. + + @retval TRUE ARC4 reset succeeded. + @retval FALSE ARC4 reset failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1266,6 +1578,7 @@ RsaSetKey ( + If RsaContext is NULL, then return FALSE. + If BnSize is NULL, then return FALSE. + If BnSize is large enough but BigNumber is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. +@@ -1276,6 +1589,7 @@ RsaSetKey ( + @retval TRUE RSA key component was retrieved successfully. + @retval FALSE Invalid RSA key component tag. + @retval FALSE BnSize is too small. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1298,14 +1612,16 @@ RsaGetKey ( + initialized by RandomSeed(). + + If RsaContext is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] ModulusLength Length of RSA modulus N in bits. + @param[in] PublicExponent Pointer to RSA public exponent. +- @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. ++ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. + + @retval TRUE RSA key component was generated successfully. + @retval FALSE Invalid RSA key component tag. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1319,6 +1635,8 @@ RsaGenerateKey ( + + /** + Validates key components of RSA context. ++ NOTE: This function performs integrity checks on all the RSA key material, so ++ the RSA key structure must contain all the private key data. + + This function validates key compoents of RSA context in following aspects: + - Whether p is a prime +@@ -1327,11 +1645,13 @@ RsaGenerateKey ( + - Whether d*e = 1 mod lcm(p-1,q-1) + + If RsaContext is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] RsaContext Pointer to RSA context to check. + + @retval TRUE RSA key components are valid. + @retval FALSE RSA key components are not valid. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1352,6 +1672,7 @@ RsaCheckKey ( + If MessageHash is NULL, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] RsaContext Pointer to RSA context for signature generation. + @param[in] MessageHash Pointer to octet message hash to be signed. +@@ -1363,6 +1684,7 @@ RsaCheckKey ( + @retval TRUE Signature successfully generated in PKCS1-v1_5. + @retval FALSE Signature generation failed. + @retval FALSE SigSize is too small. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1407,6 +1729,10 @@ RsaPkcs1Verify ( + /** + Retrieve the RSA Private Key from the password-protected PEM key data. + ++ If PemData is NULL, then return FALSE. ++ If RsaContext is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. +@@ -1414,11 +1740,9 @@ RsaPkcs1Verify ( + RSA private key component. Use RsaFree() function to free the + resource. + +- If PemData is NULL, then return FALSE. +- If RsaContext is NULL, then return FALSE. +- + @retval TRUE RSA Private Key was retrieved successfully. + @retval FALSE Invalid PEM key data or incorrect password. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1433,17 +1757,19 @@ RsaGetPrivateKeyFromPem ( + /** + Retrieve the RSA Public Key from one DER-encoded X509 certificate. + ++ If Cert is NULL, then return FALSE. ++ If RsaContext is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA public key component. Use RsaFree() function to free the + resource. + +- If Cert is NULL, then return FALSE. +- If RsaContext is NULL, then return FALSE. +- + @retval TRUE RSA Public Key was retrieved successfully. + @retval FALSE Fail to retrieve RSA public key from X509 certificate. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1457,18 +1783,20 @@ RsaGetPublicKeyFromX509 ( + /** + Retrieve the subject bytes from one X.509 certificate. + ++ If Cert is NULL, then return FALSE. ++ If SubjectSize is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertSubject Pointer to the retrieved certificate subject bytes. + @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input, + and the size of buffer returned CertSubject on output. + +- If Cert is NULL, then return FALSE. +- If SubjectSize is NULL, then return FALSE. +- + @retval TRUE The certificate subject retrieved successfully. + @retval FALSE Invalid certificate, or the SubjectSize is too small for the result. + The SubjectSize will be updated with the required size. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1483,17 +1811,19 @@ X509GetSubjectName ( + /** + Verify one X509 certificate was issued by the trusted CA. + ++ If Cert is NULL, then return FALSE. ++ If CACert is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ + @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] CACert Pointer to the DER-encoded trusted CA certificate. + @param[in] CACertSize Size of the CA Certificate in bytes. + +- If Cert is NULL, then return FALSE. +- If CACert is NULL, then return FALSE. +- + @retval TRUE The certificate was issued by the trusted CA. + @retval FALSE Invalid certificate or the certificate was not issued by the given + trusted CA. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1510,6 +1840,7 @@ X509VerifyCert ( + + If Cert is NULL, then return FALSE. + If SingleX509Cert is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded certificate data. + @param[in] CertSize The size of certificate data in bytes. +@@ -1517,6 +1848,7 @@ X509VerifyCert ( + + @retval TRUE The X509 object generation succeeded. + @retval FALSE The operation failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1531,29 +1863,31 @@ X509ConstructCertificate ( + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + +- @param[in, out] X509Stack On input, pointer to an existing X509 stack object. ++ @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param ... A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). +- ++ + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN + EFIAPI + X509ConstructCertificateStack ( + IN OUT UINT8 **X509Stack, +- ... ++ ... + ); + + /** + Release the specified X509 object. + +- If X509Cert is NULL, then return FALSE. ++ If the interface is not supported, then ASSERT(). + + @param[in] X509Cert Pointer to the X509 object to be released. + +@@ -1567,7 +1901,7 @@ X509Free ( + /** + Release the specified X509 stack object. + +- If X509Stack is NULL, then return FALSE. ++ If the interface is not supported, then ASSERT(). + + @param[in] X509Stack Pointer to the X509 stack object to be released. + +@@ -1579,12 +1913,39 @@ X509StackFree ( + ); + + /** ++ Retrieve the TBSCertificate from one given X.509 certificate. ++ ++ @param[in] Cert Pointer to the given DER-encoded X509 certificate. ++ @param[in] CertSize Size of the X509 certificate in bytes. ++ @param[out] TBSCert DER-Encoded To-Be-Signed certificate. ++ @param[out] TBSCertSize Size of the TBS certificate in bytes. ++ ++ If Cert is NULL, then return FALSE. ++ If TBSCert is NULL, then return FALSE. ++ If TBSCertSize is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ ++ @retval TRUE The TBSCertificate was retrieved successfully. ++ @retval FALSE Invalid X.509 certificate. ++ ++**/ ++BOOLEAN ++EFIAPI ++X509GetTBSCert ( ++ IN CONST UINT8 *Cert, ++ IN UINTN CertSize, ++ OUT UINT8 **TBSCert, ++ OUT UINTN *TBSCertSize ++ ); ++ ++/** + Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. + + If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then + return FALSE. If P7Length overflow, then return FAlSE. ++ If this interface is not supported, then return FALSE. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. +@@ -1597,6 +1958,7 @@ X509StackFree ( + + @retval TRUE The operation is finished successfully. + @retval FALSE Error occurs during the operation. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1613,6 +1975,8 @@ Pkcs7GetSigners ( + /** + Wrap function to use free() to free allocated memory for certificates. + ++ If this interface is not supported, then ASSERT(). ++ + @param[in] Certs Pointer to the certificates to be freed. + + **/ +@@ -1627,6 +1991,8 @@ Pkcs7FreeSigners ( + Syntax Standard, version 1.5". This interface is only intended to be used for + application to perform PKCS#7 functionality validation. + ++ If this interface is not supported, then return FALSE. ++ + @param[in] PrivateKey Pointer to the PEM-formatted private key data for + data signing. + @param[in] PrivateKeySize Size of the PEM private key data in bytes. +@@ -1643,6 +2009,7 @@ Pkcs7FreeSigners ( + + @retval TRUE PKCS#7 data signing succeeded. + @retval FALSE PKCS#7 data signing failed. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1666,6 +2033,7 @@ Pkcs7Sign ( + + If P7Data, TrustedCert or InData is NULL, then return FALSE. + If P7Length, CertLength or DataLength overflow, then return FAlSE. ++ If this interface is not supported, then return FALSE. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. +@@ -1677,6 +2045,7 @@ Pkcs7Sign ( + + @retval TRUE The specified PKCS#7 signed data is valid. + @retval FALSE Invalid PKCS#7 signed data. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1691,11 +2060,41 @@ Pkcs7Verify ( + ); + + /** ++ Extracts the attached content from a PKCS#7 signed data if existed. The input signed ++ data could be wrapped in a ContentInfo structure. ++ ++ If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow, ++ then return FAlSE. If the P7Data is not correctly formatted, then return FALSE. ++ ++ Caution: This function may receive untrusted input. So this function will do ++ basic check for PKCS#7 data structure. ++ ++ @param[in] P7Data Pointer to the PKCS#7 signed data to process. ++ @param[in] P7Length Length of the PKCS#7 signed data in bytes. ++ @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. ++ It's caller's responsiblity to free the buffer. ++ @param[out] ContentSize The size of the extracted content in bytes. ++ ++ @retval TRUE The P7Data was correctly formatted for processing. ++ @retval FALSE The P7Data was not correctly formatted for processing. ++ ++*/ ++BOOLEAN ++EFIAPI ++Pkcs7GetAttachedContent ( ++ IN CONST UINT8 *P7Data, ++ IN UINTN P7Length, ++ OUT VOID **Content, ++ OUT UINTN *ContentSize ++ ); ++ ++/** + Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows + Authenticode Portable Executable Signature Format". + + If AuthData is NULL, then return FALSE. + If ImageHash is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed + PE/COFF image to be verified. +@@ -1710,6 +2109,7 @@ Pkcs7Verify ( + + @retval TRUE The specified Authenticode Signature is valid. + @retval FALSE Invalid Authenticode Signature. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1723,6 +2123,36 @@ AuthenticodeVerify ( + IN UINTN HashSize + ); + ++/** ++ Verifies the validility of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode ++ signature. ++ ++ If AuthData is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. ++ ++ @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed ++ PE/COFF image to be verified. ++ @param[in] DataSize Size of the Authenticode Signature in bytes. ++ @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which ++ is used for TSA certificate chain verification. ++ @param[in] CertSize Size of the trusted certificate in bytes. ++ @param[out] SigningTime Return the time of timestamp generation time if the timestamp ++ signature is valid. ++ ++ @retval TRUE The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature. ++ @retval FALSE No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data. ++ ++**/ ++BOOLEAN ++EFIAPI ++ImageTimestampVerify ( ++ IN CONST UINT8 *AuthData, ++ IN UINTN DataSize, ++ IN CONST UINT8 *TsaCert, ++ IN UINTN CertSize, ++ OUT EFI_TIME *SigningTime ++ ); ++ + //===================================================================================== + // DH Key Exchange Primitive + //===================================================================================== +@@ -1732,6 +2162,7 @@ AuthenticodeVerify ( + + @return Pointer to the Diffie-Hellman Context that has been initialized. + If the allocations fails, DhNew() returns NULL. ++ If the interface is not supported, DhNew() returns NULL. + + **/ + VOID * +@@ -1743,7 +2174,7 @@ DhNew ( + /** + Release the specified DH context. + +- If DhContext is NULL, then return FALSE. ++ If the interface is not supported, then ASSERT(). + + @param[in] DhContext Pointer to the DH context to be released. + +@@ -1759,12 +2190,13 @@ DhFree ( + + Given generator g, and length of prime number p in bits, this function generates p, + and sets DH context according to value of g and p. +- ++ + Before this function can be invoked, pseudorandom number generator must be correctly + initialized by RandomSeed(). + + If DhContext is NULL, then return FALSE. + If Prime is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] Generator Value of generator. +@@ -1774,6 +2206,7 @@ DhFree ( + @retval TRUE DH pamameter generation succeeded. + @retval FALSE Value of Generator is not supported. + @retval FALSE PRNG fails to generate random prime number with PrimeLength. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1793,6 +2226,7 @@ DhGenerateParameter ( + + If DhContext is NULL, then return FALSE. + If Prime is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] Generator Value of generator. +@@ -1804,6 +2238,7 @@ DhGenerateParameter ( + @retval FALSE Value of Generator is not suitable for the Prime. + @retval FALSE Value of Prime is not a prime number. + @retval FALSE Value of Prime is not a safe prime number. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1818,7 +2253,7 @@ DhSetParameter ( + /** + Generates DH public key. + +- This function generates random secret exponent, and computes the public key, which is ++ This function generates random secret exponent, and computes the public key, which is + returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly. + If the PublicKey buffer is too small to hold the public key, FALSE is returned and + PublicKeySize is set to the required buffer size to obtain the public key. +@@ -1826,6 +2261,7 @@ DhSetParameter ( + If DhContext is NULL, then return FALSE. + If PublicKeySize is NULL, then return FALSE. + If PublicKeySize is large enough but PublicKey is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] DhContext Pointer to the DH context. + @param[out] PublicKey Pointer to the buffer to receive generated public key. +@@ -1835,6 +2271,7 @@ DhSetParameter ( + @retval TRUE DH public key generation succeeded. + @retval FALSE DH public key generation failed. + @retval FALSE PublicKeySize is not large enough. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1849,12 +2286,14 @@ DhGenerateKey ( + Computes exchanged common key. + + Given peer's public key, this function computes the exchanged common key, based on its own +- context including value of prime modulus and random secret exponent. ++ context including value of prime modulus and random secret exponent. + + If DhContext is NULL, then return FALSE. + If PeerPublicKey is NULL, then return FALSE. + If KeySize is NULL, then return FALSE. +- If KeySize is large enough but Key is NULL, then return FALSE. ++ If Key is NULL, then return FALSE. ++ If KeySize is not large enough, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] PeerPublicKey Pointer to the peer's public key. +@@ -1866,6 +2305,7 @@ DhGenerateKey ( + @retval TRUE DH exchanged key generation succeeded. + @retval FALSE DH exchanged key generation failed. + @retval FALSE KeySize is not large enough. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1888,6 +2328,7 @@ DhComputeKey ( + This function sets up the seed value for the pseudorandom number generator. + If Seed is not NULL, then the seed passed in is used. + If Seed is NULL, then default seed is used. ++ If this interface is not supported, then return FALSE. + + @param[in] Seed Pointer to seed value. + If NULL, default seed is used. +@@ -1896,6 +2337,7 @@ DhComputeKey ( + + @retval TRUE Pseudorandom number generator has enough entropy for random generation. + @retval FALSE Pseudorandom number generator does not have enough entropy for random generation. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +@@ -1909,12 +2351,14 @@ RandomSeed ( + Generates a pseudorandom byte stream of the specified size. + + If Output is NULL, then return FALSE. ++ If this interface is not supported, then return FALSE. + + @param[out] Output Pointer to buffer to receive random value. + @param[in] Size Size of randome bytes to generate. + + @retval TRUE Pseudorandom byte stream generated successfully. + @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy. ++ @retval FALSE This interface is not supported. + + **/ + BOOLEAN +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index 1769e67..cb18440 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -19,6 +19,7 @@ OBJS = Hash/CryptMd4.o \ + Hash/CryptMd5.o \ + Hash/CryptSha1.o \ + Hash/CryptSha256.o \ ++ Hash/CryptSha512.o \ + Hmac/CryptHmacMd5.o \ + Hmac/CryptHmacSha1.o \ + Cipher/CryptAes.o \ +@@ -30,6 +31,7 @@ OBJS = Hash/CryptMd4.o \ + Pk/CryptPkcs7SignNull.o \ + Pk/CryptPkcs7Verify.o \ + Pk/CryptDhNull.o \ ++ Pk/CryptTs.o \ + Pk/CryptX509.o \ + Pk/CryptAuthenticode.o \ + Pem/CryptPem.o \ +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index 7bedb94..3f87a94 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -1,9 +1,9 @@ + +-EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol ++EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Icrypto/asn1 -Icrypto/evp -Icrypto/modes + + CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ + -ffreestanding -I$(shell $(CC) -print-file-name=include) \ +- -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC ++ -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC + + ifeq ($(ARCH),x86_64) + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ +@@ -23,7 +23,6 @@ LDFLAGS = -nostdlib -znocombreloc + + TARGET = libopenssl.a + OBJS = crypto/cryptlib.o \ +- crypto/dyn_lck.o \ + crypto/mem.o \ + crypto/mem_clr.o \ + crypto/mem_dbg.o \ +@@ -35,10 +34,9 @@ OBJS = crypto/cryptlib.o \ + crypto/o_time.o \ + crypto/o_str.o \ + crypto/o_dir.o \ ++ crypto/o_fips.o \ + crypto/o_init.o \ +- crypto/fips_err.o \ +- crypto/md2/md2_dgst.o \ +- crypto/md2/md2_one.o \ ++ crypto/fips_ers.o \ + crypto/md4/md4_dgst.o \ + crypto/md4/md4_one.o \ + crypto/md5/md5_dgst.o \ +@@ -50,9 +48,8 @@ OBJS = crypto/cryptlib.o \ + crypto/sha/sha256.o \ + crypto/sha/sha512.o \ + crypto/hmac/hmac.o \ +- crypto/ripemd/rmd_dgst.o \ +- crypto/ripemd/rmd_one.o \ +- crypto/des/des_lib.o \ ++ crypto/hmac/hm_ameth.o \ ++ crypto/hmac/hm_pmeth.o \ + crypto/des/set_key.o \ + crypto/des/ecb_enc.o \ + crypto/des/cbc_enc.o \ +@@ -79,29 +76,9 @@ OBJS = crypto/cryptlib.o \ + crypto/des/des_old.o \ + crypto/des/des_old2.o \ + crypto/des/read2pwd.o \ +- crypto/rc2/rc2_ecb.o \ +- crypto/rc2/rc2_skey.o \ +- crypto/rc2/rc2_cbc.o \ +- crypto/rc2/rc2cfb64.o \ +- crypto/rc2/rc2ofb64.o \ + crypto/rc4/rc4_enc.o \ + crypto/rc4/rc4_skey.o \ +- crypto/rc4/rc4_fblk.o \ +- crypto/idea/i_cbc.o \ +- crypto/idea/i_cfb64.o \ +- crypto/idea/i_ofb64.o \ +- crypto/idea/i_ecb.o \ +- crypto/idea/i_skey.o \ +- crypto/bf/bf_skey.o \ +- crypto/bf/bf_ecb.o \ +- crypto/bf/bf_enc.o \ +- crypto/bf/bf_cfb64.o \ +- crypto/bf/bf_ofb64.o \ +- crypto/cast/c_skey.o \ +- crypto/cast/c_ecb.o \ +- crypto/cast/c_enc.o \ +- crypto/cast/c_cfb64.o \ +- crypto/cast/c_ofb64.o \ ++ crypto/rc4/rc4_utl.o \ + crypto/aes/aes_misc.o \ + crypto/aes/aes_ecb.o \ + crypto/aes/aes_cfb.o \ +@@ -111,6 +88,15 @@ OBJS = crypto/cryptlib.o \ + crypto/aes/aes_wrap.o \ + crypto/aes/aes_core.o \ + crypto/aes/aes_cbc.o \ ++ crypto/modes/cbc128.o \ ++ crypto/modes/ctr128.o \ ++ crypto/modes/cts128.o \ ++ crypto/modes/cfb128.o \ ++ crypto/modes/ofb128.o \ ++ crypto/modes/gcm128.o \ ++ crypto/modes/ccm128.o \ ++ crypto/modes/xts128.o \ ++ crypto/modes/wrap128.o \ + crypto/bn/bn_add.o \ + crypto/bn/bn_div.o \ + crypto/bn/bn_exp.o \ +@@ -139,7 +125,6 @@ OBJS = crypto/cryptlib.o \ + crypto/bn/bn_depr.o \ + crypto/bn/bn_x931p.o \ + crypto/bn/bn_const.o \ +- crypto/bn/bn_opt.o \ + crypto/rsa/rsa_eay.o \ + crypto/rsa/rsa_gen.o \ + crypto/rsa/rsa_lib.o \ +@@ -154,20 +139,12 @@ OBJS = crypto/cryptlib.o \ + crypto/rsa/rsa_null.o \ + crypto/rsa/rsa_pss.o \ + crypto/rsa/rsa_x931.o \ +- crypto/rsa/rsa_x931g.o \ + crypto/rsa/rsa_asn1.o \ + crypto/rsa/rsa_depr.o \ +- crypto/rsa/rsa_eng.o \ +- crypto/dsa/dsa_gen.o \ +- crypto/dsa/dsa_key.o \ +- crypto/dsa/dsa_lib.o \ +- crypto/dsa/dsa_asn1.o \ +- crypto/dsa/dsa_vrf.o \ +- crypto/dsa/dsa_sign.o \ +- crypto/dsa/dsa_err.o \ +- crypto/dsa/dsa_ossl.o \ +- crypto/dsa/dsa_depr.o \ +- crypto/dsa/dsa_utl.o \ ++ crypto/rsa/rsa_ameth.o \ ++ crypto/rsa/rsa_prn.o \ ++ crypto/rsa/rsa_pmeth.o \ ++ crypto/rsa/rsa_crpt.o \ + crypto/dso/dso_dl.o \ + crypto/dso/dso_dlfcn.o \ + crypto/dso/dso_err.o \ +@@ -176,6 +153,7 @@ OBJS = crypto/cryptlib.o \ + crypto/dso/dso_openssl.o \ + crypto/dso/dso_win32.o \ + crypto/dso/dso_vms.o \ ++ crypto/dso/dso_beos.o \ + crypto/dh/dh_asn1.o \ + crypto/dh/dh_gen.o \ + crypto/dh/dh_key.o \ +@@ -183,30 +161,10 @@ OBJS = crypto/cryptlib.o \ + crypto/dh/dh_check.o \ + crypto/dh/dh_err.o \ + crypto/dh/dh_depr.o \ +- crypto/ec/ec_lib.o \ +- crypto/ec/ecp_smpl.o \ +- crypto/ec/ecp_mont.o \ +- crypto/ec/ecp_nist.o \ +- crypto/ec/ec_cvt.o \ +- crypto/ec/ec_mult.o \ +- crypto/ec/ec_err.o \ +- crypto/ec/ec_curve.o \ +- crypto/ec/ec_check.o \ +- crypto/ec/ec_print.o \ +- crypto/ec/ec_asn1.o \ +- crypto/ec/ec_key.o \ +- crypto/ec/ec2_smpl.o \ +- crypto/ec/ec2_mult.o \ +- crypto/ecdh/ech_lib.o \ +- crypto/ecdh/ech_ossl.o \ +- crypto/ecdh/ech_key.o \ +- crypto/ecdh/ech_err.o \ +- crypto/ecdsa/ecs_lib.o \ +- crypto/ecdsa/ecs_asn1.o \ +- crypto/ecdsa/ecs_ossl.o \ +- crypto/ecdsa/ecs_sign.o \ +- crypto/ecdsa/ecs_vrf.o \ +- crypto/ecdsa/ecs_err.o \ ++ crypto/dh/dh_ameth.o \ ++ crypto/dh/dh_pmeth.o \ ++ crypto/dh/dh_prn.o \ ++ crypto/dh/dh_rfc5114.o \ + crypto/buffer/buffer.o \ + crypto/buffer/buf_str.o \ + crypto/buffer/buf_err.o \ +@@ -217,10 +175,14 @@ OBJS = crypto/cryptlib.o \ + crypto/bio/bss_null.o \ + crypto/bio/bss_fd.o \ + crypto/bio/bss_file.o \ ++ crypto/bio/bss_sock.o \ ++ crypto/bio/bss_conn.o \ + crypto/bio/bf_null.o \ + crypto/bio/bf_buff.o \ + crypto/bio/b_dump.o \ + crypto/bio/b_print.o \ ++ crypto/bio/b_sock.o \ ++ crypto/bio/bss_acpt.o \ + crypto/bio/bf_nbio.o \ + crypto/bio/bss_log.o \ + crypto/bio/bss_bio.o \ +@@ -231,26 +193,18 @@ OBJS = crypto/cryptlib.o \ + crypto/rand/md_rand.o \ + crypto/rand/randfile.o \ + crypto/rand/rand_lib.o \ +- crypto/rand/rand_eng.o \ + crypto/rand/rand_err.o \ +- crypto/rand/rand_egd.o \ +- crypto/rand/rand_win.o \ + crypto/rand/rand_unix.o \ +- crypto/rand/rand_os2.o \ +- crypto/rand/rand_nw.o \ + crypto/err/err.o \ +- crypto/err/err_def.o \ + crypto/err/err_all.o \ + crypto/err/err_prn.o \ +- crypto/err/err_str.o \ +- crypto/err/err_bio.o \ + crypto/objects/o_names.o \ + crypto/objects/obj_dat.o \ + crypto/objects/obj_lib.o \ + crypto/objects/obj_err.o \ ++ crypto/objects/obj_xref.o \ + crypto/evp/encode.o \ + crypto/evp/digest.o \ +- crypto/evp/dig_eng.o \ + crypto/evp/evp_enc.o \ + crypto/evp/evp_key.o \ + crypto/evp/evp_acnf.o \ +@@ -259,22 +213,25 @@ OBJS = crypto/cryptlib.o \ + crypto/evp/e_bf.o \ + crypto/evp/e_idea.o \ + crypto/evp/e_des3.o \ ++ crypto/evp/e_camellia.o \ + crypto/evp/e_rc4.o \ + crypto/evp/e_aes.o \ + crypto/evp/names.o \ ++ crypto/evp/e_seed.o \ + crypto/evp/e_xcbc_d.o \ + crypto/evp/e_rc2.o \ + crypto/evp/e_cast.o \ + crypto/evp/e_rc5.o \ +- crypto/evp/enc_min.o \ + crypto/evp/m_null.o \ + crypto/evp/m_md2.o \ + crypto/evp/m_md4.o \ + crypto/evp/m_md5.o \ + crypto/evp/m_sha.o \ + crypto/evp/m_sha1.o \ ++ crypto/evp/m_wp.o \ + crypto/evp/m_dss.o \ + crypto/evp/m_dss1.o \ ++ crypto/evp/m_mdc2.o \ + crypto/evp/m_ripemd.o \ + crypto/evp/m_ecdsa.o \ + crypto/evp/p_open.o \ +@@ -299,6 +256,13 @@ OBJS = crypto/cryptlib.o \ + crypto/evp/p5_crpt.o \ + crypto/evp/p5_crpt2.o \ + crypto/evp/e_old.o \ ++ crypto/evp/pmeth_lib.o \ ++ crypto/evp/pmeth_fn.o \ ++ crypto/evp/pmeth_gn.o \ ++ crypto/evp/m_sigver.o \ ++ crypto/evp/e_aes_cbc_hmac_sha1.o \ ++ crypto/evp/e_aes_cbc_hmac_sha256.o \ ++ crypto/evp/e_rc4_hmac_md5.o \ + crypto/asn1/a_object.o \ + crypto/asn1/a_bitstr.o \ + crypto/asn1/a_utctm.o \ +@@ -334,6 +298,7 @@ OBJS = crypto/cryptlib.o \ + crypto/asn1/x_info.o \ + crypto/asn1/x_spki.o \ + crypto/asn1/nsseq.o \ ++ crypto/asn1/x_nx509.o \ + crypto/asn1/d2i_pu.o \ + crypto/asn1/d2i_pr.o \ + crypto/asn1/i2d_pu.o \ +@@ -351,20 +316,22 @@ OBJS = crypto/cryptlib.o \ + crypto/asn1/tasn_dec.o \ + crypto/asn1/tasn_utl.o \ + crypto/asn1/tasn_typ.o \ ++ crypto/asn1/tasn_prn.o \ ++ crypto/asn1/ameth_lib.o \ + crypto/asn1/f_int.o \ + crypto/asn1/f_string.o \ + crypto/asn1/n_pkey.o \ + crypto/asn1/f_enum.o \ +- crypto/asn1/a_hdr.o \ + crypto/asn1/x_pkey.o \ + crypto/asn1/a_bool.o \ + crypto/asn1/x_exten.o \ ++ crypto/asn1/bio_asn1.o \ ++ crypto/asn1/bio_ndef.o \ + crypto/asn1/asn_mime.o \ + crypto/asn1/asn1_gen.o \ + crypto/asn1/asn1_par.o \ + crypto/asn1/asn1_lib.o \ + crypto/asn1/asn1_err.o \ +- crypto/asn1/a_meth.o \ + crypto/asn1/a_bytes.o \ + crypto/asn1/a_strnid.o \ + crypto/asn1/evp_asn1.o \ +@@ -384,6 +351,7 @@ OBJS = crypto/cryptlib.o \ + crypto/pem/pem_oth.o \ + crypto/pem/pem_pk8.o \ + crypto/pem/pem_pkey.o \ ++ crypto/pem/pvkfmt.o \ + crypto/x509/x509_def.o \ + crypto/x509/x509_d2.o \ + crypto/x509/x509_r2x.o \ +@@ -405,8 +373,6 @@ OBJS = crypto/cryptlib.o \ + crypto/x509/x_all.o \ + crypto/x509/x509_txt.o \ + crypto/x509/x509_trs.o \ +- crypto/x509/by_file.o \ +- crypto/x509/by_dir.o \ + crypto/x509/x509_vpm.o \ + crypto/x509v3/v3_bcons.o \ + crypto/x509v3/v3_bitst.o \ +@@ -459,6 +425,7 @@ OBJS = crypto/cryptlib.o \ + crypto/pkcs7/pk7_smime.o \ + crypto/pkcs7/pk7_attr.o \ + crypto/pkcs7/pk7_mime.o \ ++ crypto/pkcs7/bio_pk7.o \ + crypto/pkcs12/p12_add.o \ + crypto/pkcs12/p12_asn.o \ + crypto/pkcs12/p12_attr.o \ +@@ -478,29 +445,6 @@ OBJS = crypto/cryptlib.o \ + crypto/comp/comp_err.o \ + crypto/comp/c_rle.o \ + crypto/comp/c_zlib.o \ +- crypto/engine/eng_err.o \ +- crypto/engine/eng_lib.o \ +- crypto/engine/eng_list.o \ +- crypto/engine/eng_init.o \ +- crypto/engine/eng_ctrl.o \ +- crypto/engine/eng_table.o \ +- crypto/engine/eng_pkey.o \ +- crypto/engine/eng_fat.o \ +- crypto/engine/eng_all.o \ +- crypto/engine/tb_rsa.o \ +- crypto/engine/tb_dsa.o \ +- crypto/engine/tb_ecdsa.o \ +- crypto/engine/tb_dh.o \ +- crypto/engine/tb_ecdh.o \ +- crypto/engine/tb_rand.o \ +- crypto/engine/tb_store.o \ +- crypto/engine/tb_cipher.o \ +- crypto/engine/tb_digest.o \ +- crypto/engine/eng_openssl.o \ +- crypto/engine/eng_cnf.o \ +- crypto/engine/eng_dyn.o \ +- crypto/engine/eng_cryptodev.o \ +- crypto/engine/eng_padlock.o \ + crypto/ocsp/ocsp_asn.o \ + crypto/ocsp/ocsp_ext.o \ + crypto/ocsp/ocsp_ht.o \ +@@ -510,18 +454,25 @@ OBJS = crypto/cryptlib.o \ + crypto/ocsp/ocsp_prn.o \ + crypto/ocsp/ocsp_vfy.o \ + crypto/ocsp/ocsp_err.o \ +- crypto/ui/ui_err.o \ + crypto/ui/ui_lib.o \ + crypto/ui/ui_util.o \ + crypto/ui/ui_compat.o \ + crypto/krb5/krb5_asn.o \ +- crypto/store/str_err.o \ +- crypto/store/str_lib.o \ +- crypto/store/str_meth.o \ +- crypto/store/str_mem.o \ + crypto/pqueue/pqueue.o \ +- +- ++ crypto/ts/ts_err.o \ ++ crypto/ts/ts_req_utils.o \ ++ crypto/ts/ts_req_print.o \ ++ crypto/ts/ts_rsp_utils.o \ ++ crypto/ts/ts_rsp_print.o \ ++ crypto/ts/ts_rsp_sign.o \ ++ crypto/ts/ts_rsp_verify.o \ ++ crypto/ts/ts_verify_ctx.o \ ++ crypto/ts/ts_lib.o \ ++ crypto/ts/ts_conf.o \ ++ crypto/ts/ts_asn1.o \ ++ crypto/cmac/cmac.o \ ++ crypto/cmac/cm_ameth.o \ ++ crypto/cmac/cm_pmeth.o \ + + all: $(TARGET) + +diff --git a/Cryptlib/OpenSSL/crypto/LPdir_nyi.c b/Cryptlib/OpenSSL/crypto/LPdir_nyi.c +index 6c1a50e..283d5b0 100644 +--- a/Cryptlib/OpenSSL/crypto/LPdir_nyi.c ++++ b/Cryptlib/OpenSSL/crypto/LPdir_nyi.c +@@ -1,4 +1,6 @@ +-/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */ ++/* ++ * $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ ++ */ + /* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. +@@ -26,17 +28,20 @@ + */ + + #ifndef LPDIR_H +-#include "LPdir.h" ++# include "LPdir.h" + #endif + +-struct LP_dir_context_st { void *dummy; }; ++struct LP_dir_context_st { ++ void *dummy; ++}; + const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) +- { +- errno = EINVAL; +- return 0; +- } ++{ ++ errno = EINVAL; ++ return 0; ++} ++ + int LP_find_file_end(LP_DIR_CTX **ctx) +- { +- errno = EINVAL; +- return 0; +- } ++{ ++ errno = EINVAL; ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c +index dff5cd8..e39231f 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c +@@ -49,86 +49,18 @@ + * + */ + +-#ifndef AES_DEBUG +-# ifndef NDEBUG +-# define NDEBUG +-# endif +-#endif +-#include +- + #include +-#include "aes_locl.h" ++#include + +-#if !defined(OPENSSL_FIPS_AES_ASM) + void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t len, const AES_KEY *key, + unsigned char *ivec, const int enc) + { + +- unsigned long n; +- unsigned long len = length; +- unsigned char tmp[AES_BLOCK_SIZE]; +- const unsigned char *iv = ivec; +- +- assert(in && out && key && ivec); +- assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); +- +- if (AES_ENCRYPT == enc) { +- while (len >= AES_BLOCK_SIZE) { +- for (n = 0; n < AES_BLOCK_SIZE; ++n) +- out[n] = in[n] ^ iv[n]; +- AES_encrypt(out, out, key); +- iv = out; +- len -= AES_BLOCK_SIZE; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- if (len) { +- for (n = 0; n < len; ++n) +- out[n] = in[n] ^ iv[n]; +- for (n = len; n < AES_BLOCK_SIZE; ++n) +- out[n] = iv[n]; +- AES_encrypt(out, out, key); +- iv = out; +- } +- memcpy(ivec, iv, AES_BLOCK_SIZE); +- } else if (in != out) { +- while (len >= AES_BLOCK_SIZE) { +- AES_decrypt(in, out, key); +- for (n = 0; n < AES_BLOCK_SIZE; ++n) +- out[n] ^= iv[n]; +- iv = in; +- len -= AES_BLOCK_SIZE; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- if (len) { +- AES_decrypt(in, tmp, key); +- for (n = 0; n < len; ++n) +- out[n] = tmp[n] ^ iv[n]; +- iv = in; +- } +- memcpy(ivec, iv, AES_BLOCK_SIZE); +- } else { +- while (len >= AES_BLOCK_SIZE) { +- memcpy(tmp, in, AES_BLOCK_SIZE); +- AES_decrypt(in, out, key); +- for (n = 0; n < AES_BLOCK_SIZE; ++n) +- out[n] ^= ivec[n]; +- memcpy(ivec, tmp, AES_BLOCK_SIZE); +- len -= AES_BLOCK_SIZE; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- if (len) { +- memcpy(tmp, in, AES_BLOCK_SIZE); +- AES_decrypt(tmp, out, key); +- for (n = 0; n < len; ++n) +- out[n] ^= ivec[n]; +- for (n = len; n < AES_BLOCK_SIZE; ++n) +- out[n] = tmp[n]; +- memcpy(ivec, tmp, AES_BLOCK_SIZE); +- } +- } ++ if (enc) ++ CRYPTO_cbc128_encrypt(in, out, len, key, ivec, ++ (block128_f) AES_encrypt); ++ else ++ CRYPTO_cbc128_decrypt(in, out, len, key, ivec, ++ (block128_f) AES_decrypt); + } +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c +index ded1aa0..1c79ce2 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c +@@ -1,6 +1,6 @@ + /* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */ + /* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -48,73 +48,9 @@ + * ==================================================================== + * + */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#ifndef AES_DEBUG +-# ifndef NDEBUG +-# define NDEBUG +-# endif +-#endif +-#include + + #include +-#include "aes_locl.h" +-#include "e_os.h" ++#include + + /* + * The input and output encrypted as though 128bit cfb mode is being used. +@@ -123,106 +59,27 @@ + */ + + void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) + { + +- unsigned int n; +- unsigned long l = length; +- unsigned char c; +- +- assert(in && out && key && ivec && num); +- +- n = *num; +- +- if (enc) { +- while (l--) { +- if (n == 0) { +- AES_encrypt(ivec, ivec, key); +- } +- ivec[n] = *(out++) = *(in++) ^ ivec[n]; +- n = (n + 1) % AES_BLOCK_SIZE; +- } +- } else { +- while (l--) { +- if (n == 0) { +- AES_encrypt(ivec, ivec, key); +- } +- c = *(in); +- *(out++) = *(in++) ^ ivec[n]; +- ivec[n] = c; +- n = (n + 1) % AES_BLOCK_SIZE; +- } +- } +- +- *num = n; +-} +- +-/* +- * This expects a single block of size nbits for both in and out. Note that +- * it corrupts any extra bits in the last byte of out +- */ +-void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out, +- const int nbits, const AES_KEY *key, +- unsigned char *ivec, const int enc) +-{ +- int n, rem, num; +- unsigned char ovec[AES_BLOCK_SIZE * 2]; +- +- if (nbits <= 0 || nbits > 128) +- return; +- +- /* fill in the first half of the new IV with the current IV */ +- memcpy(ovec, ivec, AES_BLOCK_SIZE); +- /* construct the new IV */ +- AES_encrypt(ivec, ivec, key); +- num = (nbits + 7) / 8; +- if (enc) /* encrypt the input */ +- for (n = 0; n < num; ++n) +- out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n] ^ ivec[n]); +- else /* decrypt the input */ +- for (n = 0; n < num; ++n) +- out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n]) ^ ivec[n]; +- /* shift ovec left... */ +- rem = nbits % 8; +- num = nbits / 8; +- if (rem == 0) +- memcpy(ivec, ovec + num, AES_BLOCK_SIZE); +- else +- for (n = 0; n < AES_BLOCK_SIZE; ++n) +- ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem); +- +- /* it is not necessary to cleanse ovec, since the IV is not secret */ ++ CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, ++ (block128_f) AES_encrypt); + } + + /* N.B. This expects the input to be packed, MS bit first */ + void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) + { +- unsigned int n; +- unsigned char c[1], d[1]; +- +- assert(in && out && key && ivec && num); +- assert(*num == 0); +- +- for (n = 0; n < length; ++n) { +- c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; +- AES_cfbr_encrypt_block(c, d, 1, key, ivec, enc); +- out[n / 8] = +- (out[n / 8] & ~(1 << (7 - n % 8))) | ((d[0] & 0x80) >> (n % 8)); +- } ++ CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, ++ (block128_f) AES_encrypt); + } + + void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) + { +- unsigned int n; +- +- assert(in && out && key && ivec && num); +- assert(*num == 0); +- +- for (n = 0; n < length; ++n) +- AES_cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc); ++ CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, ++ (block128_f) AES_encrypt); + } +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c +index cf73de8..2ddb086 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_core.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_core.c +@@ -37,12 +37,9 @@ + + #include + #include +-#ifdef OPENSSL_FIPS +-#include +-#endif +- + #include "aes_locl.h" + ++#ifndef AES_ASM + /*- + Te0[x] = S [x].[02, 01, 01, 03]; + Te1[x] = S [x].[03, 02, 01, 01]; +@@ -628,17 +625,14 @@ static const u32 rcon[] = { + /** + * Expand the cipher key into the encryption key schedule. + */ +-int AES_set_encrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key) ++int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) + { ++ + u32 *rk; + int i = 0; + u32 temp; + +-#ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-#endif +- + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) +@@ -733,8 +727,8 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + /** + * Expand the cipher key into the decryption key schedule. + */ +-int AES_set_decrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key) ++int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) + { + + u32 *rk; +@@ -742,7 +736,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + u32 temp; + + /* first, start with an encryption schedule */ +- status = AES_set_encrypt_key(userKey, bits, key); ++ status = private_AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; + +@@ -782,7 +776,6 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + return 0; + } + +-#ifndef AES_ASM + /* + * Encrypt a single block + * in and out can overlap +@@ -1137,33 +1130,234 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, + * map cipher state to byte array block: + */ + s0 = +- (Td4[(t0 >> 24) ] << 24) ^ +- (Td4[(t3 >> 16) & 0xff] << 16) ^ +- (Td4[(t2 >> 8) & 0xff] << 8) ^ +- (Td4[(t1 ) & 0xff]) ^ ++ ((u32)Td4[(t0 >> 24) ] << 24) ^ ++ ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^ ++ ((u32)Td4[(t2 >> 8) & 0xff] << 8) ^ ++ ((u32)Td4[(t1 ) & 0xff]) ^ + rk[0]; + PUTU32(out , s0); + s1 = +- (Td4[(t1 >> 24) ] << 24) ^ +- (Td4[(t0 >> 16) & 0xff] << 16) ^ +- (Td4[(t3 >> 8) & 0xff] << 8) ^ +- (Td4[(t2 ) & 0xff]) ^ ++ ((u32)Td4[(t1 >> 24) ] << 24) ^ ++ ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^ ++ ((u32)Td4[(t3 >> 8) & 0xff] << 8) ^ ++ ((u32)Td4[(t2 ) & 0xff]) ^ + rk[1]; + PUTU32(out + 4, s1); + s2 = +- (Td4[(t2 >> 24) ] << 24) ^ +- (Td4[(t1 >> 16) & 0xff] << 16) ^ +- (Td4[(t0 >> 8) & 0xff] << 8) ^ +- (Td4[(t3 ) & 0xff]) ^ ++ ((u32)Td4[(t2 >> 24) ] << 24) ^ ++ ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^ ++ ((u32)Td4[(t0 >> 8) & 0xff] << 8) ^ ++ ((u32)Td4[(t3 ) & 0xff]) ^ + rk[2]; + PUTU32(out + 8, s2); + s3 = +- (Td4[(t3 >> 24) ] << 24) ^ +- (Td4[(t2 >> 16) & 0xff] << 16) ^ +- (Td4[(t1 >> 8) & 0xff] << 8) ^ +- (Td4[(t0 ) & 0xff]) ^ ++ ((u32)Td4[(t3 >> 24) ] << 24) ^ ++ ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^ ++ ((u32)Td4[(t1 >> 8) & 0xff] << 8) ^ ++ ((u32)Td4[(t0 ) & 0xff]) ^ + rk[3]; + PUTU32(out + 12, s3); + } + ++#else /* AES_ASM */ ++ ++static const u8 Te4[256] = { ++ 0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U, ++ 0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U, ++ 0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U, ++ 0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U, ++ 0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU, ++ 0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U, ++ 0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU, ++ 0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U, ++ 0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U, ++ 0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U, ++ 0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU, ++ 0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU, ++ 0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U, ++ 0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U, ++ 0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U, ++ 0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U, ++ 0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U, ++ 0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U, ++ 0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U, ++ 0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU, ++ 0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU, ++ 0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U, ++ 0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U, ++ 0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U, ++ 0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U, ++ 0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU, ++ 0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU, ++ 0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU, ++ 0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U, ++ 0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU, ++ 0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U, ++ 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U ++}; ++static const u32 rcon[] = { ++ 0x01000000, 0x02000000, 0x04000000, 0x08000000, ++ 0x10000000, 0x20000000, 0x40000000, 0x80000000, ++ 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ ++}; ++ ++/** ++ * Expand the cipher key into the encryption key schedule. ++ */ ++int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) ++{ ++ u32 *rk; ++ int i = 0; ++ u32 temp; ++ ++ if (!userKey || !key) ++ return -1; ++ if (bits != 128 && bits != 192 && bits != 256) ++ return -2; ++ ++ rk = key->rd_key; ++ ++ if (bits==128) ++ key->rounds = 10; ++ else if (bits==192) ++ key->rounds = 12; ++ else ++ key->rounds = 14; ++ ++ rk[0] = GETU32(userKey ); ++ rk[1] = GETU32(userKey + 4); ++ rk[2] = GETU32(userKey + 8); ++ rk[3] = GETU32(userKey + 12); ++ if (bits == 128) { ++ while (1) { ++ temp = rk[3]; ++ rk[4] = rk[0] ^ ++ ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ ++ ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ ++ ((u32)Te4[(temp ) & 0xff] << 8) ^ ++ ((u32)Te4[(temp >> 24) ]) ^ ++ rcon[i]; ++ rk[5] = rk[1] ^ rk[4]; ++ rk[6] = rk[2] ^ rk[5]; ++ rk[7] = rk[3] ^ rk[6]; ++ if (++i == 10) { ++ return 0; ++ } ++ rk += 4; ++ } ++ } ++ rk[4] = GETU32(userKey + 16); ++ rk[5] = GETU32(userKey + 20); ++ if (bits == 192) { ++ while (1) { ++ temp = rk[ 5]; ++ rk[ 6] = rk[ 0] ^ ++ ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ ++ ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ ++ ((u32)Te4[(temp ) & 0xff] << 8) ^ ++ ((u32)Te4[(temp >> 24) ]) ^ ++ rcon[i]; ++ rk[ 7] = rk[ 1] ^ rk[ 6]; ++ rk[ 8] = rk[ 2] ^ rk[ 7]; ++ rk[ 9] = rk[ 3] ^ rk[ 8]; ++ if (++i == 8) { ++ return 0; ++ } ++ rk[10] = rk[ 4] ^ rk[ 9]; ++ rk[11] = rk[ 5] ^ rk[10]; ++ rk += 6; ++ } ++ } ++ rk[6] = GETU32(userKey + 24); ++ rk[7] = GETU32(userKey + 28); ++ if (bits == 256) { ++ while (1) { ++ temp = rk[ 7]; ++ rk[ 8] = rk[ 0] ^ ++ ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ ++ ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ ++ ((u32)Te4[(temp ) & 0xff] << 8) ^ ++ ((u32)Te4[(temp >> 24) ]) ^ ++ rcon[i]; ++ rk[ 9] = rk[ 1] ^ rk[ 8]; ++ rk[10] = rk[ 2] ^ rk[ 9]; ++ rk[11] = rk[ 3] ^ rk[10]; ++ if (++i == 7) { ++ return 0; ++ } ++ temp = rk[11]; ++ rk[12] = rk[ 4] ^ ++ ((u32)Te4[(temp >> 24) ] << 24) ^ ++ ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ ++ ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ ++ ((u32)Te4[(temp ) & 0xff]); ++ rk[13] = rk[ 5] ^ rk[12]; ++ rk[14] = rk[ 6] ^ rk[13]; ++ rk[15] = rk[ 7] ^ rk[14]; ++ ++ rk += 8; ++ } ++ } ++ return 0; ++} ++ ++/** ++ * Expand the cipher key into the decryption key schedule. ++ */ ++int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) ++{ ++ ++ u32 *rk; ++ int i, j, status; ++ u32 temp; ++ ++ /* first, start with an encryption schedule */ ++ status = private_AES_set_encrypt_key(userKey, bits, key); ++ if (status < 0) ++ return status; ++ ++ rk = key->rd_key; ++ ++ /* invert the order of the round keys: */ ++ for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { ++ temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; ++ temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; ++ temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; ++ temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; ++ } ++ /* apply the inverse MixColumn transform to all round keys but the first and the last: */ ++ for (i = 1; i < (key->rounds); i++) { ++ rk += 4; ++ for (j = 0; j < 4; j++) { ++ u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; ++ ++ tp1 = rk[j]; ++ m = tp1 & 0x80808080; ++ tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ ++ ((m - (m >> 7)) & 0x1b1b1b1b); ++ m = tp2 & 0x80808080; ++ tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ ++ ((m - (m >> 7)) & 0x1b1b1b1b); ++ m = tp4 & 0x80808080; ++ tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ ++ ((m - (m >> 7)) & 0x1b1b1b1b); ++ tp9 = tp8 ^ tp1; ++ tpb = tp9 ^ tp2; ++ tpd = tp9 ^ tp4; ++ tpe = tp8 ^ tp4 ^ tp2; ++#if defined(ROTATE) ++ rk[j] = tpe ^ ROTATE(tpd,16) ^ ++ ROTATE(tp9,24) ^ ROTATE(tpb,8); ++#else ++ rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ ++ (tp9 >> 8) ^ (tp9 << 24) ^ ++ (tpb >> 24) ^ (tpb << 8); ++#endif ++ } ++ } ++ return 0; ++} ++ + #endif /* AES_ASM */ +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c +index fa82b2c..3ee3822 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c +@@ -49,97 +49,15 @@ + * + */ + +-#ifndef AES_DEBUG +-# ifndef NDEBUG +-# define NDEBUG +-# endif +-#endif +-#include +- + #include +-#include "aes_locl.h" +- +-/* +- * NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code is +- * endian-neutral. +- */ +- +-/* increment counter (128-bit int) by 1 */ +-static void AES_ctr128_inc(unsigned char *counter) +-{ +- unsigned long c; +- +- /* Grab bottom dword of counter and increment */ +- c = GETU32(counter + 12); +- c++; +- c &= 0xFFFFFFFF; +- PUTU32(counter + 12, c); +- +- /* if no overflow, we're done */ +- if (c) +- return; +- +- /* Grab 1st dword of counter and increment */ +- c = GETU32(counter + 8); +- c++; +- c &= 0xFFFFFFFF; +- PUTU32(counter + 8, c); +- +- /* if no overflow, we're done */ +- if (c) +- return; +- +- /* Grab 2nd dword of counter and increment */ +- c = GETU32(counter + 4); +- c++; +- c &= 0xFFFFFFFF; +- PUTU32(counter + 4, c); ++#include + +- /* if no overflow, we're done */ +- if (c) +- return; +- +- /* Grab top dword of counter and increment */ +- c = GETU32(counter + 0); +- c++; +- c &= 0xFFFFFFFF; +- PUTU32(counter + 0, c); +-} +- +-/* +- * The input encrypted as though 128bit counter mode is being used. The +- * extra state information to record how much of the 128bit block we have +- * used is contained in *num, and the encrypted counter is kept in +- * ecount_buf. Both *num and ecount_buf must be initialised with zeros +- * before the first call to AES_ctr128_encrypt(). This algorithm assumes +- * that the counter is in the x lower bits of the IV (ivec), and that the +- * application has full control over overflow and the rest of the IV. This +- * implementation takes NO responsability for checking that the counter +- * doesn't overflow into the rest of the IV when incremented. +- */ + void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num) + { +- +- unsigned int n; +- unsigned long l = length; +- +- assert(in && out && key && counter && num); +- assert(*num < AES_BLOCK_SIZE); +- +- n = *num; +- +- while (l--) { +- if (n == 0) { +- AES_encrypt(ivec, ecount_buf, key); +- AES_ctr128_inc(ivec); +- } +- *(out++) = *(in++) ^ ecount_buf[n]; +- n = (n + 1) % AES_BLOCK_SIZE; +- } +- +- *num = n; ++ CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, ++ (block128_f) AES_encrypt); + } +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c +index 0fa28c3..cf31c9b 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c +@@ -77,11 +77,11 @@ typedef struct { + /* N.B. The IV for this mode is _twice_ the block size */ + + void AES_ige_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc) + { +- unsigned long n; +- unsigned long len; ++ size_t n; ++ size_t len = length; + + OPENSSL_assert(in && out && key && ivec); + OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); +@@ -206,12 +206,12 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + /* N.B. The IV for this mode is _four times_ the block size */ + + void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc) + { +- unsigned long n; +- unsigned long len = length; ++ size_t n; ++ size_t len = length; + unsigned char tmp[AES_BLOCK_SIZE]; + unsigned char tmp2[AES_BLOCK_SIZE]; + unsigned char tmp3[AES_BLOCK_SIZE]; +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_locl.h b/Cryptlib/OpenSSL/crypto/aes/aes_locl.h +index 054b442..fabfd02 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_locl.h ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_locl.h +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -50,40 +50,40 @@ + */ + + #ifndef HEADER_AES_LOCL_H +-#define HEADER_AES_LOCL_H ++# define HEADER_AES_LOCL_H + +-#include ++# include + +-#ifdef OPENSSL_NO_AES +-#error AES is disabled. +-#endif ++# ifdef OPENSSL_NO_AES ++# error AES is disabled. ++# endif + +-#include +-#include +-#include ++# include ++# include ++# include + +-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +-# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +-# define GETU32(p) SWAP(*((u32 *)(p))) +-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } +-#else +-# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } +-#endif ++# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) ++# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) ++# define GETU32(p) SWAP(*((u32 *)(p))) ++# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } ++# else ++# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) ++# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } ++# endif + +-#ifdef AES_LONG ++# ifdef AES_LONG + typedef unsigned long u32; +-#else ++# else + typedef unsigned int u32; +-#endif ++# endif + typedef unsigned short u16; + typedef unsigned char u8; + +-#define MAXKC (256/32) +-#define MAXKB (256/8) +-#define MAXNR 14 ++# define MAXKC (256/32) ++# define MAXKB (256/8) ++# define MAXNR 14 + + /* This controls loop-unrolling in aes_core.c */ +-#undef FULL_UNROLL ++# undef FULL_UNROLL + +-#endif /* !HEADER_AES_LOCL_H */ ++#endif /* !HEADER_AES_LOCL_H */ +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c +index 68a48ba..ab948ad 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c +@@ -50,6 +50,7 @@ + */ + + #include ++#include + #include + #include "aes_locl.h" + +@@ -63,3 +64,23 @@ const char *AES_options(void) + return "aes(partial)"; + #endif + } ++ ++/* FIPS wrapper functions to block low level AES calls in FIPS mode */ ++ ++int AES_set_encrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) ++{ ++#ifdef OPENSSL_FIPS ++ fips_cipher_abort(AES); ++#endif ++ return private_AES_set_encrypt_key(userKey, bits, key); ++} ++ ++int AES_set_decrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) ++{ ++#ifdef OPENSSL_FIPS ++ fips_cipher_abort(AES); ++#endif ++ return private_AES_set_decrypt_key(userKey, bits, key); ++} +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c +index 07b2610..e6153f9 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c +@@ -1,6 +1,6 @@ + /* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */ + /* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -48,97 +48,14 @@ + * ==================================================================== + * + */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#ifndef AES_DEBUG +-# ifndef NDEBUG +-# define NDEBUG +-# endif +-#endif +-#include + + #include +-#include "aes_locl.h" ++#include + +-/* +- * The input and output encrypted as though 128bit ofb mode is being used. +- * The extra state information to record how much of the 128bit block we have +- * used is contained in *num; +- */ + void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, ++ size_t length, const AES_KEY *key, + unsigned char *ivec, int *num) + { +- +- unsigned int n; +- unsigned long l = length; +- +- assert(in && out && key && ivec && num); +- +- n = *num; +- +- while (l--) { +- if (n == 0) { +- AES_encrypt(ivec, ivec, key); +- } +- *(out++) = *(in++) ^ ivec[n]; +- n = (n + 1) % AES_BLOCK_SIZE; +- } +- +- *num = n; ++ CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, ++ (block128_f) AES_encrypt); + } +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c +index b1ab8e2..b7b64d5 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c +@@ -54,197 +54,19 @@ + + #include "cryptlib.h" + #include +-#include +- +-static const unsigned char default_iv[] = { +- 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, +-}; ++#include + + int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen) + { +- unsigned char *A, B[16], *R; +- unsigned int i, j, t; +- if ((inlen & 0x7) || (inlen < 8)) +- return -1; +- A = B; +- t = 1; +- memcpy(out + 8, in, inlen); +- if (!iv) +- iv = default_iv; +- +- memcpy(A, iv, 8); +- +- for (j = 0; j < 6; j++) { +- R = out + 8; +- for (i = 0; i < inlen; i += 8, t++, R += 8) { +- memcpy(B + 8, R, 8); +- AES_encrypt(B, B, key); +- A[7] ^= (unsigned char)(t & 0xff); +- if (t > 0xff) { +- A[6] ^= (unsigned char)((t >> 8) & 0xff); +- A[5] ^= (unsigned char)((t >> 16) & 0xff); +- A[4] ^= (unsigned char)((t >> 24) & 0xff); +- } +- memcpy(R, B + 8, 8); +- } +- } +- memcpy(out, A, 8); +- return inlen + 8; ++ return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt); + } + + int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen) + { +- unsigned char *A, B[16], *R; +- unsigned int i, j, t; +- inlen -= 8; +- if (inlen & 0x7) +- return -1; +- if (inlen < 8) +- return -1; +- A = B; +- t = 6 * (inlen >> 3); +- memcpy(A, in, 8); +- memcpy(out, in + 8, inlen); +- for (j = 0; j < 6; j++) { +- R = out + inlen - 8; +- for (i = 0; i < inlen; i += 8, t--, R -= 8) { +- A[7] ^= (unsigned char)(t & 0xff); +- if (t > 0xff) { +- A[6] ^= (unsigned char)((t >> 8) & 0xff); +- A[5] ^= (unsigned char)((t >> 16) & 0xff); +- A[4] ^= (unsigned char)((t >> 24) & 0xff); +- } +- memcpy(B + 8, R, 8); +- AES_decrypt(B, B, key); +- memcpy(R, B + 8, 8); +- } +- } +- if (!iv) +- iv = default_iv; +- if (memcmp(A, iv, 8)) { +- OPENSSL_cleanse(out, inlen); +- return 0; +- } +- return inlen; +-} +- +-#ifdef AES_WRAP_TEST +- +-int AES_wrap_unwrap_test(const unsigned char *kek, int keybits, +- const unsigned char *iv, +- const unsigned char *eout, +- const unsigned char *key, int keylen) +-{ +- unsigned char *otmp = NULL, *ptmp = NULL; +- int r, ret = 0; +- AES_KEY wctx; +- otmp = OPENSSL_malloc(keylen + 8); +- ptmp = OPENSSL_malloc(keylen); +- if (!otmp || !ptmp) +- return 0; +- if (AES_set_encrypt_key(kek, keybits, &wctx)) +- goto err; +- r = AES_wrap_key(&wctx, iv, otmp, key, keylen); +- if (r <= 0) +- goto err; +- +- if (eout && memcmp(eout, otmp, keylen)) +- goto err; +- +- if (AES_set_decrypt_key(kek, keybits, &wctx)) +- goto err; +- r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); +- +- if (memcmp(key, ptmp, keylen)) +- goto err; +- +- ret = 1; +- +- err: +- if (otmp) +- OPENSSL_free(otmp); +- if (ptmp) +- OPENSSL_free(ptmp); +- +- return ret; +- ++ return CRYPTO_128_unwrap(key, iv, out, in, inlen, ++ (block128_f) AES_decrypt); + } +- +-int main(int argc, char **argv) +-{ +- +- static const unsigned char kek[] = { +- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, +- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, +- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +- }; +- +- static const unsigned char key[] = { +- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, +- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, +- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +- }; +- +- static const unsigned char e1[] = { +- 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, +- 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, +- 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 +- }; +- +- static const unsigned char e2[] = { +- 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, +- 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, +- 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d +- }; +- +- static const unsigned char e3[] = { +- 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, +- 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, +- 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 +- }; +- +- static const unsigned char e4[] = { +- 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, +- 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, +- 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, +- 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 +- }; +- +- static const unsigned char e5[] = { +- 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, +- 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, +- 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, +- 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 +- }; +- +- static const unsigned char e6[] = { +- 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, +- 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, +- 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, +- 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, +- 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 +- }; +- +- AES_KEY wctx, xctx; +- int ret; +- ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); +- fprintf(stderr, "Key test result %d\n", ret); +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c +index ef1caa4..f906188 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c +@@ -234,3 +234,29 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) + return (0); + return ((a->data[w] & v) != 0); + } ++ ++/* ++ * Checks if the given bit string contains only bits specified by ++ * the flags vector. Returns 0 if there is at least one bit set in 'a' ++ * which is not specified in 'flags', 1 otherwise. ++ * 'len' is the length of 'flags'. ++ */ ++int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, ++ unsigned char *flags, int flags_len) ++{ ++ int i, ok; ++ /* Check if there is one bit set at all. */ ++ if (!a || !a->data) ++ return 1; ++ ++ /* ++ * Check each byte of the internal representation of the bit string. ++ */ ++ ok = 1; ++ for (i = 0; i < a->length && ok; ++i) { ++ unsigned char mask = i < flags_len ? ~flags[i] : 0xff; ++ /* We are done if there is an unneeded bit set. */ ++ ok = (a->data[i] & mask) == 0; ++ } ++ return ok; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c +index 2c0a9ba..7cbc475 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c +@@ -86,7 +86,8 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + p = str; + i2d(data, &p); + +- EVP_Digest(str, i, md, len, type, NULL); ++ if (!EVP_Digest(str, i, md, len, type, NULL)) ++ return 0; + OPENSSL_free(str); + return (1); + } +@@ -103,7 +104,8 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, + if (!str) + return (0); + +- EVP_Digest(str, i, md, len, type, NULL); ++ if (!EVP_Digest(str, i, md, len, type, NULL)) ++ return 0; + OPENSSL_free(str); + return (1); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c +index 35e6540..349ab56 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c +@@ -62,7 +62,7 @@ + + #ifndef NO_OLD_ASN1 + +-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x) ++void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) + { + unsigned char *b, *p; + const unsigned char *p2; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c +index b504f2e..fa76dca 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c +@@ -65,6 +65,7 @@ + #include "cryptlib.h" + #include "o_time.h" + #include ++#include "asn1_locl.h" + + #if 0 + +@@ -117,10 +118,10 @@ ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, + + #endif + +-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) ++int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) + { +- static int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; +- static int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; ++ static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; ++ static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; + char *a; + int n, i, l, o; + +@@ -139,6 +140,8 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) + for (i = 0; i < 7; i++) { + if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { + i++; ++ if (tm) ++ tm->tm_sec = 0; + break; + } + if ((a[o] < '0') || (a[o] > '9')) +@@ -155,6 +158,31 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) + + if ((n < min[i]) || (n > max[i])) + goto err; ++ if (tm) { ++ switch (i) { ++ case 0: ++ tm->tm_year = n * 100 - 1900; ++ break; ++ case 1: ++ tm->tm_year += n; ++ break; ++ case 2: ++ tm->tm_mon = n - 1; ++ break; ++ case 3: ++ tm->tm_mday = n; ++ break; ++ case 4: ++ tm->tm_hour = n; ++ break; ++ case 5: ++ tm->tm_min = n; ++ break; ++ case 6: ++ tm->tm_sec = n; ++ break; ++ } ++ } + } + /* + * Optional fractional seconds: decimal point followed by one or more +@@ -174,6 +202,7 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) + if (a[o] == 'Z') + o++; + else if ((a[o] == '+') || (a[o] == '-')) { ++ int offsign = a[o] == '-' ? -1 : 1, offset = 0; + o++; + if (o + 4 > l) + goto err; +@@ -187,14 +216,30 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) + n = (n * 10) + a[o] - '0'; + if ((n < min[i]) || (n > max[i])) + goto err; ++ if (tm) { ++ if (i == 7) ++ offset = n * 3600; ++ else if (i == 8) ++ offset += n * 60; ++ } + o++; + } ++ if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign)) ++ return 0; ++ } else if (a[o]) { ++ /* Missing time zone information. */ ++ goto err; + } + return (o == l); + err: + return (0); + } + ++int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) ++{ ++ return asn1_generalizedtime_to_tm(NULL, d); ++} ++ + int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) + { + ASN1_GENERALIZEDTIME t; +@@ -217,6 +262,13 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) + ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t) + { ++ return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); ++} ++ ++ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, ++ time_t t, int offset_day, ++ long offset_sec) ++{ + char *p; + struct tm *ts; + struct tm data; +@@ -231,11 +283,16 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + if (ts == NULL) + return (NULL); + ++ if (offset_day || offset_sec) { ++ if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) ++ return NULL; ++ } ++ + p = (char *)s->data; + if ((p == NULL) || ((size_t)s->length < len)) { + p = OPENSSL_malloc(len); + if (p == NULL) { +- ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, ERR_R_MALLOC_FAILURE); ++ ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE); + return (NULL); + } + if (s->data != NULL) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c +deleted file mode 100644 +index e67afdc..0000000 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c ++++ /dev/null +@@ -1,118 +0,0 @@ +-/* crypto/asn1/a_hdr.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +- +-int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp) +-{ +- M_ASN1_I2D_vars(a); +- +- M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING); +- M_ASN1_I2D_len(a->data, a->meth->i2d); +- +- M_ASN1_I2D_seq_total(); +- +- M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING); +- M_ASN1_I2D_put(a->data, a->meth->i2d); +- +- M_ASN1_I2D_finish(); +-} +- +-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp, +- long length) +-{ +- M_ASN1_D2I_vars(a, ASN1_HEADER *, ASN1_HEADER_new); +- +- M_ASN1_D2I_Init(); +- M_ASN1_D2I_start_sequence(); +- M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->header, d2i_ASN1_OCTET_STRING); +- if (ret->meth != NULL) { +- M_ASN1_D2I_get_x(void, ret->data, ret->meth->d2i); +- } else { +- if (a != NULL) +- (*a) = ret; +- return (ret); +- } +- M_ASN1_D2I_Finish(a, ASN1_HEADER_free, ASN1_F_D2I_ASN1_HEADER); +-} +- +-ASN1_HEADER *ASN1_HEADER_new(void) +-{ +- ASN1_HEADER *ret = NULL; +- ASN1_CTX c; +- +- M_ASN1_New_Malloc(ret, ASN1_HEADER); +- M_ASN1_New(ret->header, M_ASN1_OCTET_STRING_new); +- ret->meth = NULL; +- ret->data = NULL; +- return (ret); +- M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW); +-} +- +-void ASN1_HEADER_free(ASN1_HEADER * a) +-{ +- if (a == NULL) +- return; +- M_ASN1_OCTET_STRING_free(a->header); +- if (a->meth != NULL) +- a->meth->destroy(a->data); +- OPENSSL_free(a); +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +index b788617..7e26704 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +@@ -61,12 +61,12 @@ + #include + #include + +-ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) ++ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) + { + return M_ASN1_INTEGER_dup(x); + } + +-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) ++int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) + { + int neg, ret; + /* Compare signs */ +@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) + else { + ret = a->length; + i = a->data[0]; ++ if (ret == 1 && i == 0) ++ neg = 0; + if (!neg && (i > 127)) { + pad = 1; + pb = 0; +@@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) + p += a->length - 1; + i = a->length; + /* Copy zeros to destination as long as source is zero */ +- while (!*n) { ++ while (!*n && i > 1) { + *(p--) = 0; + n--; + i--; +@@ -377,7 +379,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) + return (1); + } + +-long ASN1_INTEGER_get(ASN1_INTEGER *a) ++long ASN1_INTEGER_get(const ASN1_INTEGER *a) + { + int neg = 0, i; + long r = 0; +@@ -391,8 +393,8 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a) + return -1; + + if (a->length > (int)sizeof(long)) { +- /* hmm... a bit ugly */ +- return (0xffffffffL); ++ /* hmm... a bit ugly, return all ones */ ++ return -1; + } + if (a->data == NULL) + return 0; +@@ -406,7 +408,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a) + return (r); + } + +-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) ++ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) + { + ASN1_INTEGER *ret; + int len, j; +@@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) + ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); + goto err; + } +- if (BN_is_negative(bn)) ++ if (BN_is_negative(bn) && !BN_is_zero(bn)) + ret->type = V_ASN1_NEG_INTEGER; + else + ret->type = V_ASN1_INTEGER; +@@ -446,7 +448,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) + return (NULL); + } + +-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) ++BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) + { + BIGNUM *ret; + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c +deleted file mode 100644 +index 9c5efab..0000000 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c ++++ /dev/null +@@ -1,86 +0,0 @@ +-/* crypto/asn1/a_meth.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +- +-static ASN1_METHOD ia5string_meth = { +- (I2D_OF(void)) i2d_ASN1_IA5STRING, +- (D2I_OF(void)) d2i_ASN1_IA5STRING, +- (void *(*)(void))ASN1_STRING_new, +- (void (*)(void *))ASN1_STRING_free +-}; +- +-static ASN1_METHOD bit_string_meth = { +- (I2D_OF(void)) i2d_ASN1_BIT_STRING, +- (D2I_OF(void)) d2i_ASN1_BIT_STRING, +- (void *(*)(void))ASN1_STRING_new, +- (void (*)(void *))ASN1_STRING_free +-}; +- +-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void) +-{ +- return (&ia5string_meth); +-} +- +-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void) +-{ +- return (&bit_string_meth); +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +index aa1847c..27f9c16 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +@@ -262,8 +262,6 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + return ret; + err: + ASN1err(ASN1_F_D2I_ASN1_OBJECT, i); +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- ASN1_OBJECT_free(ret); + return (NULL); + } + +@@ -272,6 +270,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + { + ASN1_OBJECT *ret = NULL; + const unsigned char *p; ++ unsigned char *data; + int i, length; + + /* +@@ -305,17 +304,24 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + ret = (*a); + + p = *pp; +- if ((ret->data == NULL) || (ret->length < length)) { +- if (ret->data != NULL) +- OPENSSL_free(ret->data); +- ret->data = (unsigned char *)OPENSSL_malloc(length); +- ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; +- if (ret->data == NULL) { ++ /* detach data from object */ ++ data = (unsigned char *)ret->data; ++ ret->data = NULL; ++ /* once detached we can change it */ ++ if ((data == NULL) || (ret->length < length)) { ++ ret->length = 0; ++ if (data != NULL) ++ OPENSSL_free(data); ++ data = (unsigned char *)OPENSSL_malloc(length); ++ if (data == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } ++ ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; + } +- memcpy(ret->data, p, length); ++ memcpy(data, p, length); ++ /* reattach data to object, after which it remains const */ ++ ret->data = data; + ret->length = length; + ret->sn = NULL; + ret->ln = NULL; +@@ -368,7 +374,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a) + } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { + if (a->data != NULL) +- OPENSSL_free(a->data); ++ OPENSSL_free((void *)a->data); + a->data = NULL; + a->length = 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c +index 6ea1950..1a6e9ca 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c +@@ -60,12 +60,13 @@ + #include "cryptlib.h" + #include + +-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) ++ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) + { + return M_ASN1_OCTET_STRING_dup(x); + } + +-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) ++int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, ++ const ASN1_OCTET_STRING *b) + { + return M_ASN1_OCTET_STRING_cmp(a, b); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c +index 18bb408..bf3f971 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_set.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_set.c +@@ -86,8 +86,8 @@ static int SetBlobCmp(const void *elem1, const void *elem2) + /* + * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) + */ +-int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, +- int ex_class, int is_set) ++int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, ++ i2d_of_void *i2d, int ex_tag, int ex_class, int is_set) + { + int ret = 0, r; + int i; +@@ -98,8 +98,8 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, + + if (a == NULL) + return (0); +- for (i = sk_num(a) - 1; i >= 0; i--) +- ret += i2d(sk_value(a, i), NULL); ++ for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) ++ ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL); + r = ASN1_object_size(1, ret, ex_tag); + if (pp == NULL) + return (r); +@@ -111,9 +111,9 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, + /* And then again by Ben */ + /* And again by Steve */ + +- if (!is_set || (sk_num(a) < 2)) { +- for (i = 0; i < sk_num(a); i++) +- i2d(sk_value(a, i), &p); ++ if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) { ++ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) ++ i2d(sk_OPENSSL_BLOCK_value(a, i), &p); + + *pp = p; + return (r); +@@ -121,15 +121,15 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, + + pStart = p; /* Catch the beg of Setblobs */ + /* In this array we will store the SET blobs */ +- rgSetBlob = (MYBLOB *) OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB)); ++ rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB)); + if (rgSetBlob == NULL) { + ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); + return (0); + } + +- for (i = 0; i < sk_num(a); i++) { ++ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) { + rgSetBlob[i].pbData = p; /* catch each set encode blob */ +- i2d(sk_value(a, i), &p); ++ i2d(sk_OPENSSL_BLOCK_value(a, i), &p); + rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this + * SetBlob */ + } +@@ -140,7 +140,7 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, + * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs + * *Copy to temp-mem *Copy from temp-mem to user-mem + */ +- qsort(rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp); ++ qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp); + if (!(pTempMem = OPENSSL_malloc(totSize))) { + ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); + return (0); +@@ -148,7 +148,7 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, + + /* Copy to temp mem */ + p = pTempMem; +- for (i = 0; i < sk_num(a); ++i) { ++ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) { + memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData); + p += rgSetBlob[i].cbData; + } +@@ -161,15 +161,17 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, + return (r); + } + +-STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length, +- d2i_of_void *d2i, void (*free_func) (void *), int ex_tag, +- int ex_class) ++STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, ++ const unsigned char **pp, ++ long length, d2i_of_void *d2i, ++ void (*free_func) (OPENSSL_BLOCK), ++ int ex_tag, int ex_class) + { + ASN1_const_CTX c; +- STACK *ret = NULL; ++ STACK_OF(OPENSSL_BLOCK) *ret = NULL; + + if ((a == NULL) || ((*a) == NULL)) { +- if ((ret = sk_new_null()) == NULL) { ++ if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) { + ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -213,10 +215,10 @@ STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length, + */ + if ((s = d2i(NULL, &c.p, c.slen)) == NULL) { + ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT); +- asn1_add_error(*pp, (int)(c.q - *pp)); ++ asn1_add_error(*pp, (int)(c.p - *pp)); + goto err; + } +- if (!sk_push(ret, s)) ++ if (!sk_OPENSSL_BLOCK_push(ret, s)) + goto err; + } + if (a != NULL) +@@ -226,9 +228,9 @@ STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length, + err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) { + if (free_func != NULL) +- sk_pop_free(ret, free_func); ++ sk_OPENSSL_BLOCK_pop_free(ret, free_func); + else +- sk_free(ret); ++ sk_OPENSSL_BLOCK_free(ret); + } + return (NULL); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c +index 92a5a6c..51c6a0c 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c +@@ -123,6 +123,7 @@ + #include + #include + #include ++#include "asn1_locl.h" + + #ifndef NO_ASN1_OLD + +@@ -181,10 +182,10 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, + p = buf_in; + + i2d(data, &p); +- EVP_SignInit_ex(&ctx, type, NULL); +- EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); +- if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, +- (unsigned int *)&outl, pkey)) { ++ if (!EVP_SignInit_ex(&ctx, type, NULL) ++ || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) ++ || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, ++ (unsigned int *)&outl, pkey)) { + outl = 0; + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); + goto err; +@@ -220,64 +221,89 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + EVP_PKEY *pkey, const EVP_MD *type) + { + EVP_MD_CTX ctx; ++ EVP_MD_CTX_init(&ctx); ++ if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { ++ EVP_MD_CTX_cleanup(&ctx); ++ return 0; ++ } ++ return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); ++} ++ ++int ASN1_item_sign_ctx(const ASN1_ITEM *it, ++ X509_ALGOR *algor1, X509_ALGOR *algor2, ++ ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) ++{ ++ const EVP_MD *type; ++ EVP_PKEY *pkey; + unsigned char *buf_in = NULL, *buf_out = NULL; +- int i, inl = 0, outl = 0, outll = 0; +- X509_ALGOR *a; ++ size_t inl = 0, outl = 0, outll = 0; ++ int signid, paramtype; ++ int rv; + +- EVP_MD_CTX_init(&ctx); +- for (i = 0; i < 2; i++) { +- if (i == 0) +- a = algor1; +- else +- a = algor2; +- if (a == NULL) +- continue; +- if (type->pkey_type == NID_dsaWithSHA1 || +- type->pkey_type == NID_ecdsa_with_SHA1) { +- /* +- * special case: RFC 3279 tells us to omit 'parameters' with +- * id-dsa-with-sha1 and ecdsa-with-SHA1 +- */ +- ASN1_TYPE_free(a->parameter); +- a->parameter = NULL; +- } else if ((a->parameter == NULL) || +- (a->parameter->type != V_ASN1_NULL)) { +- ASN1_TYPE_free(a->parameter); +- if ((a->parameter = ASN1_TYPE_new()) == NULL) +- goto err; +- a->parameter->type = V_ASN1_NULL; +- } +- ASN1_OBJECT_free(a->algorithm); +- a->algorithm = OBJ_nid2obj(type->pkey_type); +- if (a->algorithm == NULL) { +- ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); +- goto err; +- } +- if (a->algorithm->length == 0) { +- ASN1err(ASN1_F_ASN1_ITEM_SIGN, +- ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); ++ type = EVP_MD_CTX_md(ctx); ++ pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); ++ ++ if (!type || !pkey) { ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); ++ return 0; ++ } ++ ++ if (pkey->ameth->item_sign) { ++ rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature); ++ if (rv == 1) ++ outl = signature->length; ++ /*- ++ * Return value meanings: ++ * <=0: error. ++ * 1: method does everything. ++ * 2: carry on as normal. ++ * 3: ASN1 method sets algorithm identifiers: just sign. ++ */ ++ if (rv <= 0) ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); ++ if (rv <= 1) + goto err; +- } ++ } else ++ rv = 2; ++ ++ if (rv == 2) { ++ if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { ++ if (!pkey->ameth || ++ !OBJ_find_sigid_by_algs(&signid, ++ EVP_MD_nid(type), ++ pkey->ameth->pkey_id)) { ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ++ ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); ++ return 0; ++ } ++ } else ++ signid = type->pkey_type; ++ ++ if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) ++ paramtype = V_ASN1_NULL; ++ else ++ paramtype = V_ASN1_UNDEF; ++ ++ if (algor1) ++ X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); ++ if (algor2) ++ X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); ++ + } ++ + inl = ASN1_item_i2d(asn, &buf_in, it); + outll = outl = EVP_PKEY_size(pkey); +- buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); ++ buf_out = OPENSSL_malloc((unsigned int)outl); + if ((buf_in == NULL) || (buf_out == NULL)) { + outl = 0; +- ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE); + goto err; + } + +- if (!EVP_SignInit_ex(&ctx, type, NULL)) { +- outl = 0; +- ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); +- goto err; +- } +- EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); +- if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, +- (unsigned int *)&outl, pkey)) { ++ if (!EVP_DigestSignUpdate(ctx, buf_in, inl) ++ || !EVP_DigestSignFinal(ctx, buf_out, &outl)) { + outl = 0; +- ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); + goto err; + } + if (signature->data != NULL) +@@ -292,7 +318,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + err: +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_cleanup(ctx); + if (buf_in != NULL) { + OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); + OPENSSL_free(buf_in); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +index f650708..35fd44c 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +@@ -638,6 +638,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) + mbflag |= MBSTRING_FLAG; + stmp.data = NULL; + stmp.length = 0; ++ stmp.flags = 0; + ret = + ASN1_mbstring_copy(&str, in->data, in->length, mbflag, + B_ASN1_UTF8STRING); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +index 1796fba..5224345 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +@@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; + static void st_free(ASN1_STRING_TABLE *tbl); + static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, + const ASN1_STRING_TABLE *const *b); +-static int table_cmp(const void *a, const void *b); + + /* + * This is the global mask for the mbstring functions: this is use to mask +@@ -171,7 +170,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + + /* This table must be kept in NID order */ + +-static ASN1_STRING_TABLE tbl_standard[] = { ++static const ASN1_STRING_TABLE tbl_standard[] = { + {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, + {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, +@@ -202,24 +201,24 @@ static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, + return (*a)->nid - (*b)->nid; + } + +-static int table_cmp(const void *a, const void *b) ++DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); ++ ++static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) + { +- const ASN1_STRING_TABLE *sa = a, *sb = b; +- return sa->nid - sb->nid; ++ return a->nid - b->nid; + } + ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); ++ + ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) + { + int idx; + ASN1_STRING_TABLE *ttmp; + ASN1_STRING_TABLE fnd; + fnd.nid = nid; +- ttmp = (ASN1_STRING_TABLE *)OBJ_bsearch((char *)&fnd, +- (char *)tbl_standard, +- sizeof(tbl_standard) / +- sizeof(ASN1_STRING_TABLE), +- sizeof(ASN1_STRING_TABLE), +- table_cmp); ++ ttmp = OBJ_bsearch_table(&fnd, tbl_standard, ++ sizeof(tbl_standard) / ++ sizeof(ASN1_STRING_TABLE)); + if (ttmp) + return ttmp; + if (!stable) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c +index 34ac720..fcb2d56 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_time.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_time.c +@@ -66,6 +66,7 @@ + #include "cryptlib.h" + #include "o_time.h" + #include ++#include "asn1_locl.h" + + IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) + +@@ -100,17 +101,27 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) + + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) + { ++ return ASN1_TIME_adj(s, t, 0, 0); ++} ++ ++ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, ++ int offset_day, long offset_sec) ++{ + struct tm *ts; + struct tm data; + + ts = OPENSSL_gmtime(&t, &data); + if (ts == NULL) { +- ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); ++ ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME); + return NULL; + } ++ if (offset_day || offset_sec) { ++ if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) ++ return NULL; ++ } + if ((ts->tm_year >= 50) && (ts->tm_year < 150)) +- return ASN1_UTCTIME_set(s, t); +- return ASN1_GENERALIZEDTIME_set(s, t); ++ return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); ++ return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); + } + + int ASN1_TIME_check(ASN1_TIME *t) +@@ -164,3 +175,54 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, + + return ret; + } ++ ++int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) ++{ ++ ASN1_TIME t; ++ ++ t.length = strlen(str); ++ t.data = (unsigned char *)str; ++ t.flags = 0; ++ ++ t.type = V_ASN1_UTCTIME; ++ ++ if (!ASN1_TIME_check(&t)) { ++ t.type = V_ASN1_GENERALIZEDTIME; ++ if (!ASN1_TIME_check(&t)) ++ return 0; ++ } ++ ++ if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) ++ return 0; ++ ++ return 1; ++} ++ ++static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t) ++{ ++ if (t == NULL) { ++ time_t now_t; ++ time(&now_t); ++ if (OPENSSL_gmtime(&now_t, tm)) ++ return 1; ++ return 0; ++ } ++ ++ if (t->type == V_ASN1_UTCTIME) ++ return asn1_utctime_to_tm(tm, t); ++ else if (t->type == V_ASN1_GENERALIZEDTIME) ++ return asn1_generalizedtime_to_tm(tm, t); ++ ++ return 0; ++} ++ ++int ASN1_TIME_diff(int *pday, int *psec, ++ const ASN1_TIME *from, const ASN1_TIME *to) ++{ ++ struct tm tm_from, tm_to; ++ if (!asn1_time_to_tm(&tm_from, from)) ++ return 0; ++ if (!asn1_time_to_tm(&tm_to, to)) ++ return 0; ++ return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c +index 69a5cf6..af79530 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_type.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_type.c +@@ -76,7 +76,10 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) + ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); + } + a->type = type; +- a->value.ptr = value; ++ if (type == V_ASN1_BOOLEAN) ++ a->value.boolean = value ? 0xff : 0; ++ else ++ a->value.ptr = value; + } + + int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) +@@ -92,7 +95,7 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) + ASN1_TYPE_set(a, type, odup); + } else { + ASN1_STRING *sdup; +- sdup = ASN1_STRING_dup((ASN1_STRING *)value); ++ sdup = ASN1_STRING_dup(value); + if (!sdup) + return 0; + ASN1_TYPE_set(a, type, sdup); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c +index 2aabc67..724a10b 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c +@@ -61,6 +61,7 @@ + #include "cryptlib.h" + #include "o_time.h" + #include ++#include "asn1_locl.h" + + #if 0 + int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) +@@ -109,10 +110,10 @@ ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, + + #endif + +-int ASN1_UTCTIME_check(ASN1_UTCTIME *d) ++int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) + { +- static int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; +- static int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 }; ++ static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; ++ static const int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 }; + char *a; + int n, i, l, o; + +@@ -127,6 +128,8 @@ int ASN1_UTCTIME_check(ASN1_UTCTIME *d) + for (i = 0; i < 6; i++) { + if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { + i++; ++ if (tm) ++ tm->tm_sec = 0; + break; + } + if ((a[o] < '0') || (a[o] > '9')) +@@ -143,10 +146,33 @@ int ASN1_UTCTIME_check(ASN1_UTCTIME *d) + + if ((n < min[i]) || (n > max[i])) + goto err; ++ if (tm) { ++ switch (i) { ++ case 0: ++ tm->tm_year = n < 50 ? n + 100 : n; ++ break; ++ case 1: ++ tm->tm_mon = n - 1; ++ break; ++ case 2: ++ tm->tm_mday = n; ++ break; ++ case 3: ++ tm->tm_hour = n; ++ break; ++ case 4: ++ tm->tm_min = n; ++ break; ++ case 5: ++ tm->tm_sec = n; ++ break; ++ } ++ } + } + if (a[o] == 'Z') + o++; + else if ((a[o] == '+') || (a[o] == '-')) { ++ int offsign = a[o] == '-' ? -1 : 1, offset = 0; + o++; + if (o + 4 > l) + goto err; +@@ -160,12 +186,25 @@ int ASN1_UTCTIME_check(ASN1_UTCTIME *d) + n = (n * 10) + a[o] - '0'; + if ((n < min[i]) || (n > max[i])) + goto err; ++ if (tm) { ++ if (i == 6) ++ offset = n * 3600; ++ else if (i == 7) ++ offset += n * 60; ++ } + o++; + } ++ if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign)) ++ return 0; + } +- return (o == l); ++ return o == l; + err: +- return (0); ++ return 0; ++} ++ ++int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) ++{ ++ return asn1_utctime_to_tm(NULL, d); + } + + int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) +@@ -189,26 +228,43 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) + + ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) + { ++ return ASN1_UTCTIME_adj(s, t, 0, 0); ++} ++ ++ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, ++ int offset_day, long offset_sec) ++{ + char *p; + struct tm *ts; + struct tm data; + size_t len = 20; ++ int free_s = 0; + +- if (s == NULL) ++ if (s == NULL) { ++ free_s = 1; + s = M_ASN1_UTCTIME_new(); ++ } + if (s == NULL) +- return (NULL); ++ goto err; + + ts = OPENSSL_gmtime(&t, &data); + if (ts == NULL) +- return (NULL); ++ goto err; ++ ++ if (offset_day || offset_sec) { ++ if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) ++ goto err; ++ } ++ ++ if ((ts->tm_year < 50) || (ts->tm_year >= 150)) ++ goto err; + + p = (char *)s->data; + if ((p == NULL) || ((size_t)s->length < len)) { + p = OPENSSL_malloc(len); + if (p == NULL) { +- ASN1err(ASN1_F_ASN1_UTCTIME_SET, ERR_R_MALLOC_FAILURE); +- return (NULL); ++ ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE); ++ goto err; + } + if (s->data != NULL) + OPENSSL_free(s->data); +@@ -224,42 +280,34 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) + ebcdic2ascii(s->data, s->data, s->length); + #endif + return (s); ++ err: ++ if (free_s && s) ++ M_ASN1_UTCTIME_free(s); ++ return NULL; + } + + int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) + { +- struct tm *tm; +- struct tm data; +- int offset; +- int year; +- +-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') +- +- if (s->data[12] == 'Z') +- offset = 0; +- else { +- offset = g2(s->data + 13) * 60 + g2(s->data + 15); +- if (s->data[12] == '-') +- offset = -offset; +- } ++ struct tm stm, ttm; ++ int day, sec; + +- t -= offset * 60; /* FIXME: may overflow in extreme cases */ ++ if (!asn1_utctime_to_tm(&stm, s)) ++ return -2; + +- tm = OPENSSL_gmtime(&t, &data); ++ if (!OPENSSL_gmtime(&t, &ttm)) ++ return -2; + +-#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 +- year = g2(s->data); +- if (year < 50) +- year += 100; +- return_cmp(year, tm->tm_year); +- return_cmp(g2(s->data + 2) - 1, tm->tm_mon); +- return_cmp(g2(s->data + 4), tm->tm_mday); +- return_cmp(g2(s->data + 6), tm->tm_hour); +- return_cmp(g2(s->data + 8), tm->tm_min); +- return_cmp(g2(s->data + 10), tm->tm_sec); +-#undef g2 +-#undef return_cmp ++ if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) ++ return -2; + ++ if (day > 0) ++ return 1; ++ if (day < 0) ++ return -1; ++ if (sec > 0) ++ return 1; ++ if (sec < 0) ++ return -1; + return 0; + } + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +index afbfa02..3ffd934 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +@@ -60,6 +60,7 @@ + #include + + #include "cryptlib.h" ++#include "asn1_locl.h" + + #ifndef NO_SYS_TYPES_H + # include +@@ -103,12 +104,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, + p = buf_in; + + i2d(data, &p); +- if (!EVP_VerifyInit_ex(&ctx, type, NULL)) { ++ if (!EVP_VerifyInit_ex(&ctx, type, NULL) ++ || !EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl)) { + ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); + ret = 0; + goto err; + } +- EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); + + OPENSSL_cleanse(buf_in, (unsigned int)inl); + OPENSSL_free(buf_in); +@@ -136,9 +137,10 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) + { + EVP_MD_CTX ctx; +- const EVP_MD *type; + unsigned char *buf_in = NULL; +- int ret = -1, i, inl; ++ int ret = -1, inl; ++ ++ int mdnid, pknid; + + if (!pkey) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); +@@ -151,18 +153,48 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + } + + EVP_MD_CTX_init(&ctx); +- i = OBJ_obj2nid(a->algorithm); +- type = EVP_get_digestbyname(OBJ_nid2sn(i)); +- if (type == NULL) { +- ASN1err(ASN1_F_ASN1_ITEM_VERIFY, +- ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ ++ /* Convert signature OID into digest and public key OIDs */ ++ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + goto err; + } ++ if (mdnid == NID_undef) { ++ if (!pkey->ameth || !pkey->ameth->item_verify) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ++ ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); ++ goto err; ++ } ++ ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); ++ /* ++ * Return value of 2 means carry on, anything else means we exit ++ * straight away: either a fatal error of the underlying verification ++ * routine handles all verification. ++ */ ++ if (ret != 2) ++ goto err; ++ ret = -1; ++ } else { ++ const EVP_MD *type; ++ type = EVP_get_digestbynid(mdnid); ++ if (type == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ++ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; ++ } ++ ++ /* Check public key OID matches public key type */ ++ if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE); ++ goto err; ++ } ++ ++ if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ++ ret = 0; ++ goto err; ++ } + +- if (!EVP_VerifyInit_ex(&ctx, type, NULL)) { +- ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); +- ret = 0; +- goto err; + } + + inl = ASN1_item_i2d(asn, &buf_in, it); +@@ -172,13 +204,17 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + goto err; + } + +- EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); ++ if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ++ ret = 0; ++ goto err; ++ } + + OPENSSL_cleanse(buf_in, (unsigned int)inl); + OPENSSL_free(buf_in); + +- if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, +- (unsigned int)signature->length, pkey) <= 0) { ++ if (EVP_DigestVerifyFinal(&ctx, signature->data, ++ (size_t)signature->length) <= 0) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); + ret = 0; + goto err; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c b/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c +new file mode 100644 +index 0000000..5389c04 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c +@@ -0,0 +1,484 @@ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++#include "asn1_locl.h" ++ ++extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; ++extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; ++extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; ++extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; ++extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; ++extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; ++extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; ++ ++/* Keep this sorted in type order !! */ ++static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { ++#ifndef OPENSSL_NO_RSA ++ &rsa_asn1_meths[0], ++ &rsa_asn1_meths[1], ++#endif ++#ifndef OPENSSL_NO_DH ++ &dh_asn1_meth, ++#endif ++#ifndef OPENSSL_NO_DSA ++ &dsa_asn1_meths[0], ++ &dsa_asn1_meths[1], ++ &dsa_asn1_meths[2], ++ &dsa_asn1_meths[3], ++ &dsa_asn1_meths[4], ++#endif ++#ifndef OPENSSL_NO_EC ++ &eckey_asn1_meth, ++#endif ++ &hmac_asn1_meth, ++ &cmac_asn1_meth, ++#ifndef OPENSSL_NO_DH ++ &dhx_asn1_meth ++#endif ++}; ++ ++typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); ++DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD) ++static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; ++ ++#ifdef TEST ++void main() ++{ ++ int i; ++ for (i = 0; ++ i < sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); i++) ++ fprintf(stderr, "Number %d id=%d (%s)\n", i, ++ standard_methods[i]->pkey_id, ++ OBJ_nid2sn(standard_methods[i]->pkey_id)); ++} ++#endif ++ ++DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, ++ const EVP_PKEY_ASN1_METHOD *, ameth); ++ ++static int ameth_cmp(const EVP_PKEY_ASN1_METHOD *const *a, ++ const EVP_PKEY_ASN1_METHOD *const *b) ++{ ++ return ((*a)->pkey_id - (*b)->pkey_id); ++} ++ ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, ++ const EVP_PKEY_ASN1_METHOD *, ameth); ++ ++int EVP_PKEY_asn1_get_count(void) ++{ ++ int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); ++ if (app_methods) ++ num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods); ++ return num; ++} ++ ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx) ++{ ++ int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); ++ if (idx < 0) ++ return NULL; ++ if (idx < num) ++ return standard_methods[idx]; ++ idx -= num; ++ return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); ++} ++ ++static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) ++{ ++ EVP_PKEY_ASN1_METHOD tmp; ++ const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret; ++ tmp.pkey_id = type; ++ if (app_methods) { ++ int idx; ++ idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp); ++ if (idx >= 0) ++ return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); ++ } ++ ret = OBJ_bsearch_ameth(&t, standard_methods, sizeof(standard_methods) ++ / sizeof(EVP_PKEY_ASN1_METHOD *)); ++ if (!ret || !*ret) ++ return NULL; ++ return *ret; ++} ++ ++/* ++ * Find an implementation of an ASN1 algorithm. If 'pe' is not NULL also ++ * search through engines and set *pe to a functional reference to the engine ++ * implementing 'type' or NULL if no engine implements it. ++ */ ++ ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) ++{ ++ const EVP_PKEY_ASN1_METHOD *t; ++ ++ for (;;) { ++ t = pkey_asn1_find(type); ++ if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS)) ++ break; ++ type = t->pkey_base_id; ++ } ++ if (pe) { ++#ifndef OPENSSL_NO_ENGINE ++ ENGINE *e; ++ /* type will contain the final unaliased type */ ++ e = ENGINE_get_pkey_asn1_meth_engine(type); ++ if (e) { ++ *pe = e; ++ return ENGINE_get_pkey_asn1_meth(e, type); ++ } ++#endif ++ *pe = NULL; ++ } ++ return t; ++} ++ ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, ++ const char *str, int len) ++{ ++ int i; ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ if (len == -1) ++ len = strlen(str); ++ if (pe) { ++#ifndef OPENSSL_NO_ENGINE ++ ENGINE *e; ++ ameth = ENGINE_pkey_asn1_find_str(&e, str, len); ++ if (ameth) { ++ /* ++ * Convert structural into functional reference ++ */ ++ if (!ENGINE_init(e)) ++ ameth = NULL; ++ ENGINE_free(e); ++ *pe = e; ++ return ameth; ++ } ++#endif ++ *pe = NULL; ++ } ++ for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { ++ ameth = EVP_PKEY_asn1_get0(i); ++ if (ameth->pkey_flags & ASN1_PKEY_ALIAS) ++ continue; ++ if (((int)strlen(ameth->pem_str) == len) && ++ !strncasecmp(ameth->pem_str, str, len)) ++ return ameth; ++ } ++ return NULL; ++} ++ ++int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) ++{ ++ if (app_methods == NULL) { ++ app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); ++ if (!app_methods) ++ return 0; ++ } ++ if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) ++ return 0; ++ sk_EVP_PKEY_ASN1_METHOD_sort(app_methods); ++ return 1; ++} ++ ++int EVP_PKEY_asn1_add_alias(int to, int from) ++{ ++ EVP_PKEY_ASN1_METHOD *ameth; ++ ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL); ++ if (!ameth) ++ return 0; ++ ameth->pkey_base_id = to; ++ if (!EVP_PKEY_asn1_add0(ameth)) { ++ EVP_PKEY_asn1_free(ameth); ++ return 0; ++ } ++ return 1; ++} ++ ++int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, ++ int *ppkey_flags, const char **pinfo, ++ const char **ppem_str, ++ const EVP_PKEY_ASN1_METHOD *ameth) ++{ ++ if (!ameth) ++ return 0; ++ if (ppkey_id) ++ *ppkey_id = ameth->pkey_id; ++ if (ppkey_base_id) ++ *ppkey_base_id = ameth->pkey_base_id; ++ if (ppkey_flags) ++ *ppkey_flags = ameth->pkey_flags; ++ if (pinfo) ++ *pinfo = ameth->info; ++ if (ppem_str) ++ *ppem_str = ameth->pem_str; ++ return 1; ++} ++ ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey) ++{ ++ return pkey->ameth; ++} ++ ++EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, ++ const char *pem_str, const char *info) ++{ ++ EVP_PKEY_ASN1_METHOD *ameth; ++ ameth = OPENSSL_malloc(sizeof(EVP_PKEY_ASN1_METHOD)); ++ if (!ameth) ++ return NULL; ++ ++ memset(ameth, 0, sizeof(EVP_PKEY_ASN1_METHOD)); ++ ++ ameth->pkey_id = id; ++ ameth->pkey_base_id = id; ++ ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC; ++ ++ if (info) { ++ ameth->info = BUF_strdup(info); ++ if (!ameth->info) ++ goto err; ++ } else ++ ameth->info = NULL; ++ ++ if (pem_str) { ++ ameth->pem_str = BUF_strdup(pem_str); ++ if (!ameth->pem_str) ++ goto err; ++ } else ++ ameth->pem_str = NULL; ++ ++ ameth->pub_decode = 0; ++ ameth->pub_encode = 0; ++ ameth->pub_cmp = 0; ++ ameth->pub_print = 0; ++ ++ ameth->priv_decode = 0; ++ ameth->priv_encode = 0; ++ ameth->priv_print = 0; ++ ++ ameth->old_priv_encode = 0; ++ ameth->old_priv_decode = 0; ++ ++ ameth->item_verify = 0; ++ ameth->item_sign = 0; ++ ++ ameth->pkey_size = 0; ++ ameth->pkey_bits = 0; ++ ++ ameth->param_decode = 0; ++ ameth->param_encode = 0; ++ ameth->param_missing = 0; ++ ameth->param_copy = 0; ++ ameth->param_cmp = 0; ++ ameth->param_print = 0; ++ ++ ameth->pkey_free = 0; ++ ameth->pkey_ctrl = 0; ++ ++ return ameth; ++ ++ err: ++ ++ EVP_PKEY_asn1_free(ameth); ++ return NULL; ++ ++} ++ ++void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, ++ const EVP_PKEY_ASN1_METHOD *src) ++{ ++ ++ dst->pub_decode = src->pub_decode; ++ dst->pub_encode = src->pub_encode; ++ dst->pub_cmp = src->pub_cmp; ++ dst->pub_print = src->pub_print; ++ ++ dst->priv_decode = src->priv_decode; ++ dst->priv_encode = src->priv_encode; ++ dst->priv_print = src->priv_print; ++ ++ dst->old_priv_encode = src->old_priv_encode; ++ dst->old_priv_decode = src->old_priv_decode; ++ ++ dst->pkey_size = src->pkey_size; ++ dst->pkey_bits = src->pkey_bits; ++ ++ dst->param_decode = src->param_decode; ++ dst->param_encode = src->param_encode; ++ dst->param_missing = src->param_missing; ++ dst->param_copy = src->param_copy; ++ dst->param_cmp = src->param_cmp; ++ dst->param_print = src->param_print; ++ ++ dst->pkey_free = src->pkey_free; ++ dst->pkey_ctrl = src->pkey_ctrl; ++ ++ dst->item_sign = src->item_sign; ++ dst->item_verify = src->item_verify; ++ ++} ++ ++void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) ++{ ++ if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) { ++ if (ameth->pem_str) ++ OPENSSL_free(ameth->pem_str); ++ if (ameth->info) ++ OPENSSL_free(ameth->info); ++ OPENSSL_free(ameth); ++ } ++} ++ ++void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*pub_decode) (EVP_PKEY *pk, ++ X509_PUBKEY *pub), ++ int (*pub_encode) (X509_PUBKEY *pub, ++ const EVP_PKEY *pk), ++ int (*pub_cmp) (const EVP_PKEY *a, ++ const EVP_PKEY *b), ++ int (*pub_print) (BIO *out, ++ const EVP_PKEY *pkey, ++ int indent, ASN1_PCTX *pctx), ++ int (*pkey_size) (const EVP_PKEY *pk), ++ int (*pkey_bits) (const EVP_PKEY *pk)) ++{ ++ ameth->pub_decode = pub_decode; ++ ameth->pub_encode = pub_encode; ++ ameth->pub_cmp = pub_cmp; ++ ameth->pub_print = pub_print; ++ ameth->pkey_size = pkey_size; ++ ameth->pkey_bits = pkey_bits; ++} ++ ++void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*priv_decode) (EVP_PKEY *pk, ++ PKCS8_PRIV_KEY_INFO ++ *p8inf), ++ int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, ++ const EVP_PKEY *pk), ++ int (*priv_print) (BIO *out, ++ const EVP_PKEY *pkey, ++ int indent, ++ ASN1_PCTX *pctx)) ++{ ++ ameth->priv_decode = priv_decode; ++ ameth->priv_encode = priv_encode; ++ ameth->priv_print = priv_print; ++} ++ ++void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*param_decode) (EVP_PKEY *pkey, ++ const unsigned char **pder, ++ int derlen), ++ int (*param_encode) (const EVP_PKEY *pkey, ++ unsigned char **pder), ++ int (*param_missing) (const EVP_PKEY *pk), ++ int (*param_copy) (EVP_PKEY *to, ++ const EVP_PKEY *from), ++ int (*param_cmp) (const EVP_PKEY *a, ++ const EVP_PKEY *b), ++ int (*param_print) (BIO *out, ++ const EVP_PKEY *pkey, ++ int indent, ASN1_PCTX *pctx)) ++{ ++ ameth->param_decode = param_decode; ++ ameth->param_encode = param_encode; ++ ameth->param_missing = param_missing; ++ ameth->param_copy = param_copy; ++ ameth->param_cmp = param_cmp; ++ ameth->param_print = param_print; ++} ++ ++void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, ++ void (*pkey_free) (EVP_PKEY *pkey)) ++{ ++ ameth->pkey_free = pkey_free; ++} ++ ++void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*pkey_ctrl) (EVP_PKEY *pkey, int op, ++ long arg1, void *arg2)) ++{ ++ ameth->pkey_ctrl = pkey_ctrl; ++} ++ ++void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, ++ int (*item_verify) (EVP_MD_CTX *ctx, ++ const ASN1_ITEM *it, ++ void *asn, ++ X509_ALGOR *a, ++ ASN1_BIT_STRING *sig, ++ EVP_PKEY *pkey), ++ int (*item_sign) (EVP_MD_CTX *ctx, ++ const ASN1_ITEM *it, ++ void *asn, ++ X509_ALGOR *alg1, ++ X509_ALGOR *alg2, ++ ASN1_BIT_STRING *sig)) ++{ ++ ameth->item_sign = item_sign; ++ ameth->item_verify = item_verify; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c +index 43e4c19..fd4ac8d 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c +@@ -90,10 +90,11 @@ static ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, + {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, + {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, ++ {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"}, + {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, + {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, + {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, +- {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"}, ++ {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"}, + {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, + {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, + {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, +@@ -106,13 +107,14 @@ static ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX), "ASN1_item_sign_ctx"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, + {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, + {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, + {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, + {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, +- {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, ++ {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"}, + {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, + {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, + {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, +@@ -124,15 +126,18 @@ static ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, + {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, + {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, ++ {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"}, + {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, + {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), + "ASN1_TYPE_get_int_octetstring"}, + {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, + {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, ++ {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"}, + {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, + {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, + {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, + {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, ++ {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"}, + {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, + {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, + {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, +@@ -144,13 +149,14 @@ static ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"}, +- {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "D2I_ASN1_HEADER"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, ++ {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, + {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, + {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, + {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, +@@ -160,6 +166,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, + {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, + {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, ++ {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, + {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, +@@ -171,8 +178,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, + {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, + {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, +- {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, ++ {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, + {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, ++ {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, ++ {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"}, + {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, + {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, + {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, +@@ -202,10 +211,13 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), + "cipher has no object identifier"}, ++ {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"}, + {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"}, + {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"}, + {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"}, ++ {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), ++ "digest and key type not supported"}, + {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"}, + {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"}, + {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"}, +@@ -271,6 +283,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, + {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, + {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"}, ++ {ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST), "no default digest"}, + {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"}, + {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE), + "no multipart body failure"}, +@@ -309,8 +322,10 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + "unknown message digest algorithm"}, + {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"}, + {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"}, ++ {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), ++ "unknown signature algorithm"}, + {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"}, +- {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unkown format"}, ++ {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unknown format"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), + "unsupported any defined by type"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, +@@ -319,6 +334,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), + "unsupported public key type"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, ++ {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, + {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"}, + {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"}, + {0, NULL} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c +index 596b656..6574923 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c +@@ -74,6 +74,8 @@ + #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} + + #define ASN1_FLAG_EXP_MAX 20 ++/* Maximum number of nested sequences */ ++#define ASN1_GEN_SEQ_MAX_DEPTH 50 + + /* Input formats */ + +@@ -110,13 +112,16 @@ typedef struct { + int exp_count; + } tag_exp_arg; + ++static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, ++ int *perr); + static int bitstr_cb(const char *elem, int len, void *bitstr); + static int asn1_cb(const char *elem, int len, void *bitstr); + static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, + int exp_constructed, int exp_pad, int imp_ok); + static int parse_tagging(const char *vstart, int vlen, int *ptag, + int *pclass); +-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); ++static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, ++ int depth, int *perr); + static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); + static int asn1_str2tag(const char *tagstr, int len); + +@@ -133,6 +138,16 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) + + ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) + { ++ int err = 0; ++ ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); ++ if (err) ++ ASN1err(ASN1_F_ASN1_GENERATE_V3, err); ++ return ret; ++} ++ ++static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, ++ int *perr) ++{ + ASN1_TYPE *ret; + tag_exp_arg asn1_tags; + tag_exp_type *etmp; +@@ -152,17 +167,22 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) + asn1_tags.imp_class = -1; + asn1_tags.format = ASN1_GEN_FORMAT_ASCII; + asn1_tags.exp_count = 0; +- if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) ++ if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) { ++ *perr = ASN1_R_UNKNOWN_TAG; + return NULL; ++ } + + if ((asn1_tags.utype == V_ASN1_SEQUENCE) + || (asn1_tags.utype == V_ASN1_SET)) { + if (!cnf) { +- ASN1err(ASN1_F_ASN1_GENERATE_V3, +- ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); ++ *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG; ++ return NULL; ++ } ++ if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) { ++ *perr = ASN1_R_ILLEGAL_NESTED_TAGGING; + return NULL; + } +- ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); ++ ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr); + } else + ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); + +@@ -242,9 +262,14 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) + + /* If IMPLICIT, output tag */ + +- if (asn1_tags.imp_tag != -1) ++ if (asn1_tags.imp_tag != -1) { ++ if (asn1_tags.imp_class == V_ASN1_UNIVERSAL ++ && (asn1_tags.imp_tag == V_ASN1_SEQUENCE ++ || asn1_tags.imp_tag == V_ASN1_SET)) ++ hdr_constructed = V_ASN1_CONSTRUCTED; + ASN1_put_object(&p, hdr_constructed, hdr_len, + asn1_tags.imp_tag, asn1_tags.imp_class); ++ } + + /* Copy across original encoding */ + memcpy(p, cpy_start, cpy_len); +@@ -274,6 +299,9 @@ static int asn1_cb(const char *elem, int len, void *bitstr) + + int tmp_tag, tmp_class; + ++ if (elem == NULL) ++ return -1; ++ + for (i = 0, p = elem; i < len; p++, i++) { + /* Look for the ':' in name value pairs */ + if (*p == ':') { +@@ -345,13 +373,17 @@ static int asn1_cb(const char *elem, int len, void *bitstr) + break; + + case ASN1_GEN_FLAG_FORMAT: ++ if (!vstart) { ++ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); ++ return -1; ++ } + if (!strncmp(vstart, "ASCII", 5)) + arg->format = ASN1_GEN_FORMAT_ASCII; + else if (!strncmp(vstart, "UTF8", 4)) + arg->format = ASN1_GEN_FORMAT_UTF8; + else if (!strncmp(vstart, "HEX", 3)) + arg->format = ASN1_GEN_FORMAT_HEX; +- else if (!strncmp(vstart, "BITLIST", 3)) ++ else if (!strncmp(vstart, "BITLIST", 7)) + arg->format = ASN1_GEN_FORMAT_BITLIST; + else { + ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); +@@ -423,14 +455,15 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) + + /* Handle multiple types: SET and SEQUENCE */ + +-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) ++static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, ++ int depth, int *perr) + { +- ASN1_TYPE *ret = NULL, *typ = NULL; ++ ASN1_TYPE *ret = NULL; + STACK_OF(ASN1_TYPE) *sk = NULL; + STACK_OF(CONF_VALUE) *sect = NULL; +- unsigned char *der = NULL, *p; ++ unsigned char *der = NULL; + int derlen; +- int i, is_set; ++ int i; + sk = sk_ASN1_TYPE_new_null(); + if (!sk) + goto bad; +@@ -441,12 +474,13 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) + if (!sect) + goto bad; + for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { +- typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); ++ ASN1_TYPE *typ = ++ generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, ++ depth + 1, perr); + if (!typ) + goto bad; + if (!sk_ASN1_TYPE_push(sk, typ)) + goto bad; +- typ = NULL; + } + } + +@@ -455,18 +489,12 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) + */ + + if (utype == V_ASN1_SET) +- is_set = 1; ++ derlen = i2d_ASN1_SET_ANY(sk, &der); + else +- is_set = 0; ++ derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); + +- derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, +- V_ASN1_UNIVERSAL, is_set); +- der = OPENSSL_malloc(derlen); +- if (!der) ++ if (derlen < 0) + goto bad; +- p = der; +- i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype, +- V_ASN1_UNIVERSAL, is_set); + + if (!(ret = ASN1_TYPE_new())) + goto bad; +@@ -488,8 +516,6 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) + + if (sk) + sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); +- if (typ) +- ASN1_TYPE_free(typ); + if (sect) + X509V3_section_free(cnf, sect); + +@@ -535,7 +561,7 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, + static int asn1_str2tag(const char *tagstr, int len) + { + unsigned int i; +- static struct tag_name_st *tntmp, tnst[] = { ++ static const struct tag_name_st *tntmp, tnst[] = { + ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), + ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), + ASN1_GEN_STR("NULL", V_ASN1_NULL), +@@ -570,6 +596,8 @@ static int asn1_str2tag(const char *tagstr, int len) + ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), + ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), + ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), ++ ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), ++ ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), + + /* Special cases */ + ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), +@@ -701,6 +729,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) + case V_ASN1_VISIBLESTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_GENERALSTRING: ++ case V_ASN1_NUMERICSTRING: + + if (format == ASN1_GEN_FORMAT_ASCII) + format = MBSTRING_ASC; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +index dd667f2..0b61fc9 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +@@ -333,20 +333,30 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length) + return (1); + } + +-ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str) ++int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) + { +- ASN1_STRING *ret; +- + if (str == NULL) +- return (NULL); +- if ((ret = ASN1_STRING_type_new(str->type)) == NULL) +- return (NULL); +- if (!ASN1_STRING_set(ret, str->data, str->length)) { ++ return 0; ++ dst->type = str->type; ++ if (!ASN1_STRING_set(dst, str->data, str->length)) ++ return 0; ++ dst->flags = str->flags; ++ return 1; ++} ++ ++ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) ++{ ++ ASN1_STRING *ret; ++ if (!str) ++ return NULL; ++ ret = ASN1_STRING_new(); ++ if (!ret) ++ return NULL; ++ if (!ASN1_STRING_copy(ret, str)) { + ASN1_STRING_free(ret); +- return (NULL); ++ return NULL; + } +- ret->flags = str->flags; +- return (ret); ++ return ret; + } + + int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) +@@ -415,12 +425,19 @@ void ASN1_STRING_free(ASN1_STRING *a) + { + if (a == NULL) + return; +- if (a->data != NULL) ++ if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) + OPENSSL_free(a->data); + OPENSSL_free(a); + } + +-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) ++void ASN1_STRING_clear_free(ASN1_STRING *a) ++{ ++ if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) ++ OPENSSL_cleanse(a->data, a->length); ++ ASN1_STRING_free(a); ++} ++ ++int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) + { + int i; + +@@ -444,7 +461,7 @@ void asn1_add_error(const unsigned char *address, int offset) + ERR_add_error_data(4, "address=", buf1, " offset=", buf2); + } + +-int ASN1_STRING_length(ASN1_STRING *x) ++int ASN1_STRING_length(const ASN1_STRING *x) + { + return M_ASN1_STRING_length(x); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h b/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h +new file mode 100644 +index 0000000..4c004fa +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h +@@ -0,0 +1,135 @@ ++/* asn1t.h */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* Internal ASN1 structures and functions: not for application use */ ++ ++int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); ++int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); ++ ++/* ASN1 print context structure */ ++ ++struct asn1_pctx_st { ++ unsigned long flags; ++ unsigned long nm_flags; ++ unsigned long cert_flags; ++ unsigned long oid_flags; ++ unsigned long str_flags; ++} /* ASN1_PCTX */ ; ++ ++/* ASN1 public key method structure */ ++ ++struct evp_pkey_asn1_method_st { ++ int pkey_id; ++ int pkey_base_id; ++ unsigned long pkey_flags; ++ char *pem_str; ++ char *info; ++ int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); ++ int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); ++ int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); ++ int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *pctx); ++ int (*priv_decode) (EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf); ++ int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); ++ int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *pctx); ++ int (*pkey_size) (const EVP_PKEY *pk); ++ int (*pkey_bits) (const EVP_PKEY *pk); ++ int (*param_decode) (EVP_PKEY *pkey, ++ const unsigned char **pder, int derlen); ++ int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); ++ int (*param_missing) (const EVP_PKEY *pk); ++ int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); ++ int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); ++ int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *pctx); ++ int (*sig_print) (BIO *out, ++ const X509_ALGOR *sigalg, const ASN1_STRING *sig, ++ int indent, ASN1_PCTX *pctx); ++ void (*pkey_free) (EVP_PKEY *pkey); ++ int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); ++ /* Legacy functions for old PEM */ ++ int (*old_priv_decode) (EVP_PKEY *pkey, ++ const unsigned char **pder, int derlen); ++ int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); ++ /* Custom ASN1 signature verification */ ++ int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ++ X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); ++ int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ++ X509_ALGOR *alg1, X509_ALGOR *alg2, ++ ASN1_BIT_STRING *sig); ++} /* EVP_PKEY_ASN1_METHOD */ ; ++ ++/* ++ * Method to handle CRL access. In general a CRL could be very large (several ++ * Mb) and can consume large amounts of resources if stored in memory by ++ * multiple processes. This method allows general CRL operations to be ++ * redirected to more efficient callbacks: for example a CRL entry database. ++ */ ++ ++#define X509_CRL_METHOD_DYNAMIC 1 ++ ++struct x509_crl_method_st { ++ int flags; ++ int (*crl_init) (X509_CRL *crl); ++ int (*crl_free) (X509_CRL *crl); ++ int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, ++ ASN1_INTEGER *ser, X509_NAME *issuer); ++ int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); ++}; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c +index e15e341..a5d2da1 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c +@@ -70,9 +70,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, + int indent) + { + static const char fmt[] = "%-18s"; +- static const char fmt2[] = "%2d %-15s"; + char str[128]; +- const char *p, *p2 = NULL; ++ const char *p; + + if (constructed & V_ASN1_CONSTRUCTED) + p = "cons: "; +@@ -94,13 +93,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, + else + p = ASN1_tag2str(tag); + +- if (p2 != NULL) { +- if (BIO_printf(bp, fmt2, tag, p2) <= 0) +- goto err; +- } else { +- if (BIO_printf(bp, fmt, p) <= 0) +- goto err; +- } ++ if (BIO_printf(bp, fmt, p) <= 0) ++ goto err; + return (1); + err: + return (0); +@@ -343,7 +337,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + goto end; + } + } else { +- if (BIO_write(bp, "BAD ENUMERATED", 11) <= 0) ++ if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0) + goto end; + } + M_ASN1_ENUMERATED_free(bs); +@@ -383,7 +377,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + + const char *ASN1_tag2str(int tag) + { +- static const char *tag2str[] = { ++ static const char *const tag2str[] = { + /* 0-4 */ + "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", + /* 5-9 */ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +index e7c5696..96110c5 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +@@ -60,6 +60,7 @@ + #include + #include + #include ++#include "asn1_locl.h" + + /* + * Generalised MIME like utilities for streaming ASN1. Although many have a +@@ -88,6 +89,8 @@ typedef struct { + DECLARE_STACK_OF(MIME_HEADER) + IMPLEMENT_STACK_OF(MIME_HEADER) + ++static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, ++ const ASN1_ITEM *it); + static char *strip_ends(char *name); + static char *strip_start(char *name); + static char *strip_end(char *name); +@@ -109,6 +112,37 @@ static void mime_hdr_free(MIME_HEADER *hdr); + #define MAX_SMLEN 1024 + #define mime_debug(x) /* x */ + ++/* Output an ASN1 structure in BER format streaming if necessary */ ++ ++int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, ++ const ASN1_ITEM *it) ++{ ++ /* If streaming create stream BIO and copy all content through it */ ++ if (flags & SMIME_STREAM) { ++ BIO *bio, *tbio; ++ bio = BIO_new_NDEF(out, val, it); ++ if (!bio) { ++ ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ SMIME_crlf_copy(in, bio, flags); ++ (void)BIO_flush(bio); ++ /* Free up successive BIOs until we hit the old output BIO */ ++ do { ++ tbio = BIO_pop(bio); ++ BIO_free(bio); ++ bio = tbio; ++ } while (bio != out); ++ } ++ /* ++ * else just write out ASN1 structure which will have all content stored ++ * internally ++ */ ++ else ++ ASN1_item_i2d_bio(it, out, val); ++ return 1; ++} ++ + /* Base 64 read and write of ASN1 structure */ + + static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, +@@ -125,13 +159,25 @@ static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + * prepend the b64 BIO so all data is base64 encoded. + */ + out = BIO_push(b64, out); +- r = ASN1_item_i2d_bio(it, out, val); ++ r = i2d_ASN1_bio_stream(out, val, in, flags, it); + (void)BIO_flush(out); + BIO_pop(out); + BIO_free(b64); + return r; + } + ++/* Streaming ASN1 PEM write */ ++ ++int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, ++ const char *hdr, const ASN1_ITEM *it) ++{ ++ int r; ++ BIO_printf(out, "-----BEGIN %s-----\n", hdr); ++ r = B64_write_ASN1(out, val, in, flags, it); ++ BIO_printf(out, "-----END %s-----\n", hdr); ++ return r; ++} ++ + static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) + { + BIO *b64; +@@ -154,7 +200,8 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) + + static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) + { +- int i, have_unknown = 0, write_comma, md_nid; ++ const EVP_MD *md; ++ int i, have_unknown = 0, write_comma, ret = 0, md_nid; + have_unknown = 0; + write_comma = 0; + for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) { +@@ -162,6 +209,19 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) + BIO_write(out, ",", 1); + write_comma = 1; + md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); ++ md = EVP_get_digestbynid(md_nid); ++ if (md && md->md_ctrl) { ++ int rv; ++ char *micstr; ++ rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr); ++ if (rv > 0) { ++ BIO_puts(out, micstr); ++ OPENSSL_free(micstr); ++ continue; ++ } ++ if (rv != -2) ++ goto err; ++ } + switch (md_nid) { + case NID_sha1: + BIO_puts(out, "sha1"); +@@ -183,6 +243,11 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) + BIO_puts(out, "sha-512"); + break; + ++ case NID_id_GostR3411_94: ++ BIO_puts(out, "gostr3411-94"); ++ goto err; ++ break; ++ + default: + if (have_unknown) + write_comma = 0; +@@ -195,16 +260,18 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) + } + } + +- return 1; ++ ret = 1; ++ err: ++ ++ return ret; + + } + + /* SMIME sender */ + +-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, +- int ctype_nid, int econt_nid, +- STACK_OF(X509_ALGOR) *mdalgs, +- asn1_output_data_fn * data_fn, const ASN1_ITEM *it) ++int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, ++ int ctype_nid, int econt_nid, ++ STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it) + { + char bound[33], c; + int i; +@@ -222,7 +289,8 @@ int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + if ((flags & SMIME_DETACHED) && data) { + /* We want multipart/signed */ + /* Generate a random boundary */ +- RAND_pseudo_bytes((unsigned char *)bound, 32); ++ if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0) ++ return 0; + for (i = 0; i < 32; i++) { + c = bound[i] & 0xf; + if (c < 10) +@@ -243,7 +311,7 @@ int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + mime_eol, mime_eol); + /* Now write out the first part */ + BIO_printf(bio, "------%s%s", bound, mime_eol); +- if (!data_fn(bio, data, val, flags, it)) ++ if (!asn1_output_data(bio, data, val, flags, it)) + return 0; + BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); + +@@ -291,8 +359,6 @@ int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + return 1; + } + +-#if 0 +- + /* Handle output of ASN1 data */ + + static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, +@@ -301,8 +367,13 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + BIO *tmpbio; + const ASN1_AUX *aux = it->funcs; + ASN1_STREAM_ARG sarg; ++ int rv = 1; + +- if (!(flags & SMIME_DETACHED)) { ++ /* ++ * If data is not deteched or resigning then the output BIO is already ++ * set up to finalise when it is written through. ++ */ ++ if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) { + SMIME_crlf_copy(data, out, flags); + return 1; + } +@@ -326,7 +397,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + + /* Finalize structure */ + if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) +- return 0; ++ rv = 0; + + /* Now remove any digests prepended to the BIO */ + +@@ -336,12 +407,10 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + sarg.ndef_bio = tmpbio; + } + +- return 1; ++ return rv; + + } + +-#endif +- + /* + * SMIME reader: handle multipart/signed and opaque signing. in multipart + * case the content is placed in a memory BIO pointed to by "bcont". In +@@ -737,7 +806,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) + if (!(tmpname = BUF_strdup(name))) + return NULL; + for (p = tmpname; *p; p++) { +- c = *p; ++ c = (unsigned char)*p; + if (isupper(c)) { + c = tolower(c); + *p = c; +@@ -749,7 +818,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) + if (!(tmpval = BUF_strdup(value))) + return NULL; + for (p = tmpval; *p; p++) { +- c = *p; ++ c = (unsigned char)*p; + if (isupper(c)) { + c = tolower(c); + *p = c; +@@ -777,7 +846,7 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) + if (!tmpname) + return 0; + for (p = tmpname; *p; p++) { +- c = *p; ++ c = (unsigned char)*p; + if (isupper(c)) { + c = tolower(c); + *p = c; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +index 0f460d0..366caf0 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +@@ -67,10 +67,11 @@ + + /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ + +-STACK *ASN1_seq_unpack(const unsigned char *buf, int len, +- d2i_of_void *d2i, void (*free_func) (void *)) ++STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, ++ d2i_of_void *d2i, ++ void (*free_func) (OPENSSL_BLOCK)) + { +- STACK *sk; ++ STACK_OF(OPENSSL_BLOCK) *sk; + const unsigned char *pbuf; + pbuf = buf; + if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, +@@ -84,7 +85,7 @@ STACK *ASN1_seq_unpack(const unsigned char *buf, int len, + * OPENSSL_malloc'ed buffer + */ + +-unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d, ++unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, + unsigned char **buf, int *len) + { + int safelen; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c +new file mode 100644 +index 0000000..60189b3 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c +@@ -0,0 +1,482 @@ ++/* bio_asn1.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * Experimental ASN1 BIO. When written through the data is converted to an ++ * ASN1 string type: default is OCTET STRING. Additional functions can be ++ * provided to add prefix and suffix data. ++ */ ++ ++#include ++#include ++#include ++ ++/* Must be large enough for biggest tag+length */ ++#define DEFAULT_ASN1_BUF_SIZE 20 ++ ++typedef enum { ++ ASN1_STATE_START, ++ ASN1_STATE_PRE_COPY, ++ ASN1_STATE_HEADER, ++ ASN1_STATE_HEADER_COPY, ++ ASN1_STATE_DATA_COPY, ++ ASN1_STATE_POST_COPY, ++ ASN1_STATE_DONE ++} asn1_bio_state_t; ++ ++typedef struct BIO_ASN1_EX_FUNCS_st { ++ asn1_ps_func *ex_func; ++ asn1_ps_func *ex_free_func; ++} BIO_ASN1_EX_FUNCS; ++ ++typedef struct BIO_ASN1_BUF_CTX_t { ++ /* Internal state */ ++ asn1_bio_state_t state; ++ /* Internal buffer */ ++ unsigned char *buf; ++ /* Size of buffer */ ++ int bufsize; ++ /* Current position in buffer */ ++ int bufpos; ++ /* Current buffer length */ ++ int buflen; ++ /* Amount of data to copy */ ++ int copylen; ++ /* Class and tag to use */ ++ int asn1_class, asn1_tag; ++ asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free; ++ /* Extra buffer for prefix and suffix data */ ++ unsigned char *ex_buf; ++ int ex_len; ++ int ex_pos; ++ void *ex_arg; ++} BIO_ASN1_BUF_CTX; ++ ++static int asn1_bio_write(BIO *h, const char *buf, int num); ++static int asn1_bio_read(BIO *h, char *buf, int size); ++static int asn1_bio_puts(BIO *h, const char *str); ++static int asn1_bio_gets(BIO *h, char *str, int size); ++static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2); ++static int asn1_bio_new(BIO *h); ++static int asn1_bio_free(BIO *data); ++static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); ++ ++static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size); ++static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, ++ asn1_ps_func *cleanup, asn1_bio_state_t next); ++static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, ++ asn1_ps_func *setup, ++ asn1_bio_state_t ex_state, ++ asn1_bio_state_t other_state); ++ ++static BIO_METHOD methods_asn1 = { ++ BIO_TYPE_ASN1, ++ "asn1", ++ asn1_bio_write, ++ asn1_bio_read, ++ asn1_bio_puts, ++ asn1_bio_gets, ++ asn1_bio_ctrl, ++ asn1_bio_new, ++ asn1_bio_free, ++ asn1_bio_callback_ctrl, ++}; ++ ++BIO_METHOD *BIO_f_asn1(void) ++{ ++ return (&methods_asn1); ++} ++ ++static int asn1_bio_new(BIO *b) ++{ ++ BIO_ASN1_BUF_CTX *ctx; ++ ctx = OPENSSL_malloc(sizeof(BIO_ASN1_BUF_CTX)); ++ if (!ctx) ++ return 0; ++ if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { ++ OPENSSL_free(ctx); ++ return 0; ++ } ++ b->init = 1; ++ b->ptr = (char *)ctx; ++ b->flags = 0; ++ return 1; ++} ++ ++static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) ++{ ++ ctx->buf = OPENSSL_malloc(size); ++ if (!ctx->buf) ++ return 0; ++ ctx->bufsize = size; ++ ctx->bufpos = 0; ++ ctx->buflen = 0; ++ ctx->copylen = 0; ++ ctx->asn1_class = V_ASN1_UNIVERSAL; ++ ctx->asn1_tag = V_ASN1_OCTET_STRING; ++ ctx->ex_buf = 0; ++ ctx->ex_pos = 0; ++ ctx->ex_len = 0; ++ ctx->state = ASN1_STATE_START; ++ return 1; ++} ++ ++static int asn1_bio_free(BIO *b) ++{ ++ BIO_ASN1_BUF_CTX *ctx; ++ ctx = (BIO_ASN1_BUF_CTX *)b->ptr; ++ if (ctx == NULL) ++ return 0; ++ if (ctx->buf) ++ OPENSSL_free(ctx->buf); ++ OPENSSL_free(ctx); ++ b->init = 0; ++ b->ptr = NULL; ++ b->flags = 0; ++ return 1; ++} ++ ++static int asn1_bio_write(BIO *b, const char *in, int inl) ++{ ++ BIO_ASN1_BUF_CTX *ctx; ++ int wrmax, wrlen, ret; ++ unsigned char *p; ++ if (!in || (inl < 0) || (b->next_bio == NULL)) ++ return 0; ++ ctx = (BIO_ASN1_BUF_CTX *)b->ptr; ++ if (ctx == NULL) ++ return 0; ++ ++ wrlen = 0; ++ ret = -1; ++ ++ for (;;) { ++ switch (ctx->state) { ++ ++ /* Setup prefix data, call it */ ++ case ASN1_STATE_START: ++ if (!asn1_bio_setup_ex(b, ctx, ctx->prefix, ++ ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER)) ++ return 0; ++ break; ++ ++ /* Copy any pre data first */ ++ case ASN1_STATE_PRE_COPY: ++ ++ ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free, ++ ASN1_STATE_HEADER); ++ ++ if (ret <= 0) ++ goto done; ++ ++ break; ++ ++ case ASN1_STATE_HEADER: ++ ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl; ++ OPENSSL_assert(ctx->buflen <= ctx->bufsize); ++ p = ctx->buf; ++ ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class); ++ ctx->copylen = inl; ++ ctx->state = ASN1_STATE_HEADER_COPY; ++ ++ break; ++ ++ case ASN1_STATE_HEADER_COPY: ++ ret = BIO_write(b->next_bio, ctx->buf + ctx->bufpos, ctx->buflen); ++ if (ret <= 0) ++ goto done; ++ ++ ctx->buflen -= ret; ++ if (ctx->buflen) ++ ctx->bufpos += ret; ++ else { ++ ctx->bufpos = 0; ++ ctx->state = ASN1_STATE_DATA_COPY; ++ } ++ ++ break; ++ ++ case ASN1_STATE_DATA_COPY: ++ ++ if (inl > ctx->copylen) ++ wrmax = ctx->copylen; ++ else ++ wrmax = inl; ++ ret = BIO_write(b->next_bio, in, wrmax); ++ if (ret <= 0) ++ break; ++ wrlen += ret; ++ ctx->copylen -= ret; ++ in += ret; ++ inl -= ret; ++ ++ if (ctx->copylen == 0) ++ ctx->state = ASN1_STATE_HEADER; ++ ++ if (inl == 0) ++ goto done; ++ ++ break; ++ ++ default: ++ BIO_clear_retry_flags(b); ++ return 0; ++ ++ } ++ ++ } ++ ++ done: ++ BIO_clear_retry_flags(b); ++ BIO_copy_next_retry(b); ++ ++ return (wrlen > 0) ? wrlen : ret; ++ ++} ++ ++static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, ++ asn1_ps_func *cleanup, asn1_bio_state_t next) ++{ ++ int ret; ++ if (ctx->ex_len <= 0) ++ return 1; ++ for (;;) { ++ ret = BIO_write(b->next_bio, ctx->ex_buf + ctx->ex_pos, ctx->ex_len); ++ if (ret <= 0) ++ break; ++ ctx->ex_len -= ret; ++ if (ctx->ex_len > 0) ++ ctx->ex_pos += ret; ++ else { ++ if (cleanup) ++ cleanup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg); ++ ctx->state = next; ++ ctx->ex_pos = 0; ++ break; ++ } ++ } ++ return ret; ++} ++ ++static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, ++ asn1_ps_func *setup, ++ asn1_bio_state_t ex_state, ++ asn1_bio_state_t other_state) ++{ ++ if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg)) { ++ BIO_clear_retry_flags(b); ++ return 0; ++ } ++ if (ctx->ex_len > 0) ++ ctx->state = ex_state; ++ else ++ ctx->state = other_state; ++ return 1; ++} ++ ++static int asn1_bio_read(BIO *b, char *in, int inl) ++{ ++ if (!b->next_bio) ++ return 0; ++ return BIO_read(b->next_bio, in, inl); ++} ++ ++static int asn1_bio_puts(BIO *b, const char *str) ++{ ++ return asn1_bio_write(b, str, strlen(str)); ++} ++ ++static int asn1_bio_gets(BIO *b, char *str, int size) ++{ ++ if (!b->next_bio) ++ return 0; ++ return BIO_gets(b->next_bio, str, size); ++} ++ ++static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) ++{ ++ if (b->next_bio == NULL) ++ return (0); ++ return BIO_callback_ctrl(b->next_bio, cmd, fp); ++} ++ ++static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) ++{ ++ BIO_ASN1_BUF_CTX *ctx; ++ BIO_ASN1_EX_FUNCS *ex_func; ++ long ret = 1; ++ ctx = (BIO_ASN1_BUF_CTX *)b->ptr; ++ if (ctx == NULL) ++ return 0; ++ switch (cmd) { ++ ++ case BIO_C_SET_PREFIX: ++ ex_func = arg2; ++ ctx->prefix = ex_func->ex_func; ++ ctx->prefix_free = ex_func->ex_free_func; ++ break; ++ ++ case BIO_C_GET_PREFIX: ++ ex_func = arg2; ++ ex_func->ex_func = ctx->prefix; ++ ex_func->ex_free_func = ctx->prefix_free; ++ break; ++ ++ case BIO_C_SET_SUFFIX: ++ ex_func = arg2; ++ ctx->suffix = ex_func->ex_func; ++ ctx->suffix_free = ex_func->ex_free_func; ++ break; ++ ++ case BIO_C_GET_SUFFIX: ++ ex_func = arg2; ++ ex_func->ex_func = ctx->suffix; ++ ex_func->ex_free_func = ctx->suffix_free; ++ break; ++ ++ case BIO_C_SET_EX_ARG: ++ ctx->ex_arg = arg2; ++ break; ++ ++ case BIO_C_GET_EX_ARG: ++ *(void **)arg2 = ctx->ex_arg; ++ break; ++ ++ case BIO_CTRL_FLUSH: ++ if (!b->next_bio) ++ return 0; ++ ++ /* Call post function if possible */ ++ if (ctx->state == ASN1_STATE_HEADER) { ++ if (!asn1_bio_setup_ex(b, ctx, ctx->suffix, ++ ASN1_STATE_POST_COPY, ASN1_STATE_DONE)) ++ return 0; ++ } ++ ++ if (ctx->state == ASN1_STATE_POST_COPY) { ++ ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free, ++ ASN1_STATE_DONE); ++ if (ret <= 0) ++ return ret; ++ } ++ ++ if (ctx->state == ASN1_STATE_DONE) ++ return BIO_ctrl(b->next_bio, cmd, arg1, arg2); ++ else { ++ BIO_clear_retry_flags(b); ++ return 0; ++ } ++ break; ++ ++ default: ++ if (!b->next_bio) ++ return 0; ++ return BIO_ctrl(b->next_bio, cmd, arg1, arg2); ++ ++ } ++ ++ return ret; ++} ++ ++static int asn1_bio_set_ex(BIO *b, int cmd, ++ asn1_ps_func *ex_func, asn1_ps_func *ex_free_func) ++{ ++ BIO_ASN1_EX_FUNCS extmp; ++ extmp.ex_func = ex_func; ++ extmp.ex_free_func = ex_free_func; ++ return BIO_ctrl(b, cmd, 0, &extmp); ++} ++ ++static int asn1_bio_get_ex(BIO *b, int cmd, ++ asn1_ps_func **ex_func, ++ asn1_ps_func **ex_free_func) ++{ ++ BIO_ASN1_EX_FUNCS extmp; ++ int ret; ++ ret = BIO_ctrl(b, cmd, 0, &extmp); ++ if (ret > 0) { ++ *ex_func = extmp.ex_func; ++ *ex_free_func = extmp.ex_free_func; ++ } ++ return ret; ++} ++ ++int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, ++ asn1_ps_func *prefix_free) ++{ ++ return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free); ++} ++ ++int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, ++ asn1_ps_func **pprefix_free) ++{ ++ return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free); ++} ++ ++int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, ++ asn1_ps_func *suffix_free) ++{ ++ return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free); ++} ++ ++int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, ++ asn1_ps_func **psuffix_free) ++{ ++ return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c b/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c +new file mode 100644 +index 0000000..31949b8 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c +@@ -0,0 +1,248 @@ ++/* bio_ndef.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++ ++/* Experimental NDEF ASN1 BIO support routines */ ++ ++/* ++ * The usage is quite simple, initialize an ASN1 structure, get a BIO from it ++ * then any data written through the BIO will end up translated to ++ * approptiate format on the fly. The data is streamed out and does *not* ++ * need to be all held in memory at once. When the BIO is flushed the output ++ * is finalized and any signatures etc written out. The BIO is a 'proper' ++ * BIO and can handle non blocking I/O correctly. The usage is simple. The ++ * implementation is *not*... ++ */ ++ ++/* BIO support data stored in the ASN1 BIO ex_arg */ ++ ++typedef struct ndef_aux_st { ++ /* ASN1 structure this BIO refers to */ ++ ASN1_VALUE *val; ++ const ASN1_ITEM *it; ++ /* Top of the BIO chain */ ++ BIO *ndef_bio; ++ /* Output BIO */ ++ BIO *out; ++ /* Boundary where content is inserted */ ++ unsigned char **boundary; ++ /* DER buffer start */ ++ unsigned char *derbuf; ++} NDEF_SUPPORT; ++ ++static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg); ++static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, ++ void *parg); ++static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg); ++static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, ++ void *parg); ++ ++BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) ++{ ++ NDEF_SUPPORT *ndef_aux = NULL; ++ BIO *asn_bio = NULL; ++ const ASN1_AUX *aux = it->funcs; ++ ASN1_STREAM_ARG sarg; ++ ++ if (!aux || !aux->asn1_cb) { ++ ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED); ++ return NULL; ++ } ++ ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT)); ++ asn_bio = BIO_new(BIO_f_asn1()); ++ ++ /* ASN1 bio needs to be next to output BIO */ ++ ++ out = BIO_push(asn_bio, out); ++ ++ if (!ndef_aux || !asn_bio || !out) ++ goto err; ++ ++ BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free); ++ BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free); ++ ++ /* ++ * Now let callback prepend any digest, cipher etc BIOs ASN1 structure ++ * needs. ++ */ ++ ++ sarg.out = out; ++ sarg.ndef_bio = NULL; ++ sarg.boundary = NULL; ++ ++ if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) ++ goto err; ++ ++ ndef_aux->val = val; ++ ndef_aux->it = it; ++ ndef_aux->ndef_bio = sarg.ndef_bio; ++ ndef_aux->boundary = sarg.boundary; ++ ndef_aux->out = out; ++ ++ BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux); ++ ++ return sarg.ndef_bio; ++ ++ err: ++ if (asn_bio) ++ BIO_free(asn_bio); ++ if (ndef_aux) ++ OPENSSL_free(ndef_aux); ++ return NULL; ++} ++ ++static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) ++{ ++ NDEF_SUPPORT *ndef_aux; ++ unsigned char *p; ++ int derlen; ++ ++ if (!parg) ++ return 0; ++ ++ ndef_aux = *(NDEF_SUPPORT **)parg; ++ ++ derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); ++ p = OPENSSL_malloc(derlen); ++ if (!p) ++ return 0; ++ ++ ndef_aux->derbuf = p; ++ *pbuf = p; ++ derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); ++ ++ if (!*ndef_aux->boundary) ++ return 0; ++ ++ *plen = *ndef_aux->boundary - *pbuf; ++ ++ return 1; ++} ++ ++static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, ++ void *parg) ++{ ++ NDEF_SUPPORT *ndef_aux; ++ ++ if (!parg) ++ return 0; ++ ++ ndef_aux = *(NDEF_SUPPORT **)parg; ++ ++ if (ndef_aux->derbuf) ++ OPENSSL_free(ndef_aux->derbuf); ++ ++ ndef_aux->derbuf = NULL; ++ *pbuf = NULL; ++ *plen = 0; ++ return 1; ++} ++ ++static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, ++ void *parg) ++{ ++ NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg; ++ if (!ndef_prefix_free(b, pbuf, plen, parg)) ++ return 0; ++ OPENSSL_free(*pndef_aux); ++ *pndef_aux = NULL; ++ return 1; ++} ++ ++static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) ++{ ++ NDEF_SUPPORT *ndef_aux; ++ unsigned char *p; ++ int derlen; ++ const ASN1_AUX *aux; ++ ASN1_STREAM_ARG sarg; ++ ++ if (!parg) ++ return 0; ++ ++ ndef_aux = *(NDEF_SUPPORT **)parg; ++ ++ aux = ndef_aux->it->funcs; ++ ++ /* Finalize structures */ ++ sarg.ndef_bio = ndef_aux->ndef_bio; ++ sarg.out = ndef_aux->out; ++ sarg.boundary = ndef_aux->boundary; ++ if (aux->asn1_cb(ASN1_OP_STREAM_POST, ++ &ndef_aux->val, ndef_aux->it, &sarg) <= 0) ++ return 0; ++ ++ derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); ++ p = OPENSSL_malloc(derlen); ++ if (!p) ++ return 0; ++ ++ ndef_aux->derbuf = p; ++ *pbuf = p; ++ derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); ++ ++ if (!*ndef_aux->boundary) ++ return 0; ++ *pbuf = *ndef_aux->boundary; ++ *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf); ++ ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/charmap.h b/Cryptlib/OpenSSL/crypto/asn1/charmap.h +index bd020a9..3305ad1 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/charmap.h ++++ b/Cryptlib/OpenSSL/crypto/asn1/charmap.h +@@ -1,15 +1,15 @@ +-/* Auto generated with chartype.pl script. +- * Mask of various character properties ++/* ++ * Auto generated with chartype.pl script. Mask of various character ++ * properties + */ + +-static unsigned char char_type[] = { +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +-120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16, +-16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16, +- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16, +-16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0, +- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16, +-16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2 ++static const unsigned char char_type[] = { ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16, ++ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16, ++ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, ++ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0, ++ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, ++ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2 + }; +- +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c +index 3218862..c96da09 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c +@@ -61,16 +61,12 @@ + #include + #include + #include +-#include +-#ifndef OPENSSL_NO_RSA +-# include +-#endif +-#ifndef OPENSSL_NO_DSA +-# include +-#endif +-#ifndef OPENSSL_NO_EC +-# include ++#ifndef OPENSSL_NO_ENGINE ++# include + #endif ++#include ++#include ++#include "asn1_locl.h" + + EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length) +@@ -82,48 +78,36 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB); + return (NULL); + } +- } else ++ } else { + ret = *a; +- +- ret->save_type = type; +- ret->type = EVP_PKEY_type(type); +- switch (ret->type) { +-#ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- /* TMP UGLY CAST */ +- if ((ret->pkey.rsa = d2i_RSAPrivateKey(NULL, +- (const unsigned char **)pp, +- length)) == NULL) { +- ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); +- goto err; +- } +- break; +-#endif +-#ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- /* TMP UGLY CAST */ +- if ((ret->pkey.dsa = d2i_DSAPrivateKey(NULL, +- (const unsigned char **)pp, +- length)) == NULL) { +- ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); +- goto err; ++#ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) { ++ ENGINE_finish(ret->engine); ++ ret->engine = NULL; + } +- break; + #endif +-#ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, +- (const unsigned char **)pp, +- length)) == NULL) { ++ } ++ ++ if (!EVP_PKEY_set_type(ret, type)) { ++ ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); ++ goto err; ++ } ++ ++ if (!ret->ameth->old_priv_decode || ++ !ret->ameth->old_priv_decode(ret, pp, length)) { ++ if (ret->ameth->priv_decode) { ++ PKCS8_PRIV_KEY_INFO *p8 = NULL; ++ p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); ++ if (!p8) ++ goto err; ++ EVP_PKEY_free(ret); ++ ret = EVP_PKCS82PKEY(p8); ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ ++ } else { + ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); + goto err; + } +- break; +-#endif +- default: +- ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); +- goto err; +- /* break; */ + } + if (a != NULL) + (*a) = ret; +@@ -151,9 +135,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + * analyzing it we can determine the passed structure: this assumes the + * input is surrounded by an ASN1 SEQUENCE. + */ +- inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, +- ASN1_TYPE_free, V_ASN1_SEQUENCE, +- V_ASN1_UNIVERSAL); ++ inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); + /* + * Since we only need to discern "traditional format" RSA and DSA keys we + * can just count the elements. +@@ -162,7 +144,24 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + keytype = EVP_PKEY_DSA; + else if (sk_ASN1_TYPE_num(inkey) == 4) + keytype = EVP_PKEY_EC; +- else ++ else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not ++ * traditional format */ ++ PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); ++ EVP_PKEY *ret; ++ ++ sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); ++ if (!p8) { ++ ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY, ++ ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); ++ return NULL; ++ } ++ ret = EVP_PKCS82PKEY(p8); ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ if (a) { ++ *a = ret; ++ } ++ return ret; ++ } else + keytype = EVP_PKEY_RSA; + sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + return d2i_PrivateKey(keytype, a, pp, length); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c +index 1f05fee..33542dd 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c +@@ -85,9 +85,12 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + } else + ret = *a; + +- ret->save_type = type; +- ret->type = EVP_PKEY_type(type); +- switch (ret->type) { ++ if (!EVP_PKEY_set_type(ret, type)) { ++ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB); ++ goto err; ++ } ++ ++ switch (EVP_PKEY_id(ret)) { + #ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + /* TMP UGLY CAST */ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c +index 2919e48..4d338ac 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c +@@ -58,37 +58,21 @@ + + #include + #include "cryptlib.h" +-#include + #include +-#include +-#ifndef OPENSSL_NO_RSA +-# include +-#endif +-#ifndef OPENSSL_NO_DSA +-# include +-#endif +-#ifndef OPENSSL_NO_EC +-# include +-#endif ++#include ++#include "asn1_locl.h" + + int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) + { +-#ifndef OPENSSL_NO_RSA +- if (a->type == EVP_PKEY_RSA) { +- return (i2d_RSAPrivateKey(a->pkey.rsa, pp)); +- } else +-#endif +-#ifndef OPENSSL_NO_DSA +- if (a->type == EVP_PKEY_DSA) { +- return (i2d_DSAPrivateKey(a->pkey.dsa, pp)); ++ if (a->ameth && a->ameth->old_priv_encode) { ++ return a->ameth->old_priv_encode(a, pp); + } +-#endif +-#ifndef OPENSSL_NO_EC +- if (a->type == EVP_PKEY_EC) { +- return (i2d_ECPrivateKey(a->pkey.ec, pp)); ++ if (a->ameth && a->ameth->priv_encode) { ++ PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); ++ int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp); ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ return ret; + } +-#endif +- + ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return (-1); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c +index f7b874e..d5a5514 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c +@@ -125,6 +125,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, + unsigned char buf[256], *zz; + unsigned char key[EVP_MAX_KEY_LENGTH]; + EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX_init(&ctx); + + if (a == NULL) + return (0); +@@ -201,24 +202,28 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, + i = strlen((char *)buf); + /* If the key is used for SGC the algorithm is modified a little. */ + if (sgckey) { +- EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); ++ if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) ++ goto err; + memcpy(buf + 16, "SGCKEYSALT", 10); + i = 26; + } + +- EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL); ++ if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) ++ goto err; + OPENSSL_cleanse(buf, 256); + + /* Encrypt private key in place */ + zz = enckey->enckey->digest->data; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL); +- EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen); +- EVP_EncryptFinal_ex(&ctx, zz + i, &j); +- EVP_CIPHER_CTX_cleanup(&ctx); ++ if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) ++ goto err; ++ if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen)) ++ goto err; ++ if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j)) ++ goto err; + + ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); + err: ++ EVP_CIPHER_CTX_cleanup(&ctx); + NETSCAPE_ENCRYPTED_PKEY_free(enckey); + NETSCAPE_PKEY_free(pkey); + return (ret); +@@ -282,6 +287,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, + const unsigned char *zz; + unsigned char key[EVP_MAX_KEY_LENGTH]; + EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX_init(&ctx); + + i = cb((char *)buf, 256, "Enter Private Key password:", 0); + if (i != 0) { +@@ -291,19 +297,22 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, + + i = strlen((char *)buf); + if (sgckey) { +- EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); ++ if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) ++ goto err; + memcpy(buf + 16, "SGCKEYSALT", 10); + i = 26; + } + +- EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL); ++ if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) ++ goto err; + OPENSSL_cleanse(buf, 256); + +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL); +- EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length); +- EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j); +- EVP_CIPHER_CTX_cleanup(&ctx); ++ if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) ++ goto err; ++ if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length)) ++ goto err; ++ if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j)) ++ goto err; + os->length = i + j; + + zz = os->data; +@@ -320,6 +329,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, + goto err; + } + err: ++ EVP_CIPHER_CTX_cleanup(&ctx); + NETSCAPE_PKEY_free(pkey); + return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c +index 186e8b0..f2f7cba 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c +@@ -4,7 +4,7 @@ + * 1999. + */ + /* ==================================================================== +- * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -63,7 +63,8 @@ + #include + #include + +-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + if (operation == ASN1_OP_NEW_POST) { + NETSCAPE_CERT_SEQUENCE *nsseq; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c +index 096ccdd..bdbfdcd 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c +@@ -72,65 +72,72 @@ ASN1_SEQUENCE(PBEPARAM) = { + + IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) + +-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */ ++/* Set an algorithm identifier for a PKCS#5 PBE algorithm */ + +-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen) ++int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, ++ const unsigned char *salt, int saltlen) + { + PBEPARAM *pbe = NULL; +- ASN1_OBJECT *al; +- X509_ALGOR *algor; +- ASN1_TYPE *astype = NULL; ++ ASN1_STRING *pbe_str = NULL; ++ unsigned char *sstr; + +- if (!(pbe = PBEPARAM_new())) { +- ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ pbe = PBEPARAM_new(); ++ if (!pbe) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + goto err; + } + if (iter <= 0) + iter = PKCS5_DEFAULT_ITER; + if (!ASN1_INTEGER_set(pbe->iter, iter)) { +- ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!saltlen) + saltlen = PKCS5_SALT_LEN; +- if (!(pbe->salt->data = OPENSSL_malloc(saltlen))) { +- ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + goto err; + } +- pbe->salt->length = saltlen; ++ sstr = ASN1_STRING_data(pbe->salt); + if (salt) +- memcpy(pbe->salt->data, salt, saltlen); +- else if (RAND_pseudo_bytes(pbe->salt->data, saltlen) < 0) ++ memcpy(sstr, salt, saltlen); ++ else if (RAND_pseudo_bytes(sstr, saltlen) < 0) + goto err; + +- if (!(astype = ASN1_TYPE_new())) { +- ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + goto err; + } + +- astype->type = V_ASN1_SEQUENCE; +- if (!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM, +- &astype->value.sequence)) { +- ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); +- goto err; +- } + PBEPARAM_free(pbe); + pbe = NULL; + +- al = OBJ_nid2obj(alg); /* never need to free al */ +- if (!(algor = X509_ALGOR_new())) { +- ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ASN1_OBJECT_free(algor->algorithm); +- algor->algorithm = al; +- algor->parameter = astype; ++ if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) ++ return 1; + +- return (algor); + err: + if (pbe != NULL) + PBEPARAM_free(pbe); +- if (astype != NULL) +- ASN1_TYPE_free(astype); ++ if (pbe_str != NULL) ++ ASN1_STRING_free(pbe_str); ++ return 0; ++} ++ ++/* Return an algorithm identifier for a PKCS#5 PBE algorithm */ ++ ++X509_ALGOR *PKCS5_pbe_set(int alg, int iter, ++ const unsigned char *salt, int saltlen) ++{ ++ X509_ALGOR *ret; ++ ret = X509_ALGOR_new(); ++ if (!ret) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) ++ return ret; ++ ++ X509_ALGOR_free(ret); + return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c +index 5054f0c..73ba4a3 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c +@@ -83,24 +83,24 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) + + /* + * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know +- * this is horrible! ++ * this is horrible! Extended version to allow application supplied PRF NID ++ * and IV. + */ + +-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, +- unsigned char *salt, int saltlen) ++X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, ++ unsigned char *salt, int saltlen, ++ unsigned char *aiv, int prf_nid) + { + X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; +- int alg_nid; ++ int alg_nid, keylen; + EVP_CIPHER_CTX ctx; + unsigned char iv[EVP_MAX_IV_LENGTH]; +- PBKDF2PARAM *kdf = NULL; + PBE2PARAM *pbe2 = NULL; +- ASN1_OCTET_STRING *osalt = NULL; + ASN1_OBJECT *obj; + + alg_nid = EVP_CIPHER_type(cipher); + if (alg_nid == NID_undef) { +- ASN1err(ASN1_F_PKCS5_PBE2_SET, ++ ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, + ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + goto err; + } +@@ -117,31 +117,112 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + goto merr; + + /* Create random IV */ +- if (EVP_CIPHER_iv_length(cipher) && +- RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) +- goto err; ++ if (EVP_CIPHER_iv_length(cipher)) { ++ if (aiv) ++ memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); ++ else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) ++ goto err; ++ } + + EVP_CIPHER_CTX_init(&ctx); + +- /* Dummy cipherinit to just setup the IV */ +- EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); ++ /* Dummy cipherinit to just setup the IV, and PRF */ ++ if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) ++ goto err; + if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { +- ASN1err(ASN1_F_PKCS5_PBE2_SET, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); ++ ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); + EVP_CIPHER_CTX_cleanup(&ctx); + goto err; + } ++ /* ++ * If prf NID unspecified see if cipher has a preference. An error is OK ++ * here: just means use default PRF. ++ */ ++ if ((prf_nid == -1) && ++ EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { ++ ERR_clear_error(); ++ prf_nid = NID_hmacWithSHA1; ++ } + EVP_CIPHER_CTX_cleanup(&ctx); + ++ /* If its RC2 then we'd better setup the key length */ ++ ++ if (alg_nid == NID_rc2_cbc) ++ keylen = EVP_CIPHER_key_length(cipher); ++ else ++ keylen = -1; ++ ++ /* Setup keyfunc */ ++ ++ X509_ALGOR_free(pbe2->keyfunc); ++ ++ pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen); ++ ++ if (!pbe2->keyfunc) ++ goto merr; ++ ++ /* Now set up top level AlgorithmIdentifier */ ++ ++ if (!(ret = X509_ALGOR_new())) ++ goto merr; ++ if (!(ret->parameter = ASN1_TYPE_new())) ++ goto merr; ++ ++ ret->algorithm = OBJ_nid2obj(NID_pbes2); ++ ++ /* Encode PBE2PARAM into parameter */ ++ ++ if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM), ++ &ret->parameter->value.sequence)) ++ goto merr; ++ ret->parameter->type = V_ASN1_SEQUENCE; ++ ++ PBE2PARAM_free(pbe2); ++ pbe2 = NULL; ++ ++ return ret; ++ ++ merr: ++ ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE); ++ ++ err: ++ PBE2PARAM_free(pbe2); ++ /* Note 'scheme' is freed as part of pbe2 */ ++ X509_ALGOR_free(kalg); ++ X509_ALGOR_free(ret); ++ ++ return NULL; ++ ++} ++ ++X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, ++ unsigned char *salt, int saltlen) ++{ ++ return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); ++} ++ ++X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, ++ int prf_nid, int keylen) ++{ ++ X509_ALGOR *keyfunc = NULL; ++ PBKDF2PARAM *kdf = NULL; ++ ASN1_OCTET_STRING *osalt = NULL; ++ + if (!(kdf = PBKDF2PARAM_new())) + goto merr; + if (!(osalt = M_ASN1_OCTET_STRING_new())) + goto merr; + ++ kdf->salt->value.octet_string = osalt; ++ kdf->salt->type = V_ASN1_OCTET_STRING; ++ + if (!saltlen) + saltlen = PKCS5_SALT_LEN; + if (!(osalt->data = OPENSSL_malloc(saltlen))) + goto merr; ++ + osalt->length = saltlen; ++ + if (salt) + memcpy(osalt->data, salt, saltlen); + else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0) +@@ -149,74 +230,51 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + + if (iter <= 0) + iter = PKCS5_DEFAULT_ITER; ++ + if (!ASN1_INTEGER_set(kdf->iter, iter)) + goto merr; + +- /* Now include salt in kdf structure */ +- kdf->salt->value.octet_string = osalt; +- kdf->salt->type = V_ASN1_OCTET_STRING; +- osalt = NULL; +- +- /* If its RC2 then we'd better setup the key length */ ++ /* If have a key len set it up */ + +- if (alg_nid == NID_rc2_cbc) { ++ if (keylen > 0) { + if (!(kdf->keylength = M_ASN1_INTEGER_new())) + goto merr; +- if (!ASN1_INTEGER_set(kdf->keylength, EVP_CIPHER_key_length(cipher))) ++ if (!ASN1_INTEGER_set(kdf->keylength, keylen)) + goto merr; + } + +- /* prf can stay NULL because we are using hmacWithSHA1 */ +- +- /* Now setup the PBE2PARAM keyfunc structure */ +- +- pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); ++ /* prf can stay NULL if we are using hmacWithSHA1 */ ++ if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { ++ kdf->prf = X509_ALGOR_new(); ++ if (!kdf->prf) ++ goto merr; ++ X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL); ++ } + +- /* Encode PBKDF2PARAM into parameter of pbe2 */ ++ /* Finally setup the keyfunc structure */ + +- if (!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) ++ keyfunc = X509_ALGOR_new(); ++ if (!keyfunc) + goto merr; + +- if (!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, +- &pbe2->keyfunc->parameter->value.sequence)) +- goto merr; +- pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; +- +- PBKDF2PARAM_free(kdf); +- kdf = NULL; ++ keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); + +- /* Now set up top level AlgorithmIdentifier */ ++ /* Encode PBKDF2PARAM into parameter of pbe2 */ + +- if (!(ret = X509_ALGOR_new())) +- goto merr; +- if (!(ret->parameter = ASN1_TYPE_new())) ++ if (!(keyfunc->parameter = ASN1_TYPE_new())) + goto merr; + +- ret->algorithm = OBJ_nid2obj(NID_pbes2); +- +- /* Encode PBE2PARAM into parameter */ +- +- if (!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, +- &ret->parameter->value.sequence)) ++ if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), ++ &keyfunc->parameter->value.sequence)) + goto merr; +- ret->parameter->type = V_ASN1_SEQUENCE; +- +- PBE2PARAM_free(pbe2); +- pbe2 = NULL; ++ keyfunc->parameter->type = V_ASN1_SEQUENCE; + +- return ret; ++ PBKDF2PARAM_free(kdf); ++ return keyfunc; + + merr: +- ASN1err(ASN1_F_PKCS5_PBE2_SET, ERR_R_MALLOC_FAILURE); +- +- err: +- PBE2PARAM_free(pbe2); +- /* Note 'scheme' is freed as part of pbe2 */ +- M_ASN1_OCTET_STRING_free(osalt); ++ ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE); + PBKDF2PARAM_free(kdf); +- X509_ALGOR_free(kalg); +- X509_ALGOR_free(ret); +- ++ X509_ALGOR_free(keyfunc); + return NULL; +- + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c +index 6cd36ce..0a425cd 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c +@@ -4,7 +4,7 @@ + * 1999. + */ + /* ==================================================================== +- * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -63,7 +63,8 @@ + #include + + /* Minor tweak to operation: zero private key data */ +-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ + if (operation == ASN1_OP_FREE_PRE) { +@@ -84,3 +85,61 @@ ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { + } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) ++ ++int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, ++ int version, ++ int ptype, void *pval, unsigned char *penc, int penclen) ++{ ++ unsigned char **ppenc = NULL; ++ if (version >= 0) { ++ if (!ASN1_INTEGER_set(priv->version, version)) ++ return 0; ++ } ++ if (penc) { ++ int pmtype; ++ ASN1_OCTET_STRING *oct; ++ oct = ASN1_OCTET_STRING_new(); ++ if (!oct) ++ return 0; ++ oct->data = penc; ++ ppenc = &oct->data; ++ oct->length = penclen; ++ if (priv->broken == PKCS8_NO_OCTET) ++ pmtype = V_ASN1_SEQUENCE; ++ else ++ pmtype = V_ASN1_OCTET_STRING; ++ ASN1_TYPE_set(priv->pkey, pmtype, oct); ++ } ++ if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) { ++ /* If call fails do not swallow 'enc' */ ++ if (ppenc) ++ *ppenc = NULL; ++ return 0; ++ } ++ return 1; ++} ++ ++int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, ++ const unsigned char **pk, int *ppklen, ++ X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) ++{ ++ if (ppkalg) ++ *ppkalg = p8->pkeyalg->algorithm; ++ if (p8->pkey->type == V_ASN1_OCTET_STRING) { ++ p8->broken = PKCS8_OK; ++ if (pk) { ++ *pk = p8->pkey->value.octet_string->data; ++ *ppklen = p8->pkey->value.octet_string->length; ++ } ++ } else if (p8->pkey->type == V_ASN1_SEQUENCE) { ++ p8->broken = PKCS8_NO_OCTET; ++ if (pk) { ++ *pk = p8->pkey->value.sequence->data; ++ *ppklen = p8->pkey->value.sequence->length; ++ } ++ } else ++ return 0; ++ if (pa) ++ *pa = p8->pkeyalg; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c +index 75a753b..0dfaf0b 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c +@@ -94,8 +94,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) + l = X509_CRL_get_version(x); + BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l); + i = OBJ_obj2nid(x->sig_alg->algorithm); +- BIO_printf(out, "%8sSignature Algorithm: %s\n", "", +- (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); ++ X509_signature_print(out, x->sig_alg, NULL); + p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); + BIO_printf(out, "%8sIssuer: %s\n", "", p); + OPENSSL_free(p); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +index 4821821..735c342 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +@@ -55,487 +55,15 @@ + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Binary polynomial ECC support in OpenSSL originally developed by +- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. +- */ + + #include + #include "cryptlib.h" + #include + #include + #include +-#ifndef OPENSSL_NO_RSA +-# include +-#endif +-#ifndef OPENSSL_NO_DH +-# include +-#endif +-#ifndef OPENSSL_NO_DSA +-# include +-#endif +-#ifndef OPENSSL_NO_EC +-# include +-#endif +- +-static int print(BIO *fp, const char *str, const BIGNUM *num, +- unsigned char *buf, int off); +-#ifndef OPENSSL_NO_EC +-static int print_bin(BIO *fp, const char *str, const unsigned char *num, +- size_t len, int off); +-#endif +-#ifndef OPENSSL_NO_RSA +-# ifndef OPENSSL_NO_FP_API +-int RSA_print_fp(FILE *fp, const RSA *x, int off) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = RSA_print(b, x, off); +- BIO_free(b); +- return (ret); +-} +-# endif +- +-int RSA_print(BIO *bp, const RSA *x, int off) +-{ +- char str[128]; +- const char *s; +- unsigned char *m = NULL; +- int ret = 0, mod_len = 0; +- size_t buf_len = 0, i; +- +- if (x->n) +- buf_len = (size_t)BN_num_bytes(x->n); +- if (x->e) +- if (buf_len < (i = (size_t)BN_num_bytes(x->e))) +- buf_len = i; +- if (x->d) +- if (buf_len < (i = (size_t)BN_num_bytes(x->d))) +- buf_len = i; +- if (x->p) +- if (buf_len < (i = (size_t)BN_num_bytes(x->p))) +- buf_len = i; +- if (x->q) +- if (buf_len < (i = (size_t)BN_num_bytes(x->q))) +- buf_len = i; +- if (x->dmp1) +- if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1))) +- buf_len = i; +- if (x->dmq1) +- if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1))) +- buf_len = i; +- if (x->iqmp) +- if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp))) +- buf_len = i; +- +- m = (unsigned char *)OPENSSL_malloc(buf_len + 10); +- if (m == NULL) { +- RSAerr(RSA_F_RSA_PRINT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (x->n != NULL) +- mod_len = BN_num_bits(x->n); +- +- if (x->d != NULL) { +- if (!BIO_indent(bp, off, 128)) +- goto err; +- if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) +- <= 0) +- goto err; +- } +- +- if (x->d == NULL) +- BIO_snprintf(str, sizeof str, "Modulus (%d bit):", mod_len); +- else +- BUF_strlcpy(str, "modulus:", sizeof str); +- if (!print(bp, str, x->n, m, off)) +- goto err; +- s = (x->d == NULL) ? "Exponent:" : "publicExponent:"; +- if ((x->e != NULL) && !print(bp, s, x->e, m, off)) +- goto err; +- if ((x->d != NULL) && !print(bp, "privateExponent:", x->d, m, off)) +- goto err; +- if ((x->p != NULL) && !print(bp, "prime1:", x->p, m, off)) +- goto err; +- if ((x->q != NULL) && !print(bp, "prime2:", x->q, m, off)) +- goto err; +- if ((x->dmp1 != NULL) && !print(bp, "exponent1:", x->dmp1, m, off)) +- goto err; +- if ((x->dmq1 != NULL) && !print(bp, "exponent2:", x->dmq1, m, off)) +- goto err; +- if ((x->iqmp != NULL) && !print(bp, "coefficient:", x->iqmp, m, off)) +- goto err; +- ret = 1; +- err: +- if (m != NULL) +- OPENSSL_free(m); +- return (ret); +-} +-#endif /* OPENSSL_NO_RSA */ +- +-#ifndef OPENSSL_NO_DSA +-# ifndef OPENSSL_NO_FP_API +-int DSA_print_fp(FILE *fp, const DSA *x, int off) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = DSA_print(b, x, off); +- BIO_free(b); +- return (ret); +-} +-# endif +- +-int DSA_print(BIO *bp, const DSA *x, int off) +-{ +- unsigned char *m = NULL; +- int ret = 0; +- size_t buf_len = 0, i; +- +- if (x->p) +- buf_len = (size_t)BN_num_bytes(x->p); +- if (x->q) +- if (buf_len < (i = (size_t)BN_num_bytes(x->q))) +- buf_len = i; +- if (x->g) +- if (buf_len < (i = (size_t)BN_num_bytes(x->g))) +- buf_len = i; +- if (x->priv_key) +- if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key))) +- buf_len = i; +- if (x->pub_key) +- if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key))) +- buf_len = i; +- +- m = (unsigned char *)OPENSSL_malloc(buf_len + 10); +- if (m == NULL) { +- DSAerr(DSA_F_DSA_PRINT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (x->priv_key != NULL) { +- if (!BIO_indent(bp, off, 128)) +- goto err; +- if (BIO_printf(bp, "Private-Key: (%d bit)\n", BN_num_bits(x->p)) +- <= 0) +- goto err; +- } +- +- if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, m, off)) +- goto err; +- if ((x->pub_key != NULL) && !print(bp, "pub: ", x->pub_key, m, off)) +- goto err; +- if ((x->p != NULL) && !print(bp, "P: ", x->p, m, off)) +- goto err; +- if ((x->q != NULL) && !print(bp, "Q: ", x->q, m, off)) +- goto err; +- if ((x->g != NULL) && !print(bp, "G: ", x->g, m, off)) +- goto err; +- ret = 1; +- err: +- if (m != NULL) +- OPENSSL_free(m); +- return (ret); +-} +-#endif /* !OPENSSL_NO_DSA */ +- +-#ifndef OPENSSL_NO_EC +-# ifndef OPENSSL_NO_FP_API +-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = ECPKParameters_print(b, x, off); +- BIO_free(b); +- return (ret); +-} +- +-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = EC_KEY_print(b, x, off); +- BIO_free(b); +- return (ret); +-} +-# endif +- +-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) +-{ +- unsigned char *buffer = NULL; +- size_t buf_len = 0, i; +- int ret = 0, reason = ERR_R_BIO_LIB; +- BN_CTX *ctx = NULL; +- const EC_POINT *point = NULL; +- BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL, +- *order = NULL, *cofactor = NULL; +- const unsigned char *seed; +- size_t seed_len = 0; +- +- static const char *gen_compressed = "Generator (compressed):"; +- static const char *gen_uncompressed = "Generator (uncompressed):"; +- static const char *gen_hybrid = "Generator (hybrid):"; +- +- if (!x) { +- reason = ERR_R_PASSED_NULL_PARAMETER; +- goto err; +- } +- +- if (EC_GROUP_get_asn1_flag(x)) { +- /* the curve parameter are given by an asn1 OID */ +- int nid; +- +- if (!BIO_indent(bp, off, 128)) +- goto err; +- +- nid = EC_GROUP_get_curve_name(x); +- if (nid == 0) +- goto err; +- +- if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) +- goto err; +- if (BIO_printf(bp, "\n") <= 0) +- goto err; +- } else { +- /* explicit parameters */ +- int is_char_two = 0; +- point_conversion_form_t form; +- int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); +- +- if (tmp_nid == NID_X9_62_characteristic_two_field) +- is_char_two = 1; +- +- if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || +- (b = BN_new()) == NULL || (order = BN_new()) == NULL || +- (cofactor = BN_new()) == NULL) { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- if (is_char_two) { +- if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- } else { /* prime field */ +- +- if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- } +- +- if ((point = EC_GROUP_get0_generator(x)) == NULL) { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- if (!EC_GROUP_get_order(x, order, NULL) || +- !EC_GROUP_get_cofactor(x, cofactor, NULL)) { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- +- form = EC_GROUP_get_point_conversion_form(x); +- +- if ((gen = EC_POINT_point2bn(x, point, form, NULL, ctx)) == NULL) { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- +- buf_len = (size_t)BN_num_bytes(p); +- if (buf_len < (i = (size_t)BN_num_bytes(a))) +- buf_len = i; +- if (buf_len < (i = (size_t)BN_num_bytes(b))) +- buf_len = i; +- if (buf_len < (i = (size_t)BN_num_bytes(gen))) +- buf_len = i; +- if (buf_len < (i = (size_t)BN_num_bytes(order))) +- buf_len = i; +- if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) +- buf_len = i; +- +- if ((seed = EC_GROUP_get0_seed(x)) != NULL) +- seed_len = EC_GROUP_get_seed_len(x); +- +- buf_len += 10; +- if ((buffer = OPENSSL_malloc(buf_len)) == NULL) { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- if (!BIO_indent(bp, off, 128)) +- goto err; +- +- /* print the 'short name' of the field type */ +- if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) +- <= 0) +- goto err; +- +- if (is_char_two) { +- /* print the 'short name' of the base type OID */ +- int basis_type = EC_GROUP_get_basis_type(x); +- if (basis_type == 0) +- goto err; +- +- if (!BIO_indent(bp, off, 128)) +- goto err; +- +- if (BIO_printf(bp, "Basis Type: %s\n", +- OBJ_nid2sn(basis_type)) <= 0) +- goto err; +- +- /* print the polynomial */ +- if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, off)) +- goto err; +- } else { +- if ((p != NULL) && !print(bp, "Prime:", p, buffer, off)) +- goto err; +- } +- if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) +- goto err; +- if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) +- goto err; +- if (form == POINT_CONVERSION_COMPRESSED) { +- if ((gen != NULL) && !print(bp, gen_compressed, gen, buffer, off)) +- goto err; +- } else if (form == POINT_CONVERSION_UNCOMPRESSED) { +- if ((gen != NULL) && !print(bp, gen_uncompressed, gen, +- buffer, off)) +- goto err; +- } else { /* form == POINT_CONVERSION_HYBRID */ +- +- if ((gen != NULL) && !print(bp, gen_hybrid, gen, buffer, off)) +- goto err; +- } +- if ((order != NULL) && !print(bp, "Order: ", order, buffer, off)) +- goto err; +- if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, +- buffer, off)) +- goto err; +- if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) +- goto err; +- } +- ret = 1; +- err: +- if (!ret) +- ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); +- if (p) +- BN_free(p); +- if (a) +- BN_free(a); +- if (b) +- BN_free(b); +- if (gen) +- BN_free(gen); +- if (order) +- BN_free(order); +- if (cofactor) +- BN_free(cofactor); +- if (ctx) +- BN_CTX_free(ctx); +- if (buffer != NULL) +- OPENSSL_free(buffer); +- return (ret); +-} +- +-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) +-{ +- unsigned char *buffer = NULL; +- size_t buf_len = 0, i; +- int ret = 0, reason = ERR_R_BIO_LIB; +- BIGNUM *pub_key = NULL, *order = NULL; +- BN_CTX *ctx = NULL; +- const EC_GROUP *group; +- const EC_POINT *public_key; +- const BIGNUM *priv_key; +- +- if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { +- reason = ERR_R_PASSED_NULL_PARAMETER; +- goto err; +- } +- +- public_key = EC_KEY_get0_public_key(x); +- if ((pub_key = EC_POINT_point2bn(group, public_key, +- EC_KEY_get_conv_form(x), NULL, +- ctx)) == NULL) { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- +- buf_len = (size_t)BN_num_bytes(pub_key); +- priv_key = EC_KEY_get0_private_key(x); +- if (priv_key != NULL) { +- if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len) +- buf_len = i; +- } +- +- buf_len += 10; +- if ((buffer = OPENSSL_malloc(buf_len)) == NULL) { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } + +- if (priv_key != NULL) { +- if (!BIO_indent(bp, off, 128)) +- goto err; +- if ((order = BN_new()) == NULL) +- goto err; +- if (!EC_GROUP_get_order(group, order, NULL)) +- goto err; +- if (BIO_printf(bp, "Private-Key: (%d bit)\n", +- BN_num_bits(order)) <= 0) +- goto err; +- } +- +- if ((priv_key != NULL) && !print(bp, "priv:", priv_key, buffer, off)) +- goto err; +- if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, buffer, off)) +- goto err; +- if (!ECPKParameters_print(bp, group, off)) +- goto err; +- ret = 1; +- err: +- if (!ret) +- ECerr(EC_F_EC_KEY_PRINT, reason); +- if (pub_key) +- BN_free(pub_key); +- if (order) +- BN_free(order); +- if (ctx) +- BN_CTX_free(ctx); +- if (buffer != NULL) +- OPENSSL_free(buffer); +- return (ret); +-} +-#endif /* OPENSSL_NO_EC */ +- +-static int print(BIO *bp, const char *number, const BIGNUM *num, +- unsigned char *buf, int off) ++int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, ++ unsigned char *buf, int off) + { + int n, i; + const char *neg; +@@ -583,216 +111,3 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, + } + return (1); + } +- +-#ifndef OPENSSL_NO_EC +-static int print_bin(BIO *fp, const char *name, const unsigned char *buf, +- size_t len, int off) +-{ +- size_t i; +- char str[128]; +- +- if (buf == NULL) +- return 1; +- if (off) { +- if (off > 128) +- off = 128; +- memset(str, ' ', off); +- if (BIO_write(fp, str, off) <= 0) +- return 0; +- } +- +- if (BIO_printf(fp, "%s", name) <= 0) +- return 0; +- +- for (i = 0; i < len; i++) { +- if ((i % 15) == 0) { +- str[0] = '\n'; +- memset(&(str[1]), ' ', off + 4); +- if (BIO_write(fp, str, off + 1 + 4) <= 0) +- return 0; +- } +- if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <= +- 0) +- return 0; +- } +- if (BIO_write(fp, "\n", 1) <= 0) +- return 0; +- +- return 1; +-} +-#endif +- +-#ifndef OPENSSL_NO_DH +-# ifndef OPENSSL_NO_FP_API +-int DHparams_print_fp(FILE *fp, const DH *x) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = DHparams_print(b, x); +- BIO_free(b); +- return (ret); +-} +-# endif +- +-int DHparams_print(BIO *bp, const DH *x) +-{ +- unsigned char *m = NULL; +- int reason = ERR_R_BUF_LIB, ret = 0; +- size_t buf_len = 0, i; +- +- if (x->p) +- buf_len = (size_t)BN_num_bytes(x->p); +- else { +- reason = ERR_R_PASSED_NULL_PARAMETER; +- goto err; +- } +- if (x->g) +- if (buf_len < (i = (size_t)BN_num_bytes(x->g))) +- buf_len = i; +- m = (unsigned char *)OPENSSL_malloc(buf_len + 10); +- if (m == NULL) { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- if (BIO_printf(bp, "Diffie-Hellman-Parameters: (%d bit)\n", +- BN_num_bits(x->p)) <= 0) +- goto err; +- if (!print(bp, "prime:", x->p, m, 4)) +- goto err; +- if (!print(bp, "generator:", x->g, m, 4)) +- goto err; +- if (x->length != 0) { +- if (BIO_printf(bp, " recommended-private-length: %d bits\n", +- (int)x->length) <= 0) +- goto err; +- } +- ret = 1; +- if (0) { +- err: +- DHerr(DH_F_DHPARAMS_PRINT, reason); +- } +- if (m != NULL) +- OPENSSL_free(m); +- return (ret); +-} +-#endif +- +-#ifndef OPENSSL_NO_DSA +-# ifndef OPENSSL_NO_FP_API +-int DSAparams_print_fp(FILE *fp, const DSA *x) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = DSAparams_print(b, x); +- BIO_free(b); +- return (ret); +-} +-# endif +- +-int DSAparams_print(BIO *bp, const DSA *x) +-{ +- unsigned char *m = NULL; +- int ret = 0; +- size_t buf_len = 0, i; +- +- if (x->p) +- buf_len = (size_t)BN_num_bytes(x->p); +- else { +- DSAerr(DSA_F_DSAPARAMS_PRINT, DSA_R_MISSING_PARAMETERS); +- goto err; +- } +- if (x->q) +- if (buf_len < (i = (size_t)BN_num_bytes(x->q))) +- buf_len = i; +- if (x->g) +- if (buf_len < (i = (size_t)BN_num_bytes(x->g))) +- buf_len = i; +- m = (unsigned char *)OPENSSL_malloc(buf_len + 10); +- if (m == NULL) { +- DSAerr(DSA_F_DSAPARAMS_PRINT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (BIO_printf(bp, "DSA-Parameters: (%d bit)\n", BN_num_bits(x->p)) <= 0) +- goto err; +- if (!print(bp, "p:", x->p, m, 4)) +- goto err; +- if ((x->q != NULL) && !print(bp, "q:", x->q, m, 4)) +- goto err; +- if ((x->g != NULL) && !print(bp, "g:", x->g, m, 4)) +- goto err; +- ret = 1; +- err: +- if (m != NULL) +- OPENSSL_free(m); +- return (ret); +-} +- +-#endif /* !OPENSSL_NO_DSA */ +- +-#ifndef OPENSSL_NO_EC +-# ifndef OPENSSL_NO_FP_API +-int ECParameters_print_fp(FILE *fp, const EC_KEY *x) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = ECParameters_print(b, x); +- BIO_free(b); +- return (ret); +-} +-# endif +- +-int ECParameters_print(BIO *bp, const EC_KEY *x) +-{ +- int reason = ERR_R_EC_LIB, ret = 0; +- BIGNUM *order = NULL; +- const EC_GROUP *group; +- +- if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { +- reason = ERR_R_PASSED_NULL_PARAMETER;; +- goto err; +- } +- +- if ((order = BN_new()) == NULL) { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- if (!EC_GROUP_get_order(group, order, NULL)) { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- +- if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", +- BN_num_bits(order)) <= 0) +- goto err; +- if (!ECPKParameters_print(bp, group, 4)) +- goto err; +- ret = 1; +- err: +- if (order) +- BN_free(order); +- ECerr(EC_F_ECPARAMETERS_PRINT, reason); +- return (ret); +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c +index b578b68..024553a 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_req.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c +@@ -148,29 +148,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, + if (pkey == NULL) { + BIO_printf(bp, "%12sUnable to load Public Key\n", ""); + ERR_print_errors(bp); +- } else +-#ifndef OPENSSL_NO_RSA +- if (pkey->type == EVP_PKEY_RSA) { +- BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "", +- BN_num_bits(pkey->pkey.rsa->n)); +- RSA_print(bp, pkey->pkey.rsa, 16); +- } else +-#endif +-#ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) { +- BIO_printf(bp, "%12sDSA Public Key:\n", ""); +- DSA_print(bp, pkey->pkey.dsa, 16); +- } else +-#endif +-#ifndef OPENSSL_NO_EC +- if (pkey->type == EVP_PKEY_EC) { +- BIO_printf(bp, "%12sEC Public Key: \n", ""); +- EC_KEY_print(bp, pkey->pkey.ec, 16); +- } else +-#endif +- BIO_printf(bp, "%12sUnknown Public Key:\n", ""); +- +- EVP_PKEY_free(pkey); ++ } else { ++ EVP_PKEY_print_public(bp, pkey, 16, NULL); ++ EVP_PKEY_free(pkey); ++ } + } + + if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c +index b0ce089..3bf48db 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c +@@ -85,27 +85,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) + if (!pkey) + BIO_printf(out, " Unable to load public key\n"); + else { +-#ifndef OPENSSL_NO_RSA +- if (pkey->type == EVP_PKEY_RSA) { +- BIO_printf(out, " RSA Public Key: (%d bit)\n", +- BN_num_bits(pkey->pkey.rsa->n)); +- RSA_print(out, pkey->pkey.rsa, 2); +- } else +-#endif +-#ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) { +- BIO_printf(out, " DSA Public Key:\n"); +- DSA_print(out, pkey->pkey.dsa, 2); +- } else +-#endif +-#ifndef OPENSSL_NO_EC +- if (pkey->type == EVP_PKEY_EC) { +- BIO_printf(out, " EC Public Key:\n"); +- EC_KEY_print(out, pkey->pkey.ec, 2); +- } else +-#endif +- +- BIO_printf(out, " Unknown Public Key:\n"); ++ EVP_PKEY_print_public(out, pkey, 4, NULL); + EVP_PKEY_free(pkey); + } + chal = spki->spkac->challenge; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +index 53f631d..8aab551 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +@@ -72,6 +72,7 @@ + #include + #include + #include ++#include "asn1_locl.h" + + #ifndef OPENSSL_NO_FP_API + int X509_print_fp(FILE *fp, X509 *x) +@@ -112,7 +113,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, + ASN1_INTEGER *bs; + EVP_PKEY *pkey = NULL; + const char *neg; +- ASN1_STRING *str = NULL; + + if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { + mlch = '\n'; +@@ -140,9 +140,9 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, + goto err; + + bs = X509_get_serialNumber(x); +- if (bs->length <= 4) { ++ if (bs->length <= (int)sizeof(long)) { + l = ASN1_INTEGER_get(bs); +- if (l < 0) { ++ if (bs->type == V_ASN1_NEG_INTEGER) { + l = -l; + neg = "-"; + } else +@@ -164,12 +164,16 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, + } + + if (!(cflag & X509_FLAG_NO_SIGNAME)) { ++ if (X509_signature_print(bp, ci->signature, NULL) <= 0) ++ goto err; ++#if 0 + if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) + goto err; + if (BIO_puts(bp, "\n") <= 0) + goto err; ++#endif + } + + if (!(cflag & X509_FLAG_NO_ISSUER)) { +@@ -218,29 +222,25 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, + if (pkey == NULL) { + BIO_printf(bp, "%12sUnable to load Public Key\n", ""); + ERR_print_errors(bp); +- } else +-#ifndef OPENSSL_NO_RSA +- if (pkey->type == EVP_PKEY_RSA) { +- BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "", +- BN_num_bits(pkey->pkey.rsa->n)); +- RSA_print(bp, pkey->pkey.rsa, 16); +- } else +-#endif +-#ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) { +- BIO_printf(bp, "%12sDSA Public Key:\n", ""); +- DSA_print(bp, pkey->pkey.dsa, 16); +- } else +-#endif +-#ifndef OPENSSL_NO_EC +- if (pkey->type == EVP_PKEY_EC) { +- BIO_printf(bp, "%12sEC Public Key:\n", ""); +- EC_KEY_print(bp, pkey->pkey.ec, 16); +- } else +-#endif +- BIO_printf(bp, "%12sUnknown Public Key:\n", ""); ++ } else { ++ EVP_PKEY_print_public(bp, pkey, 16, NULL); ++ EVP_PKEY_free(pkey); ++ } ++ } + +- EVP_PKEY_free(pkey); ++ if (!(cflag & X509_FLAG_NO_IDS)) { ++ if (ci->issuerUID) { ++ if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) ++ goto err; ++ if (!X509_signature_dump(bp, ci->issuerUID, 12)) ++ goto err; ++ } ++ if (ci->subjectUID) { ++ if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) ++ goto err; ++ if (!X509_signature_dump(bp, ci->subjectUID, 12)) ++ goto err; ++ } + } + + if (!(cflag & X509_FLAG_NO_EXTENSIONS)) +@@ -257,8 +257,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, + } + ret = 1; + err: +- if (str != NULL) +- ASN1_STRING_free(str); + if (m != NULL) + OPENSSL_free(m); + return (ret); +@@ -282,7 +280,8 @@ int X509_ocspid_print(BIO *bp, X509 *x) + goto err; + i2d_X509_NAME(x->cert_info->subject, &dertmp); + +- EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); ++ if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) ++ goto err; + for (i = 0; i < SHA_DIGEST_LENGTH; i++) { + if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) + goto err; +@@ -296,9 +295,10 @@ int X509_ocspid_print(BIO *bp, X509 *x) + if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) + goto err; + +- EVP_Digest(x->cert_info->key->public_key->data, +- x->cert_info->key->public_key->length, SHA1md, NULL, +- EVP_sha1(), NULL); ++ if (!EVP_Digest(x->cert_info->key->public_key->data, ++ x->cert_info->key->public_key->length, ++ SHA1md, NULL, EVP_sha1(), NULL)) ++ goto err; + for (i = 0; i < SHA_DIGEST_LENGTH; i++) { + if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) + goto err; +@@ -312,38 +312,64 @@ int X509_ocspid_print(BIO *bp, X509 *x) + return (0); + } + +-int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) ++int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) + { +- unsigned char *s; ++ const unsigned char *s; + int i, n; +- if (BIO_puts(bp, " Signature Algorithm: ") <= 0) +- return 0; +- if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) +- return 0; + + n = sig->length; + s = sig->data; + for (i = 0; i < n; i++) { +- if ((i % 18) == 0) +- if (BIO_write(bp, "\n ", 9) <= 0) ++ if ((i % 18) == 0) { ++ if (BIO_write(bp, "\n", 1) <= 0) + return 0; ++ if (BIO_indent(bp, indent, indent) <= 0) ++ return 0; ++ } + if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) + return 0; + } + if (BIO_write(bp, "\n", 1) != 1) + return 0; ++ + return 1; + } + +-int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) ++int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) ++{ ++ int sig_nid; ++ if (BIO_puts(bp, " Signature Algorithm: ") <= 0) ++ return 0; ++ if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) ++ return 0; ++ ++ sig_nid = OBJ_obj2nid(sigalg->algorithm); ++ if (sig_nid != NID_undef) { ++ int pkey_nid, dig_nid; ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { ++ ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); ++ if (ameth && ameth->sig_print) ++ return ameth->sig_print(bp, sigalg, sig, 9, 0); ++ } ++ } ++ if (sig) ++ return X509_signature_dump(bp, sig, 9); ++ else if (BIO_puts(bp, "\n") <= 0) ++ return 0; ++ return 1; ++} ++ ++int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) + { + int i, n; +- char buf[80], *p; ++ char buf[80]; ++ const char *p; + + if (v == NULL) + return (0); + n = 0; +- p = (char *)v->data; ++ p = (const char *)v->data; + for (i = 0; i < v->length; i++) { + if ((p[i] > '~') || ((p[i] < ' ') && + (p[i] != '\n') && (p[i] != '\r'))) +@@ -363,7 +389,7 @@ int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) + return (1); + } + +-int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm) ++int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) + { + if (tm->type == V_ASN1_UTCTIME) + return ASN1_UTCTIME_print(bp, tm); +@@ -378,7 +404,7 @@ static const char *mon[12] = { + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; + +-int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) ++int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) + { + char *v; + int gmt = 0; +@@ -430,15 +456,15 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) + return (0); + } + +-int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) ++int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) + { +- char *v; ++ const char *v; + int gmt = 0; + int i; + int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; + + i = tm->length; +- v = (char *)tm->data; ++ v = (const char *)tm->data; + + if (i < 10) + goto err; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c +index 6e4a325..7fd336a 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c +@@ -124,6 +124,8 @@ unsigned long ASN1_tag2bit(int tag) + /* Macro to initialize and invalidate the cache */ + + #define asn1_tlc_clear(c) if (c) (c)->valid = 0 ++/* Version to avoid compiler warning about 'c' always non-NULL */ ++#define asn1_tlc_clear_nc(c) (c)->valid = 0 + + /* + * Decode an ASN1 item, this currently behaves just like a standard 'd2i' +@@ -140,7 +142,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, + ASN1_VALUE *ptmpval = NULL; + if (!pval) + pval = &ptmpval; +- c.valid = 0; ++ asn1_tlc_clear_nc(&c); + if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + return *pval; + return NULL; +@@ -151,7 +153,7 @@ int ASN1_template_d2i(ASN1_VALUE **pval, + const ASN1_TEMPLATE *tt) + { + ASN1_TLC c; +- c.valid = 0; ++ asn1_tlc_clear_nc(&c); + return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); + } + +@@ -300,7 +302,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + goto err; + + case ASN1_ITYPE_CHOICE: +- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) + goto auxerr; + if (*pval) { + /* Free up and zero CHOICE value if initialised */ +@@ -349,7 +351,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + + asn1_set_choice_selector(pval, i, it); + *in = p; +- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) + goto auxerr; + return 1; + +@@ -388,7 +390,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + goto err; + } + +- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) + goto auxerr; + + /* Free up and zero any ADB found */ +@@ -488,7 +490,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + if (!asn1_enc_save(pval, *in, p - *in, it)) + goto auxerr; + *in = p; +- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) + goto auxerr; + return 1; + +@@ -629,10 +631,10 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, + /* + * We've got a valid STACK: free up any items present + */ +- STACK *sktmp = (STACK *) * val; ++ STACK_OF(ASN1_VALUE) *sktmp = (STACK_OF(ASN1_VALUE) *)*val; + ASN1_VALUE *vtmp; +- while (sk_num(sktmp) > 0) { +- vtmp = (ASN1_VALUE *)sk_pop(sktmp); ++ while (sk_ASN1_VALUE_num(sktmp) > 0) { ++ vtmp = sk_ASN1_VALUE_pop(sktmp); + ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)); + } + } +@@ -665,7 +667,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, + goto err; + } + len -= p - q; +- if (!sk_push((STACK *) * val, (char *)skfield)) { ++ if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); + goto err; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +index b93f3f6..f04a689 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +@@ -153,7 +153,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); + + case ASN1_ITYPE_CHOICE: +- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) + return 0; + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) { +@@ -164,7 +164,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass); + } + /* Fixme: error condition if selector out of range */ +- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL)) + return 0; + break; + +@@ -210,7 +210,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) + | V_ASN1_UNIVERSAL; + } +- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) + return 0; + /* First work out sequence content length */ + for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { +@@ -242,7 +242,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + } + if (ndef == 2) + ASN1_put_eoc(out); +- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL)) + return 0; + return seqlen; + +@@ -545,7 +545,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, + ASN1_STRING *strtmp; + ASN1_OBJECT *otmp; + int utype; +- unsigned char *cont, c; ++ const unsigned char *cont; ++ unsigned char c; + int len; + const ASN1_PRIMITIVE_FUNCS *pf; + pf = it->funcs; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c +index a56d89b..aeea4ef 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c +@@ -110,7 +110,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + + case ASN1_ITYPE_CHOICE: + if (asn1_cb) { +- i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); ++ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); + if (i == 2) + return; + } +@@ -122,7 +122,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + ASN1_template_free(pchval, tt); + } + if (asn1_cb) +- asn1_cb(ASN1_OP_FREE_POST, pval, it); ++ asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); + if (!combine) { + OPENSSL_free(*pval); + *pval = NULL; +@@ -146,7 +146,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + if (asn1_do_lock(pval, -1, it) > 0) + return; + if (asn1_cb) { +- i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); ++ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); + if (i == 2) + return; + } +@@ -166,7 +166,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + ASN1_template_free(pseqval, seqtt); + } + if (asn1_cb) +- asn1_cb(ASN1_OP_FREE_POST, pval, it); ++ asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); + if (!combine) { + OPENSSL_free(*pval); + *pval = NULL; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c +index 8c540cc..b0c73be 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c +@@ -68,7 +68,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + int combine); + static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); + static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); ++static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); + + ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) + { +@@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + else + asn1_cb = 0; + +- if (!combine) +- *pval = NULL; +- + #ifdef CRYPTO_MDEBUG + if (it->sname) + CRYPTO_push_info(it->sname); +@@ -142,7 +139,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + + case ASN1_ITYPE_CHOICE: + if (asn1_cb) { +- i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); ++ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); + if (!i) + goto auxerr; + if (i == 2) { +@@ -160,14 +157,14 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + memset(*pval, 0, it->size); + } + asn1_set_choice_selector(pval, -1, it); +- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) + goto auxerr; + break; + + case ASN1_ITYPE_NDEF_SEQUENCE: + case ASN1_ITYPE_SEQUENCE: + if (asn1_cb) { +- i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); ++ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); + if (!i) + goto auxerr; + if (i == 2) { +@@ -191,7 +188,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + if (!ASN1_template_new(pseqval, tt)) + goto memerr; + } +- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) ++ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) + goto auxerr; + break; + } +@@ -312,15 +309,19 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) + int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + { + ASN1_TYPE *typ; ++ ASN1_STRING *str; + int utype; + +- if (it && it->funcs) { ++ if (!it) ++ return 0; ++ ++ if (it->funcs) { + const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; + if (pf->prim_new) + return pf->prim_new(pval, it); + } + +- if (!it || (it->itype == ASN1_ITYPE_MSTRING)) ++ if (it->itype == ASN1_ITYPE_MSTRING) + utype = -1; + else + utype = it->utype; +@@ -330,10 +331,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + return 1; + + case V_ASN1_BOOLEAN: +- if (it) +- *(ASN1_BOOLEAN *)pval = it->size; +- else +- *(ASN1_BOOLEAN *)pval = -1; ++ *(ASN1_BOOLEAN *)pval = it->size; + return 1; + + case V_ASN1_NULL: +@@ -350,7 +348,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + break; + + default: +- *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); ++ str = ASN1_STRING_type_new(utype); ++ if (it->itype == ASN1_ITYPE_MSTRING && str) ++ str->flags |= ASN1_STRING_FLAG_MSTRING; ++ *pval = (ASN1_VALUE *)str; + break; + } + if (*pval) +@@ -358,7 +359,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + return 0; + } + +-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) ++static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) + { + int utype; + if (it && it->funcs) { +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c +new file mode 100644 +index 0000000..5e7d53e +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c +@@ -0,0 +1,585 @@ ++/* tasn_prn.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000,2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include ++#include ++#include "asn1_locl.h" ++ ++/* ++ * Print routines. ++ */ ++ ++/* ASN1_PCTX routines */ ++ ++ASN1_PCTX default_pctx = { ++ ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ ++ 0, /* nm_flags */ ++ 0, /* cert_flags */ ++ 0, /* oid_flags */ ++ 0 /* str_flags */ ++}; ++ ++ASN1_PCTX *ASN1_PCTX_new(void) ++{ ++ ASN1_PCTX *ret; ++ ret = OPENSSL_malloc(sizeof(ASN1_PCTX)); ++ if (ret == NULL) { ++ ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ret->flags = 0; ++ ret->nm_flags = 0; ++ ret->cert_flags = 0; ++ ret->oid_flags = 0; ++ ret->str_flags = 0; ++ return ret; ++} ++ ++void ASN1_PCTX_free(ASN1_PCTX *p) ++{ ++ OPENSSL_free(p); ++} ++ ++unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p) ++{ ++ return p->flags; ++} ++ ++void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags) ++{ ++ p->flags = flags; ++} ++ ++unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p) ++{ ++ return p->nm_flags; ++} ++ ++void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags) ++{ ++ p->nm_flags = flags; ++} ++ ++unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p) ++{ ++ return p->cert_flags; ++} ++ ++void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags) ++{ ++ p->cert_flags = flags; ++} ++ ++unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p) ++{ ++ return p->oid_flags; ++} ++ ++void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags) ++{ ++ p->oid_flags = flags; ++} ++ ++unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p) ++{ ++ return p->str_flags; ++} ++ ++void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags) ++{ ++ p->str_flags = flags; ++} ++ ++/* Main print routines */ ++ ++static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, ++ const ASN1_ITEM *it, ++ const char *fname, const char *sname, ++ int nohdr, const ASN1_PCTX *pctx); ++ ++int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, ++ const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx); ++ ++static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, ++ const ASN1_ITEM *it, int indent, ++ const char *fname, const char *sname, ++ const ASN1_PCTX *pctx); ++ ++static int asn1_print_fsname(BIO *out, int indent, ++ const char *fname, const char *sname, ++ const ASN1_PCTX *pctx); ++ ++int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, ++ const ASN1_ITEM *it, const ASN1_PCTX *pctx) ++{ ++ const char *sname; ++ if (pctx == NULL) ++ pctx = &default_pctx; ++ if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME) ++ sname = NULL; ++ else ++ sname = it->sname; ++ return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname, 0, pctx); ++} ++ ++static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, ++ const ASN1_ITEM *it, ++ const char *fname, const char *sname, ++ int nohdr, const ASN1_PCTX *pctx) ++{ ++ const ASN1_TEMPLATE *tt; ++ const ASN1_EXTERN_FUNCS *ef; ++ ASN1_VALUE **tmpfld; ++ const ASN1_AUX *aux = it->funcs; ++ ASN1_aux_cb *asn1_cb; ++ ASN1_PRINT_ARG parg; ++ int i; ++ if (aux && aux->asn1_cb) { ++ parg.out = out; ++ parg.indent = indent; ++ parg.pctx = pctx; ++ asn1_cb = aux->asn1_cb; ++ } else ++ asn1_cb = 0; ++ ++ if (*fld == NULL) { ++ if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) { ++ if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) ++ return 0; ++ if (BIO_puts(out, "\n") <= 0) ++ return 0; ++ } ++ return 1; ++ } ++ ++ switch (it->itype) { ++ case ASN1_ITYPE_PRIMITIVE: ++ if (it->templates) { ++ if (!asn1_template_print_ctx(out, fld, indent, ++ it->templates, pctx)) ++ return 0; ++ break; ++ } ++ /* fall thru */ ++ case ASN1_ITYPE_MSTRING: ++ if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx)) ++ return 0; ++ break; ++ ++ case ASN1_ITYPE_EXTERN: ++ if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) ++ return 0; ++ /* Use new style print routine if possible */ ++ ef = it->funcs; ++ if (ef && ef->asn1_ex_print) { ++ i = ef->asn1_ex_print(out, fld, indent, "", pctx); ++ if (!i) ++ return 0; ++ if ((i == 2) && (BIO_puts(out, "\n") <= 0)) ++ return 0; ++ return 1; ++ } else if (sname && ++ BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0) ++ return 0; ++ break; ++ ++ case ASN1_ITYPE_CHOICE: ++#if 0 ++ if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) ++ return 0; ++#endif ++ /* CHOICE type, get selector */ ++ i = asn1_get_choice_selector(fld, it); ++ /* This should never happen... */ ++ if ((i < 0) || (i >= it->tcount)) { ++ if (BIO_printf(out, "ERROR: selector [%d] invalid\n", i) <= 0) ++ return 0; ++ return 1; ++ } ++ tt = it->templates + i; ++ tmpfld = asn1_get_field_ptr(fld, tt); ++ if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx)) ++ return 0; ++ break; ++ ++ case ASN1_ITYPE_SEQUENCE: ++ case ASN1_ITYPE_NDEF_SEQUENCE: ++ if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) ++ return 0; ++ if (fname || sname) { ++ if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { ++ if (BIO_puts(out, " {\n") <= 0) ++ return 0; ++ } else { ++ if (BIO_puts(out, "\n") <= 0) ++ return 0; ++ } ++ } ++ ++ if (asn1_cb) { ++ i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg); ++ if (i == 0) ++ return 0; ++ if (i == 2) ++ return 1; ++ } ++ ++ /* Print each field entry */ ++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { ++ const ASN1_TEMPLATE *seqtt; ++ seqtt = asn1_do_adb(fld, tt, 1); ++ if (!seqtt) ++ return 0; ++ tmpfld = asn1_get_field_ptr(fld, seqtt); ++ if (!asn1_template_print_ctx(out, tmpfld, ++ indent + 2, seqtt, pctx)) ++ return 0; ++ } ++ if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { ++ if (BIO_printf(out, "%*s}\n", indent, "") < 0) ++ return 0; ++ } ++ ++ if (asn1_cb) { ++ i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg); ++ if (i == 0) ++ return 0; ++ } ++ break; ++ ++ default: ++ BIO_printf(out, "Unprocessed type %d\n", it->itype); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, ++ const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx) ++{ ++ int i, flags; ++ const char *sname, *fname; ++ flags = tt->flags; ++ if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME) ++ sname = ASN1_ITEM_ptr(tt->item)->sname; ++ else ++ sname = NULL; ++ if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME) ++ fname = NULL; ++ else ++ fname = tt->field_name; ++ if (flags & ASN1_TFLG_SK_MASK) { ++ char *tname; ++ ASN1_VALUE *skitem; ++ STACK_OF(ASN1_VALUE) *stack; ++ ++ /* SET OF, SEQUENCE OF */ ++ if (fname) { ++ if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) { ++ if (flags & ASN1_TFLG_SET_OF) ++ tname = "SET"; ++ else ++ tname = "SEQUENCE"; ++ if (BIO_printf(out, "%*s%s OF %s {\n", ++ indent, "", tname, tt->field_name) <= 0) ++ return 0; ++ } else if (BIO_printf(out, "%*s%s:\n", indent, "", fname) <= 0) ++ return 0; ++ } ++ stack = (STACK_OF(ASN1_VALUE) *)*fld; ++ for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) { ++ if ((i > 0) && (BIO_puts(out, "\n") <= 0)) ++ return 0; ++ ++ skitem = sk_ASN1_VALUE_value(stack, i); ++ if (!asn1_item_print_ctx(out, &skitem, indent + 2, ++ ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, ++ pctx)) ++ return 0; ++ } ++ if (!i && BIO_printf(out, "%*s\n", indent + 2, "") <= 0) ++ return 0; ++ if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { ++ if (BIO_printf(out, "%*s}\n", indent, "") <= 0) ++ return 0; ++ } ++ return 1; ++ } ++ return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item), ++ fname, sname, 0, pctx); ++} ++ ++static int asn1_print_fsname(BIO *out, int indent, ++ const char *fname, const char *sname, ++ const ASN1_PCTX *pctx) ++{ ++ static char spaces[] = " "; ++ const int nspaces = sizeof(spaces) - 1; ++ ++#if 0 ++ if (!sname && !fname) ++ return 1; ++#endif ++ ++ while (indent > nspaces) { ++ if (BIO_write(out, spaces, nspaces) != nspaces) ++ return 0; ++ indent -= nspaces; ++ } ++ if (BIO_write(out, spaces, indent) != indent) ++ return 0; ++ if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME) ++ sname = NULL; ++ if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME) ++ fname = NULL; ++ if (!sname && !fname) ++ return 1; ++ if (fname) { ++ if (BIO_puts(out, fname) <= 0) ++ return 0; ++ } ++ if (sname) { ++ if (fname) { ++ if (BIO_printf(out, " (%s)", sname) <= 0) ++ return 0; ++ } else { ++ if (BIO_puts(out, sname) <= 0) ++ return 0; ++ } ++ } ++ if (BIO_write(out, ": ", 2) != 2) ++ return 0; ++ return 1; ++} ++ ++static int asn1_print_boolean_ctx(BIO *out, int boolval, ++ const ASN1_PCTX *pctx) ++{ ++ const char *str; ++ switch (boolval) { ++ case -1: ++ str = "BOOL ABSENT"; ++ break; ++ ++ case 0: ++ str = "FALSE"; ++ break; ++ ++ default: ++ str = "TRUE"; ++ break; ++ ++ } ++ ++ if (BIO_puts(out, str) <= 0) ++ return 0; ++ return 1; ++ ++} ++ ++static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, ++ const ASN1_PCTX *pctx) ++{ ++ char *s; ++ int ret = 1; ++ s = i2s_ASN1_INTEGER(NULL, str); ++ if (BIO_puts(out, s) <= 0) ++ ret = 0; ++ OPENSSL_free(s); ++ return ret; ++} ++ ++static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, ++ const ASN1_PCTX *pctx) ++{ ++ char objbuf[80]; ++ const char *ln; ++ ln = OBJ_nid2ln(OBJ_obj2nid(oid)); ++ if (!ln) ++ ln = ""; ++ OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); ++ if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) ++ return 0; ++ return 1; ++} ++ ++static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent, ++ const ASN1_PCTX *pctx) ++{ ++ if (str->type == V_ASN1_BIT_STRING) { ++ if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0) ++ return 0; ++ } else if (BIO_puts(out, "\n") <= 0) ++ return 0; ++ if ((str->length > 0) ++ && BIO_dump_indent(out, (char *)str->data, str->length, ++ indent + 2) <= 0) ++ return 0; ++ return 1; ++} ++ ++static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, ++ const ASN1_ITEM *it, int indent, ++ const char *fname, const char *sname, ++ const ASN1_PCTX *pctx) ++{ ++ long utype; ++ ASN1_STRING *str; ++ int ret = 1, needlf = 1; ++ const char *pname; ++ const ASN1_PRIMITIVE_FUNCS *pf; ++ pf = it->funcs; ++ if (!asn1_print_fsname(out, indent, fname, sname, pctx)) ++ return 0; ++ if (pf && pf->prim_print) ++ return pf->prim_print(out, fld, it, indent, pctx); ++ str = (ASN1_STRING *)*fld; ++ if (it->itype == ASN1_ITYPE_MSTRING) ++ utype = str->type & ~V_ASN1_NEG; ++ else ++ utype = it->utype; ++ if (utype == V_ASN1_ANY) { ++ ASN1_TYPE *atype = (ASN1_TYPE *)*fld; ++ utype = atype->type; ++ fld = &atype->value.asn1_value; ++ str = (ASN1_STRING *)*fld; ++ if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE) ++ pname = NULL; ++ else ++ pname = ASN1_tag2str(utype); ++ } else { ++ if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE) ++ pname = ASN1_tag2str(utype); ++ else ++ pname = NULL; ++ } ++ ++ if (utype == V_ASN1_NULL) { ++ if (BIO_puts(out, "NULL\n") <= 0) ++ return 0; ++ return 1; ++ } ++ ++ if (pname) { ++ if (BIO_puts(out, pname) <= 0) ++ return 0; ++ if (BIO_puts(out, ":") <= 0) ++ return 0; ++ } ++ ++ switch (utype) { ++ case V_ASN1_BOOLEAN: ++ { ++ int boolval = *(int *)fld; ++ if (boolval == -1) ++ boolval = it->size; ++ ret = asn1_print_boolean_ctx(out, boolval, pctx); ++ } ++ break; ++ ++ case V_ASN1_INTEGER: ++ case V_ASN1_ENUMERATED: ++ ret = asn1_print_integer_ctx(out, str, pctx); ++ break; ++ ++ case V_ASN1_UTCTIME: ++ ret = ASN1_UTCTIME_print(out, str); ++ break; ++ ++ case V_ASN1_GENERALIZEDTIME: ++ ret = ASN1_GENERALIZEDTIME_print(out, str); ++ break; ++ ++ case V_ASN1_OBJECT: ++ ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx); ++ break; ++ ++ case V_ASN1_OCTET_STRING: ++ case V_ASN1_BIT_STRING: ++ ret = asn1_print_obstring_ctx(out, str, indent, pctx); ++ needlf = 0; ++ break; ++ ++ case V_ASN1_SEQUENCE: ++ case V_ASN1_SET: ++ case V_ASN1_OTHER: ++ if (BIO_puts(out, "\n") <= 0) ++ return 0; ++ if (ASN1_parse_dump(out, str->data, str->length, indent, 0) <= 0) ++ ret = 0; ++ needlf = 0; ++ break; ++ ++ default: ++ ret = ASN1_STRING_print_ex(out, str, pctx->str_flags); ++ ++ } ++ if (!ret) ++ return 0; ++ if (needlf && BIO_puts(out, "\n") <= 0) ++ return 0; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c +index 4820035..740e86d 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c +@@ -136,3 +136,14 @@ IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0) + /* Special, OCTET STRING with indefinite length constructed support */ + + IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF) ++ ++ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY) ++ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY) ++ ++ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY) ++ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY) ++ ++IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) ++IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c +index babc2e1..fd7d16d 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c +@@ -121,6 +121,21 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, + } + } + ++/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ ++ ++void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) ++{ ++ int param_type; ++ ++ if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) ++ param_type = V_ASN1_UNDEF; ++ else ++ param_type = V_ASN1_NULL; ++ ++ X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); ++ ++} ++ + int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c +index 099b264..0279503 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c +@@ -59,10 +59,13 @@ + #include + #include "cryptlib.h" + #include ++#include "asn1_locl.h" + #include ++#include + + static int X509_REVOKED_cmp(const X509_REVOKED *const *a, + const X509_REVOKED *const *b); ++static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); + + ASN1_SEQUENCE(X509_REVOKED) = { + ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), +@@ -70,12 +73,27 @@ ASN1_SEQUENCE(X509_REVOKED) = { + ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) + } ASN1_SEQUENCE_END(X509_REVOKED) + ++static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); ++static int def_crl_lookup(X509_CRL *crl, ++ X509_REVOKED **ret, ASN1_INTEGER *serial, ++ X509_NAME *issuer); ++ ++static X509_CRL_METHOD int_crl_meth = { ++ 0, ++ 0, 0, ++ def_crl_lookup, ++ def_crl_verify ++}; ++ ++static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; ++ + /* + * The X509_CRL_INFO structure needs a bit of customisation. Since we cache + * the original encoding the signature wont be affected by reordering of the + * revoked field. + */ +-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; + +@@ -104,7 +122,218 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { + ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) + } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) + +-ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { ++/* ++ * Set CRL entry issuer according to CRL certificate issuer extension. Check ++ * for unhandled critical CRL entry extensions. ++ */ ++ ++static int crl_set_issuers(X509_CRL *crl) ++{ ++ ++ int i, j; ++ GENERAL_NAMES *gens, *gtmp; ++ STACK_OF(X509_REVOKED) *revoked; ++ ++ revoked = X509_CRL_get_REVOKED(crl); ++ ++ gens = NULL; ++ for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) { ++ X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); ++ STACK_OF(X509_EXTENSION) *exts; ++ ASN1_ENUMERATED *reason; ++ X509_EXTENSION *ext; ++ gtmp = X509_REVOKED_get_ext_d2i(rev, ++ NID_certificate_issuer, &j, NULL); ++ if (!gtmp && (j != -1)) { ++ crl->flags |= EXFLAG_INVALID; ++ return 1; ++ } ++ ++ if (gtmp) { ++ gens = gtmp; ++ if (!crl->issuers) { ++ crl->issuers = sk_GENERAL_NAMES_new_null(); ++ if (!crl->issuers) ++ return 0; ++ } ++ if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) ++ return 0; ++ } ++ rev->issuer = gens; ++ ++ reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL); ++ if (!reason && (j != -1)) { ++ crl->flags |= EXFLAG_INVALID; ++ return 1; ++ } ++ ++ if (reason) { ++ rev->reason = ASN1_ENUMERATED_get(reason); ++ ASN1_ENUMERATED_free(reason); ++ } else ++ rev->reason = CRL_REASON_NONE; ++ ++ /* Check for critical CRL entry extensions */ ++ ++ exts = rev->extensions; ++ ++ for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) { ++ ext = sk_X509_EXTENSION_value(exts, j); ++ if (ext->critical > 0) { ++ if (OBJ_obj2nid(ext->object) == NID_certificate_issuer) ++ continue; ++ crl->flags |= EXFLAG_CRITICAL; ++ break; ++ } ++ } ++ ++ } ++ ++ return 1; ++ ++} ++ ++/* ++ * The X509_CRL structure needs a bit of customisation. Cache some extensions ++ * and hash of the whole CRL. ++ */ ++static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ X509_CRL *crl = (X509_CRL *)*pval; ++ STACK_OF(X509_EXTENSION) *exts; ++ X509_EXTENSION *ext; ++ int idx; ++ ++ switch (operation) { ++ case ASN1_OP_NEW_POST: ++ crl->idp = NULL; ++ crl->akid = NULL; ++ crl->flags = 0; ++ crl->idp_flags = 0; ++ crl->idp_reasons = CRLDP_ALL_REASONS; ++ crl->meth = default_crl_method; ++ crl->meth_data = NULL; ++ crl->issuers = NULL; ++ crl->crl_number = NULL; ++ crl->base_crl_number = NULL; ++ break; ++ ++ case ASN1_OP_D2I_POST: ++#ifndef OPENSSL_NO_SHA ++ X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); ++#endif ++ crl->idp = X509_CRL_get_ext_d2i(crl, ++ NID_issuing_distribution_point, NULL, ++ NULL); ++ if (crl->idp) ++ setup_idp(crl, crl->idp); ++ ++ crl->akid = X509_CRL_get_ext_d2i(crl, ++ NID_authority_key_identifier, NULL, ++ NULL); ++ ++ crl->crl_number = X509_CRL_get_ext_d2i(crl, ++ NID_crl_number, NULL, NULL); ++ ++ crl->base_crl_number = X509_CRL_get_ext_d2i(crl, ++ NID_delta_crl, NULL, ++ NULL); ++ /* Delta CRLs must have CRL number */ ++ if (crl->base_crl_number && !crl->crl_number) ++ crl->flags |= EXFLAG_INVALID; ++ ++ /* ++ * See if we have any unhandled critical CRL extensions and indicate ++ * this in a flag. We only currently handle IDP so anything else ++ * critical sets the flag. This code accesses the X509_CRL structure ++ * directly: applications shouldn't do this. ++ */ ++ ++ exts = crl->crl->extensions; ++ ++ for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { ++ int nid; ++ ext = sk_X509_EXTENSION_value(exts, idx); ++ nid = OBJ_obj2nid(ext->object); ++ if (nid == NID_freshest_crl) ++ crl->flags |= EXFLAG_FRESHEST; ++ if (ext->critical > 0) { ++ /* We handle IDP and deltas */ ++ if ((nid == NID_issuing_distribution_point) ++ || (nid == NID_authority_key_identifier) ++ || (nid == NID_delta_crl)) ++ break;; ++ crl->flags |= EXFLAG_CRITICAL; ++ break; ++ } ++ } ++ ++ if (!crl_set_issuers(crl)) ++ return 0; ++ ++ if (crl->meth->crl_init) { ++ if (crl->meth->crl_init(crl) == 0) ++ return 0; ++ } ++ break; ++ ++ case ASN1_OP_FREE_POST: ++ if (crl->meth->crl_free) { ++ if (!crl->meth->crl_free(crl)) ++ return 0; ++ } ++ if (crl->akid) ++ AUTHORITY_KEYID_free(crl->akid); ++ if (crl->idp) ++ ISSUING_DIST_POINT_free(crl->idp); ++ ASN1_INTEGER_free(crl->crl_number); ++ ASN1_INTEGER_free(crl->base_crl_number); ++ sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); ++ break; ++ } ++ return 1; ++} ++ ++/* Convert IDP into a more convenient form */ ++ ++static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) ++{ ++ int idp_only = 0; ++ /* Set various flags according to IDP */ ++ crl->idp_flags |= IDP_PRESENT; ++ if (idp->onlyuser > 0) { ++ idp_only++; ++ crl->idp_flags |= IDP_ONLYUSER; ++ } ++ if (idp->onlyCA > 0) { ++ idp_only++; ++ crl->idp_flags |= IDP_ONLYCA; ++ } ++ if (idp->onlyattr > 0) { ++ idp_only++; ++ crl->idp_flags |= IDP_ONLYATTR; ++ } ++ ++ if (idp_only > 1) ++ crl->idp_flags |= IDP_INVALID; ++ ++ if (idp->indirectCRL > 0) ++ crl->idp_flags |= IDP_INDIRECT; ++ ++ if (idp->onlysomereasons) { ++ crl->idp_flags |= IDP_REASONS; ++ if (idp->onlysomereasons->length > 0) ++ crl->idp_reasons = idp->onlysomereasons->data[0]; ++ if (idp->onlysomereasons->length > 1) ++ crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8); ++ crl->idp_reasons &= CRLDP_ALL_REASONS; ++ } ++ ++ DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); ++} ++ ++ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { + ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), + ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), + ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) +@@ -112,6 +341,8 @@ ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { + + IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) + ++IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED) ++ + IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) + + IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) +@@ -139,6 +370,144 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) + return 1; + } + ++int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) ++{ ++ if (crl->meth->crl_verify) ++ return crl->meth->crl_verify(crl, r); ++ return 0; ++} ++ ++int X509_CRL_get0_by_serial(X509_CRL *crl, ++ X509_REVOKED **ret, ASN1_INTEGER *serial) ++{ ++ if (crl->meth->crl_lookup) ++ return crl->meth->crl_lookup(crl, ret, serial, NULL); ++ return 0; ++} ++ ++int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) ++{ ++ if (crl->meth->crl_lookup) ++ return crl->meth->crl_lookup(crl, ret, ++ X509_get_serialNumber(x), ++ X509_get_issuer_name(x)); ++ return 0; ++} ++ ++static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) ++{ ++ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), ++ crl->sig_alg, crl->signature, crl->crl, r)); ++} ++ ++static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, ++ X509_REVOKED *rev) ++{ ++ int i; ++ ++ if (!rev->issuer) { ++ if (!nm) ++ return 1; ++ if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) ++ return 1; ++ return 0; ++ } ++ ++ if (!nm) ++ nm = X509_CRL_get_issuer(crl); ++ ++ for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) { ++ GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); ++ if (gen->type != GEN_DIRNAME) ++ continue; ++ if (!X509_NAME_cmp(nm, gen->d.directoryName)) ++ return 1; ++ } ++ return 0; ++ ++} ++ ++static int def_crl_lookup(X509_CRL *crl, ++ X509_REVOKED **ret, ASN1_INTEGER *serial, ++ X509_NAME *issuer) ++{ ++ X509_REVOKED rtmp, *rev; ++ int idx; ++ rtmp.serialNumber = serial; ++ /* ++ * Sort revoked into serial number order if not already sorted. Do this ++ * under a lock to avoid race condition. ++ */ ++ if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); ++ sk_X509_REVOKED_sort(crl->crl->revoked); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); ++ } ++ idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); ++ if (idx < 0) ++ return 0; ++ /* Need to look for matching name */ ++ for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) { ++ rev = sk_X509_REVOKED_value(crl->crl->revoked, idx); ++ if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) ++ return 0; ++ if (crl_revoked_issuer_match(crl, issuer, rev)) { ++ if (ret) ++ *ret = rev; ++ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) ++ return 2; ++ return 1; ++ } ++ } ++ return 0; ++} ++ ++void X509_CRL_set_default_method(const X509_CRL_METHOD *meth) ++{ ++ if (meth == NULL) ++ default_crl_method = &int_crl_meth; ++ else ++ default_crl_method = meth; ++} ++ ++X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), ++ int (*crl_free) (X509_CRL *crl), ++ int (*crl_lookup) (X509_CRL *crl, ++ X509_REVOKED **ret, ++ ASN1_INTEGER *ser, ++ X509_NAME *issuer), ++ int (*crl_verify) (X509_CRL *crl, ++ EVP_PKEY *pk)) ++{ ++ X509_CRL_METHOD *m; ++ m = OPENSSL_malloc(sizeof(X509_CRL_METHOD)); ++ if (!m) ++ return NULL; ++ m->crl_init = crl_init; ++ m->crl_free = crl_free; ++ m->crl_lookup = crl_lookup; ++ m->crl_verify = crl_verify; ++ m->flags = X509_CRL_METHOD_DYNAMIC; ++ return m; ++} ++ ++void X509_CRL_METHOD_free(X509_CRL_METHOD *m) ++{ ++ if (!(m->flags & X509_CRL_METHOD_DYNAMIC)) ++ return; ++ OPENSSL_free(m); ++} ++ ++void X509_CRL_set_meth_data(X509_CRL *crl, void *dat) ++{ ++ crl->meth_data = dat; ++} ++ ++void *X509_CRL_get_meth_data(X509_CRL *crl) ++{ ++ return crl->meth_data; ++} ++ + IMPLEMENT_STACK_OF(X509_REVOKED) + + IMPLEMENT_ASN1_SET_OF(X509_REVOKED) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c +index e0dab2b..3aed44a 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_long.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_long.c +@@ -74,6 +74,8 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it); + static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it); ++static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ int indent, const ASN1_PCTX *pctx); + + static ASN1_PRIMITIVE_FUNCS long_pf = { + NULL, 0, +@@ -81,7 +83,8 @@ static ASN1_PRIMITIVE_FUNCS long_pf = { + long_free, + long_free, /* Clear should set to initial value */ + long_c2i, +- long_i2c ++ long_i2c, ++ long_print + }; + + ASN1_ITEM_start(LONG) +@@ -185,3 +188,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + memcpy(cp, <mp, sizeof(long)); + return 1; + } ++ ++static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ int indent, const ASN1_PCTX *pctx) ++{ ++ return BIO_printf(out, "%ld\n", *(long *)pval); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c +index 85be1a6..737c426 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_name.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_name.c +@@ -57,13 +57,19 @@ + */ + + #include ++#include + #include "cryptlib.h" + #include + #include ++#include "asn1_locl.h" + +-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, +- long len, const ASN1_ITEM *it, int tag, +- int aclass, char opt, ASN1_TLC *ctx); ++typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; ++DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY) ++ ++static int x509_name_ex_d2i(ASN1_VALUE **val, ++ const unsigned char **in, long len, ++ const ASN1_ITEM *it, ++ int tag, int aclass, char opt, ASN1_TLC *ctx); + + static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +@@ -71,6 +77,14 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); + static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); + + static int x509_name_encode(X509_NAME *a); ++static int x509_name_canon(X509_NAME *a); ++static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in); ++static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname, ++ unsigned char **in); ++ ++static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, ++ int indent, ++ const char *fname, const ASN1_PCTX *pctx); + + ASN1_SEQUENCE(X509_NAME_ENTRY) = { + ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), +@@ -106,7 +120,8 @@ const ASN1_EXTERN_FUNCS x509_name_ff = { + x509_name_ex_free, + 0, /* Default clear behaviour is OK */ + x509_name_ex_d2i, +- x509_name_ex_i2d ++ x509_name_ex_i2d, ++ x509_name_ex_print + }; + + IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) +@@ -125,6 +140,8 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) + goto memerr; + if ((ret->bytes = BUF_MEM_new()) == NULL) + goto memerr; ++ ret->canon_enc = NULL; ++ ret->canon_enclen = 0; + ret->modified = 1; + *val = (ASN1_VALUE *)ret; + return 1; +@@ -148,28 +165,20 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) + + BUF_MEM_free(a->bytes); + sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); ++ if (a->canon_enc) ++ OPENSSL_free(a->canon_enc); + OPENSSL_free(a); + *pval = NULL; + } + +-/* +- * Used with sk_pop_free() to free up the internal representation. NB: we +- * only free the STACK and not its contents because it is already present in +- * the X509_NAME structure. +- */ +- +-static void sk_internal_free(void *a) +-{ +- sk_free(a); +-} +- +-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, +- long len, const ASN1_ITEM *it, int tag, +- int aclass, char opt, ASN1_TLC *ctx) ++static int x509_name_ex_d2i(ASN1_VALUE **val, ++ const unsigned char **in, long len, ++ const ASN1_ITEM *it, int tag, int aclass, ++ char opt, ASN1_TLC *ctx) + { + const unsigned char *p = *in, *q; + union { +- STACK *s; ++ STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; + ASN1_VALUE *a; + } intname = { + NULL +@@ -203,8 +212,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, + memcpy(nm.x->bytes->data, q, p - q); + + /* Convert internal representation to X509_NAME structure */ +- for (i = 0; i < sk_num(intname.s); i++) { +- entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i); ++ for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { ++ entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); + for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { + entry = sk_X509_NAME_ENTRY_value(entries, j); + entry->set = i; +@@ -213,7 +222,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, + } + sk_X509_NAME_ENTRY_free(entries); + } +- sk_free(intname.s); ++ sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); ++ ret = x509_name_canon(nm.x); ++ if (!ret) ++ goto err; + nm.x->modified = 0; + *val = nm.a; + *in = p; +@@ -231,7 +243,10 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, + int ret; + X509_NAME *a = (X509_NAME *)*val; + if (a->modified) { +- ret = x509_name_encode((X509_NAME *)a); ++ ret = x509_name_encode(a); ++ if (ret < 0) ++ return ret; ++ ret = x509_name_canon(a); + if (ret < 0) + return ret; + } +@@ -243,10 +258,20 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, + return ret; + } + ++static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) ++{ ++ sk_X509_NAME_ENTRY_free(ne); ++} ++ ++static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) ++{ ++ sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); ++} ++ + static int x509_name_encode(X509_NAME *a) + { + union { +- STACK *s; ++ STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; + ASN1_VALUE *a; + } intname = { + NULL +@@ -256,7 +281,7 @@ static int x509_name_encode(X509_NAME *a) + STACK_OF(X509_NAME_ENTRY) *entries = NULL; + X509_NAME_ENTRY *entry; + int i, set = -1; +- intname.s = sk_new_null(); ++ intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null(); + if (!intname.s) + goto memerr; + for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { +@@ -265,7 +290,7 @@ static int x509_name_encode(X509_NAME *a) + entries = sk_X509_NAME_ENTRY_new_null(); + if (!entries) + goto memerr; +- if (!sk_push(intname.s, (char *)entries)) ++ if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) + goto memerr; + set = entry->set; + } +@@ -279,15 +304,207 @@ static int x509_name_encode(X509_NAME *a) + p = (unsigned char *)a->bytes->data; + ASN1_item_ex_i2d(&intname.a, + &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); +- sk_pop_free(intname.s, sk_internal_free); ++ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, ++ local_sk_X509_NAME_ENTRY_free); + a->modified = 0; + return len; + memerr: +- sk_pop_free(intname.s, sk_internal_free); ++ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, ++ local_sk_X509_NAME_ENTRY_free); + ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); + return -1; + } + ++static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, ++ int indent, ++ const char *fname, const ASN1_PCTX *pctx) ++{ ++ if (X509_NAME_print_ex(out, (X509_NAME *)*pval, ++ indent, pctx->nm_flags) <= 0) ++ return 0; ++ return 2; ++} ++ ++/* ++ * This function generates the canonical encoding of the Name structure. In ++ * it all strings are converted to UTF8, leading, trailing and multiple ++ * spaces collapsed, converted to lower case and the leading SEQUENCE header ++ * removed. In future we could also normalize the UTF8 too. By doing this ++ * comparison of Name structures can be rapidly perfomed by just using ++ * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name ++ * constraints of type dirName can also be checked with a simple memcmp(). ++ */ ++ ++static int x509_name_canon(X509_NAME *a) ++{ ++ unsigned char *p; ++ STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; ++ STACK_OF(X509_NAME_ENTRY) *entries = NULL; ++ X509_NAME_ENTRY *entry, *tmpentry = NULL; ++ int i, set = -1, ret = 0; ++ ++ if (a->canon_enc) { ++ OPENSSL_free(a->canon_enc); ++ a->canon_enc = NULL; ++ } ++ /* Special case: empty X509_NAME => null encoding */ ++ if (sk_X509_NAME_ENTRY_num(a->entries) == 0) { ++ a->canon_enclen = 0; ++ return 1; ++ } ++ intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); ++ if (!intname) ++ goto err; ++ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { ++ entry = sk_X509_NAME_ENTRY_value(a->entries, i); ++ if (entry->set != set) { ++ entries = sk_X509_NAME_ENTRY_new_null(); ++ if (!entries) ++ goto err; ++ if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) ++ goto err; ++ set = entry->set; ++ } ++ tmpentry = X509_NAME_ENTRY_new(); ++ if (!tmpentry) ++ goto err; ++ tmpentry->object = OBJ_dup(entry->object); ++ if (!asn1_string_canon(tmpentry->value, entry->value)) ++ goto err; ++ if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) ++ goto err; ++ tmpentry = NULL; ++ } ++ ++ /* Finally generate encoding */ ++ ++ a->canon_enclen = i2d_name_canon(intname, NULL); ++ ++ p = OPENSSL_malloc(a->canon_enclen); ++ ++ if (!p) ++ goto err; ++ ++ a->canon_enc = p; ++ ++ i2d_name_canon(intname, &p); ++ ++ ret = 1; ++ ++ err: ++ ++ if (tmpentry) ++ X509_NAME_ENTRY_free(tmpentry); ++ if (intname) ++ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, ++ local_sk_X509_NAME_ENTRY_pop_free); ++ return ret; ++} ++ ++/* Bitmap of all the types of string that will be canonicalized. */ ++ ++#define ASN1_MASK_CANON \ ++ (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ ++ | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \ ++ | B_ASN1_VISIBLESTRING) ++ ++static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in) ++{ ++ unsigned char *to, *from; ++ int len, i; ++ ++ /* If type not in bitmask just copy string across */ ++ if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) { ++ if (!ASN1_STRING_copy(out, in)) ++ return 0; ++ return 1; ++ } ++ ++ out->type = V_ASN1_UTF8STRING; ++ out->length = ASN1_STRING_to_UTF8(&out->data, in); ++ if (out->length == -1) ++ return 0; ++ ++ to = out->data; ++ from = to; ++ ++ len = out->length; ++ ++ /* ++ * Convert string in place to canonical form. Ultimately we may need to ++ * handle a wider range of characters but for now ignore anything with ++ * MSB set and rely on the isspace() and tolower() functions. ++ */ ++ ++ /* Ignore leading spaces */ ++ while ((len > 0) && !(*from & 0x80) && isspace(*from)) { ++ from++; ++ len--; ++ } ++ ++ to = from + len - 1; ++ ++ /* Ignore trailing spaces */ ++ while ((len > 0) && !(*to & 0x80) && isspace(*to)) { ++ to--; ++ len--; ++ } ++ ++ to = out->data; ++ ++ i = 0; ++ while (i < len) { ++ /* If MSB set just copy across */ ++ if (*from & 0x80) { ++ *to++ = *from++; ++ i++; ++ } ++ /* Collapse multiple spaces */ ++ else if (isspace(*from)) { ++ /* Copy one space across */ ++ *to++ = ' '; ++ /* ++ * Ignore subsequent spaces. Note: don't need to check len here ++ * because we know the last character is a non-space so we can't ++ * overflow. ++ */ ++ do { ++ from++; ++ i++; ++ } ++ while (!(*from & 0x80) && isspace(*from)); ++ } else { ++ *to++ = tolower(*from); ++ from++; ++ i++; ++ } ++ } ++ ++ out->length = to - out->data; ++ ++ return 1; ++ ++} ++ ++static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, ++ unsigned char **in) ++{ ++ int i, len, ltmp; ++ ASN1_VALUE *v; ++ STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname; ++ ++ len = 0; ++ for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) { ++ v = sk_ASN1_VALUE_value(intname, i); ++ ltmp = ASN1_item_ex_i2d(&v, in, ++ ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); ++ if (ltmp < 0) ++ return ltmp; ++ len += ltmp; ++ } ++ return len; ++} ++ + int X509_NAME_set(X509_NAME **xn, X509_NAME *name) + { + X509_NAME *in; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_nx509.c b/Cryptlib/OpenSSL/crypto/asn1/x_nx509.c +new file mode 100644 +index 0000000..5aa0ed5 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_nx509.c +@@ -0,0 +1,72 @@ ++/* x_nx509.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++ ++/* Old netscape certificate wrapper format */ ++ ++ASN1_SEQUENCE(NETSCAPE_X509) = { ++ ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING), ++ ASN1_OPT(NETSCAPE_X509, cert, X509) ++} ASN1_SEQUENCE_END(NETSCAPE_X509) ++ ++IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +index 307798c..4b68201 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +@@ -60,6 +60,7 @@ + #include "cryptlib.h" + #include + #include ++#include "asn1_locl.h" + #ifndef OPENSSL_NO_RSA + # include + #endif +@@ -68,7 +69,8 @@ + #endif + + /* Minor tweak to operation: free up EVP_PKEY */ +-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + if (operation == ASN1_OP_FREE_POST) { + X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; +@@ -87,145 +89,28 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) + int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) + { + X509_PUBKEY *pk = NULL; +- X509_ALGOR *a; +- ASN1_OBJECT *o; +- unsigned char *s, *p = NULL; +- int i; + + if (x == NULL) + return (0); + + if ((pk = X509_PUBKEY_new()) == NULL) +- goto err; +- a = pk->algor; +- +- /* set the algorithm id */ +- if ((o = OBJ_nid2obj(pkey->type)) == NULL) +- goto err; +- ASN1_OBJECT_free(a->algorithm); +- a->algorithm = o; +- +- /* Set the parameter list */ +- if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) { +- if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) { +- ASN1_TYPE_free(a->parameter); +- if (!(a->parameter = ASN1_TYPE_new())) { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); +- goto err; ++ goto error; ++ ++ if (pkey->ameth) { ++ if (pkey->ameth->pub_encode) { ++ if (!pkey->ameth->pub_encode(pk, pkey)) { ++ X509err(X509_F_X509_PUBKEY_SET, ++ X509_R_PUBLIC_KEY_ENCODE_ERROR); ++ goto error; + } +- a->parameter->type = V_ASN1_NULL; ++ } else { ++ X509err(X509_F_X509_PUBKEY_SET, X509_R_METHOD_NOT_SUPPORTED); ++ goto error; + } +- } +-#ifndef OPENSSL_NO_DSA +- else if (pkey->type == EVP_PKEY_DSA) { +- unsigned char *pp; +- DSA *dsa; +- +- dsa = pkey->pkey.dsa; +- dsa->write_params = 0; +- ASN1_TYPE_free(a->parameter); +- if ((i = i2d_DSAparams(dsa, NULL)) <= 0) +- goto err; +- if (!(p = (unsigned char *)OPENSSL_malloc(i))) { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- pp = p; +- i2d_DSAparams(dsa, &pp); +- if (!(a->parameter = ASN1_TYPE_new())) { +- OPENSSL_free(p); +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- a->parameter->type = V_ASN1_SEQUENCE; +- if (!(a->parameter->value.sequence = ASN1_STRING_new())) { +- OPENSSL_free(p); +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!ASN1_STRING_set(a->parameter->value.sequence, p, i)) { +- OPENSSL_free(p); +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- OPENSSL_free(p); +- } +-#endif +-#ifndef OPENSSL_NO_EC +- else if (pkey->type == EVP_PKEY_EC) { +- int nid = 0; +- unsigned char *pp; +- EC_KEY *ec_key; +- const EC_GROUP *group; +- +- ec_key = pkey->pkey.ec; +- ASN1_TYPE_free(a->parameter); +- +- if ((a->parameter = ASN1_TYPE_new()) == NULL) { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); +- goto err; +- } +- +- group = EC_KEY_get0_group(ec_key); +- if (EC_GROUP_get_asn1_flag(group) +- && (nid = EC_GROUP_get_curve_name(group))) { +- /* just set the OID */ +- a->parameter->type = V_ASN1_OBJECT; +- a->parameter->value.object = OBJ_nid2obj(nid); +- } else { /* explicit parameters */ +- +- if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); +- goto err; +- } +- if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- pp = p; +- if (!i2d_ECParameters(ec_key, &pp)) { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); +- OPENSSL_free(p); +- goto err; +- } +- a->parameter->type = V_ASN1_SEQUENCE; +- if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); +- OPENSSL_free(p); +- goto err; +- } +- ASN1_STRING_set(a->parameter->value.sequence, p, i); +- OPENSSL_free(p); +- } +- } +-#endif +- else if (1) { ++ } else { + X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM); +- goto err; +- } +- +- if ((i = i2d_PublicKey(pkey, NULL)) <= 0) +- goto err; +- if ((s = (unsigned char *)OPENSSL_malloc(i + 1)) == NULL) { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); +- goto err; ++ goto error; + } +- p = s; +- i2d_PublicKey(pkey, &p); +- if (!M_ASN1_BIT_STRING_set(pk->public_key, s, i)) { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- /* Set number of unused bits to zero */ +- pk->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); +- pk->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; +- +- OPENSSL_free(s); +- +-#if 0 +- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); +- pk->pkey = pkey; +-#endif + + if (*x != NULL) + X509_PUBKEY_free(*x); +@@ -233,7 +118,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) + *x = pk; + + return 1; +- err: ++ error: + if (pk != NULL) + X509_PUBKEY_free(pk); + return 0; +@@ -242,107 +127,36 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) + EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) + { + EVP_PKEY *ret = NULL; +- long j; +- int type; +- const unsigned char *p; +-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) +- const unsigned char *cp; +- X509_ALGOR *a; +-#endif + + if (key == NULL) +- goto err; ++ goto error; + + if (key->pkey != NULL) { + CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); +- return (key->pkey); ++ return key->pkey; + } + + if (key->public_key == NULL) +- goto err; ++ goto error; + +- type = OBJ_obj2nid(key->algor->algorithm); + if ((ret = EVP_PKEY_new()) == NULL) { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); +- goto err; ++ goto error; + } +- ret->type = EVP_PKEY_type(type); +- +- /* the parameters must be extracted before the public key (ECDSA!) */ +- +-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) +- a = key->algor; +-#endif + +- if (0) ; +-#ifndef OPENSSL_NO_DSA +- else if (ret->type == EVP_PKEY_DSA) { +- if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { +- if ((ret->pkey.dsa = DSA_new()) == NULL) { +- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ret->pkey.dsa->write_params = 0; +- cp = p = a->parameter->value.sequence->data; +- j = a->parameter->value.sequence->length; +- if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) +- goto err; +- } +- ret->save_parameters = 1; +- } +-#endif +-#ifndef OPENSSL_NO_EC +- else if (ret->type == EVP_PKEY_EC) { +- if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { +- /* +- * type == V_ASN1_SEQUENCE => we have explicit parameters (e.g. +- * parameters in the X9_62_EC_PARAMETERS-structure ) +- */ +- if ((ret->pkey.ec = EC_KEY_new()) == NULL) { +- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- cp = p = a->parameter->value.sequence->data; +- j = a->parameter->value.sequence->length; +- if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) { +- X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); +- goto err; +- } +- } else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) { +- /* +- * type == V_ASN1_OBJECT => the parameters are given by an asn1 +- * OID +- */ +- EC_KEY *ec_key; +- EC_GROUP *group; +- +- if (ret->pkey.ec == NULL) +- ret->pkey.ec = EC_KEY_new(); +- ec_key = ret->pkey.ec; +- if (ec_key == NULL) +- goto err; +- group = +- EC_GROUP_new_by_curve_name(OBJ_obj2nid +- (a->parameter->value.object)); +- if (group == NULL) +- goto err; +- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); +- if (EC_KEY_set_group(ec_key, group) == 0) +- goto err; +- EC_GROUP_free(group); +- } +- /* +- * the case implicitlyCA is currently not implemented +- */ +- ret->save_parameters = 1; ++ if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) { ++ X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM); ++ goto error; + } +-#endif + +- p = key->public_key->data; +- j = key->public_key->length; +- if (!d2i_PublicKey(type, &ret, &p, (long)j)) { +- X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); +- goto err; ++ if (ret->ameth->pub_decode) { ++ if (!ret->ameth->pub_decode(ret, key)) { ++ X509err(X509_F_X509_PUBKEY_GET, X509_R_PUBLIC_KEY_DECODE_ERROR); ++ goto error; ++ } ++ } else { ++ X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED); ++ goto error; + } + + /* Check to see if another thread set key->pkey first */ +@@ -356,8 +170,10 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + } + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); +- return (ret); +- err: ++ ++ return ret; ++ ++ error: + if (ret != NULL) + EVP_PKEY_free(ret); + return (NULL); +@@ -520,3 +336,36 @@ int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) + return (ret); + } + #endif ++ ++int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, ++ int ptype, void *pval, ++ unsigned char *penc, int penclen) ++{ ++ if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) ++ return 0; ++ if (penc) { ++ if (pub->public_key->data) ++ OPENSSL_free(pub->public_key->data); ++ pub->public_key->data = penc; ++ pub->public_key->length = penclen; ++ /* Set number of unused bits to zero */ ++ pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); ++ pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ } ++ return 1; ++} ++ ++int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, ++ const unsigned char **pk, int *ppklen, ++ X509_ALGOR **pa, X509_PUBKEY *pub) ++{ ++ if (ppkalg) ++ *ppkalg = pub->algor->algorithm; ++ if (pk) { ++ *pk = pub->public_key->data; ++ *ppklen = pub->public_key->length; ++ } ++ if (pa) ++ *pa = pub->algor; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c +index 5b303fb..ae293aa 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_req.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_req.c +@@ -80,7 +80,8 @@ + * + */ + +-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c +index d6958f6..5f266a2 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c +@@ -81,7 +81,8 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) + + extern void policy_cache_free(X509_POLICY_CACHE *cache); + +-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + X509 *ret = (X509 *)*pval; + +@@ -99,6 +100,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + ret->rfc3779_asid = NULL; + #endif + ret->aux = NULL; ++ ret->crldp = NULL; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); + break; + +@@ -113,7 +115,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + X509_CERT_AUX_free(ret->aux); + ASN1_OCTET_STRING_free(ret->skid); + AUTHORITY_KEYID_free(ret->akid); ++ CRL_DIST_POINTS_free(ret->crldp); + policy_cache_free(ret->policy_cache); ++ GENERAL_NAMES_free(ret->altname); ++ NAME_CONSTRAINTS_free(ret->nc); + #ifndef OPENSSL_NO_RFC3779 + sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); + ASIdentifiers_free(ret->rfc3779_asid); +@@ -139,18 +144,6 @@ IMPLEMENT_ASN1_FUNCTIONS(X509) + + IMPLEMENT_ASN1_DUP_FUNCTION(X509) + +-static ASN1_METHOD meth = { +- (I2D_OF(void)) i2d_X509, +- (D2I_OF(void)) d2i_X509, +- (void *(*)(void))X509_new, +- (void (*)(void *))X509_free +-}; +- +-ASN1_METHOD *X509_asn1_meth(void) +-{ +- return (&meth); +-} +- + int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { +@@ -184,7 +177,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) + /* Save start position */ + q = *pp; + +- if(!a || *a == NULL) { ++ if (!a || *a == NULL) { + freeret = 1; + } + ret = d2i_X509(a, pp, length); +@@ -199,7 +192,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) + goto err; + return ret; + err: +- if(freeret) { ++ if (freeret) { + X509_free(ret); + if (a) + *a = NULL; +@@ -215,3 +208,23 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp) + length += i2d_X509_CERT_AUX(a->aux, pp); + return length; + } ++ ++int i2d_re_X509_tbs(X509 *x, unsigned char **pp) ++{ ++ x->cert_info->enc.modified = 1; ++ return i2d_X509_CINF(x->cert_info, pp); ++} ++ ++void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, ++ const X509 *x) ++{ ++ if (psig) ++ *psig = x->signature; ++ if (palg) ++ *palg = x->sig_alg; ++} ++ ++int X509_get_signature_nid(const X509 *x) ++{ ++ return OBJ_obj2nid(x->sig_alg->algorithm); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c +deleted file mode 100644 +index ddeab6e..0000000 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c ++++ /dev/null +@@ -1,123 +0,0 @@ +-/* crypto/bf/bf_cfb64.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "bf_locl.h" +- +-/* +- * The input and output encrypted as though 64bit cfb mode is being used. +- * The extra state information to record how much of the 64bit block we have +- * used is contained in *num; +- */ +- +-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, const BF_KEY *schedule, +- unsigned char *ivec, int *num, int encrypt) +-{ +- register BF_LONG v0, v1, t; +- register int n = *num; +- register long l = length; +- BF_LONG ti[2]; +- unsigned char *iv, c, cc; +- +- iv = (unsigned char *)ivec; +- if (encrypt) { +- while (l--) { +- if (n == 0) { +- n2l(iv, v0); +- ti[0] = v0; +- n2l(iv, v1); +- ti[1] = v1; +- BF_encrypt((BF_LONG *)ti, schedule); +- iv = (unsigned char *)ivec; +- t = ti[0]; +- l2n(t, iv); +- t = ti[1]; +- l2n(t, iv); +- iv = (unsigned char *)ivec; +- } +- c = *(in++) ^ iv[n]; +- *(out++) = c; +- iv[n] = c; +- n = (n + 1) & 0x07; +- } +- } else { +- while (l--) { +- if (n == 0) { +- n2l(iv, v0); +- ti[0] = v0; +- n2l(iv, v1); +- ti[1] = v1; +- BF_encrypt((BF_LONG *)ti, schedule); +- iv = (unsigned char *)ivec; +- t = ti[0]; +- l2n(t, iv); +- t = ti[1]; +- l2n(t, iv); +- iv = (unsigned char *)ivec; +- } +- cc = *(in++); +- c = iv[n]; +- iv[n] = cc; +- *(out++) = c ^ cc; +- n = (n + 1) & 0x07; +- } +- } +- v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; +- *num = n; +-} +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c +deleted file mode 100644 +index 967a7f5..0000000 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c ++++ /dev/null +@@ -1,100 +0,0 @@ +-/* crypto/bf/bf_ecb.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "bf_locl.h" +-#include +- +-/* +- * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From +- * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE +- * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) +- */ +- +-const char BF_version[] = "Blowfish" OPENSSL_VERSION_PTEXT; +- +-const char *BF_options(void) +-{ +-#ifdef BF_PTR +- return ("blowfish(ptr)"); +-#elif defined(BF_PTR2) +- return ("blowfish(ptr2)"); +-#else +- return ("blowfish(idx)"); +-#endif +-} +- +-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, +- const BF_KEY *key, int encrypt) +-{ +- BF_LONG l, d[2]; +- +- n2l(in, l); +- d[0] = l; +- n2l(in, l); +- d[1] = l; +- if (encrypt) +- BF_encrypt(d, key); +- else +- BF_decrypt(d, key); +- l = d[0]; +- l2n(l, out); +- l = d[1]; +- l2n(l, out); +- l = d[0] = d[1] = 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c +deleted file mode 100644 +index b268795..0000000 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c ++++ /dev/null +@@ -1,300 +0,0 @@ +-/* crypto/bf/bf_enc.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "bf_locl.h" +- +-/* +- * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From +- * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE +- * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) +- */ +- +-#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) +-# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ +-to modify the code. +-#endif +- +-void BF_encrypt(BF_LONG *data, const BF_KEY *key) +-{ +-#ifndef BF_PTR2 +- register BF_LONG l, r; +- register const BF_LONG *p, *s; +- +- p = key->P; +- s = &(key->S[0]); +- l = data[0]; +- r = data[1]; +- +- l ^= p[0]; +- BF_ENC(r, l, s, p[1]); +- BF_ENC(l, r, s, p[2]); +- BF_ENC(r, l, s, p[3]); +- BF_ENC(l, r, s, p[4]); +- BF_ENC(r, l, s, p[5]); +- BF_ENC(l, r, s, p[6]); +- BF_ENC(r, l, s, p[7]); +- BF_ENC(l, r, s, p[8]); +- BF_ENC(r, l, s, p[9]); +- BF_ENC(l, r, s, p[10]); +- BF_ENC(r, l, s, p[11]); +- BF_ENC(l, r, s, p[12]); +- BF_ENC(r, l, s, p[13]); +- BF_ENC(l, r, s, p[14]); +- BF_ENC(r, l, s, p[15]); +- BF_ENC(l, r, s, p[16]); +-# if BF_ROUNDS == 20 +- BF_ENC(r, l, s, p[17]); +- BF_ENC(l, r, s, p[18]); +- BF_ENC(r, l, s, p[19]); +- BF_ENC(l, r, s, p[20]); +-# endif +- r ^= p[BF_ROUNDS + 1]; +- +- data[1] = l & 0xffffffffL; +- data[0] = r & 0xffffffffL; +-#else +- register BF_LONG l, r, t, *k; +- +- l = data[0]; +- r = data[1]; +- k = (BF_LONG *)key; +- +- l ^= k[0]; +- BF_ENC(r, l, k, 1); +- BF_ENC(l, r, k, 2); +- BF_ENC(r, l, k, 3); +- BF_ENC(l, r, k, 4); +- BF_ENC(r, l, k, 5); +- BF_ENC(l, r, k, 6); +- BF_ENC(r, l, k, 7); +- BF_ENC(l, r, k, 8); +- BF_ENC(r, l, k, 9); +- BF_ENC(l, r, k, 10); +- BF_ENC(r, l, k, 11); +- BF_ENC(l, r, k, 12); +- BF_ENC(r, l, k, 13); +- BF_ENC(l, r, k, 14); +- BF_ENC(r, l, k, 15); +- BF_ENC(l, r, k, 16); +-# if BF_ROUNDS == 20 +- BF_ENC(r, l, k, 17); +- BF_ENC(l, r, k, 18); +- BF_ENC(r, l, k, 19); +- BF_ENC(l, r, k, 20); +-# endif +- r ^= k[BF_ROUNDS + 1]; +- +- data[1] = l & 0xffffffffL; +- data[0] = r & 0xffffffffL; +-#endif +-} +- +-#ifndef BF_DEFAULT_OPTIONS +- +-void BF_decrypt(BF_LONG *data, const BF_KEY *key) +-{ +-# ifndef BF_PTR2 +- register BF_LONG l, r; +- register const BF_LONG *p, *s; +- +- p = key->P; +- s = &(key->S[0]); +- l = data[0]; +- r = data[1]; +- +- l ^= p[BF_ROUNDS + 1]; +-# if BF_ROUNDS == 20 +- BF_ENC(r, l, s, p[20]); +- BF_ENC(l, r, s, p[19]); +- BF_ENC(r, l, s, p[18]); +- BF_ENC(l, r, s, p[17]); +-# endif +- BF_ENC(r, l, s, p[16]); +- BF_ENC(l, r, s, p[15]); +- BF_ENC(r, l, s, p[14]); +- BF_ENC(l, r, s, p[13]); +- BF_ENC(r, l, s, p[12]); +- BF_ENC(l, r, s, p[11]); +- BF_ENC(r, l, s, p[10]); +- BF_ENC(l, r, s, p[9]); +- BF_ENC(r, l, s, p[8]); +- BF_ENC(l, r, s, p[7]); +- BF_ENC(r, l, s, p[6]); +- BF_ENC(l, r, s, p[5]); +- BF_ENC(r, l, s, p[4]); +- BF_ENC(l, r, s, p[3]); +- BF_ENC(r, l, s, p[2]); +- BF_ENC(l, r, s, p[1]); +- r ^= p[0]; +- +- data[1] = l & 0xffffffffL; +- data[0] = r & 0xffffffffL; +-# else +- register BF_LONG l, r, t, *k; +- +- l = data[0]; +- r = data[1]; +- k = (BF_LONG *)key; +- +- l ^= k[BF_ROUNDS + 1]; +-# if BF_ROUNDS == 20 +- BF_ENC(r, l, k, 20); +- BF_ENC(l, r, k, 19); +- BF_ENC(r, l, k, 18); +- BF_ENC(l, r, k, 17); +-# endif +- BF_ENC(r, l, k, 16); +- BF_ENC(l, r, k, 15); +- BF_ENC(r, l, k, 14); +- BF_ENC(l, r, k, 13); +- BF_ENC(r, l, k, 12); +- BF_ENC(l, r, k, 11); +- BF_ENC(r, l, k, 10); +- BF_ENC(l, r, k, 9); +- BF_ENC(r, l, k, 8); +- BF_ENC(l, r, k, 7); +- BF_ENC(r, l, k, 6); +- BF_ENC(l, r, k, 5); +- BF_ENC(r, l, k, 4); +- BF_ENC(l, r, k, 3); +- BF_ENC(r, l, k, 2); +- BF_ENC(l, r, k, 1); +- r ^= k[0]; +- +- data[1] = l & 0xffffffffL; +- data[0] = r & 0xffffffffL; +-# endif +-} +- +-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- const BF_KEY *schedule, unsigned char *ivec, int encrypt) +-{ +- register BF_LONG tin0, tin1; +- register BF_LONG tout0, tout1, xor0, xor1; +- register long l = length; +- BF_LONG tin[2]; +- +- if (encrypt) { +- n2l(ivec, tout0); +- n2l(ivec, tout1); +- ivec -= 8; +- for (l -= 8; l >= 0; l -= 8) { +- n2l(in, tin0); +- n2l(in, tin1); +- tin0 ^= tout0; +- tin1 ^= tout1; +- tin[0] = tin0; +- tin[1] = tin1; +- BF_encrypt(tin, schedule); +- tout0 = tin[0]; +- tout1 = tin[1]; +- l2n(tout0, out); +- l2n(tout1, out); +- } +- if (l != -8) { +- n2ln(in, tin0, tin1, l + 8); +- tin0 ^= tout0; +- tin1 ^= tout1; +- tin[0] = tin0; +- tin[1] = tin1; +- BF_encrypt(tin, schedule); +- tout0 = tin[0]; +- tout1 = tin[1]; +- l2n(tout0, out); +- l2n(tout1, out); +- } +- l2n(tout0, ivec); +- l2n(tout1, ivec); +- } else { +- n2l(ivec, xor0); +- n2l(ivec, xor1); +- ivec -= 8; +- for (l -= 8; l >= 0; l -= 8) { +- n2l(in, tin0); +- n2l(in, tin1); +- tin[0] = tin0; +- tin[1] = tin1; +- BF_decrypt(tin, schedule); +- tout0 = tin[0] ^ xor0; +- tout1 = tin[1] ^ xor1; +- l2n(tout0, out); +- l2n(tout1, out); +- xor0 = tin0; +- xor1 = tin1; +- } +- if (l != -8) { +- n2l(in, tin0); +- n2l(in, tin1); +- tin[0] = tin0; +- tin[1] = tin1; +- BF_decrypt(tin, schedule); +- tout0 = tin[0] ^ xor0; +- tout1 = tin[1] ^ xor1; +- l2nn(tout0, tout1, out, l + 8); +- xor0 = tin0; +- xor1 = tin1; +- } +- l2n(xor0, ivec); +- l2n(xor1, ivec); +- } +- tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; +- tin[0] = tin[1] = 0; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_locl.h b/Cryptlib/OpenSSL/crypto/bf/bf_locl.h +deleted file mode 100644 +index cc7c3ec..0000000 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_locl.h ++++ /dev/null +@@ -1,219 +0,0 @@ +-/* crypto/bf/bf_locl.h */ +-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#ifndef HEADER_BF_LOCL_H +-#define HEADER_BF_LOCL_H +-#include /* BF_PTR, BF_PTR2 */ +- +-#undef c2l +-#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ +- l|=((unsigned long)(*((c)++)))<< 8L, \ +- l|=((unsigned long)(*((c)++)))<<16L, \ +- l|=((unsigned long)(*((c)++)))<<24L) +- +-/* NOTE - c is not incremented as per c2l */ +-#undef c2ln +-#define c2ln(c,l1,l2,n) { \ +- c+=n; \ +- l1=l2=0; \ +- switch (n) { \ +- case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ +- case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ +- case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ +- case 5: l2|=((unsigned long)(*(--(c)))); \ +- case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ +- case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ +- case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ +- case 1: l1|=((unsigned long)(*(--(c)))); \ +- } \ +- } +- +-#undef l2c +-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +- +-/* NOTE - c is not incremented as per l2c */ +-#undef l2cn +-#define l2cn(l1,l2,c,n) { \ +- c+=n; \ +- switch (n) { \ +- case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ +- case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ +- case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ +- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ +- case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ +- case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ +- case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ +- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ +- } \ +- } +- +-/* NOTE - c is not incremented as per n2l */ +-#define n2ln(c,l1,l2,n) { \ +- c+=n; \ +- l1=l2=0; \ +- switch (n) { \ +- case 8: l2 =((unsigned long)(*(--(c)))) ; \ +- case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ +- case 6: l2|=((unsigned long)(*(--(c))))<<16; \ +- case 5: l2|=((unsigned long)(*(--(c))))<<24; \ +- case 4: l1 =((unsigned long)(*(--(c)))) ; \ +- case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ +- case 2: l1|=((unsigned long)(*(--(c))))<<16; \ +- case 1: l1|=((unsigned long)(*(--(c))))<<24; \ +- } \ +- } +- +-/* NOTE - c is not incremented as per l2n */ +-#define l2nn(l1,l2,c,n) { \ +- c+=n; \ +- switch (n) { \ +- case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ +- case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ +- case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ +- case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ +- case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ +- case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ +- case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ +- case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ +- } \ +- } +- +-#undef n2l +-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ +- l|=((unsigned long)(*((c)++)))<<16L, \ +- l|=((unsigned long)(*((c)++)))<< 8L, \ +- l|=((unsigned long)(*((c)++)))) +- +-#undef l2n +-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l) )&0xff)) +- +-/* This is actually a big endian algorithm, the most significant byte +- * is used to lookup array 0 */ +- +-#if defined(BF_PTR2) +- +-/* +- * This is basically a special Intel version. Point is that Intel +- * doesn't have many registers, but offers a reach choice of addressing +- * modes. So we spare some registers by directly traversing BF_KEY +- * structure and hiring the most decorated addressing mode. The code +- * generated by EGCS is *perfectly* competitive with assembler +- * implementation! +- */ +-#define BF_ENC(LL,R,KEY,Pi) (\ +- LL^=KEY[Pi], \ +- t= KEY[BF_ROUNDS+2 + 0 + ((R>>24)&0xFF)], \ +- t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \ +- t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \ +- t+= KEY[BF_ROUNDS+2 + 768 + ((R )&0xFF)], \ +- LL^=t \ +- ) +- +-#elif defined(BF_PTR) +- +-#ifndef BF_LONG_LOG2 +-#define BF_LONG_LOG2 2 /* default to BF_LONG being 32 bits */ +-#endif +-#define BF_M (0xFF<>BF_i)&BF_M gets folded into a single instruction, namely +- * rlwinm. So let'em double-check if their compiler does it. +- */ +- +-#define BF_ENC(LL,R,S,P) ( \ +- LL^=P, \ +- LL^= (((*(BF_LONG *)((unsigned char *)&(S[ 0])+((R>>BF_0)&BF_M))+ \ +- *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \ +- *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \ +- *(BF_LONG *)((unsigned char *)&(S[768])+((R<>24)&0xff)] + \ +- S[0x0100+((int)(R>>16)&0xff)])^ \ +- S[0x0200+((int)(R>> 8)&0xff)])+ \ +- S[0x0300+((int)(R )&0xff)])&0xffffffffL \ +- ) +-#endif +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c +deleted file mode 100644 +index a8d190b..0000000 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c ++++ /dev/null +@@ -1,110 +0,0 @@ +-/* crypto/bf/bf_ofb64.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "bf_locl.h" +- +-/* +- * The input and output encrypted as though 64bit ofb mode is being used. +- * The extra state information to record how much of the 64bit block we have +- * used is contained in *num; +- */ +-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, const BF_KEY *schedule, +- unsigned char *ivec, int *num) +-{ +- register BF_LONG v0, v1, t; +- register int n = *num; +- register long l = length; +- unsigned char d[8]; +- register char *dp; +- BF_LONG ti[2]; +- unsigned char *iv; +- int save = 0; +- +- iv = (unsigned char *)ivec; +- n2l(iv, v0); +- n2l(iv, v1); +- ti[0] = v0; +- ti[1] = v1; +- dp = (char *)d; +- l2n(v0, dp); +- l2n(v1, dp); +- while (l--) { +- if (n == 0) { +- BF_encrypt((BF_LONG *)ti, schedule); +- dp = (char *)d; +- t = ti[0]; +- l2n(t, dp); +- t = ti[1]; +- l2n(t, dp); +- save++; +- } +- *(out++) = *(in++) ^ d[n]; +- n = (n + 1) & 0x07; +- } +- if (save) { +- v0 = ti[0]; +- v1 = ti[1]; +- iv = (unsigned char *)ivec; +- l2n(v0, iv); +- l2n(v1, iv); +- } +- t = v0 = v1 = ti[0] = ti[1] = 0; +- *num = n; +-} +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_pi.h b/Cryptlib/OpenSSL/crypto/bf/bf_pi.h +deleted file mode 100644 +index 9949513..0000000 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_pi.h ++++ /dev/null +@@ -1,325 +0,0 @@ +-/* crypto/bf/bf_pi.h */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-static const BF_KEY bf_init= { +- { +- 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, +- 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, +- 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL, +- 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L, +- 0x9216d5d9L, 0x8979fb1b +- },{ +- 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, +- 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, +- 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, +- 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, +- 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, +- 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, +- 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, +- 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, +- 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, +- 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, +- 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, +- 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, +- 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, +- 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, +- 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, +- 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, +- 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, +- 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, +- 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, +- 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, +- 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, +- 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, +- 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, +- 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, +- 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, +- 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, +- 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, +- 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, +- 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, +- 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, +- 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, +- 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, +- 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, +- 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, +- 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, +- 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, +- 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, +- 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, +- 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, +- 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, +- 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, +- 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, +- 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, +- 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, +- 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, +- 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, +- 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, +- 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, +- 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, +- 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, +- 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, +- 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, +- 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, +- 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, +- 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, +- 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, +- 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, +- 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, +- 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, +- 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, +- 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, +- 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, +- 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, +- 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, +- 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, +- 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, +- 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, +- 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, +- 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, +- 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, +- 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, +- 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, +- 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, +- 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, +- 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, +- 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, +- 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, +- 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, +- 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, +- 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, +- 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, +- 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, +- 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, +- 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, +- 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, +- 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, +- 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, +- 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, +- 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, +- 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, +- 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, +- 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, +- 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, +- 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, +- 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, +- 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, +- 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, +- 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, +- 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, +- 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, +- 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, +- 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, +- 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, +- 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, +- 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, +- 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, +- 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, +- 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, +- 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, +- 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, +- 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, +- 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, +- 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, +- 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, +- 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, +- 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, +- 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, +- 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, +- 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, +- 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, +- 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, +- 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, +- 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, +- 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, +- 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, +- 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, +- 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, +- 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, +- 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, +- 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, +- 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, +- 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, +- 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, +- 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, +- 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, +- 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, +- 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, +- 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, +- 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, +- 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, +- 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, +- 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, +- 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, +- 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, +- 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, +- 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, +- 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, +- 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, +- 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, +- 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, +- 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, +- 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, +- 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, +- 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, +- 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, +- 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, +- 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, +- 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, +- 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, +- 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, +- 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, +- 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, +- 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, +- 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, +- 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, +- 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, +- 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, +- 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, +- 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, +- 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, +- 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, +- 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, +- 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, +- 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, +- 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, +- 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, +- 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, +- 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, +- 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, +- 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, +- 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, +- 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, +- 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, +- 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, +- 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, +- 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, +- 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, +- 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, +- 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, +- 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, +- 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, +- 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, +- 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, +- 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, +- 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, +- 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, +- 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, +- 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, +- 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, +- 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, +- 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, +- 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, +- 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, +- 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, +- 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, +- 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, +- 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, +- 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, +- 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, +- 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, +- 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, +- 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, +- 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, +- 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, +- 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, +- 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, +- 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, +- 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, +- 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, +- 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, +- 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, +- 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, +- 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, +- 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, +- 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, +- 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, +- 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, +- 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, +- 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, +- 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, +- 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, +- 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, +- 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, +- 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, +- 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, +- 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, +- 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, +- 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, +- 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, +- 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, +- 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, +- 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, +- 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, +- 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, +- 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, +- 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, +- 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, +- 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, +- 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, +- 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, +- 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, +- 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, +- 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, +- 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, +- 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, +- 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, +- } +- }; +- +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c +deleted file mode 100644 +index c7b74ff..0000000 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c ++++ /dev/null +@@ -1,121 +0,0 @@ +-/* crypto/bf/bf_skey.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-#include "bf_locl.h" +-#include "bf_pi.h" +- +-FIPS_NON_FIPS_VCIPHER_Init(BF) +-{ +- int i; +- BF_LONG *p, ri, in[2]; +- const unsigned char *d, *end; +- +- memcpy(key, &bf_init, sizeof(BF_KEY)); +- p = key->P; +- +- if (len > ((BF_ROUNDS + 2) * 4)) +- len = (BF_ROUNDS + 2) * 4; +- +- d = data; +- end = &(data[len]); +- for (i = 0; i < (BF_ROUNDS + 2); i++) { +- ri = *(d++); +- if (d >= end) +- d = data; +- +- ri <<= 8; +- ri |= *(d++); +- if (d >= end) +- d = data; +- +- ri <<= 8; +- ri |= *(d++); +- if (d >= end) +- d = data; +- +- ri <<= 8; +- ri |= *(d++); +- if (d >= end) +- d = data; +- +- p[i] ^= ri; +- } +- +- in[0] = 0L; +- in[1] = 0L; +- for (i = 0; i < (BF_ROUNDS + 2); i += 2) { +- BF_encrypt(in, key); +- p[i] = in[0]; +- p[i + 1] = in[1]; +- } +- +- p = key->S; +- for (i = 0; i < 4 * 256; i += 2) { +- BF_encrypt(in, key); +- p[i] = in[0]; +- p[i + 1] = in[1]; +- } +-} +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c +index 3293c72..ed8e521 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/b_dump.c ++++ b/Cryptlib/OpenSSL/crypto/bio/b_dump.c +@@ -182,3 +182,28 @@ int BIO_dump_indent(BIO *bp, const char *s, int len, int indent) + { + return BIO_dump_indent_cb(write_bio, bp, s, len, indent); + } ++ ++int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, ++ int datalen) ++{ ++ int i, j = 0; ++ ++ if (datalen < 1) ++ return 1; ++ ++ for (i = 0; i < datalen - 1; i++) { ++ if (i && !j) ++ BIO_printf(out, "%*s", indent, ""); ++ ++ BIO_printf(out, "%02X:", data[i]); ++ ++ j = (j + 1) % width; ++ if (!j) ++ BIO_printf(out, "\n"); ++ } ++ ++ if (i && !j) ++ BIO_printf(out, "%*s", indent, ""); ++ BIO_printf(out, "%02X", data[datalen - 1]); ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c +index b8b630c..9091d56 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/b_print.c ++++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + # endif + #endif + +-/* ++/* + * Stolen from tjh's ssl/ssl_trc.c stuff. + */ + +@@ -74,7 +74,7 @@ + #include + #include "cryptlib.h" + #ifndef NO_SYS_TYPES_H +-#include ++# include + #endif + #include /* To get BN_LLONG properly defined */ + #include +@@ -94,7 +94,7 @@ + * on all source code distributions. + */ + +-/* ++/*- + * This code contains numerious changes and enhancements which were + * made by lots of contributors over the last years to Patrick Powell's + * original code: +@@ -110,33 +110,33 @@ + */ + + #ifdef HAVE_LONG_DOUBLE +-#define LDOUBLE long double ++# define LDOUBLE long double + #else +-#define LDOUBLE double ++# define LDOUBLE double + #endif + +-#if HAVE_LONG_LONG +-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) +-# define LLONG __int64 ++#ifdef HAVE_LONG_LONG ++# if defined(_WIN32) && !defined(__GNUC__) ++# define LLONG __int64 + # else +-# define LLONG long long ++# define LLONG long long + # endif + #else +-#define LLONG long ++# define LLONG long + #endif + +-static void fmtstr (char **, char **, size_t *, size_t *, +- const char *, int, int, int); +-static void fmtint (char **, char **, size_t *, size_t *, +- LLONG, int, int, int, int); ++static void fmtstr(char **, char **, size_t *, size_t *, ++ const char *, int, int, int); ++static void fmtint(char **, char **, size_t *, size_t *, ++ LLONG, int, int, int, int); + #ifndef OPENSSL_SYS_UEFI +-static void fmtfp (char **, char **, size_t *, size_t *, +- LDOUBLE, int, int, int); ++static void fmtfp(char **, char **, size_t *, size_t *, ++ LDOUBLE, int, int, int); + #endif +-static void doapr_outch (char **, char **, size_t *, size_t *, int); ++static void doapr_outch(char **, char **, size_t *, size_t *, int); + static void _dopr(char **sbuffer, char **buffer, +- size_t *maxlen, size_t *retlen, int *truncated, +- const char *format, va_list args); ++ size_t *maxlen, size_t *retlen, int *truncated, ++ const char *format, va_list args); + + /* format read states */ + #define DP_S_DEFAULT 0 +@@ -168,14 +168,10 @@ static void _dopr(char **sbuffer, char **buffer, + #define OSSL_MAX(p,q) ((p >= q) ? p : q) + + static void +-_dopr( +- char **sbuffer, +- char **buffer, +- size_t *maxlen, +- size_t *retlen, +- int *truncated, +- const char *format, +- va_list args) ++_dopr(char **sbuffer, ++ char **buffer, ++ size_t *maxlen, ++ size_t *retlen, int *truncated, const char *format, va_list args) + { + char ch; + LLONG value; +@@ -204,7 +200,7 @@ _dopr( + if (ch == '%') + state = DP_S_FLAGS; + else +- doapr_outch(sbuffer,buffer, &currlen, maxlen, ch); ++ doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); + ch = *format++; + break; + case DP_S_FLAGS: +@@ -283,10 +279,12 @@ _dopr( + cflags = DP_C_LLONG; + ch = *format++; + break; ++#ifndef OPENSSL_SYS_UEFI + case 'L': + cflags = DP_C_LDOUBLE; + ch = *format++; + break; ++#endif + default: + break; + } +@@ -325,15 +323,13 @@ _dopr( + value = (unsigned short int)va_arg(args, unsigned int); + break; + case DP_C_LONG: +- value = (LLONG) va_arg(args, +- unsigned long int); ++ value = (LLONG) va_arg(args, unsigned long int); + break; + case DP_C_LLONG: + value = va_arg(args, unsigned LLONG); + break; + default: +- value = (LLONG) va_arg(args, +- unsigned int); ++ value = (LLONG) va_arg(args, unsigned int); + break; + } + fmtint(sbuffer, buffer, &currlen, maxlen, value, +@@ -368,25 +364,25 @@ _dopr( + #endif + case 'c': + doapr_outch(sbuffer, buffer, &currlen, maxlen, +- va_arg(args, int)); ++ va_arg(args, int)); + break; + case 's': + strvalue = va_arg(args, char *); + if (max < 0) { +- if (buffer) +- max = INT_MAX; +- else +- max = *maxlen; +- } ++ if (buffer) ++ max = INT_MAX; ++ else ++ max = *maxlen; ++ } + fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, + flags, min, max); + break; + case 'p': + value = (long)va_arg(args, void *); + fmtint(sbuffer, buffer, &currlen, maxlen, +- value, 16, min, max, flags|DP_F_NUM); ++ value, 16, min, max, flags | DP_F_NUM); + break; +- case 'n': /* XXX */ ++ case 'n': /* XXX */ + if (cflags == DP_C_SHORT) { + short int *num; + num = va_arg(args, short int *); +@@ -394,13 +390,13 @@ _dopr( + } else if (cflags == DP_C_LONG) { /* XXX */ + long int *num; + num = va_arg(args, long int *); +- *num = (long int) currlen; ++ *num = (long int)currlen; + } else if (cflags == DP_C_LLONG) { /* XXX */ + LLONG *num; + num = va_arg(args, LLONG *); + *num = (LLONG) currlen; + } else { +- int *num; ++ int *num; + num = va_arg(args, int *); + *num = currlen; + } +@@ -436,23 +432,17 @@ _dopr( + } + + static void +-fmtstr( +- char **sbuffer, +- char **buffer, +- size_t *currlen, +- size_t *maxlen, +- const char *value, +- int flags, +- int min, +- int max) ++fmtstr(char **sbuffer, ++ char **buffer, ++ size_t *currlen, ++ size_t *maxlen, const char *value, int flags, int min, int max) + { + int padlen, strln; + int cnt = 0; + + if (value == 0) + value = ""; +- for (strln = 0; value[strln]; ++strln) +- ; ++ for (strln = 0; value[strln]; ++strln) ; + padlen = min - strln; + if (padlen < 0) + padlen = 0; +@@ -476,21 +466,15 @@ fmtstr( + } + + static void +-fmtint( +- char **sbuffer, +- char **buffer, +- size_t *currlen, +- size_t *maxlen, +- LLONG value, +- int base, +- int min, +- int max, +- int flags) ++fmtint(char **sbuffer, ++ char **buffer, ++ size_t *currlen, ++ size_t *maxlen, LLONG value, int base, int min, int max, int flags) + { + int signvalue = 0; + const char *prefix = ""; + unsigned LLONG uvalue; +- char convert[DECIMAL_SIZE(value)+3]; ++ char convert[DECIMAL_SIZE(value) + 3]; + int place = 0; + int spadlen = 0; + int zpadlen = 0; +@@ -509,23 +493,25 @@ fmtint( + signvalue = ' '; + } + if (flags & DP_F_NUM) { +- if (base == 8) prefix = "0"; +- if (base == 16) prefix = "0x"; ++ if (base == 8) ++ prefix = "0"; ++ if (base == 16) ++ prefix = "0x"; + } + if (flags & DP_F_UP) + caps = 1; + do { +- convert[place++] = +- (caps ? "0123456789ABCDEF" : "0123456789abcdef") +- [uvalue % (unsigned) base]; +- uvalue = (uvalue / (unsigned) base); ++ convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef") ++ [uvalue % (unsigned)base]; ++ uvalue = (uvalue / (unsigned)base); + } while (uvalue && (place < (int)sizeof(convert))); + if (place == sizeof(convert)) + place--; + convert[place] = 0; + + zpadlen = max - place; +- spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); ++ spadlen = ++ min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); + if (zpadlen < 0) + zpadlen = 0; + if (spadlen < 0) +@@ -549,8 +535,8 @@ fmtint( + + /* prefix */ + while (*prefix) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); +- prefix++; ++ doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); ++ prefix++; + } + + /* zeros */ +@@ -573,8 +559,7 @@ fmtint( + } + + #ifndef OPENSSL_SYS_UEFI +-static LDOUBLE +-abs_val(LDOUBLE value) ++static LDOUBLE abs_val(LDOUBLE value) + { + LDOUBLE result = value; + if (value < 0) +@@ -582,8 +567,7 @@ abs_val(LDOUBLE value) + return result; + } + +-static LDOUBLE +-pow_10(int in_exp) ++static LDOUBLE pow_10(int in_exp) + { + LDOUBLE result = 1; + while (in_exp) { +@@ -593,11 +577,10 @@ pow_10(int in_exp) + return result; + } + +-static long +-roundv(LDOUBLE value) ++static long roundv(LDOUBLE value) + { + long intpart; +- intpart = (long) value; ++ intpart = (long)value; + value = value - intpart; + if (value >= 0.5) + intpart++; +@@ -605,15 +588,10 @@ roundv(LDOUBLE value) + } + + static void +-fmtfp( +- char **sbuffer, +- char **buffer, +- size_t *currlen, +- size_t *maxlen, +- LDOUBLE fvalue, +- int min, +- int max, +- int flags) ++fmtfp(char **sbuffer, ++ char **buffer, ++ size_t *currlen, ++ size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags) + { + int signvalue = 0; + LDOUBLE ufvalue; +@@ -623,7 +601,6 @@ fmtfp( + int fplace = 0; + int padlen = 0; + int zpadlen = 0; +- int caps = 0; + long intpart; + long fracpart; + long max10; +@@ -640,13 +617,17 @@ fmtfp( + + intpart = (long)ufvalue; + +- /* sorry, we only support 9 digits past the decimal because of our +- conversion method */ ++ /* ++ * sorry, we only support 9 digits past the decimal because of our ++ * conversion method ++ */ + if (max > 9) + max = 9; + +- /* we "cheat" by converting the fractional part to integer by +- multiplying by a factor of 10 */ ++ /* ++ * we "cheat" by converting the fractional part to integer by multiplying ++ * by a factor of 10 ++ */ + max10 = roundv(pow_10(max)); + fracpart = roundv(pow_10(max) * (ufvalue - intpart)); + +@@ -657,9 +638,7 @@ fmtfp( + + /* convert integer part */ + do { +- iconvert[iplace++] = +- (caps ? "0123456789ABCDEF" +- : "0123456789abcdef")[intpart % 10]; ++ iconvert[iplace++] = "0123456789"[intpart % 10]; + intpart = (intpart / 10); + } while (intpart && (iplace < (int)sizeof(iconvert))); + if (iplace == sizeof iconvert) +@@ -668,9 +647,7 @@ fmtfp( + + /* convert fractional part */ + do { +- fconvert[fplace++] = +- (caps ? "0123456789ABCDEF" +- : "0123456789abcdef")[fracpart % 10]; ++ fconvert[fplace++] = "0123456789"[fracpart % 10]; + fracpart = (fracpart / 10); + } while (fplace < max); + if (fplace == sizeof fconvert) +@@ -731,41 +708,42 @@ fmtfp( + #endif + + static void +-doapr_outch( +- char **sbuffer, +- char **buffer, +- size_t *currlen, +- size_t *maxlen, +- int c) ++doapr_outch(char **sbuffer, ++ char **buffer, size_t *currlen, size_t *maxlen, int c) + { + /* If we haven't at least one buffer, someone has doe a big booboo */ + assert(*sbuffer != NULL || buffer != NULL); + +- if (buffer) { +- while (*currlen >= *maxlen) { +- if (*buffer == NULL) { +- if (*maxlen == 0) +- *maxlen = 1024; +- *buffer = OPENSSL_malloc(*maxlen); +- if (*currlen > 0) { +- assert(*sbuffer != NULL); +- memcpy(*buffer, *sbuffer, *currlen); +- } +- *sbuffer = NULL; +- } else { +- *maxlen += 1024; +- *buffer = OPENSSL_realloc(*buffer, *maxlen); +- } +- } +- /* What to do if *buffer is NULL? */ +- assert(*sbuffer != NULL || *buffer != NULL); ++ /* |currlen| must always be <= |*maxlen| */ ++ assert(*currlen <= *maxlen); ++ ++ if (buffer && *currlen == *maxlen) { ++ *maxlen += 1024; ++ if (*buffer == NULL) { ++ *buffer = OPENSSL_malloc(*maxlen); ++ if (!*buffer) { ++ /* Panic! Can't really do anything sensible. Just return */ ++ return; ++ } ++ if (*currlen > 0) { ++ assert(*sbuffer != NULL); ++ memcpy(*buffer, *sbuffer, *currlen); ++ } ++ *sbuffer = NULL; ++ } else { ++ *buffer = OPENSSL_realloc(*buffer, *maxlen); ++ if (!*buffer) { ++ /* Panic! Can't really do anything sensible. Just return */ ++ return; ++ } ++ } + } + + if (*currlen < *maxlen) { +- if (*sbuffer) +- (*sbuffer)[(*currlen)++] = (char)c; +- else +- (*buffer)[(*currlen)++] = (char)c; ++ if (*sbuffer) ++ (*sbuffer)[(*currlen)++] = (char)c; ++ else ++ (*buffer)[(*currlen)++] = (char)c; + } + + return; +@@ -773,78 +751,78 @@ doapr_outch( + + /***************************************************************************/ + +-int BIO_printf (BIO *bio, const char *format, ...) +- { +- va_list args; +- int ret; +- +- va_start(args, format); +- +- ret = BIO_vprintf(bio, format, args); +- +- va_end(args); +- return(ret); +- } +- +-int BIO_vprintf (BIO *bio, const char *format, va_list args) +- { +- int ret; +- size_t retlen; +- char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable +- in small-stack environments, like threads +- or DOS programs. */ +- char *hugebufp = hugebuf; +- size_t hugebufsize = sizeof(hugebuf); +- char *dynbuf = NULL; +- int ignored; +- +- dynbuf = NULL; +- CRYPTO_push_info("doapr()"); +- _dopr(&hugebufp, &dynbuf, &hugebufsize, +- &retlen, &ignored, format, args); +- if (dynbuf) +- { +- ret=BIO_write(bio, dynbuf, (int)retlen); +- OPENSSL_free(dynbuf); +- } +- else +- { +- ret=BIO_write(bio, hugebuf, (int)retlen); +- } +- CRYPTO_pop_info(); +- return(ret); +- } +- +-/* As snprintf is not available everywhere, we provide our own implementation. +- * This function has nothing to do with BIOs, but it's closely related +- * to BIO_printf, and we need *some* name prefix ... +- * (XXX the function should be renamed, but to what?) */ ++int BIO_printf(BIO *bio, const char *format, ...) ++{ ++ va_list args; ++ int ret; ++ ++ va_start(args, format); ++ ++ ret = BIO_vprintf(bio, format, args); ++ ++ va_end(args); ++ return (ret); ++} ++ ++int BIO_vprintf(BIO *bio, const char *format, va_list args) ++{ ++ int ret; ++ size_t retlen; ++ char hugebuf[1024 * 2]; /* Was previously 10k, which is unreasonable ++ * in small-stack environments, like threads ++ * or DOS programs. */ ++ char *hugebufp = hugebuf; ++ size_t hugebufsize = sizeof(hugebuf); ++ char *dynbuf = NULL; ++ int ignored; ++ ++ dynbuf = NULL; ++ CRYPTO_push_info("doapr()"); ++ _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args); ++ if (dynbuf) { ++ ret = BIO_write(bio, dynbuf, (int)retlen); ++ OPENSSL_free(dynbuf); ++ } else { ++ ret = BIO_write(bio, hugebuf, (int)retlen); ++ } ++ CRYPTO_pop_info(); ++ return (ret); ++} ++ ++/* ++ * As snprintf is not available everywhere, we provide our own ++ * implementation. This function has nothing to do with BIOs, but it's ++ * closely related to BIO_printf, and we need *some* name prefix ... (XXX the ++ * function should be renamed, but to what?) ++ */ + int BIO_snprintf(char *buf, size_t n, const char *format, ...) +- { +- va_list args; +- int ret; ++{ ++ va_list args; ++ int ret; + +- va_start(args, format); ++ va_start(args, format); + +- ret = BIO_vsnprintf(buf, n, format, args); ++ ret = BIO_vsnprintf(buf, n, format, args); + +- va_end(args); +- return(ret); +- } ++ va_end(args); ++ return (ret); ++} + + int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +- { +- size_t retlen; +- int truncated; +- +- _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); +- +- if (truncated) +- /* In case of truncation, return -1 like traditional snprintf. +- * (Current drafts for ISO/IEC 9899 say snprintf should return +- * the number of characters that would have been written, +- * had the buffer been large enough.) */ +- return -1; +- else +- return (retlen <= INT_MAX) ? (int)retlen : -1; +- } ++{ ++ size_t retlen; ++ int truncated; ++ ++ _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); ++ ++ if (truncated) ++ /* ++ * In case of truncation, return -1 like traditional snprintf. ++ * (Current drafts for ISO/IEC 9899 say snprintf should return the ++ * number of characters that would have been written, had the buffer ++ * been large enough.) ++ */ ++ return -1; ++ else ++ return (retlen <= INT_MAX) ? (int)retlen : -1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_sock.c b/Cryptlib/OpenSSL/crypto/bio/b_sock.c +new file mode 100644 +index 0000000..5bad0a2 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/bio/b_sock.c +@@ -0,0 +1,962 @@ ++/* crypto/bio/b_sock.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include ++#define USE_SOCKETS ++#include "cryptlib.h" ++#include ++#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) ++# include ++# if defined(NETWARE_CLIB) ++# include ++NETDB_DEFINE_CONTEXT ++# endif ++#endif ++#ifndef OPENSSL_NO_SOCK ++# include ++# define SOCKET_PROTOCOL IPPROTO_TCP ++# ifdef SO_MAXCONN ++# define MAX_LISTEN SO_MAXCONN ++# elif defined(SOMAXCONN) ++# define MAX_LISTEN SOMAXCONN ++# else ++# define MAX_LISTEN 32 ++# endif ++# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) ++static int wsa_init_done = 0; ++# endif ++ ++/* ++ * WSAAPI specifier is required to make indirect calls to run-time ++ * linked WinSock 2 functions used in this module, to be specific ++ * [get|free]addrinfo and getnameinfo. This is because WinSock uses ++ * uses non-C calling convention, __stdcall vs. __cdecl, on x86 ++ * Windows. On non-WinSock platforms WSAAPI needs to be void. ++ */ ++# ifndef WSAAPI ++# define WSAAPI ++# endif ++ ++# if 0 ++static unsigned long BIO_ghbn_hits = 0L; ++static unsigned long BIO_ghbn_miss = 0L; ++ ++# define GHBN_NUM 4 ++static struct ghbn_cache_st { ++ char name[129]; ++ struct hostent *ent; ++ unsigned long order; ++} ghbn_cache[GHBN_NUM]; ++# endif ++ ++static int get_ip(const char *str, unsigned char *ip); ++# if 0 ++static void ghbn_free(struct hostent *a); ++static struct hostent *ghbn_dup(struct hostent *a); ++# endif ++int BIO_get_host_ip(const char *str, unsigned char *ip) ++{ ++ int i; ++ int err = 1; ++ int locked = 0; ++ struct hostent *he; ++ ++ i = get_ip(str, ip); ++ if (i < 0) { ++ BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_INVALID_IP_ADDRESS); ++ goto err; ++ } ++ ++ /* ++ * At this point, we have something that is most probably correct in some ++ * way, so let's init the socket. ++ */ ++ if (BIO_sock_init() != 1) ++ return 0; /* don't generate another error code here */ ++ ++ /* ++ * If the string actually contained an IP address, we need not do ++ * anything more ++ */ ++ if (i > 0) ++ return (1); ++ ++ /* do a gethostbyname */ ++ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); ++ locked = 1; ++ he = BIO_gethostbyname(str); ++ if (he == NULL) { ++ BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP); ++ goto err; ++ } ++ ++ /* cast to short because of win16 winsock definition */ ++ if ((short)he->h_addrtype != AF_INET) { ++ BIOerr(BIO_F_BIO_GET_HOST_IP, ++ BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); ++ goto err; ++ } ++ for (i = 0; i < 4; i++) ++ ip[i] = he->h_addr_list[0][i]; ++ err = 0; ++ ++ err: ++ if (locked) ++ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); ++ if (err) { ++ ERR_add_error_data(2, "host=", str); ++ return 0; ++ } else ++ return 1; ++} ++ ++int BIO_get_port(const char *str, unsigned short *port_ptr) ++{ ++ int i; ++ struct servent *s; ++ ++ if (str == NULL) { ++ BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED); ++ return (0); ++ } ++ i = atoi(str); ++ if (i != 0) ++ *port_ptr = (unsigned short)i; ++ else { ++ CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME); ++ /* ++ * Note: under VMS with SOCKETSHR, it seems like the first parameter ++ * is 'char *', instead of 'const char *' ++ */ ++# ifndef CONST_STRICT ++ s = getservbyname((char *)str, "tcp"); ++# else ++ s = getservbyname(str, "tcp"); ++# endif ++ if (s != NULL) ++ *port_ptr = ntohs((unsigned short)s->s_port); ++ CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); ++ if (s == NULL) { ++ if (strcmp(str, "http") == 0) ++ *port_ptr = 80; ++ else if (strcmp(str, "telnet") == 0) ++ *port_ptr = 23; ++ else if (strcmp(str, "socks") == 0) ++ *port_ptr = 1080; ++ else if (strcmp(str, "https") == 0) ++ *port_ptr = 443; ++ else if (strcmp(str, "ssl") == 0) ++ *port_ptr = 443; ++ else if (strcmp(str, "ftp") == 0) ++ *port_ptr = 21; ++ else if (strcmp(str, "gopher") == 0) ++ *port_ptr = 70; ++# if 0 ++ else if (strcmp(str, "wais") == 0) ++ *port_ptr = 21; ++# endif ++ else { ++ SYSerr(SYS_F_GETSERVBYNAME, get_last_socket_error()); ++ ERR_add_error_data(3, "service='", str, "'"); ++ return (0); ++ } ++ } ++ } ++ return (1); ++} ++ ++int BIO_sock_error(int sock) ++{ ++ int j, i; ++ union { ++ size_t s; ++ int i; ++ } size; ++ ++# if defined(OPENSSL_SYS_BEOS_R5) ++ return 0; ++# endif ++ ++ /* heuristic way to adapt for platforms that expect 64-bit optlen */ ++ size.s = 0, size.i = sizeof(j); ++ /* ++ * Note: under Windows the third parameter is of type (char *) whereas ++ * under other systems it is (void *) if you don't have a cast it will ++ * choke the compiler: if you do have a cast then you can either go for ++ * (char *) or (void *). ++ */ ++ i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, (void *)&size); ++ if (i < 0) ++ return (1); ++ else ++ return (j); ++} ++ ++# if 0 ++long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) ++{ ++ int i; ++ char **p; ++ ++ switch (cmd) { ++ case BIO_GHBN_CTRL_HITS: ++ return (BIO_ghbn_hits); ++ /* break; */ ++ case BIO_GHBN_CTRL_MISSES: ++ return (BIO_ghbn_miss); ++ /* break; */ ++ case BIO_GHBN_CTRL_CACHE_SIZE: ++ return (GHBN_NUM); ++ /* break; */ ++ case BIO_GHBN_CTRL_GET_ENTRY: ++ if ((iarg >= 0) && (iarg < GHBN_NUM) && (ghbn_cache[iarg].order > 0)) { ++ p = (char **)parg; ++ if (p == NULL) ++ return (0); ++ *p = ghbn_cache[iarg].name; ++ ghbn_cache[iarg].name[128] = '\0'; ++ return (1); ++ } ++ return (0); ++ /* break; */ ++ case BIO_GHBN_CTRL_FLUSH: ++ for (i = 0; i < GHBN_NUM; i++) ++ ghbn_cache[i].order = 0; ++ break; ++ default: ++ return (0); ++ } ++ return (1); ++} ++# endif ++ ++# if 0 ++static struct hostent *ghbn_dup(struct hostent *a) ++{ ++ struct hostent *ret; ++ int i, j; ++ ++ MemCheck_off(); ++ ret = (struct hostent *)OPENSSL_malloc(sizeof(struct hostent)); ++ if (ret == NULL) ++ return (NULL); ++ memset(ret, 0, sizeof(struct hostent)); ++ ++ for (i = 0; a->h_aliases[i] != NULL; i++) ; ++ i++; ++ ret->h_aliases = (char **)OPENSSL_malloc(i * sizeof(char *)); ++ if (ret->h_aliases == NULL) ++ goto err; ++ memset(ret->h_aliases, 0, i * sizeof(char *)); ++ ++ for (i = 0; a->h_addr_list[i] != NULL; i++) ; ++ i++; ++ ret->h_addr_list = (char **)OPENSSL_malloc(i * sizeof(char *)); ++ if (ret->h_addr_list == NULL) ++ goto err; ++ memset(ret->h_addr_list, 0, i * sizeof(char *)); ++ ++ j = strlen(a->h_name) + 1; ++ if ((ret->h_name = OPENSSL_malloc(j)) == NULL) ++ goto err; ++ memcpy((char *)ret->h_name, a->h_name, j); ++ for (i = 0; a->h_aliases[i] != NULL; i++) { ++ j = strlen(a->h_aliases[i]) + 1; ++ if ((ret->h_aliases[i] = OPENSSL_malloc(j)) == NULL) ++ goto err; ++ memcpy(ret->h_aliases[i], a->h_aliases[i], j); ++ } ++ ret->h_length = a->h_length; ++ ret->h_addrtype = a->h_addrtype; ++ for (i = 0; a->h_addr_list[i] != NULL; i++) { ++ if ((ret->h_addr_list[i] = OPENSSL_malloc(a->h_length)) == NULL) ++ goto err; ++ memcpy(ret->h_addr_list[i], a->h_addr_list[i], a->h_length); ++ } ++ if (0) { ++ err: ++ if (ret != NULL) ++ ghbn_free(ret); ++ ret = NULL; ++ } ++ MemCheck_on(); ++ return (ret); ++} ++ ++static void ghbn_free(struct hostent *a) ++{ ++ int i; ++ ++ if (a == NULL) ++ return; ++ ++ if (a->h_aliases != NULL) { ++ for (i = 0; a->h_aliases[i] != NULL; i++) ++ OPENSSL_free(a->h_aliases[i]); ++ OPENSSL_free(a->h_aliases); ++ } ++ if (a->h_addr_list != NULL) { ++ for (i = 0; a->h_addr_list[i] != NULL; i++) ++ OPENSSL_free(a->h_addr_list[i]); ++ OPENSSL_free(a->h_addr_list); ++ } ++ if (a->h_name != NULL) ++ OPENSSL_free(a->h_name); ++ OPENSSL_free(a); ++} ++ ++# endif ++ ++struct hostent *BIO_gethostbyname(const char *name) ++{ ++# if 1 ++ /* ++ * Caching gethostbyname() results forever is wrong, so we have to let ++ * the true gethostbyname() worry about this ++ */ ++# if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__)) ++ return gethostbyname((char *)name); ++# else ++ return gethostbyname(name); ++# endif ++# else ++ struct hostent *ret; ++ int i, lowi = 0, j; ++ unsigned long low = (unsigned long)-1; ++ ++# if 0 ++ /* ++ * It doesn't make sense to use locking here: The function interface is ++ * not thread-safe, because threads can never be sure when some other ++ * thread destroys the data they were given a pointer to. ++ */ ++ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); ++# endif ++ j = strlen(name); ++ if (j < 128) { ++ for (i = 0; i < GHBN_NUM; i++) { ++ if (low > ghbn_cache[i].order) { ++ low = ghbn_cache[i].order; ++ lowi = i; ++ } ++ if (ghbn_cache[i].order > 0) { ++ if (strncmp(name, ghbn_cache[i].name, 128) == 0) ++ break; ++ } ++ } ++ } else ++ i = GHBN_NUM; ++ ++ if (i == GHBN_NUM) { /* no hit */ ++ BIO_ghbn_miss++; ++ /* ++ * Note: under VMS with SOCKETSHR, it seems like the first parameter ++ * is 'char *', instead of 'const char *' ++ */ ++# ifndef CONST_STRICT ++ ret = gethostbyname((char *)name); ++# else ++ ret = gethostbyname(name); ++# endif ++ ++ if (ret == NULL) ++ goto end; ++ if (j > 128) { /* too big to cache */ ++# if 0 ++ /* ++ * If we were trying to make this function thread-safe (which is ++ * bound to fail), we'd have to give up in this case (or allocate ++ * more memory). ++ */ ++ ret = NULL; ++# endif ++ goto end; ++ } ++ ++ /* else add to cache */ ++ if (ghbn_cache[lowi].ent != NULL) ++ ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */ ++ ghbn_cache[lowi].name[0] = '\0'; ++ ++ if ((ret = ghbn_cache[lowi].ent = ghbn_dup(ret)) == NULL) { ++ BIOerr(BIO_F_BIO_GETHOSTBYNAME, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ strncpy(ghbn_cache[lowi].name, name, 128); ++ ghbn_cache[lowi].order = BIO_ghbn_miss + BIO_ghbn_hits; ++ } else { ++ BIO_ghbn_hits++; ++ ret = ghbn_cache[i].ent; ++ ghbn_cache[i].order = BIO_ghbn_miss + BIO_ghbn_hits; ++ } ++ end: ++# if 0 ++ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); ++# endif ++ return (ret); ++# endif ++} ++ ++int BIO_sock_init(void) ++{ ++# ifdef OPENSSL_SYS_WINDOWS ++ static struct WSAData wsa_state; ++ ++ if (!wsa_init_done) { ++ int err; ++ ++ wsa_init_done = 1; ++ memset(&wsa_state, 0, sizeof(wsa_state)); ++ /* ++ * Not making wsa_state available to the rest of the code is formally ++ * wrong. But the structures we use are [beleived to be] invariable ++ * among Winsock DLLs, while API availability is [expected to be] ++ * probed at run-time with DSO_global_lookup. ++ */ ++ if (WSAStartup(0x0202, &wsa_state) != 0) { ++ err = WSAGetLastError(); ++ SYSerr(SYS_F_WSASTARTUP, err); ++ BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); ++ return (-1); ++ } ++ } ++# endif /* OPENSSL_SYS_WINDOWS */ ++# ifdef WATT32 ++ extern int _watt_do_exit; ++ _watt_do_exit = 0; /* don't make sock_init() call exit() */ ++ if (sock_init()) ++ return (-1); ++# endif ++ ++# if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) ++ WORD wVerReq; ++ WSADATA wsaData; ++ int err; ++ ++ if (!wsa_init_done) { ++ wsa_init_done = 1; ++ wVerReq = MAKEWORD(2, 0); ++ err = WSAStartup(wVerReq, &wsaData); ++ if (err != 0) { ++ SYSerr(SYS_F_WSASTARTUP, err); ++ BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); ++ return (-1); ++ } ++ } ++# endif ++ ++ return (1); ++} ++ ++void BIO_sock_cleanup(void) ++{ ++# ifdef OPENSSL_SYS_WINDOWS ++ if (wsa_init_done) { ++ wsa_init_done = 0; ++# if 0 /* this call is claimed to be non-present in ++ * Winsock2 */ ++ WSACancelBlockingCall(); ++# endif ++ WSACleanup(); ++ } ++# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) ++ if (wsa_init_done) { ++ wsa_init_done = 0; ++ WSACleanup(); ++ } ++# endif ++} ++ ++# if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000 ++ ++int BIO_socket_ioctl(int fd, long type, void *arg) ++{ ++ int i; ++ ++# ifdef __DJGPP__ ++ i = ioctlsocket(fd, type, (char *)arg); ++# else ++# if defined(OPENSSL_SYS_VMS) ++ /*- ++ * 2011-02-18 SMS. ++ * VMS ioctl() can't tolerate a 64-bit "void *arg", but we ++ * observe that all the consumers pass in an "unsigned long *", ++ * so we arrange a local copy with a short pointer, and use ++ * that, instead. ++ */ ++# if __INITIAL_POINTER_SIZE == 64 ++# define ARG arg_32p ++# pragma pointer_size save ++# pragma pointer_size 32 ++ unsigned long arg_32; ++ unsigned long *arg_32p; ++# pragma pointer_size restore ++ arg_32p = &arg_32; ++ arg_32 = *((unsigned long *)arg); ++# else /* __INITIAL_POINTER_SIZE == 64 */ ++# define ARG arg ++# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ ++# else /* defined(OPENSSL_SYS_VMS) */ ++# define ARG arg ++# endif /* defined(OPENSSL_SYS_VMS) [else] */ ++ ++ i = ioctlsocket(fd, type, ARG); ++# endif /* __DJGPP__ */ ++ if (i < 0) ++ SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error()); ++ return (i); ++} ++# endif /* __VMS_VER */ ++ ++/* ++ * The reason I have implemented this instead of using sscanf is because ++ * Visual C 1.52c gives an unresolved external when linking a DLL :-( ++ */ ++static int get_ip(const char *str, unsigned char ip[4]) ++{ ++ unsigned int tmp[4]; ++ int num = 0, c, ok = 0; ++ ++ tmp[0] = tmp[1] = tmp[2] = tmp[3] = 0; ++ ++ for (;;) { ++ c = *(str++); ++ if ((c >= '0') && (c <= '9')) { ++ ok = 1; ++ tmp[num] = tmp[num] * 10 + c - '0'; ++ if (tmp[num] > 255) ++ return (0); ++ } else if (c == '.') { ++ if (!ok) ++ return (-1); ++ if (num == 3) ++ return (0); ++ num++; ++ ok = 0; ++ } else if (c == '\0' && (num == 3) && ok) ++ break; ++ else ++ return (0); ++ } ++ ip[0] = tmp[0]; ++ ip[1] = tmp[1]; ++ ip[2] = tmp[2]; ++ ip[3] = tmp[3]; ++ return (1); ++} ++ ++int BIO_get_accept_socket(char *host, int bind_mode) ++{ ++ int ret = 0; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } server, client; ++ int s = INVALID_SOCKET, cs, addrlen; ++ unsigned char ip[4]; ++ unsigned short port; ++ char *str = NULL, *e; ++ char *h, *p; ++ unsigned long l; ++ int err_num; ++ ++ if (BIO_sock_init() != 1) ++ return (INVALID_SOCKET); ++ ++ if ((str = BUF_strdup(host)) == NULL) ++ return (INVALID_SOCKET); ++ ++ h = p = NULL; ++ h = str; ++ for (e = str; *e; e++) { ++ if (*e == ':') { ++ p = e; ++ } else if (*e == '/') { ++ *e = '\0'; ++ break; ++ } ++ } ++ if (p) ++ *p++ = '\0'; /* points at last ':', '::port' is special ++ * [see below] */ ++ else ++ p = h, h = NULL; ++ ++# ifdef EAI_FAMILY ++ do { ++ static union { ++ void *p; ++ int (WSAAPI *f) (const char *, const char *, ++ const struct addrinfo *, struct addrinfo **); ++ } p_getaddrinfo = { ++ NULL ++ }; ++ static union { ++ void *p; ++ void (WSAAPI *f) (struct addrinfo *); ++ } p_freeaddrinfo = { ++ NULL ++ }; ++ struct addrinfo *res, hint; ++ ++ if (p_getaddrinfo.p == NULL) { ++ if ((p_getaddrinfo.p = DSO_global_lookup("getaddrinfo")) == NULL ++ || (p_freeaddrinfo.p = ++ DSO_global_lookup("freeaddrinfo")) == NULL) ++ p_getaddrinfo.p = (void *)-1; ++ } ++ if (p_getaddrinfo.p == (void *)-1) ++ break; ++ ++ /* ++ * '::port' enforces IPv6 wildcard listener. Some OSes, e.g. Solaris, ++ * default to IPv6 without any hint. Also note that commonly IPv6 ++ * wildchard socket can service IPv4 connections just as well... ++ */ ++ memset(&hint, 0, sizeof(hint)); ++ hint.ai_flags = AI_PASSIVE; ++ if (h) { ++ if (strchr(h, ':')) { ++ if (h[1] == '\0') ++ h = NULL; ++# if OPENSSL_USE_IPV6 ++ hint.ai_family = AF_INET6; ++# else ++ h = NULL; ++# endif ++ } else if (h[0] == '*' && h[1] == '\0') { ++ hint.ai_family = AF_INET; ++ h = NULL; ++ } ++ } ++ ++ if ((*p_getaddrinfo.f) (h, p, &hint, &res)) ++ break; ++ ++ addrlen = res->ai_addrlen <= sizeof(server) ? ++ res->ai_addrlen : sizeof(server); ++ memcpy(&server, res->ai_addr, addrlen); ++ ++ (*p_freeaddrinfo.f) (res); ++ goto again; ++ } while (0); ++# endif ++ ++ if (!BIO_get_port(p, &port)) ++ goto err; ++ ++ memset((char *)&server, 0, sizeof(server)); ++ server.sa_in.sin_family = AF_INET; ++ server.sa_in.sin_port = htons(port); ++ addrlen = sizeof(server.sa_in); ++ ++ if (h == NULL || strcmp(h, "*") == 0) ++ server.sa_in.sin_addr.s_addr = INADDR_ANY; ++ else { ++ if (!BIO_get_host_ip(h, &(ip[0]))) ++ goto err; ++ l = (unsigned long) ++ ((unsigned long)ip[0] << 24L) | ++ ((unsigned long)ip[1] << 16L) | ++ ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); ++ server.sa_in.sin_addr.s_addr = htonl(l); ++ } ++ ++ again: ++ s = socket(server.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL); ++ if (s == INVALID_SOCKET) { ++ SYSerr(SYS_F_SOCKET, get_last_socket_error()); ++ ERR_add_error_data(3, "port='", host, "'"); ++ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET); ++ goto err; ++ } ++# ifdef SO_REUSEADDR ++ if (bind_mode == BIO_BIND_REUSEADDR) { ++ int i = 1; ++ ++ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&i, sizeof(i)); ++ bind_mode = BIO_BIND_NORMAL; ++ } ++# endif ++ if (bind(s, &server.sa, addrlen) == -1) { ++# ifdef SO_REUSEADDR ++ err_num = get_last_socket_error(); ++ if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && ++# ifdef OPENSSL_SYS_WINDOWS ++ /* ++ * Some versions of Windows define EADDRINUSE to a dummy value. ++ */ ++ (err_num == WSAEADDRINUSE)) ++# else ++ (err_num == EADDRINUSE)) ++# endif ++ { ++ client = server; ++ if (h == NULL || strcmp(h, "*") == 0) { ++# if OPENSSL_USE_IPV6 ++ if (client.sa.sa_family == AF_INET6) { ++ memset(&client.sa_in6.sin6_addr, 0, ++ sizeof(client.sa_in6.sin6_addr)); ++ client.sa_in6.sin6_addr.s6_addr[15] = 1; ++ } else ++# endif ++ if (client.sa.sa_family == AF_INET) { ++ client.sa_in.sin_addr.s_addr = htonl(0x7F000001); ++ } else ++ goto err; ++ } ++ cs = socket(client.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL); ++ if (cs != INVALID_SOCKET) { ++ int ii; ++ ii = connect(cs, &client.sa, addrlen); ++ closesocket(cs); ++ if (ii == INVALID_SOCKET) { ++ bind_mode = BIO_BIND_REUSEADDR; ++ closesocket(s); ++ goto again; ++ } ++ /* else error */ ++ } ++ /* else error */ ++ } ++# endif ++ SYSerr(SYS_F_BIND, err_num); ++ ERR_add_error_data(3, "port='", host, "'"); ++ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_BIND_SOCKET); ++ goto err; ++ } ++ if (listen(s, MAX_LISTEN) == -1) { ++ SYSerr(SYS_F_BIND, get_last_socket_error()); ++ ERR_add_error_data(3, "port='", host, "'"); ++ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_LISTEN_SOCKET); ++ goto err; ++ } ++ ret = 1; ++ err: ++ if (str != NULL) ++ OPENSSL_free(str); ++ if ((ret == 0) && (s != INVALID_SOCKET)) { ++ closesocket(s); ++ s = INVALID_SOCKET; ++ } ++ return (s); ++} ++ ++int BIO_accept(int sock, char **addr) ++{ ++ int ret = INVALID_SOCKET; ++ unsigned long l; ++ unsigned short port; ++ char *p; ++ ++ struct { ++ /* ++ * As for following union. Trouble is that there are platforms ++ * that have socklen_t and there are platforms that don't, on ++ * some platforms socklen_t is int and on some size_t. So what ++ * one can do? One can cook #ifdef spaghetti, which is nothing ++ * but masochistic. Or one can do union between int and size_t. ++ * One naturally does it primarily for 64-bit platforms where ++ * sizeof(int) != sizeof(size_t). But would it work? Note that ++ * if size_t member is initialized to 0, then later int member ++ * assignment naturally does the job on little-endian platforms ++ * regardless accept's expectations! What about big-endians? ++ * If accept expects int*, then it works, and if size_t*, then ++ * length value would appear as unreasonably large. But this ++ * won't prevent it from filling in the address structure. The ++ * trouble of course would be if accept returns more data than ++ * actual buffer can accomodate and overwrite stack... That's ++ * where early OPENSSL_assert comes into picture. Besides, the ++ * only 64-bit big-endian platform found so far that expects ++ * size_t* is HP-UX, where stack grows towards higher address. ++ * ++ */ ++ union { ++ size_t s; ++ int i; ++ } len; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } from; ++ } sa; ++ ++ sa.len.s = 0; ++ sa.len.i = sizeof(sa.from); ++ memset(&sa.from, 0, sizeof(sa.from)); ++ ret = accept(sock, &sa.from.sa, (void *)&sa.len); ++ if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) { ++ OPENSSL_assert(sa.len.s <= sizeof(sa.from)); ++ sa.len.i = (int)sa.len.s; ++ /* use sa.len.i from this point */ ++ } ++ if (ret == INVALID_SOCKET) { ++ if (BIO_sock_should_retry(ret)) ++ return -2; ++ SYSerr(SYS_F_ACCEPT, get_last_socket_error()); ++ BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR); ++ goto end; ++ } ++ ++ if (addr == NULL) ++ goto end; ++ ++# ifdef EAI_FAMILY ++ do { ++ char h[NI_MAXHOST], s[NI_MAXSERV]; ++ size_t nl; ++ static union { ++ void *p; ++ int (WSAAPI *f) (const struct sockaddr *, size_t /* socklen_t */ , ++ char *, size_t, char *, size_t, int); ++ } p_getnameinfo = { ++ NULL ++ }; ++ /* ++ * 2nd argument to getnameinfo is specified to be socklen_t. ++ * Unfortunately there is a number of environments where socklen_t is ++ * not defined. As it's passed by value, it's safe to pass it as ++ * size_t... ++ */ ++ ++ if (p_getnameinfo.p == NULL) { ++ if ((p_getnameinfo.p = DSO_global_lookup("getnameinfo")) == NULL) ++ p_getnameinfo.p = (void *)-1; ++ } ++ if (p_getnameinfo.p == (void *)-1) ++ break; ++ ++ if ((*p_getnameinfo.f) (&sa.from.sa, sa.len.i, h, sizeof(h), s, ++ sizeof(s), NI_NUMERICHOST | NI_NUMERICSERV)) ++ break; ++ nl = strlen(h) + strlen(s) + 2; ++ p = *addr; ++ if (p) { ++ *p = '\0'; ++ p = OPENSSL_realloc(p, nl); ++ } else { ++ p = OPENSSL_malloc(nl); ++ } ++ if (p == NULL) { ++ BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ *addr = p; ++ BIO_snprintf(*addr, nl, "%s:%s", h, s); ++ goto end; ++ } while (0); ++# endif ++ if (sa.from.sa.sa_family != AF_INET) ++ goto end; ++ l = ntohl(sa.from.sa_in.sin_addr.s_addr); ++ port = ntohs(sa.from.sa_in.sin_port); ++ if (*addr == NULL) { ++ if ((p = OPENSSL_malloc(24)) == NULL) { ++ BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ *addr = p; ++ } ++ BIO_snprintf(*addr, 24, "%d.%d.%d.%d:%d", ++ (unsigned char)(l >> 24L) & 0xff, ++ (unsigned char)(l >> 16L) & 0xff, ++ (unsigned char)(l >> 8L) & 0xff, ++ (unsigned char)(l) & 0xff, port); ++ end: ++ return (ret); ++} ++ ++int BIO_set_tcp_ndelay(int s, int on) ++{ ++ int ret = 0; ++# if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP)) ++ int opt; ++ ++# ifdef SOL_TCP ++ opt = SOL_TCP; ++# else ++# ifdef IPPROTO_TCP ++ opt = IPPROTO_TCP; ++# endif ++# endif ++ ++ ret = setsockopt(s, opt, TCP_NODELAY, (char *)&on, sizeof(on)); ++# endif ++ return (ret == 0); ++} ++ ++int BIO_socket_nbio(int s, int mode) ++{ ++ int ret = -1; ++ int l; ++ ++ l = mode; ++# ifdef FIONBIO ++ ret = BIO_socket_ioctl(s, FIONBIO, &l); ++# endif ++ return (ret == 0); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c +index da88a8a..a04f32a 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c +@@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl) + + BIO_clear_retry_flags(b); + #if 1 +- RAND_pseudo_bytes(&n, 1); ++ if (RAND_pseudo_bytes(&n, 1) < 0) ++ return -1; + num = (n & 0x07); + + if (outl > num) +@@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl) + num = nt->lwn; + nt->lwn = 0; + } else { +- RAND_pseudo_bytes(&n, 1); ++ if (RAND_pseudo_bytes(&n, 1) < 0) ++ return -1; + num = (n & 7); + } + +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c +index b24daf7..d3e8606 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c +@@ -70,42 +70,49 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, + MS_STATIC char buf[256]; + char *p; + long r = 1; ++ int len; + size_t p_maxlen; + + if (BIO_CB_RETURN & cmd) + r = ret; + +- BIO_snprintf(buf, sizeof buf, "BIO[%08lX]:", (unsigned long)bio); +- p = &(buf[14]); +- p_maxlen = sizeof buf - 14; ++ len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); ++ ++ p = buf + len; ++ p_maxlen = sizeof(buf) - len; ++ + switch (cmd) { + case BIO_CB_FREE: + BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); + break; + case BIO_CB_READ: + if (bio->method->type & BIO_TYPE_DESCRIPTOR) +- BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s fd=%d\n", +- bio->num, argi, bio->method->name, bio->num); ++ BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s fd=%d\n", ++ bio->num, (unsigned long)argi, ++ bio->method->name, bio->num); + else +- BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s\n", +- bio->num, argi, bio->method->name); ++ BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s\n", ++ bio->num, (unsigned long)argi, bio->method->name); + break; + case BIO_CB_WRITE: + if (bio->method->type & BIO_TYPE_DESCRIPTOR) +- BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s fd=%d\n", +- bio->num, argi, bio->method->name, bio->num); ++ BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s fd=%d\n", ++ bio->num, (unsigned long)argi, ++ bio->method->name, bio->num); + else +- BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s\n", +- bio->num, argi, bio->method->name); ++ BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s\n", ++ bio->num, (unsigned long)argi, bio->method->name); + break; + case BIO_CB_PUTS: + BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name); + break; + case BIO_CB_GETS: +- BIO_snprintf(p, p_maxlen, "gets(%d) - %s\n", argi, bio->method->name); ++ BIO_snprintf(p, p_maxlen, "gets(%lu) - %s\n", (unsigned long)argi, ++ bio->method->name); + break; + case BIO_CB_CTRL: +- BIO_snprintf(p, p_maxlen, "ctrl(%d) - %s\n", argi, bio->method->name); ++ BIO_snprintf(p, p_maxlen, "ctrl(%lu) - %s\n", (unsigned long)argi, ++ bio->method->name); + break; + case BIO_CB_RETURN | BIO_CB_READ: + BIO_snprintf(p, p_maxlen, "read return %ld\n", ret); +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c +index 3a838ff..d9007aa 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_err.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_err.c +@@ -1,6 +1,6 @@ + /* crypto/bio/bio_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -95,6 +95,8 @@ static ERR_STRING_DATA BIO_str_functs[] = { + {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, + {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, + {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, ++ {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "DGRAM_SCTP_READ"}, ++ {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "DGRAM_SCTP_WRITE"}, + {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, + {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, + {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h b/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h +index dba2919..741884d 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h +@@ -2,27 +2,35 @@ + + #if BIO_FLAGS_UPLINK==0 + /* Shortcut UPLINK calls on most platforms... */ +-#define UP_stdin stdin +-#define UP_stdout stdout +-#define UP_stderr stderr +-#define UP_fprintf fprintf +-#define UP_fgets fgets +-#define UP_fread fread +-#define UP_fwrite fwrite +-#undef UP_fsetmod +-#define UP_feof feof +-#define UP_fclose fclose ++# define UP_stdin stdin ++# define UP_stdout stdout ++# define UP_stderr stderr ++# define UP_fprintf fprintf ++# define UP_fgets fgets ++# define UP_fread fread ++# define UP_fwrite fwrite ++# undef UP_fsetmod ++# define UP_feof feof ++# define UP_fclose fclose + +-#define UP_fopen fopen +-#define UP_fseek fseek +-#define UP_ftell ftell +-#define UP_fflush fflush +-#define UP_ferror ferror +-#define UP_fileno fileno +- +-#define UP_open open +-#define UP_read read +-#define UP_write write +-#define UP_lseek lseek +-#define UP_close close ++# define UP_fopen fopen ++# define UP_fseek fseek ++# define UP_ftell ftell ++# define UP_fflush fflush ++# define UP_ferror ferror ++# ifdef _WIN32 ++# define UP_fileno _fileno ++# define UP_open _open ++# define UP_read _read ++# define UP_write _write ++# define UP_lseek _lseek ++# define UP_close _close ++# else ++# define UP_fileno fileno ++# define UP_open open ++# define UP_read read ++# define UP_write write ++# define UP_lseek lseek ++# define UP_close close ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +index bb284be..07934f8 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +@@ -420,7 +420,7 @@ BIO *BIO_push(BIO *b, BIO *bio) + if (bio != NULL) + bio->prev_bio = lb; + /* called to do internal processing */ +- BIO_ctrl(b, BIO_CTRL_PUSH, 0, NULL); ++ BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb); + return (b); + } + +@@ -433,7 +433,7 @@ BIO *BIO_pop(BIO *b) + return (NULL); + ret = b->next_bio; + +- BIO_ctrl(b, BIO_CTRL_POP, 0, NULL); ++ BIO_ctrl(b, BIO_CTRL_POP, 0, b); + + if (b->prev_bio != NULL) + b->prev_bio->next_bio = b->next_bio; +@@ -515,42 +515,44 @@ void BIO_free_all(BIO *bio) + + BIO *BIO_dup_chain(BIO *in) + { +- BIO *ret = NULL, *eoc = NULL, *bio, *new; ++ BIO *ret = NULL, *eoc = NULL, *bio, *new_bio; + + for (bio = in; bio != NULL; bio = bio->next_bio) { +- if ((new = BIO_new(bio->method)) == NULL) ++ if ((new_bio = BIO_new(bio->method)) == NULL) + goto err; +- new->callback = bio->callback; +- new->cb_arg = bio->cb_arg; +- new->init = bio->init; +- new->shutdown = bio->shutdown; +- new->flags = bio->flags; ++ new_bio->callback = bio->callback; ++ new_bio->cb_arg = bio->cb_arg; ++ new_bio->init = bio->init; ++ new_bio->shutdown = bio->shutdown; ++ new_bio->flags = bio->flags; + + /* This will let SSL_s_sock() work with stdin/stdout */ +- new->num = bio->num; ++ new_bio->num = bio->num; + +- if (!BIO_dup_state(bio, (char *)new)) { +- BIO_free(new); ++ if (!BIO_dup_state(bio, (char *)new_bio)) { ++ BIO_free(new_bio); + goto err; + } + + /* copy app data */ +- if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, +- &bio->ex_data)) ++ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, ++ &bio->ex_data)) { ++ BIO_free(new_bio); + goto err; ++ } + + if (ret == NULL) { +- eoc = new; ++ eoc = new_bio; + ret = eoc; + } else { +- BIO_push(eoc, new); +- eoc = new; ++ BIO_push(eoc, new_bio); ++ eoc = new_bio; + } + } + return (ret); + err: +- if (ret != NULL) +- BIO_free(ret); ++ BIO_free_all(ret); ++ + return (NULL); + } + +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c b/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c +new file mode 100644 +index 0000000..4a5e39b +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c +@@ -0,0 +1,463 @@ ++/* crypto/bio/bss_acpt.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#define USE_SOCKETS ++#include "cryptlib.h" ++#include ++ ++#ifndef OPENSSL_NO_SOCK ++ ++# ifdef OPENSSL_SYS_WIN16 ++# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ ++# else ++# define SOCKET_PROTOCOL IPPROTO_TCP ++# endif ++ ++# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) ++/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ ++# undef FIONBIO ++# endif ++ ++typedef struct bio_accept_st { ++ int state; ++ char *param_addr; ++ int accept_sock; ++ int accept_nbio; ++ char *addr; ++ int nbio; ++ /* ++ * If 0, it means normal, if 1, do a connect on bind failure, and if ++ * there is no-one listening, bind with SO_REUSEADDR. If 2, always use ++ * SO_REUSEADDR. ++ */ ++ int bind_mode; ++ BIO *bio_chain; ++} BIO_ACCEPT; ++ ++static int acpt_write(BIO *h, const char *buf, int num); ++static int acpt_read(BIO *h, char *buf, int size); ++static int acpt_puts(BIO *h, const char *str); ++static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2); ++static int acpt_new(BIO *h); ++static int acpt_free(BIO *data); ++static int acpt_state(BIO *b, BIO_ACCEPT *c); ++static void acpt_close_socket(BIO *data); ++static BIO_ACCEPT *BIO_ACCEPT_new(void); ++static void BIO_ACCEPT_free(BIO_ACCEPT *a); ++ ++# define ACPT_S_BEFORE 1 ++# define ACPT_S_GET_ACCEPT_SOCKET 2 ++# define ACPT_S_OK 3 ++ ++static BIO_METHOD methods_acceptp = { ++ BIO_TYPE_ACCEPT, ++ "socket accept", ++ acpt_write, ++ acpt_read, ++ acpt_puts, ++ NULL, /* connect_gets, */ ++ acpt_ctrl, ++ acpt_new, ++ acpt_free, ++ NULL, ++}; ++ ++BIO_METHOD *BIO_s_accept(void) ++{ ++ return (&methods_acceptp); ++} ++ ++static int acpt_new(BIO *bi) ++{ ++ BIO_ACCEPT *ba; ++ ++ bi->init = 0; ++ bi->num = INVALID_SOCKET; ++ bi->flags = 0; ++ if ((ba = BIO_ACCEPT_new()) == NULL) ++ return (0); ++ bi->ptr = (char *)ba; ++ ba->state = ACPT_S_BEFORE; ++ bi->shutdown = 1; ++ return (1); ++} ++ ++static BIO_ACCEPT *BIO_ACCEPT_new(void) ++{ ++ BIO_ACCEPT *ret; ++ ++ if ((ret = (BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL) ++ return (NULL); ++ ++ memset(ret, 0, sizeof(BIO_ACCEPT)); ++ ret->accept_sock = INVALID_SOCKET; ++ ret->bind_mode = BIO_BIND_NORMAL; ++ return (ret); ++} ++ ++static void BIO_ACCEPT_free(BIO_ACCEPT *a) ++{ ++ if (a == NULL) ++ return; ++ ++ if (a->param_addr != NULL) ++ OPENSSL_free(a->param_addr); ++ if (a->addr != NULL) ++ OPENSSL_free(a->addr); ++ if (a->bio_chain != NULL) ++ BIO_free(a->bio_chain); ++ OPENSSL_free(a); ++} ++ ++static void acpt_close_socket(BIO *bio) ++{ ++ BIO_ACCEPT *c; ++ ++ c = (BIO_ACCEPT *)bio->ptr; ++ if (c->accept_sock != INVALID_SOCKET) { ++ shutdown(c->accept_sock, 2); ++ closesocket(c->accept_sock); ++ c->accept_sock = INVALID_SOCKET; ++ bio->num = INVALID_SOCKET; ++ } ++} ++ ++static int acpt_free(BIO *a) ++{ ++ BIO_ACCEPT *data; ++ ++ if (a == NULL) ++ return (0); ++ data = (BIO_ACCEPT *)a->ptr; ++ ++ if (a->shutdown) { ++ acpt_close_socket(a); ++ BIO_ACCEPT_free(data); ++ a->ptr = NULL; ++ a->flags = 0; ++ a->init = 0; ++ } ++ return (1); ++} ++ ++static int acpt_state(BIO *b, BIO_ACCEPT *c) ++{ ++ BIO *bio = NULL, *dbio; ++ int s = -1; ++ int i; ++ ++ again: ++ switch (c->state) { ++ case ACPT_S_BEFORE: ++ if (c->param_addr == NULL) { ++ BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED); ++ return (-1); ++ } ++ s = BIO_get_accept_socket(c->param_addr, c->bind_mode); ++ if (s == INVALID_SOCKET) ++ return (-1); ++ ++ if (c->accept_nbio) { ++ if (!BIO_socket_nbio(s, 1)) { ++ closesocket(s); ++ BIOerr(BIO_F_ACPT_STATE, ++ BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET); ++ return (-1); ++ } ++ } ++ c->accept_sock = s; ++ b->num = s; ++ c->state = ACPT_S_GET_ACCEPT_SOCKET; ++ return (1); ++ /* break; */ ++ case ACPT_S_GET_ACCEPT_SOCKET: ++ if (b->next_bio != NULL) { ++ c->state = ACPT_S_OK; ++ goto again; ++ } ++ BIO_clear_retry_flags(b); ++ b->retry_reason = 0; ++ i = BIO_accept(c->accept_sock, &(c->addr)); ++ ++ /* -2 return means we should retry */ ++ if (i == -2) { ++ BIO_set_retry_special(b); ++ b->retry_reason = BIO_RR_ACCEPT; ++ return -1; ++ } ++ ++ if (i < 0) ++ return (i); ++ ++ bio = BIO_new_socket(i, BIO_CLOSE); ++ if (bio == NULL) ++ goto err; ++ ++ BIO_set_callback(bio, BIO_get_callback(b)); ++ BIO_set_callback_arg(bio, BIO_get_callback_arg(b)); ++ ++ if (c->nbio) { ++ if (!BIO_socket_nbio(i, 1)) { ++ BIOerr(BIO_F_ACPT_STATE, ++ BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET); ++ goto err; ++ } ++ } ++ ++ /* ++ * If the accept BIO has an bio_chain, we dup it and put the new ++ * socket at the end. ++ */ ++ if (c->bio_chain != NULL) { ++ if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL) ++ goto err; ++ if (!BIO_push(dbio, bio)) ++ goto err; ++ bio = dbio; ++ } ++ if (BIO_push(b, bio) == NULL) ++ goto err; ++ ++ c->state = ACPT_S_OK; ++ return (1); ++ err: ++ if (bio != NULL) ++ BIO_free(bio); ++ else if (s >= 0) ++ closesocket(s); ++ return (0); ++ /* break; */ ++ case ACPT_S_OK: ++ if (b->next_bio == NULL) { ++ c->state = ACPT_S_GET_ACCEPT_SOCKET; ++ goto again; ++ } ++ return (1); ++ /* break; */ ++ default: ++ return (0); ++ /* break; */ ++ } ++ ++} ++ ++static int acpt_read(BIO *b, char *out, int outl) ++{ ++ int ret = 0; ++ BIO_ACCEPT *data; ++ ++ BIO_clear_retry_flags(b); ++ data = (BIO_ACCEPT *)b->ptr; ++ ++ while (b->next_bio == NULL) { ++ ret = acpt_state(b, data); ++ if (ret <= 0) ++ return (ret); ++ } ++ ++ ret = BIO_read(b->next_bio, out, outl); ++ BIO_copy_next_retry(b); ++ return (ret); ++} ++ ++static int acpt_write(BIO *b, const char *in, int inl) ++{ ++ int ret; ++ BIO_ACCEPT *data; ++ ++ BIO_clear_retry_flags(b); ++ data = (BIO_ACCEPT *)b->ptr; ++ ++ while (b->next_bio == NULL) { ++ ret = acpt_state(b, data); ++ if (ret <= 0) ++ return (ret); ++ } ++ ++ ret = BIO_write(b->next_bio, in, inl); ++ BIO_copy_next_retry(b); ++ return (ret); ++} ++ ++static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ++{ ++ int *ip; ++ long ret = 1; ++ BIO_ACCEPT *data; ++ char **pp; ++ ++ data = (BIO_ACCEPT *)b->ptr; ++ ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ ret = 0; ++ data->state = ACPT_S_BEFORE; ++ acpt_close_socket(b); ++ b->flags = 0; ++ break; ++ case BIO_C_DO_STATE_MACHINE: ++ /* use this one to start the connection */ ++ ret = (long)acpt_state(b, data); ++ break; ++ case BIO_C_SET_ACCEPT: ++ if (ptr != NULL) { ++ if (num == 0) { ++ b->init = 1; ++ if (data->param_addr != NULL) ++ OPENSSL_free(data->param_addr); ++ data->param_addr = BUF_strdup(ptr); ++ } else if (num == 1) { ++ data->accept_nbio = (ptr != NULL); ++ } else if (num == 2) { ++ if (data->bio_chain != NULL) ++ BIO_free(data->bio_chain); ++ data->bio_chain = (BIO *)ptr; ++ } ++ } ++ break; ++ case BIO_C_SET_NBIO: ++ data->nbio = (int)num; ++ break; ++ case BIO_C_SET_FD: ++ b->init = 1; ++ b->num = *((int *)ptr); ++ data->accept_sock = b->num; ++ data->state = ACPT_S_GET_ACCEPT_SOCKET; ++ b->shutdown = (int)num; ++ b->init = 1; ++ break; ++ case BIO_C_GET_FD: ++ if (b->init) { ++ ip = (int *)ptr; ++ if (ip != NULL) ++ *ip = data->accept_sock; ++ ret = data->accept_sock; ++ } else ++ ret = -1; ++ break; ++ case BIO_C_GET_ACCEPT: ++ if (b->init) { ++ if (ptr != NULL) { ++ pp = (char **)ptr; ++ *pp = data->param_addr; ++ } else ++ ret = -1; ++ } else ++ ret = -1; ++ break; ++ case BIO_CTRL_GET_CLOSE: ++ ret = b->shutdown; ++ break; ++ case BIO_CTRL_SET_CLOSE: ++ b->shutdown = (int)num; ++ break; ++ case BIO_CTRL_PENDING: ++ case BIO_CTRL_WPENDING: ++ ret = 0; ++ break; ++ case BIO_CTRL_FLUSH: ++ break; ++ case BIO_C_SET_BIND_MODE: ++ data->bind_mode = (int)num; ++ break; ++ case BIO_C_GET_BIND_MODE: ++ ret = (long)data->bind_mode; ++ break; ++ case BIO_CTRL_DUP: ++/*- dbio=(BIO *)ptr; ++ if (data->param_port) EAY EAY ++ BIO_set_port(dbio,data->param_port); ++ if (data->param_hostname) ++ BIO_set_hostname(dbio,data->param_hostname); ++ BIO_set_nbio(dbio,data->nbio); */ ++ break; ++ ++ default: ++ ret = 0; ++ break; ++ } ++ return (ret); ++} ++ ++static int acpt_puts(BIO *bp, const char *str) ++{ ++ int n, ret; ++ ++ n = strlen(str); ++ ret = acpt_write(bp, str, n); ++ return (ret); ++} ++ ++BIO *BIO_new_accept(const char *str) ++{ ++ BIO *ret; ++ ++ ret = BIO_new(BIO_s_accept()); ++ if (ret == NULL) ++ return (NULL); ++ if (BIO_set_accept_port(ret, str)) ++ return (ret); ++ else { ++ BIO_free(ret); ++ return (NULL); ++ } ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c +index 87955f0..d629a37 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c +@@ -270,10 +270,10 @@ static int bio_read(BIO *bio, char *buf, int size_) + * WARNING: The non-copying interface is largely untested as of yet and may + * contain bugs. + */ +-static ssize_t bio_nread0(BIO *bio, char **buf) ++static ossl_ssize_t bio_nread0(BIO *bio, char **buf) + { + struct bio_bio_st *b, *peer_b; +- ssize_t num; ++ ossl_ssize_t num; + + BIO_clear_retry_flags(bio); + +@@ -307,15 +307,15 @@ static ssize_t bio_nread0(BIO *bio, char **buf) + return num; + } + +-static ssize_t bio_nread(BIO *bio, char **buf, size_t num_) ++static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_) + { + struct bio_bio_st *b, *peer_b; +- ssize_t num, available; ++ ossl_ssize_t num, available; + + if (num_ > SSIZE_MAX) + num = SSIZE_MAX; + else +- num = (ssize_t) num_; ++ num = (ossl_ssize_t) num_; + + available = bio_nread0(bio, buf); + if (num > available) +@@ -415,7 +415,7 @@ static int bio_write(BIO *bio, const char *buf, int num_) + * (example usage: bio_nwrite0(), write to buffer, bio_nwrite() + * or just bio_nwrite(), write to buffer) + */ +-static ssize_t bio_nwrite0(BIO *bio, char **buf) ++static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf) + { + struct bio_bio_st *b; + size_t num; +@@ -463,15 +463,15 @@ static ssize_t bio_nwrite0(BIO *bio, char **buf) + return num; + } + +-static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) ++static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) + { + struct bio_bio_st *b; +- ssize_t num, space; ++ ossl_ssize_t num, space; + + if (num_ > SSIZE_MAX) + num = SSIZE_MAX; + else +- num = (ssize_t) num_; ++ num = (ossl_ssize_t) num_; + + space = bio_nwrite0(bio, buf); + if (num > space) +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_conn.c b/Cryptlib/OpenSSL/crypto/bio/bss_conn.c +new file mode 100644 +index 0000000..42d0aff +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_conn.c +@@ -0,0 +1,603 @@ ++/* crypto/bio/bss_conn.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#define USE_SOCKETS ++#include "cryptlib.h" ++#include ++ ++#ifndef OPENSSL_NO_SOCK ++ ++# ifdef OPENSSL_SYS_WIN16 ++# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ ++# else ++# define SOCKET_PROTOCOL IPPROTO_TCP ++# endif ++ ++# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) ++/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ ++# undef FIONBIO ++# endif ++ ++typedef struct bio_connect_st { ++ int state; ++ char *param_hostname; ++ char *param_port; ++ int nbio; ++ unsigned char ip[4]; ++ unsigned short port; ++ struct sockaddr_in them; ++ /* ++ * int socket; this will be kept in bio->num so that it is compatible ++ * with the bss_sock bio ++ */ ++ /* ++ * called when the connection is initially made callback(BIO,state,ret); ++ * The callback should return 'ret'. state is for compatibility with the ++ * ssl info_callback ++ */ ++ int (*info_callback) (const BIO *bio, int state, int ret); ++} BIO_CONNECT; ++ ++static int conn_write(BIO *h, const char *buf, int num); ++static int conn_read(BIO *h, char *buf, int size); ++static int conn_puts(BIO *h, const char *str); ++static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2); ++static int conn_new(BIO *h); ++static int conn_free(BIO *data); ++static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *); ++ ++static int conn_state(BIO *b, BIO_CONNECT *c); ++static void conn_close_socket(BIO *data); ++BIO_CONNECT *BIO_CONNECT_new(void); ++void BIO_CONNECT_free(BIO_CONNECT *a); ++ ++static BIO_METHOD methods_connectp = { ++ BIO_TYPE_CONNECT, ++ "socket connect", ++ conn_write, ++ conn_read, ++ conn_puts, ++ NULL, /* connect_gets, */ ++ conn_ctrl, ++ conn_new, ++ conn_free, ++ conn_callback_ctrl, ++}; ++ ++static int conn_state(BIO *b, BIO_CONNECT *c) ++{ ++ int ret = -1, i; ++ unsigned long l; ++ char *p, *q; ++ int (*cb) (const BIO *, int, int) = NULL; ++ ++ if (c->info_callback != NULL) ++ cb = c->info_callback; ++ ++ for (;;) { ++ switch (c->state) { ++ case BIO_CONN_S_BEFORE: ++ p = c->param_hostname; ++ if (p == NULL) { ++ BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED); ++ goto exit_loop; ++ } ++ for (; *p != '\0'; p++) { ++ if ((*p == ':') || (*p == '/')) ++ break; ++ } ++ ++ i = *p; ++ if ((i == ':') || (i == '/')) { ++ ++ *(p++) = '\0'; ++ if (i == ':') { ++ for (q = p; *q; q++) ++ if (*q == '/') { ++ *q = '\0'; ++ break; ++ } ++ if (c->param_port != NULL) ++ OPENSSL_free(c->param_port); ++ c->param_port = BUF_strdup(p); ++ } ++ } ++ ++ if (c->param_port == NULL) { ++ BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED); ++ ERR_add_error_data(2, "host=", c->param_hostname); ++ goto exit_loop; ++ } ++ c->state = BIO_CONN_S_GET_IP; ++ break; ++ ++ case BIO_CONN_S_GET_IP: ++ if (BIO_get_host_ip(c->param_hostname, &(c->ip[0])) <= 0) ++ goto exit_loop; ++ c->state = BIO_CONN_S_GET_PORT; ++ break; ++ ++ case BIO_CONN_S_GET_PORT: ++ if (c->param_port == NULL) { ++ /* abort(); */ ++ goto exit_loop; ++ } else if (BIO_get_port(c->param_port, &c->port) <= 0) ++ goto exit_loop; ++ c->state = BIO_CONN_S_CREATE_SOCKET; ++ break; ++ ++ case BIO_CONN_S_CREATE_SOCKET: ++ /* now setup address */ ++ memset((char *)&c->them, 0, sizeof(c->them)); ++ c->them.sin_family = AF_INET; ++ c->them.sin_port = htons((unsigned short)c->port); ++ l = (unsigned long) ++ ((unsigned long)c->ip[0] << 24L) | ++ ((unsigned long)c->ip[1] << 16L) | ++ ((unsigned long)c->ip[2] << 8L) | ((unsigned long)c->ip[3]); ++ c->them.sin_addr.s_addr = htonl(l); ++ c->state = BIO_CONN_S_CREATE_SOCKET; ++ ++ ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); ++ if (ret == INVALID_SOCKET) { ++ SYSerr(SYS_F_SOCKET, get_last_socket_error()); ++ ERR_add_error_data(4, "host=", c->param_hostname, ++ ":", c->param_port); ++ BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET); ++ goto exit_loop; ++ } ++ b->num = ret; ++ c->state = BIO_CONN_S_NBIO; ++ break; ++ ++ case BIO_CONN_S_NBIO: ++ if (c->nbio) { ++ if (!BIO_socket_nbio(b->num, 1)) { ++ BIOerr(BIO_F_CONN_STATE, BIO_R_ERROR_SETTING_NBIO); ++ ERR_add_error_data(4, "host=", ++ c->param_hostname, ":", c->param_port); ++ goto exit_loop; ++ } ++ } ++ c->state = BIO_CONN_S_CONNECT; ++ ++# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) ++ i = 1; ++ i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, ++ sizeof(i)); ++ if (i < 0) { ++ SYSerr(SYS_F_SOCKET, get_last_socket_error()); ++ ERR_add_error_data(4, "host=", c->param_hostname, ++ ":", c->param_port); ++ BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE); ++ goto exit_loop; ++ } ++# endif ++ break; ++ ++ case BIO_CONN_S_CONNECT: ++ BIO_clear_retry_flags(b); ++ ret = connect(b->num, ++ (struct sockaddr *)&c->them, sizeof(c->them)); ++ b->retry_reason = 0; ++ if (ret < 0) { ++ if (BIO_sock_should_retry(ret)) { ++ BIO_set_retry_special(b); ++ c->state = BIO_CONN_S_BLOCKED_CONNECT; ++ b->retry_reason = BIO_RR_CONNECT; ++ } else { ++ SYSerr(SYS_F_CONNECT, get_last_socket_error()); ++ ERR_add_error_data(4, "host=", ++ c->param_hostname, ":", c->param_port); ++ BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); ++ } ++ goto exit_loop; ++ } else ++ c->state = BIO_CONN_S_OK; ++ break; ++ ++ case BIO_CONN_S_BLOCKED_CONNECT: ++ i = BIO_sock_error(b->num); ++ if (i) { ++ BIO_clear_retry_flags(b); ++ SYSerr(SYS_F_CONNECT, i); ++ ERR_add_error_data(4, "host=", ++ c->param_hostname, ":", c->param_port); ++ BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR); ++ ret = 0; ++ goto exit_loop; ++ } else ++ c->state = BIO_CONN_S_OK; ++ break; ++ ++ case BIO_CONN_S_OK: ++ ret = 1; ++ goto exit_loop; ++ default: ++ /* abort(); */ ++ goto exit_loop; ++ } ++ ++ if (cb != NULL) { ++ if (!(ret = cb((BIO *)b, c->state, ret))) ++ goto end; ++ } ++ } ++ ++ /* Loop does not exit */ ++ exit_loop: ++ if (cb != NULL) ++ ret = cb((BIO *)b, c->state, ret); ++ end: ++ return (ret); ++} ++ ++BIO_CONNECT *BIO_CONNECT_new(void) ++{ ++ BIO_CONNECT *ret; ++ ++ if ((ret = (BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL) ++ return (NULL); ++ ret->state = BIO_CONN_S_BEFORE; ++ ret->param_hostname = NULL; ++ ret->param_port = NULL; ++ ret->info_callback = NULL; ++ ret->nbio = 0; ++ ret->ip[0] = 0; ++ ret->ip[1] = 0; ++ ret->ip[2] = 0; ++ ret->ip[3] = 0; ++ ret->port = 0; ++ memset((char *)&ret->them, 0, sizeof(ret->them)); ++ return (ret); ++} ++ ++void BIO_CONNECT_free(BIO_CONNECT *a) ++{ ++ if (a == NULL) ++ return; ++ ++ if (a->param_hostname != NULL) ++ OPENSSL_free(a->param_hostname); ++ if (a->param_port != NULL) ++ OPENSSL_free(a->param_port); ++ OPENSSL_free(a); ++} ++ ++BIO_METHOD *BIO_s_connect(void) ++{ ++ return (&methods_connectp); ++} ++ ++static int conn_new(BIO *bi) ++{ ++ bi->init = 0; ++ bi->num = INVALID_SOCKET; ++ bi->flags = 0; ++ if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL) ++ return (0); ++ else ++ return (1); ++} ++ ++static void conn_close_socket(BIO *bio) ++{ ++ BIO_CONNECT *c; ++ ++ c = (BIO_CONNECT *)bio->ptr; ++ if (bio->num != INVALID_SOCKET) { ++ /* Only do a shutdown if things were established */ ++ if (c->state == BIO_CONN_S_OK) ++ shutdown(bio->num, 2); ++ closesocket(bio->num); ++ bio->num = INVALID_SOCKET; ++ } ++} ++ ++static int conn_free(BIO *a) ++{ ++ BIO_CONNECT *data; ++ ++ if (a == NULL) ++ return (0); ++ data = (BIO_CONNECT *)a->ptr; ++ ++ if (a->shutdown) { ++ conn_close_socket(a); ++ BIO_CONNECT_free(data); ++ a->ptr = NULL; ++ a->flags = 0; ++ a->init = 0; ++ } ++ return (1); ++} ++ ++static int conn_read(BIO *b, char *out, int outl) ++{ ++ int ret = 0; ++ BIO_CONNECT *data; ++ ++ data = (BIO_CONNECT *)b->ptr; ++ if (data->state != BIO_CONN_S_OK) { ++ ret = conn_state(b, data); ++ if (ret <= 0) ++ return (ret); ++ } ++ ++ if (out != NULL) { ++ clear_socket_error(); ++ ret = readsocket(b->num, out, outl); ++ BIO_clear_retry_flags(b); ++ if (ret <= 0) { ++ if (BIO_sock_should_retry(ret)) ++ BIO_set_retry_read(b); ++ } ++ } ++ return (ret); ++} ++ ++static int conn_write(BIO *b, const char *in, int inl) ++{ ++ int ret; ++ BIO_CONNECT *data; ++ ++ data = (BIO_CONNECT *)b->ptr; ++ if (data->state != BIO_CONN_S_OK) { ++ ret = conn_state(b, data); ++ if (ret <= 0) ++ return (ret); ++ } ++ ++ clear_socket_error(); ++ ret = writesocket(b->num, in, inl); ++ BIO_clear_retry_flags(b); ++ if (ret <= 0) { ++ if (BIO_sock_should_retry(ret)) ++ BIO_set_retry_write(b); ++ } ++ return (ret); ++} ++ ++static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) ++{ ++ BIO *dbio; ++ int *ip; ++ const char **pptr; ++ long ret = 1; ++ BIO_CONNECT *data; ++ ++ data = (BIO_CONNECT *)b->ptr; ++ ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ ret = 0; ++ data->state = BIO_CONN_S_BEFORE; ++ conn_close_socket(b); ++ b->flags = 0; ++ break; ++ case BIO_C_DO_STATE_MACHINE: ++ /* use this one to start the connection */ ++ if (data->state != BIO_CONN_S_OK) ++ ret = (long)conn_state(b, data); ++ else ++ ret = 1; ++ break; ++ case BIO_C_GET_CONNECT: ++ if (ptr != NULL) { ++ pptr = (const char **)ptr; ++ if (num == 0) { ++ *pptr = data->param_hostname; ++ ++ } else if (num == 1) { ++ *pptr = data->param_port; ++ } else if (num == 2) { ++ *pptr = (char *)&(data->ip[0]); ++ } else if (num == 3) { ++ *((int *)ptr) = data->port; ++ } ++ if ((!b->init) || (ptr == NULL)) ++ *pptr = "not initialized"; ++ ret = 1; ++ } ++ break; ++ case BIO_C_SET_CONNECT: ++ if (ptr != NULL) { ++ b->init = 1; ++ if (num == 0) { ++ if (data->param_hostname != NULL) ++ OPENSSL_free(data->param_hostname); ++ data->param_hostname = BUF_strdup(ptr); ++ } else if (num == 1) { ++ if (data->param_port != NULL) ++ OPENSSL_free(data->param_port); ++ data->param_port = BUF_strdup(ptr); ++ } else if (num == 2) { ++ char buf[16]; ++ unsigned char *p = ptr; ++ ++ BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d", ++ p[0], p[1], p[2], p[3]); ++ if (data->param_hostname != NULL) ++ OPENSSL_free(data->param_hostname); ++ data->param_hostname = BUF_strdup(buf); ++ memcpy(&(data->ip[0]), ptr, 4); ++ } else if (num == 3) { ++ char buf[DECIMAL_SIZE(int) + 1]; ++ ++ BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr); ++ if (data->param_port != NULL) ++ OPENSSL_free(data->param_port); ++ data->param_port = BUF_strdup(buf); ++ data->port = *(int *)ptr; ++ } ++ } ++ break; ++ case BIO_C_SET_NBIO: ++ data->nbio = (int)num; ++ break; ++ case BIO_C_GET_FD: ++ if (b->init) { ++ ip = (int *)ptr; ++ if (ip != NULL) ++ *ip = b->num; ++ ret = b->num; ++ } else ++ ret = -1; ++ break; ++ case BIO_CTRL_GET_CLOSE: ++ ret = b->shutdown; ++ break; ++ case BIO_CTRL_SET_CLOSE: ++ b->shutdown = (int)num; ++ break; ++ case BIO_CTRL_PENDING: ++ case BIO_CTRL_WPENDING: ++ ret = 0; ++ break; ++ case BIO_CTRL_FLUSH: ++ break; ++ case BIO_CTRL_DUP: ++ { ++ dbio = (BIO *)ptr; ++ if (data->param_port) ++ BIO_set_conn_port(dbio, data->param_port); ++ if (data->param_hostname) ++ BIO_set_conn_hostname(dbio, data->param_hostname); ++ BIO_set_nbio(dbio, data->nbio); ++ /* ++ * FIXME: the cast of the function seems unlikely to be a good ++ * idea ++ */ ++ (void)BIO_set_info_callback(dbio, ++ (bio_info_cb *)data->info_callback); ++ } ++ break; ++ case BIO_CTRL_SET_CALLBACK: ++ { ++# if 0 /* FIXME: Should this be used? -- Richard ++ * Levitte */ ++ BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ ret = -1; ++# else ++ ret = 0; ++# endif ++ } ++ break; ++ case BIO_CTRL_GET_CALLBACK: ++ { ++ int (**fptr) (const BIO *bio, int state, int xret); ++ ++ fptr = (int (**)(const BIO *bio, int state, int xret))ptr; ++ *fptr = data->info_callback; ++ } ++ break; ++ default: ++ ret = 0; ++ break; ++ } ++ return (ret); ++} ++ ++static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) ++{ ++ long ret = 1; ++ BIO_CONNECT *data; ++ ++ data = (BIO_CONNECT *)b->ptr; ++ ++ switch (cmd) { ++ case BIO_CTRL_SET_CALLBACK: ++ { ++ data->info_callback = ++ (int (*)(const struct bio_st *, int, int))fp; ++ } ++ break; ++ default: ++ ret = 0; ++ break; ++ } ++ return (ret); ++} ++ ++static int conn_puts(BIO *bp, const char *str) ++{ ++ int n, ret; ++ ++ n = strlen(str); ++ ret = conn_write(bp, str, n); ++ return (ret); ++} ++ ++BIO *BIO_new_connect(const char *str) ++{ ++ BIO *ret; ++ ++ ret = BIO_new(BIO_s_connect()); ++ if (ret == NULL) ++ return (NULL); ++ if (BIO_set_conn_hostname(ret, str)) ++ return (ret); ++ else { ++ BIO_free(ret); ++ return (NULL); ++ } ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c +index 405190f..7fcd831 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c +@@ -65,14 +65,35 @@ + #include + #ifndef OPENSSL_NO_DGRAM + +-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ++# if defined(OPENSSL_SYS_VMS) + # include + # endif + +-# ifdef OPENSSL_SYS_LINUX ++# ifndef OPENSSL_NO_SCTP ++# include ++# include ++# define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00 ++# define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 ++# endif ++ ++# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) + # define IP_MTU 14 /* linux is lame */ + # endif + ++# if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6) ++# define IPPROTO_IPV6 41 /* windows is lame */ ++# endif ++ ++# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) ++/* Standard definition causes type-punning problems. */ ++# undef IN6_IS_ADDR_V4MAPPED ++# define s6_addr32 __u6_addr.__u6_addr32 ++# define IN6_IS_ADDR_V4MAPPED(a) \ ++ (((a)->s6_addr32[0] == 0) && \ ++ ((a)->s6_addr32[1] == 0) && \ ++ ((a)->s6_addr32[2] == htonl(0x0000ffff))) ++# endif ++ + # ifdef WATT32 + # define sock_write SockWrite /* Watt-32 uses same names */ + # define sock_read SockRead +@@ -87,6 +108,19 @@ static int dgram_new(BIO *h); + static int dgram_free(BIO *data); + static int dgram_clear(BIO *bio); + ++# ifndef OPENSSL_NO_SCTP ++static int dgram_sctp_write(BIO *h, const char *buf, int num); ++static int dgram_sctp_read(BIO *h, char *buf, int size); ++static int dgram_sctp_puts(BIO *h, const char *str); ++static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2); ++static int dgram_sctp_new(BIO *h); ++static int dgram_sctp_free(BIO *data); ++# ifdef SCTP_AUTHENTICATION_EVENT ++static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification ++ *snp); ++# endif ++# endif ++ + static int BIO_dgram_should_retry(int s); + + static void get_current_time(struct timeval *t); +@@ -104,8 +138,29 @@ static BIO_METHOD methods_dgramp = { + NULL, + }; + ++# ifndef OPENSSL_NO_SCTP ++static BIO_METHOD methods_dgramp_sctp = { ++ BIO_TYPE_DGRAM_SCTP, ++ "datagram sctp socket", ++ dgram_sctp_write, ++ dgram_sctp_read, ++ dgram_sctp_puts, ++ NULL, /* dgram_gets, */ ++ dgram_sctp_ctrl, ++ dgram_sctp_new, ++ dgram_sctp_free, ++ NULL, ++}; ++# endif ++ + typedef struct bio_dgram_data_st { +- struct sockaddr peer; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } peer; + unsigned int connected; + unsigned int _errno; + unsigned int mtu; +@@ -113,6 +168,38 @@ typedef struct bio_dgram_data_st { + struct timeval socket_timeout; + } bio_dgram_data; + ++# ifndef OPENSSL_NO_SCTP ++typedef struct bio_dgram_sctp_save_message_st { ++ BIO *bio; ++ char *data; ++ int length; ++} bio_dgram_sctp_save_message; ++ ++typedef struct bio_dgram_sctp_data_st { ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } peer; ++ unsigned int connected; ++ unsigned int _errno; ++ unsigned int mtu; ++ struct bio_dgram_sctp_sndinfo sndinfo; ++ struct bio_dgram_sctp_rcvinfo rcvinfo; ++ struct bio_dgram_sctp_prinfo prinfo; ++ void (*handle_notifications) (BIO *bio, void *context, void *buf); ++ void *notification_context; ++ int in_handshake; ++ int ccs_rcvd; ++ int ccs_sent; ++ int save_shutdown; ++ int peer_auth_tested; ++ bio_dgram_sctp_save_message saved_message; ++} bio_dgram_sctp_data; ++# endif ++ + BIO_METHOD *BIO_s_datagram(void) + { + return (&methods_dgramp); +@@ -179,7 +266,12 @@ static void dgram_adjust_rcv_timeout(BIO *b) + { + # if defined(SO_RCVTIMEO) + bio_dgram_data *data = (bio_dgram_data *)b->ptr; +- int sz = sizeof(int); ++ union { ++ size_t s; ++ int i; ++ } sz = { ++ 0 ++ }; + + /* Is a timer active? */ + if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { +@@ -188,18 +280,22 @@ static void dgram_adjust_rcv_timeout(BIO *b) + /* Read current socket timeout */ + # ifdef OPENSSL_SYS_WINDOWS + int timeout; ++ ++ sz.i = sizeof(timeout); + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- (void *)&timeout, &sz) < 0) { ++ (void *)&timeout, &sz.i) < 0) { + perror("getsockopt"); + } else { + data->socket_timeout.tv_sec = timeout / 1000; + data->socket_timeout.tv_usec = (timeout % 1000) * 1000; + } + # else ++ sz.i = sizeof(data->socket_timeout); + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + &(data->socket_timeout), (void *)&sz) < 0) { + perror("getsockopt"); +- } ++ } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) ++ OPENSSL_assert(sz.s <= sizeof(data->socket_timeout)); + # endif + + /* Get current time */ +@@ -207,16 +303,17 @@ static void dgram_adjust_rcv_timeout(BIO *b) + + /* Calculate time left until timer expires */ + memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); +- timeleft.tv_sec -= timenow.tv_sec; +- timeleft.tv_usec -= timenow.tv_usec; +- if (timeleft.tv_usec < 0) { ++ if (timeleft.tv_usec < timenow.tv_usec) { ++ timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec; + timeleft.tv_sec--; +- timeleft.tv_usec += 1000000; ++ } else { ++ timeleft.tv_usec -= timenow.tv_usec; + } +- +- if (timeleft.tv_sec < 0) { ++ if (timeleft.tv_sec < timenow.tv_sec) { + timeleft.tv_sec = 0; + timeleft.tv_usec = 1; ++ } else { ++ timeleft.tv_sec -= timenow.tv_sec; + } + + /* +@@ -275,22 +372,38 @@ static int dgram_read(BIO *b, char *out, int outl) + int ret = 0; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + +- struct sockaddr peer; +- int peerlen = sizeof(peer); ++ struct { ++ /* ++ * See commentary in b_sock.c. ++ */ ++ union { ++ size_t s; ++ int i; ++ } len; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } peer; ++ } sa; ++ ++ sa.len.s = 0; ++ sa.len.i = sizeof(sa.peer); + + if (out != NULL) { + clear_socket_error(); +- memset(&peer, 0x00, peerlen); +- /* +- * Last arg in recvfrom is signed on some platforms and unsigned on +- * others. It is of type socklen_t on some but this is not universal. +- * Cast to (void *) to avoid compiler warnings. +- */ ++ memset(&sa.peer, 0x00, sizeof(sa.peer)); + dgram_adjust_rcv_timeout(b); +- ret = recvfrom(b->num, out, outl, 0, &peer, (void *)&peerlen); ++ ret = recvfrom(b->num, out, outl, 0, &sa.peer.sa, (void *)&sa.len); ++ if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) { ++ OPENSSL_assert(sa.len.s <= sizeof(sa.peer)); ++ sa.len.i = (int)sa.len.s; ++ } + + if (!data->connected && ret >= 0) +- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); ++ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); + + BIO_clear_retry_flags(b); + if (ret < 0) { +@@ -313,14 +426,21 @@ static int dgram_write(BIO *b, const char *in, int inl) + + if (data->connected) + ret = writesocket(b->num, in, inl); +- else ++ else { ++ int peerlen = sizeof(data->peer); ++ ++ if (data->peer.sa.sa_family == AF_INET) ++ peerlen = sizeof(data->peer.sa_in); ++# if OPENSSL_USE_IPV6 ++ else if (data->peer.sa.sa_family == AF_INET6) ++ peerlen = sizeof(data->peer.sa_in6); ++# endif + # if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret = +- sendto(b->num, (char *)in, inl, 0, &data->peer, +- sizeof(data->peer)); ++ ret = sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen); + # else +- ret = sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer)); ++ ret = sendto(b->num, in, inl, 0, &data->peer.sa, peerlen); + # endif ++ } + + BIO_clear_retry_flags(b); + if (ret <= 0) { +@@ -339,19 +459,59 @@ static int dgram_write(BIO *b, const char *in, int inl) + return (ret); + } + ++static long dgram_get_mtu_overhead(bio_dgram_data *data) ++{ ++ long ret; ++ ++ switch (data->peer.sa.sa_family) { ++ case AF_INET: ++ /* ++ * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP ++ */ ++ ret = 28; ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++# ifdef IN6_IS_ADDR_V4MAPPED ++ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr)) ++ /* ++ * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP ++ */ ++ ret = 28; ++ else ++# endif ++ /* ++ * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP ++ */ ++ ret = 48; ++ break; ++# endif ++ default: ++ /* We don't know. Go with the historical default */ ++ ret = 28; ++ break; ++ } ++ return ret; ++} ++ + static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + { + long ret = 1; + int *ip; + struct sockaddr *to = NULL; + bio_dgram_data *data = NULL; +-# if defined(IP_MTU_DISCOVER) || defined(IP_MTU) +- long sockopt_val = 0; +- unsigned int sockopt_len = 0; +-# endif +-# ifdef OPENSSL_SYS_LINUX ++ int sockopt_val = 0; ++# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) ++ socklen_t sockopt_len; /* assume that system supporting IP_MTU is ++ * modern enough to define socklen_t */ + socklen_t addr_len; +- struct sockaddr_storage addr; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in s4; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 s6; ++# endif ++ } addr; + # endif + + data = (bio_dgram_data *)b->ptr; +@@ -403,34 +563,47 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + ret = 0; + } else { + # endif +- memcpy(&(data->peer), to, sizeof(struct sockaddr)); ++ switch (to->sa_family) { ++ case AF_INET: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in)); ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); ++ break; ++# endif ++ default: ++ memcpy(&data->peer, to, sizeof(data->peer.sa)); ++ break; ++ } + # if 0 + } + # endif + break; + /* (Linux)kernel sets DF bit on outgoing IP packets */ + case BIO_CTRL_DGRAM_MTU_DISCOVER: +-# ifdef OPENSSL_SYS_LINUX +- addr_len = (socklen_t) sizeof(struct sockaddr_storage); +- memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); +- if (getsockname(b->num, (void *)&addr, &addr_len) < 0) { ++# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) ++ addr_len = (socklen_t) sizeof(addr); ++ memset((void *)&addr, 0, sizeof(addr)); ++ if (getsockname(b->num, &addr.sa, &addr_len) < 0) { + ret = 0; + break; + } +- sockopt_len = sizeof(sockopt_val); +- switch (addr.ss_family) { ++ switch (addr.sa.sa_family) { + case AF_INET: + sockopt_val = IP_PMTUDISC_DO; + if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, + &sockopt_val, sizeof(sockopt_val))) < 0) + perror("setsockopt"); + break; ++# if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) + case AF_INET6: + sockopt_val = IPV6_PMTUDISC_DO; + if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, + &sockopt_val, sizeof(sockopt_val))) < 0) + perror("setsockopt"); + break; ++# endif + default: + ret = -1; + break; +@@ -440,15 +613,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + break; + # endif + case BIO_CTRL_DGRAM_QUERY_MTU: +-# ifdef OPENSSL_SYS_LINUX +- addr_len = (socklen_t) sizeof(struct sockaddr_storage); +- memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); +- if (getsockname(b->num, (void *)&addr, &addr_len) < 0) { ++# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) ++ addr_len = (socklen_t) sizeof(addr); ++ memset((void *)&addr, 0, sizeof(addr)); ++ if (getsockname(b->num, &addr.sa, &addr_len) < 0) { + ret = 0; + break; + } + sockopt_len = sizeof(sockopt_val); +- switch (addr.ss_family) { ++ switch (addr.sa.sa_family) { + case AF_INET: + if ((ret = + getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, +@@ -463,6 +636,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + ret = data->mtu; + } + break; ++# if OPENSSL_USE_IPV6 && defined(IPV6_MTU) + case AF_INET6: + if ((ret = + getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, +@@ -478,6 +652,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + ret = data->mtu; + } + break; ++# endif + default: + ret = 0; + break; +@@ -487,7 +662,25 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + # endif + break; + case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: +- ret = 576 - 20 - 8; ++ ret = -dgram_get_mtu_overhead(data); ++ switch (data->peer.sa.sa_family) { ++ case AF_INET: ++ ret += 576; ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++# ifdef IN6_IS_ADDR_V4MAPPED ++ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr)) ++ ret += 576; ++ else ++# endif ++ ret += 1280; ++ break; ++# endif ++ default: ++ ret += 576; ++ break; ++ } + break; + case BIO_CTRL_DGRAM_GET_MTU: + return data->mtu; +@@ -501,22 +694,57 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + + if (to != NULL) { + data->connected = 1; +- memcpy(&(data->peer), to, sizeof(struct sockaddr)); ++ switch (to->sa_family) { ++ case AF_INET: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in)); ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); ++ break; ++# endif ++ default: ++ memcpy(&data->peer, to, sizeof(data->peer.sa)); ++ break; ++ } + } else { + data->connected = 0; +- memset(&(data->peer), 0x00, sizeof(struct sockaddr)); ++ memset(&(data->peer), 0x00, sizeof(data->peer)); + } + break; + case BIO_CTRL_DGRAM_GET_PEER: +- to = (struct sockaddr *)ptr; +- +- memcpy(to, &(data->peer), sizeof(struct sockaddr)); +- ret = sizeof(struct sockaddr); ++ switch (data->peer.sa.sa_family) { ++ case AF_INET: ++ ret = sizeof(data->peer.sa_in); ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++ ret = sizeof(data->peer.sa_in6); ++ break; ++# endif ++ default: ++ ret = sizeof(data->peer.sa); ++ break; ++ } ++ if (num == 0 || num > ret) ++ num = ret; ++ memcpy(ptr, &data->peer, (ret = num)); + break; + case BIO_CTRL_DGRAM_SET_PEER: + to = (struct sockaddr *)ptr; +- +- memcpy(&(data->peer), to, sizeof(struct sockaddr)); ++ switch (to->sa_family) { ++ case AF_INET: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in)); ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); ++ break; ++# endif ++ default: ++ memcpy(&data->peer, to, sizeof(data->peer.sa)); ++ break; ++ } + break; + case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: + memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); +@@ -542,12 +770,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + # endif + break; + case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: +-# ifdef OPENSSL_SYS_WINDOWS + { +- int timeout, sz = sizeof(timeout); ++ union { ++ size_t s; ++ int i; ++ } sz = { ++ 0 ++ }; ++# ifdef OPENSSL_SYS_WINDOWS ++ int timeout; + struct timeval *tv = (struct timeval *)ptr; ++ ++ sz.i = sizeof(timeout); + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- (void *)&timeout, &sz) < 0) { ++ (void *)&timeout, &sz.i) < 0) { + perror("getsockopt"); + ret = -1; + } else { +@@ -555,14 +791,19 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); + } +- } + # else +- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- ptr, (void *)&ret) < 0) { +- perror("getsockopt"); +- ret = -1; +- } ++ sz.i = sizeof(struct timeval); ++ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ++ ptr, (void *)&sz) < 0) { ++ perror("getsockopt"); ++ ret = -1; ++ } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) { ++ OPENSSL_assert(sz.s <= sizeof(struct timeval)); ++ ret = (int)sz.s; ++ } else ++ ret = sz.i; + # endif ++ } + break; + # endif + # if defined(SO_SNDTIMEO) +@@ -586,12 +827,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + # endif + break; + case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: +-# ifdef OPENSSL_SYS_WINDOWS + { +- int timeout, sz = sizeof(timeout); ++ union { ++ size_t s; ++ int i; ++ } sz = { ++ 0 ++ }; ++# ifdef OPENSSL_SYS_WINDOWS ++ int timeout; + struct timeval *tv = (struct timeval *)ptr; ++ ++ sz.i = sizeof(timeout); + if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, +- (void *)&timeout, &sz) < 0) { ++ (void *)&timeout, &sz.i) < 0) { + perror("getsockopt"); + ret = -1; + } else { +@@ -599,14 +848,19 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); + } +- } + # else +- if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, +- ptr, (void *)&ret) < 0) { +- perror("getsockopt"); +- ret = -1; +- } ++ sz.i = sizeof(struct timeval); ++ if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ++ ptr, (void *)&sz) < 0) { ++ perror("getsockopt"); ++ ret = -1; ++ } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) { ++ OPENSSL_assert(sz.s <= sizeof(struct timeval)); ++ ret = (int)sz.s; ++ } else ++ ret = sz.i; + # endif ++ } + break; + # endif + case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: +@@ -632,6 +886,64 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + ret = 0; + break; + # endif ++ case BIO_CTRL_DGRAM_SET_DONT_FRAG: ++ sockopt_val = num ? 1 : 0; ++ ++ switch (data->peer.sa.sa_family) { ++ case AF_INET: ++# if defined(IP_DONTFRAG) ++ if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG, ++ &sockopt_val, sizeof(sockopt_val))) < 0) { ++ perror("setsockopt"); ++ ret = -1; ++ } ++# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE) ++ if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), ++ (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, ++ &sockopt_val, sizeof(sockopt_val))) < 0) { ++ perror("setsockopt"); ++ ret = -1; ++ } ++# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT) ++ if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT, ++ (const char *)&sockopt_val, ++ sizeof(sockopt_val))) < 0) { ++ perror("setsockopt"); ++ ret = -1; ++ } ++# else ++ ret = -1; ++# endif ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++# if defined(IPV6_DONTFRAG) ++ if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG, ++ (const void *)&sockopt_val, ++ sizeof(sockopt_val))) < 0) { ++ perror("setsockopt"); ++ ret = -1; ++ } ++# elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER) ++ if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), ++ (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, ++ &sockopt_val, sizeof(sockopt_val))) < 0) { ++ perror("setsockopt"); ++ ret = -1; ++ } ++# else ++ ret = -1; ++# endif ++ break; ++# endif ++ default: ++ ret = -1; ++ break; ++ } ++ break; ++ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: ++ ret = dgram_get_mtu_overhead(data); ++ break; + default: + ret = 0; + break; +@@ -648,6 +960,1023 @@ static int dgram_puts(BIO *bp, const char *str) + return (ret); + } + ++# ifndef OPENSSL_NO_SCTP ++BIO_METHOD *BIO_s_datagram_sctp(void) ++{ ++ return (&methods_dgramp_sctp); ++} ++ ++BIO *BIO_new_dgram_sctp(int fd, int close_flag) ++{ ++ BIO *bio; ++ int ret, optval = 20000; ++ int auth_data = 0, auth_forward = 0; ++ unsigned char *p; ++ struct sctp_authchunk auth; ++ struct sctp_authchunks *authchunks; ++ socklen_t sockopt_len; ++# ifdef SCTP_AUTHENTICATION_EVENT ++# ifdef SCTP_EVENT ++ struct sctp_event event; ++# else ++ struct sctp_event_subscribe event; ++# endif ++# endif ++ ++ bio = BIO_new(BIO_s_datagram_sctp()); ++ if (bio == NULL) ++ return (NULL); ++ BIO_set_fd(bio, fd, close_flag); ++ ++ /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ ++ auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; ++ ret = ++ setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, ++ sizeof(struct sctp_authchunk)); ++ if (ret < 0) { ++ BIO_vfree(bio); ++ return (NULL); ++ } ++ auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; ++ ret = ++ setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, ++ sizeof(struct sctp_authchunk)); ++ if (ret < 0) { ++ BIO_vfree(bio); ++ return (NULL); ++ } ++ ++ /* ++ * Test if activation was successful. When using accept(), SCTP-AUTH has ++ * to be activated for the listening socket already, otherwise the ++ * connected socket won't use it. ++ */ ++ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); ++ authchunks = OPENSSL_malloc(sockopt_len); ++ if (!authchunks) { ++ BIO_vfree(bio); ++ return (NULL); ++ } ++ memset(authchunks, 0, sizeof(sockopt_len)); ++ ret = ++ getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, ++ &sockopt_len); ++ ++ if (ret < 0) { ++ OPENSSL_free(authchunks); ++ BIO_vfree(bio); ++ return (NULL); ++ } ++ ++ for (p = (unsigned char *)authchunks->gauth_chunks; ++ p < (unsigned char *)authchunks + sockopt_len; ++ p += sizeof(uint8_t)) { ++ if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) ++ auth_data = 1; ++ if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) ++ auth_forward = 1; ++ } ++ ++ OPENSSL_free(authchunks); ++ ++ OPENSSL_assert(auth_data); ++ OPENSSL_assert(auth_forward); ++ ++# ifdef SCTP_AUTHENTICATION_EVENT ++# ifdef SCTP_EVENT ++ memset(&event, 0, sizeof(struct sctp_event)); ++ event.se_assoc_id = 0; ++ event.se_type = SCTP_AUTHENTICATION_EVENT; ++ event.se_on = 1; ++ ret = ++ setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, ++ sizeof(struct sctp_event)); ++ if (ret < 0) { ++ BIO_vfree(bio); ++ return (NULL); ++ } ++# else ++ sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); ++ ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); ++ if (ret < 0) { ++ BIO_vfree(bio); ++ return (NULL); ++ } ++ ++ event.sctp_authentication_event = 1; ++ ++ ret = ++ setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, ++ sizeof(struct sctp_event_subscribe)); ++ if (ret < 0) { ++ BIO_vfree(bio); ++ return (NULL); ++ } ++# endif ++# endif ++ ++ /* ++ * Disable partial delivery by setting the min size larger than the max ++ * record size of 2^14 + 2048 + 13 ++ */ ++ ret = ++ setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, ++ sizeof(optval)); ++ if (ret < 0) { ++ BIO_vfree(bio); ++ return (NULL); ++ } ++ ++ return (bio); ++} ++ ++int BIO_dgram_is_sctp(BIO *bio) ++{ ++ return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP); ++} ++ ++static int dgram_sctp_new(BIO *bi) ++{ ++ bio_dgram_sctp_data *data = NULL; ++ ++ bi->init = 0; ++ bi->num = 0; ++ data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data)); ++ if (data == NULL) ++ return 0; ++ memset(data, 0x00, sizeof(bio_dgram_sctp_data)); ++# ifdef SCTP_PR_SCTP_NONE ++ data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; ++# endif ++ bi->ptr = data; ++ ++ bi->flags = 0; ++ return (1); ++} ++ ++static int dgram_sctp_free(BIO *a) ++{ ++ bio_dgram_sctp_data *data; ++ ++ if (a == NULL) ++ return (0); ++ if (!dgram_clear(a)) ++ return 0; ++ ++ data = (bio_dgram_sctp_data *) a->ptr; ++ if (data != NULL) { ++ if (data->saved_message.data != NULL) ++ OPENSSL_free(data->saved_message.data); ++ OPENSSL_free(data); ++ } ++ ++ return (1); ++} ++ ++# ifdef SCTP_AUTHENTICATION_EVENT ++void dgram_sctp_handle_auth_free_key_event(BIO *b, ++ union sctp_notification *snp) ++{ ++ int ret; ++ struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event; ++ ++ if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) { ++ struct sctp_authkeyid authkeyid; ++ ++ /* delete key */ ++ authkeyid.scact_keynumber = authkeyevent->auth_keynumber; ++ ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, ++ &authkeyid, sizeof(struct sctp_authkeyid)); ++ } ++} ++# endif ++ ++static int dgram_sctp_read(BIO *b, char *out, int outl) ++{ ++ int ret = 0, n = 0, i, optval; ++ socklen_t optlen; ++ bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; ++ union sctp_notification *snp; ++ struct msghdr msg; ++ struct iovec iov; ++ struct cmsghdr *cmsg; ++ char cmsgbuf[512]; ++ ++ if (out != NULL) { ++ clear_socket_error(); ++ ++ do { ++ memset(&data->rcvinfo, 0x00, ++ sizeof(struct bio_dgram_sctp_rcvinfo)); ++ iov.iov_base = out; ++ iov.iov_len = outl; ++ msg.msg_name = NULL; ++ msg.msg_namelen = 0; ++ msg.msg_iov = &iov; ++ msg.msg_iovlen = 1; ++ msg.msg_control = cmsgbuf; ++ msg.msg_controllen = 512; ++ msg.msg_flags = 0; ++ n = recvmsg(b->num, &msg, 0); ++ ++ if (n <= 0) { ++ if (n < 0) ++ ret = n; ++ break; ++ } ++ ++ if (msg.msg_controllen > 0) { ++ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; ++ cmsg = CMSG_NXTHDR(&msg, cmsg)) { ++ if (cmsg->cmsg_level != IPPROTO_SCTP) ++ continue; ++# ifdef SCTP_RCVINFO ++ if (cmsg->cmsg_type == SCTP_RCVINFO) { ++ struct sctp_rcvinfo *rcvinfo; ++ ++ rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg); ++ data->rcvinfo.rcv_sid = rcvinfo->rcv_sid; ++ data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn; ++ data->rcvinfo.rcv_flags = rcvinfo->rcv_flags; ++ data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid; ++ data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn; ++ data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn; ++ data->rcvinfo.rcv_context = rcvinfo->rcv_context; ++ } ++# endif ++# ifdef SCTP_SNDRCV ++ if (cmsg->cmsg_type == SCTP_SNDRCV) { ++ struct sctp_sndrcvinfo *sndrcvinfo; ++ ++ sndrcvinfo = ++ (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); ++ data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream; ++ data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn; ++ data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags; ++ data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid; ++ data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn; ++ data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn; ++ data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context; ++ } ++# endif ++ } ++ } ++ ++ if (msg.msg_flags & MSG_NOTIFICATION) { ++ snp = (union sctp_notification *)out; ++ if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { ++# ifdef SCTP_EVENT ++ struct sctp_event event; ++# else ++ struct sctp_event_subscribe event; ++ socklen_t eventsize; ++# endif ++ /* ++ * If a message has been delayed until the socket is dry, ++ * it can be sent now. ++ */ ++ if (data->saved_message.length > 0) { ++ dgram_sctp_write(data->saved_message.bio, ++ data->saved_message.data, ++ data->saved_message.length); ++ OPENSSL_free(data->saved_message.data); ++ data->saved_message.data = NULL; ++ data->saved_message.length = 0; ++ } ++ ++ /* disable sender dry event */ ++# ifdef SCTP_EVENT ++ memset(&event, 0, sizeof(struct sctp_event)); ++ event.se_assoc_id = 0; ++ event.se_type = SCTP_SENDER_DRY_EVENT; ++ event.se_on = 0; ++ i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, ++ sizeof(struct sctp_event)); ++ if (i < 0) { ++ ret = i; ++ break; ++ } ++# else ++ eventsize = sizeof(struct sctp_event_subscribe); ++ i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, ++ &eventsize); ++ if (i < 0) { ++ ret = i; ++ break; ++ } ++ ++ event.sctp_sender_dry_event = 0; ++ ++ i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, ++ sizeof(struct sctp_event_subscribe)); ++ if (i < 0) { ++ ret = i; ++ break; ++ } ++# endif ++ } ++# ifdef SCTP_AUTHENTICATION_EVENT ++ if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) ++ dgram_sctp_handle_auth_free_key_event(b, snp); ++# endif ++ ++ if (data->handle_notifications != NULL) ++ data->handle_notifications(b, data->notification_context, ++ (void *)out); ++ ++ memset(out, 0, outl); ++ } else ++ ret += n; ++ } ++ while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) ++ && (ret < outl)); ++ ++ if (ret > 0 && !(msg.msg_flags & MSG_EOR)) { ++ /* Partial message read, this should never happen! */ ++ ++ /* ++ * The buffer was too small, this means the peer sent a message ++ * that was larger than allowed. ++ */ ++ if (ret == outl) ++ return -1; ++ ++ /* ++ * Test if socket buffer can handle max record size (2^14 + 2048 ++ * + 13) ++ */ ++ optlen = (socklen_t) sizeof(int); ++ ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); ++ if (ret >= 0) ++ OPENSSL_assert(optval >= 18445); ++ ++ /* ++ * Test if SCTP doesn't partially deliver below max record size ++ * (2^14 + 2048 + 13) ++ */ ++ optlen = (socklen_t) sizeof(int); ++ ret = ++ getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, ++ &optval, &optlen); ++ if (ret >= 0) ++ OPENSSL_assert(optval >= 18445); ++ ++ /* ++ * Partially delivered notification??? Probably a bug.... ++ */ ++ OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION)); ++ ++ /* ++ * Everything seems ok till now, so it's most likely a message ++ * dropped by PR-SCTP. ++ */ ++ memset(out, 0, outl); ++ BIO_set_retry_read(b); ++ return -1; ++ } ++ ++ BIO_clear_retry_flags(b); ++ if (ret < 0) { ++ if (BIO_dgram_should_retry(ret)) { ++ BIO_set_retry_read(b); ++ data->_errno = get_last_socket_error(); ++ } ++ } ++ ++ /* Test if peer uses SCTP-AUTH before continuing */ ++ if (!data->peer_auth_tested) { ++ int ii, auth_data = 0, auth_forward = 0; ++ unsigned char *p; ++ struct sctp_authchunks *authchunks; ++ ++ optlen = ++ (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); ++ authchunks = OPENSSL_malloc(optlen); ++ if (!authchunks) { ++ BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ memset(authchunks, 0, sizeof(optlen)); ++ ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, ++ authchunks, &optlen); ++ ++ if (ii >= 0) ++ for (p = (unsigned char *)authchunks->gauth_chunks; ++ p < (unsigned char *)authchunks + optlen; ++ p += sizeof(uint8_t)) { ++ if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) ++ auth_data = 1; ++ if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) ++ auth_forward = 1; ++ } ++ ++ OPENSSL_free(authchunks); ++ ++ if (!auth_data || !auth_forward) { ++ BIOerr(BIO_F_DGRAM_SCTP_READ, BIO_R_CONNECT_ERROR); ++ return -1; ++ } ++ ++ data->peer_auth_tested = 1; ++ } ++ } ++ return (ret); ++} ++ ++static int dgram_sctp_write(BIO *b, const char *in, int inl) ++{ ++ int ret; ++ bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; ++ struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo); ++ struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo); ++ struct bio_dgram_sctp_sndinfo handshake_sinfo; ++ struct iovec iov[1]; ++ struct msghdr msg; ++ struct cmsghdr *cmsg; ++# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) ++ char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + ++ CMSG_SPACE(sizeof(struct sctp_prinfo))]; ++ struct sctp_sndinfo *sndinfo; ++ struct sctp_prinfo *prinfo; ++# else ++ char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; ++ struct sctp_sndrcvinfo *sndrcvinfo; ++# endif ++ ++ clear_socket_error(); ++ ++ /* ++ * If we're send anything else than application data, disable all user ++ * parameters and flags. ++ */ ++ if (in[0] != 23) { ++ memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo)); ++# ifdef SCTP_SACK_IMMEDIATELY ++ handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; ++# endif ++ sinfo = &handshake_sinfo; ++ } ++ ++ /* ++ * If we have to send a shutdown alert message and the socket is not dry ++ * yet, we have to save it and send it as soon as the socket gets dry. ++ */ ++ if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { ++ char *tmp; ++ data->saved_message.bio = b; ++ if (!(tmp = OPENSSL_malloc(inl))) { ++ BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ if (data->saved_message.data) ++ OPENSSL_free(data->saved_message.data); ++ data->saved_message.data = tmp; ++ memcpy(data->saved_message.data, in, inl); ++ data->saved_message.length = inl; ++ return inl; ++ } ++ ++ iov[0].iov_base = (char *)in; ++ iov[0].iov_len = inl; ++ msg.msg_name = NULL; ++ msg.msg_namelen = 0; ++ msg.msg_iov = iov; ++ msg.msg_iovlen = 1; ++ msg.msg_control = (caddr_t) cmsgbuf; ++ msg.msg_controllen = 0; ++ msg.msg_flags = 0; ++# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) ++ cmsg = (struct cmsghdr *)cmsgbuf; ++ cmsg->cmsg_level = IPPROTO_SCTP; ++ cmsg->cmsg_type = SCTP_SNDINFO; ++ cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo)); ++ sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg); ++ memset(sndinfo, 0, sizeof(struct sctp_sndinfo)); ++ sndinfo->snd_sid = sinfo->snd_sid; ++ sndinfo->snd_flags = sinfo->snd_flags; ++ sndinfo->snd_ppid = sinfo->snd_ppid; ++ sndinfo->snd_context = sinfo->snd_context; ++ msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo)); ++ ++ cmsg = ++ (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))]; ++ cmsg->cmsg_level = IPPROTO_SCTP; ++ cmsg->cmsg_type = SCTP_PRINFO; ++ cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); ++ prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg); ++ memset(prinfo, 0, sizeof(struct sctp_prinfo)); ++ prinfo->pr_policy = pinfo->pr_policy; ++ prinfo->pr_value = pinfo->pr_value; ++ msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); ++# else ++ cmsg = (struct cmsghdr *)cmsgbuf; ++ cmsg->cmsg_level = IPPROTO_SCTP; ++ cmsg->cmsg_type = SCTP_SNDRCV; ++ cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo)); ++ sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); ++ memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo)); ++ sndrcvinfo->sinfo_stream = sinfo->snd_sid; ++ sndrcvinfo->sinfo_flags = sinfo->snd_flags; ++# ifdef __FreeBSD__ ++ sndrcvinfo->sinfo_flags |= pinfo->pr_policy; ++# endif ++ sndrcvinfo->sinfo_ppid = sinfo->snd_ppid; ++ sndrcvinfo->sinfo_context = sinfo->snd_context; ++ sndrcvinfo->sinfo_timetolive = pinfo->pr_value; ++ msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo)); ++# endif ++ ++ ret = sendmsg(b->num, &msg, 0); ++ ++ BIO_clear_retry_flags(b); ++ if (ret <= 0) { ++ if (BIO_dgram_should_retry(ret)) { ++ BIO_set_retry_write(b); ++ data->_errno = get_last_socket_error(); ++ } ++ } ++ return (ret); ++} ++ ++static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) ++{ ++ long ret = 1; ++ bio_dgram_sctp_data *data = NULL; ++ socklen_t sockopt_len = 0; ++ struct sctp_authkeyid authkeyid; ++ struct sctp_authkey *authkey = NULL; ++ ++ data = (bio_dgram_sctp_data *) b->ptr; ++ ++ switch (cmd) { ++ case BIO_CTRL_DGRAM_QUERY_MTU: ++ /* ++ * Set to maximum (2^14) and ignore user input to enable transport ++ * protocol fragmentation. Returns always 2^14. ++ */ ++ data->mtu = 16384; ++ ret = data->mtu; ++ break; ++ case BIO_CTRL_DGRAM_SET_MTU: ++ /* ++ * Set to maximum (2^14) and ignore input to enable transport ++ * protocol fragmentation. Returns always 2^14. ++ */ ++ data->mtu = 16384; ++ ret = data->mtu; ++ break; ++ case BIO_CTRL_DGRAM_SET_CONNECTED: ++ case BIO_CTRL_DGRAM_CONNECT: ++ /* Returns always -1. */ ++ ret = -1; ++ break; ++ case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: ++ /* ++ * SCTP doesn't need the DTLS timer Returns always 1. ++ */ ++ break; ++ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: ++ /* ++ * We allow transport protocol fragmentation so this is irrelevant ++ */ ++ ret = 0; ++ break; ++ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: ++ if (num > 0) ++ data->in_handshake = 1; ++ else ++ data->in_handshake = 0; ++ ++ ret = ++ setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, ++ &data->in_handshake, sizeof(int)); ++ break; ++ case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY: ++ /* ++ * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise. ++ */ ++ ++ /* Get active key */ ++ sockopt_len = sizeof(struct sctp_authkeyid); ++ ret = ++ getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, ++ &sockopt_len); ++ if (ret < 0) ++ break; ++ ++ /* Add new key */ ++ sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t); ++ authkey = OPENSSL_malloc(sockopt_len); ++ if (authkey == NULL) { ++ ret = -1; ++ break; ++ } ++ memset(authkey, 0x00, sockopt_len); ++ authkey->sca_keynumber = authkeyid.scact_keynumber + 1; ++# ifndef __FreeBSD__ ++ /* ++ * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3 ++ * and higher work without it. ++ */ ++ authkey->sca_keylength = 64; ++# endif ++ memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t)); ++ ++ ret = ++ setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, ++ sockopt_len); ++ OPENSSL_free(authkey); ++ authkey = NULL; ++ if (ret < 0) ++ break; ++ ++ /* Reset active key */ ++ ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, ++ &authkeyid, sizeof(struct sctp_authkeyid)); ++ if (ret < 0) ++ break; ++ ++ break; ++ case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY: ++ /* Returns 0 on success, -1 otherwise. */ ++ ++ /* Get active key */ ++ sockopt_len = sizeof(struct sctp_authkeyid); ++ ret = ++ getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, ++ &sockopt_len); ++ if (ret < 0) ++ break; ++ ++ /* Set active key */ ++ authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1; ++ ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, ++ &authkeyid, sizeof(struct sctp_authkeyid)); ++ if (ret < 0) ++ break; ++ ++ /* ++ * CCS has been sent, so remember that and fall through to check if ++ * we need to deactivate an old key ++ */ ++ data->ccs_sent = 1; ++ ++ case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD: ++ /* Returns 0 on success, -1 otherwise. */ ++ ++ /* ++ * Has this command really been called or is this just a ++ * fall-through? ++ */ ++ if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD) ++ data->ccs_rcvd = 1; ++ ++ /* ++ * CSS has been both, received and sent, so deactivate an old key ++ */ ++ if (data->ccs_rcvd == 1 && data->ccs_sent == 1) { ++ /* Get active key */ ++ sockopt_len = sizeof(struct sctp_authkeyid); ++ ret = ++ getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, ++ &authkeyid, &sockopt_len); ++ if (ret < 0) ++ break; ++ ++ /* ++ * Deactivate key or delete second last key if ++ * SCTP_AUTHENTICATION_EVENT is not available. ++ */ ++ authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; ++# ifdef SCTP_AUTH_DEACTIVATE_KEY ++ sockopt_len = sizeof(struct sctp_authkeyid); ++ ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY, ++ &authkeyid, sockopt_len); ++ if (ret < 0) ++ break; ++# endif ++# ifndef SCTP_AUTHENTICATION_EVENT ++ if (authkeyid.scact_keynumber > 0) { ++ authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; ++ ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, ++ &authkeyid, sizeof(struct sctp_authkeyid)); ++ if (ret < 0) ++ break; ++ } ++# endif ++ ++ data->ccs_rcvd = 0; ++ data->ccs_sent = 0; ++ } ++ break; ++ case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO: ++ /* Returns the size of the copied struct. */ ++ if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) ++ num = sizeof(struct bio_dgram_sctp_sndinfo); ++ ++ memcpy(ptr, &(data->sndinfo), num); ++ ret = num; ++ break; ++ case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO: ++ /* Returns the size of the copied struct. */ ++ if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) ++ num = sizeof(struct bio_dgram_sctp_sndinfo); ++ ++ memcpy(&(data->sndinfo), ptr, num); ++ break; ++ case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO: ++ /* Returns the size of the copied struct. */ ++ if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) ++ num = sizeof(struct bio_dgram_sctp_rcvinfo); ++ ++ memcpy(ptr, &data->rcvinfo, num); ++ ++ ret = num; ++ break; ++ case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO: ++ /* Returns the size of the copied struct. */ ++ if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) ++ num = sizeof(struct bio_dgram_sctp_rcvinfo); ++ ++ memcpy(&(data->rcvinfo), ptr, num); ++ break; ++ case BIO_CTRL_DGRAM_SCTP_GET_PRINFO: ++ /* Returns the size of the copied struct. */ ++ if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) ++ num = sizeof(struct bio_dgram_sctp_prinfo); ++ ++ memcpy(ptr, &(data->prinfo), num); ++ ret = num; ++ break; ++ case BIO_CTRL_DGRAM_SCTP_SET_PRINFO: ++ /* Returns the size of the copied struct. */ ++ if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) ++ num = sizeof(struct bio_dgram_sctp_prinfo); ++ ++ memcpy(&(data->prinfo), ptr, num); ++ break; ++ case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN: ++ /* Returns always 1. */ ++ if (num > 0) ++ data->save_shutdown = 1; ++ else ++ data->save_shutdown = 0; ++ break; ++ ++ default: ++ /* ++ * Pass to default ctrl function to process SCTP unspecific commands ++ */ ++ ret = dgram_ctrl(b, cmd, num, ptr); ++ break; ++ } ++ return (ret); ++} ++ ++int BIO_dgram_sctp_notification_cb(BIO *b, ++ void (*handle_notifications) (BIO *bio, ++ void ++ *context, ++ void *buf), ++ void *context) ++{ ++ bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; ++ ++ if (handle_notifications != NULL) { ++ data->handle_notifications = handle_notifications; ++ data->notification_context = context; ++ } else ++ return -1; ++ ++ return 0; ++} ++ ++int BIO_dgram_sctp_wait_for_dry(BIO *b) ++{ ++ int is_dry = 0; ++ int n, sockflags, ret; ++ union sctp_notification snp; ++ struct msghdr msg; ++ struct iovec iov; ++# ifdef SCTP_EVENT ++ struct sctp_event event; ++# else ++ struct sctp_event_subscribe event; ++ socklen_t eventsize; ++# endif ++ bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; ++ ++ /* set sender dry event */ ++# ifdef SCTP_EVENT ++ memset(&event, 0, sizeof(struct sctp_event)); ++ event.se_assoc_id = 0; ++ event.se_type = SCTP_SENDER_DRY_EVENT; ++ event.se_on = 1; ++ ret = ++ setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, ++ sizeof(struct sctp_event)); ++# else ++ eventsize = sizeof(struct sctp_event_subscribe); ++ ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); ++ if (ret < 0) ++ return -1; ++ ++ event.sctp_sender_dry_event = 1; ++ ++ ret = ++ setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, ++ sizeof(struct sctp_event_subscribe)); ++# endif ++ if (ret < 0) ++ return -1; ++ ++ /* peek for notification */ ++ memset(&snp, 0x00, sizeof(union sctp_notification)); ++ iov.iov_base = (char *)&snp; ++ iov.iov_len = sizeof(union sctp_notification); ++ msg.msg_name = NULL; ++ msg.msg_namelen = 0; ++ msg.msg_iov = &iov; ++ msg.msg_iovlen = 1; ++ msg.msg_control = NULL; ++ msg.msg_controllen = 0; ++ msg.msg_flags = 0; ++ ++ n = recvmsg(b->num, &msg, MSG_PEEK); ++ if (n <= 0) { ++ if ((n < 0) && (get_last_socket_error() != EAGAIN) ++ && (get_last_socket_error() != EWOULDBLOCK)) ++ return -1; ++ else ++ return 0; ++ } ++ ++ /* if we find a notification, process it and try again if necessary */ ++ while (msg.msg_flags & MSG_NOTIFICATION) { ++ memset(&snp, 0x00, sizeof(union sctp_notification)); ++ iov.iov_base = (char *)&snp; ++ iov.iov_len = sizeof(union sctp_notification); ++ msg.msg_name = NULL; ++ msg.msg_namelen = 0; ++ msg.msg_iov = &iov; ++ msg.msg_iovlen = 1; ++ msg.msg_control = NULL; ++ msg.msg_controllen = 0; ++ msg.msg_flags = 0; ++ ++ n = recvmsg(b->num, &msg, 0); ++ if (n <= 0) { ++ if ((n < 0) && (get_last_socket_error() != EAGAIN) ++ && (get_last_socket_error() != EWOULDBLOCK)) ++ return -1; ++ else ++ return is_dry; ++ } ++ ++ if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { ++ is_dry = 1; ++ ++ /* disable sender dry event */ ++# ifdef SCTP_EVENT ++ memset(&event, 0, sizeof(struct sctp_event)); ++ event.se_assoc_id = 0; ++ event.se_type = SCTP_SENDER_DRY_EVENT; ++ event.se_on = 0; ++ ret = ++ setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, ++ sizeof(struct sctp_event)); ++# else ++ eventsize = (socklen_t) sizeof(struct sctp_event_subscribe); ++ ret = ++ getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, ++ &eventsize); ++ if (ret < 0) ++ return -1; ++ ++ event.sctp_sender_dry_event = 0; ++ ++ ret = ++ setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, ++ sizeof(struct sctp_event_subscribe)); ++# endif ++ if (ret < 0) ++ return -1; ++ } ++# ifdef SCTP_AUTHENTICATION_EVENT ++ if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) ++ dgram_sctp_handle_auth_free_key_event(b, &snp); ++# endif ++ ++ if (data->handle_notifications != NULL) ++ data->handle_notifications(b, data->notification_context, ++ (void *)&snp); ++ ++ /* found notification, peek again */ ++ memset(&snp, 0x00, sizeof(union sctp_notification)); ++ iov.iov_base = (char *)&snp; ++ iov.iov_len = sizeof(union sctp_notification); ++ msg.msg_name = NULL; ++ msg.msg_namelen = 0; ++ msg.msg_iov = &iov; ++ msg.msg_iovlen = 1; ++ msg.msg_control = NULL; ++ msg.msg_controllen = 0; ++ msg.msg_flags = 0; ++ ++ /* if we have seen the dry already, don't wait */ ++ if (is_dry) { ++ sockflags = fcntl(b->num, F_GETFL, 0); ++ fcntl(b->num, F_SETFL, O_NONBLOCK); ++ } ++ ++ n = recvmsg(b->num, &msg, MSG_PEEK); ++ ++ if (is_dry) { ++ fcntl(b->num, F_SETFL, sockflags); ++ } ++ ++ if (n <= 0) { ++ if ((n < 0) && (get_last_socket_error() != EAGAIN) ++ && (get_last_socket_error() != EWOULDBLOCK)) ++ return -1; ++ else ++ return is_dry; ++ } ++ } ++ ++ /* read anything else */ ++ return is_dry; ++} ++ ++int BIO_dgram_sctp_msg_waiting(BIO *b) ++{ ++ int n, sockflags; ++ union sctp_notification snp; ++ struct msghdr msg; ++ struct iovec iov; ++ bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; ++ ++ /* Check if there are any messages waiting to be read */ ++ do { ++ memset(&snp, 0x00, sizeof(union sctp_notification)); ++ iov.iov_base = (char *)&snp; ++ iov.iov_len = sizeof(union sctp_notification); ++ msg.msg_name = NULL; ++ msg.msg_namelen = 0; ++ msg.msg_iov = &iov; ++ msg.msg_iovlen = 1; ++ msg.msg_control = NULL; ++ msg.msg_controllen = 0; ++ msg.msg_flags = 0; ++ ++ sockflags = fcntl(b->num, F_GETFL, 0); ++ fcntl(b->num, F_SETFL, O_NONBLOCK); ++ n = recvmsg(b->num, &msg, MSG_PEEK); ++ fcntl(b->num, F_SETFL, sockflags); ++ ++ /* if notification, process and try again */ ++ if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) { ++# ifdef SCTP_AUTHENTICATION_EVENT ++ if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) ++ dgram_sctp_handle_auth_free_key_event(b, &snp); ++# endif ++ ++ memset(&snp, 0x00, sizeof(union sctp_notification)); ++ iov.iov_base = (char *)&snp; ++ iov.iov_len = sizeof(union sctp_notification); ++ msg.msg_name = NULL; ++ msg.msg_namelen = 0; ++ msg.msg_iov = &iov; ++ msg.msg_iovlen = 1; ++ msg.msg_control = NULL; ++ msg.msg_controllen = 0; ++ msg.msg_flags = 0; ++ n = recvmsg(b->num, &msg, 0); ++ ++ if (data->handle_notifications != NULL) ++ data->handle_notifications(b, data->notification_context, ++ (void *)&snp); ++ } ++ ++ } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)); ++ ++ /* Return 1 if there is a message to be read, return 0 otherwise. */ ++ if (n > 0) ++ return 1; ++ else ++ return 0; ++} ++ ++static int dgram_sctp_puts(BIO *bp, const char *str) ++{ ++ int n, ret; ++ ++ n = strlen(str); ++ ret = dgram_sctp_write(bp, str, n); ++ return (ret); ++} ++# endif ++ + static int BIO_dgram_should_retry(int i) + { + int err; +@@ -725,11 +2054,22 @@ int BIO_dgram_non_fatal_error(int err) + + static void get_current_time(struct timeval *t) + { +-# ifdef OPENSSL_SYS_WIN32 +- struct _timeb tb; +- _ftime(&tb); +- t->tv_sec = (long)tb.time; +- t->tv_usec = (long)tb.millitm * 1000; ++# if defined(_WIN32) ++ SYSTEMTIME st; ++ union { ++ unsigned __int64 ul; ++ FILETIME ft; ++ } now; ++ ++ GetSystemTime(&st); ++ SystemTimeToFileTime(&st, &now.ft); ++# ifdef __MINGW32__ ++ now.ul -= 116444736000000000ULL; ++# else ++ now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ ++# endif ++ t->tv_sec = (long)(now.ul / 10000000); ++ t->tv_usec = ((int)(now.ul % 10000000)) / 10; + # elif defined(OPENSSL_SYS_VMS) + struct timeb tb; + ftime(&tb); +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c +index ad554df..5f4e344 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c +@@ -60,6 +60,31 @@ + #include + #define USE_SOCKETS + #include "cryptlib.h" ++ ++#if defined(OPENSSL_NO_POSIX_IO) ++/* ++ * Dummy placeholder for BIO_s_fd... ++ */ ++BIO *BIO_new_fd(int fd, int close_flag) ++{ ++ return NULL; ++} ++ ++int BIO_fd_non_fatal_error(int err) ++{ ++ return 0; ++} ++ ++int BIO_fd_should_retry(int i) ++{ ++ return 0; ++} ++ ++BIO_METHOD *BIO_s_fd(void) ++{ ++ return NULL; ++} ++#else + /* + * As for unconditional usage of "UPLINK" interface in this module. + * Trouble is that unlike Unix file descriptors [which are indexes +@@ -72,11 +97,12 @@ + * file descriptors can only be provided by application. Therefore + * "UPLINK" calls are due... + */ +-#include "bio_lcl.h" ++# include "bio_lcl.h" + + static int fd_write(BIO *h, const char *buf, int num); + static int fd_read(BIO *h, char *buf, int size); + static int fd_puts(BIO *h, const char *str); ++static int fd_gets(BIO *h, char *buf, int size); + static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int fd_new(BIO *h); + static int fd_free(BIO *data); +@@ -87,7 +113,7 @@ static BIO_METHOD methods_fdp = { + fd_write, + fd_read, + fd_puts, +- NULL, /* fd_gets, */ ++ fd_gets, + fd_ctrl, + fd_new, + fd_free, +@@ -221,6 +247,22 @@ static int fd_puts(BIO *bp, const char *str) + return (ret); + } + ++static int fd_gets(BIO *bp, char *buf, int size) ++{ ++ int ret = 0; ++ char *ptr = buf; ++ char *end = buf + size - 1; ++ ++ while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n')) ++ ptr++; ++ ++ ptr[0] = '\0'; ++ ++ if (buf[0] != '\0') ++ ret = strlen(buf); ++ return (ret); ++} ++ + int BIO_fd_should_retry(int i) + { + int err; +@@ -228,11 +270,11 @@ int BIO_fd_should_retry(int i) + if ((i == 0) || (i == -1)) { + err = get_last_sys_error(); + +-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps ++# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps + * not? Ben 4/1/99 */ + if ((i == -1) && (err == 0)) + return (1); +-#endif ++# endif + + return (BIO_fd_non_fatal_error(err)); + } +@@ -243,41 +285,41 @@ int BIO_fd_non_fatal_error(int err) + { + switch (err) { + +-#ifdef EWOULDBLOCK +-# ifdef WSAEWOULDBLOCK +-# if WSAEWOULDBLOCK != EWOULDBLOCK ++# ifdef EWOULDBLOCK ++# ifdef WSAEWOULDBLOCK ++# if WSAEWOULDBLOCK != EWOULDBLOCK + case EWOULDBLOCK: +-# endif +-# else ++# endif ++# else + case EWOULDBLOCK: ++# endif + # endif +-#endif + +-#if defined(ENOTCONN) ++# if defined(ENOTCONN) + case ENOTCONN: +-#endif ++# endif + +-#ifdef EINTR ++# ifdef EINTR + case EINTR: +-#endif ++# endif + +-#ifdef EAGAIN +-# if EWOULDBLOCK != EAGAIN ++# ifdef EAGAIN ++# if EWOULDBLOCK != EAGAIN + case EAGAIN: ++# endif + # endif +-#endif + +-#ifdef EPROTO ++# ifdef EPROTO + case EPROTO: +-#endif ++# endif + +-#ifdef EINPROGRESS ++# ifdef EINPROGRESS + case EINPROGRESS: +-#endif ++# endif + +-#ifdef EALREADY ++# ifdef EALREADY + case EALREADY: +-#endif ++# endif + return (1); + /* break; */ + default: +@@ -285,3 +327,4 @@ int BIO_fd_non_fatal_error(int err) + } + return (0); + } ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c +index 81e5b94..153b6fa 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_file.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_file.c +@@ -118,9 +118,53 @@ static BIO_METHOD methods_filep = { + BIO *BIO_new_file(const char *filename, const char *mode) + { + BIO *ret; +- FILE *file; +- +- if ((file = fopen(filename, mode)) == NULL) { ++ FILE *file = NULL; ++ ++# if defined(_WIN32) && defined(CP_UTF8) ++ int sz, len_0 = (int)strlen(filename) + 1; ++ DWORD flags; ++ ++ /* ++ * Basically there are three cases to cover: a) filename is ++ * pure ASCII string; b) actual UTF-8 encoded string and ++ * c) locale-ized string, i.e. one containing 8-bit ++ * characters that are meaningful in current system locale. ++ * If filename is pure ASCII or real UTF-8 encoded string, ++ * MultiByteToWideChar succeeds and _wfopen works. If ++ * filename is locale-ized string, chances are that ++ * MultiByteToWideChar fails reporting ++ * ERROR_NO_UNICODE_TRANSLATION, in which case we fall ++ * back to fopen... ++ */ ++ if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS), ++ filename, len_0, NULL, 0)) > 0 || ++ (GetLastError() == ERROR_INVALID_FLAGS && ++ (sz = MultiByteToWideChar(CP_UTF8, (flags = 0), ++ filename, len_0, NULL, 0)) > 0) ++ ) { ++ WCHAR wmode[8]; ++ WCHAR *wfilename = _alloca(sz * sizeof(WCHAR)); ++ ++ if (MultiByteToWideChar(CP_UTF8, flags, ++ filename, len_0, wfilename, sz) && ++ MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, ++ wmode, sizeof(wmode) / sizeof(wmode[0])) && ++ (file = _wfopen(wfilename, wmode)) == NULL && ++ (errno == ENOENT || errno == EBADF) ++ ) { ++ /* ++ * UTF-8 decode succeeded, but no file, filename ++ * could still have been locale-ized... ++ */ ++ file = fopen(filename, mode); ++ } ++ } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) { ++ file = fopen(filename, mode); ++ } ++# else ++ file = fopen(filename, mode); ++# endif ++ if (file == NULL) { + SYSerr(SYS_F_FOPEN, get_last_sys_error()); + ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); + if (errno == ENOENT) +@@ -129,7 +173,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) + BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB); + return (NULL); + } +- if ((ret = BIO_new(BIO_s_file_internal())) == NULL) { ++ if ((ret = BIO_new(BIO_s_file())) == NULL) { + fclose(file); + return (NULL); + } +@@ -284,9 +328,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) + _setmode(fd, _O_BINARY); + # elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) + int fd = fileno((FILE *)ptr); +- /* +- * Under CLib there are differences in file modes +- */ ++ /* Under CLib there are differences in file modes */ + if (num & BIO_FP_TEXT) + setmode(fd, O_TEXT); + else +@@ -304,7 +346,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) + } else + _setmode(fd, _O_BINARY); + } +-# elif defined(OPENSSL_SYS_OS2) ++# elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) + int fd = fileno((FILE *)ptr); + if (num & BIO_FP_TEXT) + setmode(fd, O_TEXT); +@@ -418,7 +460,7 @@ static int MS_CALLBACK file_puts(BIO *bp, const char *str) + return (ret); + } + +-#else ++# else + + BIO_METHOD *BIO_s_file(void) + { +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c +index 679d205..1283a52 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_log.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_log.c +@@ -69,12 +69,21 @@ + + #if defined(OPENSSL_SYS_WINCE) + #elif defined(OPENSSL_SYS_WIN32) +-# include + #elif defined(OPENSSL_SYS_VMS) + # include + # include + # include + # include ++/* Some compiler options may mask the declaration of "_malloc32". */ ++# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE ++# if __INITIAL_POINTER_SIZE == 64 ++# pragma pointer_size save ++# pragma pointer_size 32 ++void *_malloc32(__size_t); ++# pragma pointer_size restore ++# endif /* __INITIAL_POINTER_SIZE == 64 */ ++# endif /* __INITIAL_POINTER_SIZE && defined ++ * _ANSI_C_SOURCE */ + #elif defined(__ultrix) + # include + #elif defined(OPENSSL_SYS_NETWARE) +@@ -121,18 +130,6 @@ static int MS_CALLBACK slg_free(BIO *data); + static void xopenlog(BIO *bp, char *name, int level); + static void xsyslog(BIO *bp, int priority, const char *string); + static void xcloselog(BIO *bp); +-# ifdef OPENSSL_SYS_WIN32 +-LONG(WINAPI *go_for_advapi) () = RegOpenKeyEx; +-HANDLE(WINAPI *register_event_source) () = NULL; +-BOOL(WINAPI *deregister_event_source) () = NULL; +-BOOL(WINAPI *report_event) () = NULL; +-# define DL_PROC(m,f) (GetProcAddress( m, f )) +-# ifdef UNICODE +-# define DL_PROC_X(m,f) DL_PROC( m, f "W" ) +-# else +-# define DL_PROC_X(m,f) DL_PROC( m, f "A" ) +-# endif +-# endif + + static BIO_METHOD methods_slg = { + BIO_TYPE_MEM, "syslog", +@@ -174,7 +171,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) + char *buf; + char *pp; + int priority, i; +- static struct { ++ static const struct { + int strl; + char str[10]; + int log_level; +@@ -286,32 +283,20 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str) + + static void xopenlog(BIO *bp, char *name, int level) + { +- if (!register_event_source) { +- HANDLE advapi; +- if (!(advapi = GetModuleHandle("advapi32"))) +- return; +- register_event_source = (HANDLE(WINAPI *)())DL_PROC_X(advapi, +- "RegisterEventSource"); +- deregister_event_source = (BOOL(WINAPI *)()) DL_PROC(advapi, +- "DeregisterEventSource"); +- report_event = (BOOL(WINAPI *)()) DL_PROC_X(advapi, "ReportEvent"); +- if (!(register_event_source && deregister_event_source && +- report_event)) { +- register_event_source = NULL; +- deregister_event_source = NULL; +- report_event = NULL; +- return; +- } +- } +- bp->ptr = (char *)register_event_source(NULL, name); ++ if (check_winnt()) ++ bp->ptr = RegisterEventSourceA(NULL, name); ++ else ++ bp->ptr = NULL; + } + + static void xsyslog(BIO *bp, int priority, const char *string) + { + LPCSTR lpszStrings[2]; + WORD evtype = EVENTLOG_ERROR_TYPE; +- int pid = _getpid(); +- char pidbuf[DECIMAL_SIZE(pid) + 4]; ++ char pidbuf[DECIMAL_SIZE(DWORD) + 4]; ++ ++ if (bp->ptr == NULL) ++ return; + + switch (priority) { + case LOG_EMERG: +@@ -337,18 +322,17 @@ static void xsyslog(BIO *bp, int priority, const char *string) + break; + } + +- sprintf(pidbuf, "[%d] ", pid); ++ sprintf(pidbuf, "[%u] ", GetCurrentProcessId()); + lpszStrings[0] = pidbuf; + lpszStrings[1] = string; + +- if (report_event && bp->ptr) +- report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL); ++ ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL); + } + + static void xcloselog(BIO *bp) + { +- if (deregister_event_source && bp->ptr) +- deregister_event_source((HANDLE) (bp->ptr)); ++ if (bp->ptr) ++ DeregisterEventSource((HANDLE) (bp->ptr)); + bp->ptr = NULL; + } + +@@ -364,7 +348,24 @@ static void xopenlog(BIO *bp, char *name, int level) + static void xsyslog(BIO *bp, int priority, const char *string) + { + struct dsc$descriptor_s opc_dsc; ++ ++/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */ ++# if __INITIAL_POINTER_SIZE == 64 ++# pragma pointer_size save ++# pragma pointer_size 32 ++# define OPCDEF_TYPE __char_ptr32 ++# define OPCDEF_MALLOC _malloc32 ++# else /* __INITIAL_POINTER_SIZE == 64 */ ++# define OPCDEF_TYPE char * ++# define OPCDEF_MALLOC OPENSSL_malloc ++# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ ++ + struct opcdef *opcdef_p; ++ ++# if __INITIAL_POINTER_SIZE == 64 ++# pragma pointer_size restore ++# endif /* __INITIAL_POINTER_SIZE == 64 */ ++ + char buf[10240]; + unsigned int len; + struct dsc$descriptor_s buf_dsc; +@@ -405,8 +406,8 @@ static void xsyslog(BIO *bp, int priority, const char *string) + + lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); + +- /* we know there's an 8 byte header. That's documented */ +- opcdef_p = (struct opcdef *)OPENSSL_malloc(8 + len); ++ /* We know there's an 8-byte header. That's documented. */ ++ opcdef_p = OPCDEF_MALLOC(8 + len); + opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; + memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); + opcdef_p->opc$l_ms_rqstid = 0; +@@ -414,7 +415,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) + + opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; + opc_dsc.dsc$b_class = DSC$K_CLASS_S; +- opc_dsc.dsc$a_pointer = (char *)opcdef_p; ++ opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p; + opc_dsc.dsc$w_length = len + 8; + + sys$sndopr(opc_dsc, 0); +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c +index 9e6f097..d190765 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c +@@ -95,18 +95,19 @@ BIO *BIO_new_mem_buf(void *buf, int len) + { + BIO *ret; + BUF_MEM *b; ++ size_t sz; ++ + if (!buf) { + BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER); + return NULL; + } +- if (len == -1) +- len = strlen(buf); ++ sz = (len < 0) ? strlen(buf) : (size_t)len; + if (!(ret = BIO_new(BIO_s_mem()))) + return NULL; + b = (BUF_MEM *)ret->ptr; + b->data = buf; +- b->length = len; +- b->max = len; ++ b->length = sz; ++ b->max = sz; + ret->flags |= BIO_FLAGS_MEM_RDONLY; + /* Since this is static data retrying wont help */ + ret->num = 0; +@@ -147,23 +148,17 @@ static int mem_read(BIO *b, char *out, int outl) + { + int ret = -1; + BUF_MEM *bm; +- int i; +- char *from, *to; + + bm = (BUF_MEM *)b->ptr; + BIO_clear_retry_flags(b); +- ret = (outl > bm->length) ? bm->length : outl; ++ ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl; + if ((out != NULL) && (ret > 0)) { + memcpy(out, bm->data, ret); + bm->length -= ret; +- /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ + if (b->flags & BIO_FLAGS_MEM_RDONLY) + bm->data += ret; + else { +- from = (char *)&(bm->data[ret]); +- to = (char *)&(bm->data[0]); +- for (i = 0; i < bm->length; i++) +- to[i] = from[i]; ++ memmove(&(bm->data[0]), &(bm->data[ret]), bm->length); + } + } else if (bm->length == 0) { + ret = b->num; +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_sock.c b/Cryptlib/OpenSSL/crypto/bio/bss_sock.c +new file mode 100644 +index 0000000..6194d2c +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_sock.c +@@ -0,0 +1,287 @@ ++/* crypto/bio/bss_sock.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#define USE_SOCKETS ++#include "cryptlib.h" ++ ++#ifndef OPENSSL_NO_SOCK ++ ++# include ++ ++# ifdef WATT32 ++# define sock_write SockWrite /* Watt-32 uses same names */ ++# define sock_read SockRead ++# define sock_puts SockPuts ++# endif ++ ++static int sock_write(BIO *h, const char *buf, int num); ++static int sock_read(BIO *h, char *buf, int size); ++static int sock_puts(BIO *h, const char *str); ++static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2); ++static int sock_new(BIO *h); ++static int sock_free(BIO *data); ++int BIO_sock_should_retry(int s); ++ ++static BIO_METHOD methods_sockp = { ++ BIO_TYPE_SOCKET, ++ "socket", ++ sock_write, ++ sock_read, ++ sock_puts, ++ NULL, /* sock_gets, */ ++ sock_ctrl, ++ sock_new, ++ sock_free, ++ NULL, ++}; ++ ++BIO_METHOD *BIO_s_socket(void) ++{ ++ return (&methods_sockp); ++} ++ ++BIO *BIO_new_socket(int fd, int close_flag) ++{ ++ BIO *ret; ++ ++ ret = BIO_new(BIO_s_socket()); ++ if (ret == NULL) ++ return (NULL); ++ BIO_set_fd(ret, fd, close_flag); ++ return (ret); ++} ++ ++static int sock_new(BIO *bi) ++{ ++ bi->init = 0; ++ bi->num = 0; ++ bi->ptr = NULL; ++ bi->flags = 0; ++ return (1); ++} ++ ++static int sock_free(BIO *a) ++{ ++ if (a == NULL) ++ return (0); ++ if (a->shutdown) { ++ if (a->init) { ++ SHUTDOWN2(a->num); ++ } ++ a->init = 0; ++ a->flags = 0; ++ } ++ return (1); ++} ++ ++static int sock_read(BIO *b, char *out, int outl) ++{ ++ int ret = 0; ++ ++ if (out != NULL) { ++ clear_socket_error(); ++ ret = readsocket(b->num, out, outl); ++ BIO_clear_retry_flags(b); ++ if (ret <= 0) { ++ if (BIO_sock_should_retry(ret)) ++ BIO_set_retry_read(b); ++ } ++ } ++ return (ret); ++} ++ ++static int sock_write(BIO *b, const char *in, int inl) ++{ ++ int ret; ++ ++ clear_socket_error(); ++ ret = writesocket(b->num, in, inl); ++ BIO_clear_retry_flags(b); ++ if (ret <= 0) { ++ if (BIO_sock_should_retry(ret)) ++ BIO_set_retry_write(b); ++ } ++ return (ret); ++} ++ ++static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) ++{ ++ long ret = 1; ++ int *ip; ++ ++ switch (cmd) { ++ case BIO_C_SET_FD: ++ sock_free(b); ++ b->num = *((int *)ptr); ++ b->shutdown = (int)num; ++ b->init = 1; ++ break; ++ case BIO_C_GET_FD: ++ if (b->init) { ++ ip = (int *)ptr; ++ if (ip != NULL) ++ *ip = b->num; ++ ret = b->num; ++ } else ++ ret = -1; ++ break; ++ case BIO_CTRL_GET_CLOSE: ++ ret = b->shutdown; ++ break; ++ case BIO_CTRL_SET_CLOSE: ++ b->shutdown = (int)num; ++ break; ++ case BIO_CTRL_DUP: ++ case BIO_CTRL_FLUSH: ++ ret = 1; ++ break; ++ default: ++ ret = 0; ++ break; ++ } ++ return (ret); ++} ++ ++static int sock_puts(BIO *bp, const char *str) ++{ ++ int n, ret; ++ ++ n = strlen(str); ++ ret = sock_write(bp, str, n); ++ return (ret); ++} ++ ++int BIO_sock_should_retry(int i) ++{ ++ int err; ++ ++ if ((i == 0) || (i == -1)) { ++ err = get_last_socket_error(); ++ ++# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps ++ * not? Ben 4/1/99 */ ++ if ((i == -1) && (err == 0)) ++ return (1); ++# endif ++ ++ return (BIO_sock_non_fatal_error(err)); ++ } ++ return (0); ++} ++ ++int BIO_sock_non_fatal_error(int err) ++{ ++ switch (err) { ++# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) ++# if defined(WSAEWOULDBLOCK) ++ case WSAEWOULDBLOCK: ++# endif ++ ++# if 0 /* This appears to always be an error */ ++# if defined(WSAENOTCONN) ++ case WSAENOTCONN: ++# endif ++# endif ++# endif ++ ++# ifdef EWOULDBLOCK ++# ifdef WSAEWOULDBLOCK ++# if WSAEWOULDBLOCK != EWOULDBLOCK ++ case EWOULDBLOCK: ++# endif ++# else ++ case EWOULDBLOCK: ++# endif ++# endif ++ ++# if defined(ENOTCONN) ++ case ENOTCONN: ++# endif ++ ++# ifdef EINTR ++ case EINTR: ++# endif ++ ++# ifdef EAGAIN ++# if EWOULDBLOCK != EAGAIN ++ case EAGAIN: ++# endif ++# endif ++ ++# ifdef EPROTO ++ case EPROTO: ++# endif ++ ++# ifdef EINPROGRESS ++ case EINPROGRESS: ++# endif ++ ++# ifdef EALREADY ++ case EALREADY: ++# endif ++ return (1); ++ /* break; */ ++ default: ++ break; ++ } ++ return (0); ++} ++ ++#endif /* #ifndef OPENSSL_NO_SOCK */ +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn.h b/Cryptlib/OpenSSL/crypto/bn/bn.h +index f1719a5..5696965 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn.h ++++ b/Cryptlib/OpenSSL/crypto/bn/bn.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,223 +49,247 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + /* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +- * Portions of the attached software ("Contribution") are developed by ++ * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * +- * The binary polynomial arithmetic software is originally written by ++ * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + + #ifndef HEADER_BN_H +-#define HEADER_BN_H ++# define HEADER_BN_H + +-#include +-#ifndef OPENSSL_NO_FP_API +-#include /* FILE */ +-#endif +-#include ++# include ++# ifndef OPENSSL_NO_FP_API ++# include /* FILE */ ++# endif ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-/* These preprocessor symbols control various aspects of the bignum headers and +- * library code. They're not defined by any "normal" configuration, as they are +- * intended for development and testing purposes. NB: defining all three can be +- * useful for debugging application code as well as openssl itself. +- * +- * BN_DEBUG - turn on various debugging alterations to the bignum code +- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up ++/* ++ * These preprocessor symbols control various aspects of the bignum headers ++ * and library code. They're not defined by any "normal" configuration, as ++ * they are intended for development and testing purposes. NB: defining all ++ * three can be useful for debugging application code as well as openssl ++ * itself. BN_DEBUG - turn on various debugging alterations to the bignum ++ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ + /* #define BN_DEBUG */ + /* #define BN_DEBUG_RAND */ + +-#define BN_MUL_COMBA +-#define BN_SQR_COMBA +-#define BN_RECURSION +- +-/* This next option uses the C libraries (2 word)/(1 word) function. +- * If it is not defined, I use my C version (which is slower). +- * The reason for this flag is that when the particular C compiler +- * library routine is used, and the library is linked with a different +- * compiler, the library is missing. This mostly happens when the +- * library is built with gcc and then linked using normal cc. This would +- * be a common occurrence because gcc normally produces code that is +- * 2 times faster than system compilers for the big number stuff. +- * For machines with only one compiler (or shared libraries), this should +- * be on. Again this in only really a problem on machines +- * using "long long's", are 32bit, and are not using my assembler code. */ +-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ +- defined(OPENSSL_SYS_WIN32) || defined(linux) +-# ifndef BN_DIV2W +-# define BN_DIV2W ++# ifndef OPENSSL_SMALL_FOOTPRINT ++# define BN_MUL_COMBA ++# define BN_SQR_COMBA ++# define BN_RECURSION + # endif +-#endif + +-/* assuming long is 64bit - this is the DEC Alpha +- * unsigned long long is only 64 bits :-(, don't define +- * BN_LLONG for the DEC Alpha */ +-#ifdef SIXTY_FOUR_BIT_LONG +-#define BN_ULLONG unsigned long long +-#define BN_ULONG unsigned long +-#define BN_LONG long +-#define BN_BITS 128 +-#define BN_BYTES 8 +-#define BN_BITS2 64 +-#define BN_BITS4 32 +-#define BN_MASK (0xffffffffffffffffffffffffffffffffLL) +-#define BN_MASK2 (0xffffffffffffffffL) +-#define BN_MASK2l (0xffffffffL) +-#define BN_MASK2h (0xffffffff00000000L) +-#define BN_MASK2h1 (0xffffffff80000000L) +-#define BN_TBIT (0x8000000000000000L) +-#define BN_DEC_CONV (10000000000000000000UL) +-#define BN_DEC_FMT1 "%lu" +-#define BN_DEC_FMT2 "%019lu" +-#define BN_DEC_NUM 19 +-#endif +- +-/* This is where the long long data type is 64 bits, but long is 32. +- * For machines where there are 64bit registers, this is the mode to use. +- * IRIX, on R4000 and above should use this mode, along with the relevant +- * assembler code :-). Do NOT define BN_LLONG. ++/* ++ * This next option uses the C libraries (2 word)/(1 word) function. If it is ++ * not defined, I use my C version (which is slower). The reason for this ++ * flag is that when the particular C compiler library routine is used, and ++ * the library is linked with a different compiler, the library is missing. ++ * This mostly happens when the library is built with gcc and then linked ++ * using normal cc. This would be a common occurrence because gcc normally ++ * produces code that is 2 times faster than system compilers for the big ++ * number stuff. For machines with only one compiler (or shared libraries), ++ * this should be on. Again this in only really a problem on machines using ++ * "long long's", are 32bit, and are not using my assembler code. + */ +-#ifdef SIXTY_FOUR_BIT +-#undef BN_LLONG +-#undef BN_ULLONG +-#define BN_ULONG unsigned long long +-#define BN_LONG long long +-#define BN_BITS 128 +-#define BN_BYTES 8 +-#define BN_BITS2 64 +-#define BN_BITS4 32 +-#define BN_MASK2 (0xffffffffffffffffLL) +-#define BN_MASK2l (0xffffffffL) +-#define BN_MASK2h (0xffffffff00000000LL) +-#define BN_MASK2h1 (0xffffffff80000000LL) +-#define BN_TBIT (0x8000000000000000LL) +-#define BN_DEC_CONV (10000000000000000000ULL) +-#define BN_DEC_FMT1 "%llu" +-#define BN_DEC_FMT2 "%019llu" +-#define BN_DEC_NUM 19 +-#endif ++# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ ++ defined(OPENSSL_SYS_WIN32) || defined(linux) ++# ifndef BN_DIV2W ++# define BN_DIV2W ++# endif ++# endif + +-#ifdef THIRTY_TWO_BIT +-#ifdef BN_LLONG +-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) +-# define BN_ULLONG unsigned __int64 +-# else +-# define BN_ULLONG unsigned long long ++/* ++ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only ++ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha ++ */ ++# ifdef SIXTY_FOUR_BIT_LONG ++# define BN_ULLONG unsigned long long ++# define BN_ULONG unsigned long ++# define BN_LONG long ++# define BN_BITS 128 ++# define BN_BYTES 8 ++# define BN_BITS2 64 ++# define BN_BITS4 32 ++# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) ++# define BN_MASK2 (0xffffffffffffffffL) ++# define BN_MASK2l (0xffffffffL) ++# define BN_MASK2h (0xffffffff00000000L) ++# define BN_MASK2h1 (0xffffffff80000000L) ++# define BN_TBIT (0x8000000000000000L) ++# define BN_DEC_CONV (10000000000000000000UL) ++# define BN_DEC_FMT1 "%lu" ++# define BN_DEC_FMT2 "%019lu" ++# define BN_DEC_NUM 19 ++# define BN_HEX_FMT1 "%lX" ++# define BN_HEX_FMT2 "%016lX" + # endif +-#endif +-#define BN_ULONG unsigned long +-#define BN_LONG long +-#define BN_BITS 64 +-#define BN_BYTES 4 +-#define BN_BITS2 32 +-#define BN_BITS4 16 +-#ifdef OPENSSL_SYS_WIN32 +-/* VC++ doesn't like the LL suffix */ +-#define BN_MASK (0xffffffffffffffffL) +-#else +-#define BN_MASK (0xffffffffffffffffLL) +-#endif +-#define BN_MASK2 (0xffffffffL) +-#define BN_MASK2l (0xffff) +-#define BN_MASK2h1 (0xffff8000L) +-#define BN_MASK2h (0xffff0000L) +-#define BN_TBIT (0x80000000L) +-#define BN_DEC_CONV (1000000000L) +-#define BN_DEC_FMT1 "%lu" +-#define BN_DEC_FMT2 "%09lu" +-#define BN_DEC_NUM 9 +-#endif + +-#ifdef SIXTEEN_BIT +-#ifndef BN_DIV2W +-#define BN_DIV2W +-#endif +-#define BN_ULLONG unsigned long +-#define BN_ULONG unsigned short +-#define BN_LONG short +-#define BN_BITS 32 +-#define BN_BYTES 2 +-#define BN_BITS2 16 +-#define BN_BITS4 8 +-#define BN_MASK (0xffffffff) +-#define BN_MASK2 (0xffff) +-#define BN_MASK2l (0xff) +-#define BN_MASK2h1 (0xff80) +-#define BN_MASK2h (0xff00) +-#define BN_TBIT (0x8000) +-#define BN_DEC_CONV (100000) +-#define BN_DEC_FMT1 "%u" +-#define BN_DEC_FMT2 "%05u" +-#define BN_DEC_NUM 5 +-#endif ++/* ++ * This is where the long long data type is 64 bits, but long is 32. For ++ * machines where there are 64bit registers, this is the mode to use. IRIX, ++ * on R4000 and above should use this mode, along with the relevant assembler ++ * code :-). Do NOT define BN_LLONG. ++ */ ++# ifdef SIXTY_FOUR_BIT ++# undef BN_LLONG ++# undef BN_ULLONG ++# define BN_ULONG unsigned long long ++# define BN_LONG long long ++# define BN_BITS 128 ++# define BN_BYTES 8 ++# define BN_BITS2 64 ++# define BN_BITS4 32 ++# define BN_MASK2 (0xffffffffffffffffLL) ++# define BN_MASK2l (0xffffffffL) ++# define BN_MASK2h (0xffffffff00000000LL) ++# define BN_MASK2h1 (0xffffffff80000000LL) ++# define BN_TBIT (0x8000000000000000LL) ++# define BN_DEC_CONV (10000000000000000000ULL) ++# define BN_DEC_FMT1 "%llu" ++# define BN_DEC_FMT2 "%019llu" ++# define BN_DEC_NUM 19 ++# define BN_HEX_FMT1 "%llX" ++# define BN_HEX_FMT2 "%016llX" ++# endif + +-#ifdef EIGHT_BIT +-#ifndef BN_DIV2W +-#define BN_DIV2W +-#endif +-#define BN_ULLONG unsigned short +-#define BN_ULONG unsigned char +-#define BN_LONG char +-#define BN_BITS 16 +-#define BN_BYTES 1 +-#define BN_BITS2 8 +-#define BN_BITS4 4 +-#define BN_MASK (0xffff) +-#define BN_MASK2 (0xff) +-#define BN_MASK2l (0xf) +-#define BN_MASK2h1 (0xf8) +-#define BN_MASK2h (0xf0) +-#define BN_TBIT (0x80) +-#define BN_DEC_CONV (100) +-#define BN_DEC_FMT1 "%u" +-#define BN_DEC_FMT2 "%02u" +-#define BN_DEC_NUM 2 +-#endif ++# ifdef THIRTY_TWO_BIT ++# ifdef BN_LLONG ++# if defined(_WIN32) && !defined(__GNUC__) ++# define BN_ULLONG unsigned __int64 ++# define BN_MASK (0xffffffffffffffffI64) ++# else ++# define BN_ULLONG unsigned long long ++# define BN_MASK (0xffffffffffffffffLL) ++# endif ++# endif ++# define BN_ULONG unsigned int ++# define BN_LONG int ++# define BN_BITS 64 ++# define BN_BYTES 4 ++# define BN_BITS2 32 ++# define BN_BITS4 16 ++# define BN_MASK2 (0xffffffffL) ++# define BN_MASK2l (0xffff) ++# define BN_MASK2h1 (0xffff8000L) ++# define BN_MASK2h (0xffff0000L) ++# define BN_TBIT (0x80000000L) ++# define BN_DEC_CONV (1000000000L) ++# define BN_DEC_FMT1 "%u" ++# define BN_DEC_FMT2 "%09u" ++# define BN_DEC_NUM 9 ++# define BN_HEX_FMT1 "%X" ++# define BN_HEX_FMT2 "%08X" ++# endif + +-#define BN_DEFAULT_BITS 1280 ++# define BN_DEFAULT_BITS 1280 + +-#define BN_FLG_MALLOCED 0x01 +-#define BN_FLG_STATIC_DATA 0x02 +-#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, +- * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, +- * BN_div() will call BN_div_no_branch, +- * BN_mod_inverse() will call BN_mod_inverse_no_branch. +- */ ++# define BN_FLG_MALLOCED 0x01 ++# define BN_FLG_STATIC_DATA 0x02 + +-#ifndef OPENSSL_NO_DEPRECATED +-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ +- /* avoid leaking exponent information through timings +- * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +-#endif ++/* ++ * avoid leaking exponent information through timing, ++ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, ++ * BN_div() will call BN_div_no_branch, ++ * BN_mod_inverse() will call BN_mod_inverse_no_branch. ++ */ ++# define BN_FLG_CONSTTIME 0x04 ++ ++# ifdef OPENSSL_NO_DEPRECATED ++/* deprecated name for the flag */ ++# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME ++/* ++ * avoid leaking exponent information through timings ++ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) ++ */ ++# endif + +-#ifndef OPENSSL_NO_DEPRECATED +-#define BN_FLG_FREE 0x8000 /* used for debuging */ +-#endif +-#define BN_set_flags(b,n) ((b)->flags|=(n)) +-#define BN_get_flags(b,n) ((b)->flags&(n)) ++# ifndef OPENSSL_NO_DEPRECATED ++# define BN_FLG_FREE 0x8000 ++ /* used for debuging */ ++# endif ++# define BN_set_flags(b,n) ((b)->flags|=(n)) ++# define BN_get_flags(b,n) ((b)->flags&(n)) + +-/* get a clone of a BIGNUM with changed flags, for *temporary* use only +- * (the two BIGNUMs cannot not be used in parallel!) */ +-#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ ++/* ++ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the ++ * two BIGNUMs cannot not be used in parallel!) ++ */ ++# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ + (dest)->top=(b)->top, \ + (dest)->dmax=(b)->dmax, \ + (dest)->neg=(b)->neg, \ +@@ -275,7 +299,7 @@ extern "C" { + | (n))) + + /* Already declared in ossl_typ.h */ +-#if 0 ++# if 0 + typedef struct bignum_st BIGNUM; + /* Used for temp variables (declaration hidden in bn_lcl.h) */ + typedef struct bignum_ctx BN_CTX; +@@ -283,84 +307,81 @@ typedef struct bn_blinding_st BN_BLINDING; + typedef struct bn_mont_ctx_st BN_MONT_CTX; + typedef struct bn_recp_ctx_st BN_RECP_CTX; + typedef struct bn_gencb_st BN_GENCB; +-#endif ++# endif + +-struct bignum_st +- { +- BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ +- int top; /* Index of last used d +1. */ +- /* The next are internal book keeping for bn_expand. */ +- int dmax; /* Size of the d array. */ +- int neg; /* one if the number is negative */ +- int flags; +- }; ++struct bignum_st { ++ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit ++ * chunks. */ ++ int top; /* Index of last used d +1. */ ++ /* The next are internal book keeping for bn_expand. */ ++ int dmax; /* Size of the d array. */ ++ int neg; /* one if the number is negative */ ++ int flags; ++}; + + /* Used for montgomery multiplication */ +-struct bn_mont_ctx_st +- { +- int ri; /* number of bits in R */ +- BIGNUM RR; /* used to convert to montgomery form */ +- BIGNUM N; /* The modulus */ +- BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 +- * (Ni is only stored for bignum algorithm) */ +-#if 0 +- /* OpenSSL 0.9.9 preview: */ +- BN_ULONG n0[2];/* least significant word(s) of Ni */ +-#else +- BN_ULONG n0; /* least significant word of Ni */ +-#endif +- int flags; +- }; +- +-/* Used for reciprocal division/mod functions +- * It cannot be shared between threads ++struct bn_mont_ctx_st { ++ int ri; /* number of bits in R */ ++ BIGNUM RR; /* used to convert to montgomery form */ ++ BIGNUM N; /* The modulus */ ++ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only ++ * stored for bignum algorithm) */ ++ BN_ULONG n0[2]; /* least significant word(s) of Ni; (type ++ * changed with 0.9.9, was "BN_ULONG n0;" ++ * before) */ ++ int flags; ++}; ++ ++/* ++ * Used for reciprocal division/mod functions It cannot be shared between ++ * threads + */ +-struct bn_recp_ctx_st +- { +- BIGNUM N; /* the divisor */ +- BIGNUM Nr; /* the reciprocal */ +- int num_bits; +- int shift; +- int flags; +- }; ++struct bn_recp_ctx_st { ++ BIGNUM N; /* the divisor */ ++ BIGNUM Nr; /* the reciprocal */ ++ int num_bits; ++ int shift; ++ int flags; ++}; + + /* Used for slow "generation" functions. */ +-struct bn_gencb_st +- { +- unsigned int ver; /* To handle binary (in)compatibility */ +- void *arg; /* callback-specific data */ +- union +- { +- /* if(ver==1) - handles old style callbacks */ +- void (*cb_1)(int, int, void *); +- /* if(ver==2) - new callback style */ +- int (*cb_2)(int, int, BN_GENCB *); +- } cb; +- }; ++struct bn_gencb_st { ++ unsigned int ver; /* To handle binary (in)compatibility */ ++ void *arg; /* callback-specific data */ ++ union { ++ /* if(ver==1) - handles old style callbacks */ ++ void (*cb_1) (int, int, void *); ++ /* if(ver==2) - new callback style */ ++ int (*cb_2) (int, int, BN_GENCB *); ++ } cb; ++}; + /* Wrapper function to make using BN_GENCB easier, */ + int BN_GENCB_call(BN_GENCB *cb, int a, int b); + /* Macro to populate a BN_GENCB structure with an "old"-style callback */ +-#define BN_GENCB_set_old(gencb, callback, cb_arg) { \ +- BN_GENCB *tmp_gencb = (gencb); \ +- tmp_gencb->ver = 1; \ +- tmp_gencb->arg = (cb_arg); \ +- tmp_gencb->cb.cb_1 = (callback); } ++# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ ++ BN_GENCB *tmp_gencb = (gencb); \ ++ tmp_gencb->ver = 1; \ ++ tmp_gencb->arg = (cb_arg); \ ++ tmp_gencb->cb.cb_1 = (callback); } + /* Macro to populate a BN_GENCB structure with a "new"-style callback */ +-#define BN_GENCB_set(gencb, callback, cb_arg) { \ +- BN_GENCB *tmp_gencb = (gencb); \ +- tmp_gencb->ver = 2; \ +- tmp_gencb->arg = (cb_arg); \ +- tmp_gencb->cb.cb_2 = (callback); } +- +-#define BN_prime_checks 0 /* default: select number of iterations +- based on the size of the number */ +- +-/* number of Miller-Rabin iterations for an error rate of less than 2^-80 +- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook +- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; +- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates +- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ +-#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ ++# define BN_GENCB_set(gencb, callback, cb_arg) { \ ++ BN_GENCB *tmp_gencb = (gencb); \ ++ tmp_gencb->ver = 2; \ ++ tmp_gencb->arg = (cb_arg); \ ++ tmp_gencb->cb.cb_2 = (callback); } ++ ++# define BN_prime_checks 0 /* default: select number of iterations based ++ * on the size of the number */ ++ ++/* ++ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for ++ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of ++ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; ++ * original paper: Damgaard, Landrock, Pomerance: Average case error ++ * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) ++ * 177-194) ++ */ ++# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ + (b) >= 850 ? 3 : \ + (b) >= 650 ? 4 : \ + (b) >= 550 ? 5 : \ +@@ -373,279 +394,319 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); + (b) >= 150 ? 18 : \ + /* b >= 100 */ 27) + +-#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) ++# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + + /* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +-#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ +- (((w) == 0) && ((a)->top == 0))) +-#define BN_is_zero(a) ((a)->top == 0) +-#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) +-#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) +-#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) +- +-#define BN_one(a) (BN_set_word((a),1)) +-#define BN_zero_ex(a) \ +- do { \ +- BIGNUM *_tmp_bn = (a); \ +- _tmp_bn->top = 0; \ +- _tmp_bn->neg = 0; \ +- } while(0) +-#ifdef OPENSSL_NO_DEPRECATED +-#define BN_zero(a) BN_zero_ex(a) +-#else +-#define BN_zero(a) (BN_set_word((a),0)) +-#endif ++# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ ++ (((w) == 0) && ((a)->top == 0))) ++# define BN_is_zero(a) ((a)->top == 0) ++# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) ++# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) ++# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) ++ ++# define BN_one(a) (BN_set_word((a),1)) ++# define BN_zero_ex(a) \ ++ do { \ ++ BIGNUM *_tmp_bn = (a); \ ++ _tmp_bn->top = 0; \ ++ _tmp_bn->neg = 0; \ ++ } while(0) ++# ifdef OPENSSL_NO_DEPRECATED ++# define BN_zero(a) BN_zero_ex(a) ++# else ++# define BN_zero(a) (BN_set_word((a),0)) ++# endif + + const BIGNUM *BN_value_one(void); +-char * BN_options(void); ++char *BN_options(void); + BN_CTX *BN_CTX_new(void); +-#ifndef OPENSSL_NO_DEPRECATED +-void BN_CTX_init(BN_CTX *c); +-#endif +-void BN_CTX_free(BN_CTX *c); +-void BN_CTX_start(BN_CTX *ctx); ++# ifndef OPENSSL_NO_DEPRECATED ++void BN_CTX_init(BN_CTX *c); ++# endif ++void BN_CTX_free(BN_CTX *c); ++void BN_CTX_start(BN_CTX *ctx); + BIGNUM *BN_CTX_get(BN_CTX *ctx); +-void BN_CTX_end(BN_CTX *ctx); +-int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); +-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); +-int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +-int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +-int BN_num_bits(const BIGNUM *a); +-int BN_num_bits_word(BN_ULONG); ++void BN_CTX_end(BN_CTX *ctx); ++int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); ++int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); ++int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); ++int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); ++int BN_num_bits(const BIGNUM *a); ++int BN_num_bits_word(BN_ULONG); + BIGNUM *BN_new(void); +-void BN_init(BIGNUM *); +-void BN_clear_free(BIGNUM *a); ++void BN_init(BIGNUM *); ++void BN_clear_free(BIGNUM *a); + BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +-void BN_swap(BIGNUM *a, BIGNUM *b); +-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); +-int BN_bn2bin(const BIGNUM *a, unsigned char *to); +-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret); +-int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +-int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); ++void BN_swap(BIGNUM *a, BIGNUM *b); ++BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); ++int BN_bn2bin(const BIGNUM *a, unsigned char *to); ++BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); ++int BN_bn2mpi(const BIGNUM *a, unsigned char *to); ++int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); ++int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); + /** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object +- * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise ++ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +-void BN_set_negative(BIGNUM *b, int n); ++void BN_set_negative(BIGNUM *b, int n); + /** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +-#define BN_is_negative(a) ((a)->neg != 0) +- +-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, +- BN_CTX *ctx); +-#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); ++# define BN_is_negative(a) ((a)->neg != 0) ++ ++int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, ++ BN_CTX *ctx); ++# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) ++int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); ++int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *m); ++int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *m); ++int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); ++int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); ++int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); ++int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + + BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); + BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +-int BN_mul_word(BIGNUM *a, BN_ULONG w); +-int BN_add_word(BIGNUM *a, BN_ULONG w); +-int BN_sub_word(BIGNUM *a, BN_ULONG w); +-int BN_set_word(BIGNUM *a, BN_ULONG w); ++int BN_mul_word(BIGNUM *a, BN_ULONG w); ++int BN_add_word(BIGNUM *a, BN_ULONG w); ++int BN_sub_word(BIGNUM *a, BN_ULONG w); ++int BN_set_word(BIGNUM *a, BN_ULONG w); + BN_ULONG BN_get_word(const BIGNUM *a); + +-int BN_cmp(const BIGNUM *a, const BIGNUM *b); +-void BN_free(BIGNUM *a); +-int BN_is_bit_set(const BIGNUM *a, int n); +-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +-int BN_lshift1(BIGNUM *r, const BIGNUM *a); +-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx); +- +-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m,BN_CTX *ctx); +-int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++int BN_cmp(const BIGNUM *a, const BIGNUM *b); ++void BN_free(BIGNUM *a); ++int BN_is_bit_set(const BIGNUM *a, int n); ++int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); ++int BN_lshift1(BIGNUM *r, const BIGNUM *a); ++int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++ ++int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx); ++int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); +-int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +-int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, +- const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m, +- BN_CTX *ctx,BN_MONT_CTX *m_ctx); +-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m,BN_CTX *ctx); +- +-int BN_mask_bits(BIGNUM *a,int n); +-#ifndef OPENSSL_NO_FP_API +-int BN_print_fp(FILE *fp, const BIGNUM *a); +-#endif +-#ifdef HEADER_BIO_H +-int BN_print(BIO *fp, const BIGNUM *a); +-#else +-int BN_print(void *fp, const BIGNUM *a); +-#endif +-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +-int BN_rshift1(BIGNUM *r, const BIGNUM *a); +-void BN_clear(BIGNUM *a); ++ const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *in_mont); ++int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, ++ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, ++ BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx); ++ ++int BN_mask_bits(BIGNUM *a, int n); ++# ifndef OPENSSL_NO_FP_API ++int BN_print_fp(FILE *fp, const BIGNUM *a); ++# endif ++# ifdef HEADER_BIO_H ++int BN_print(BIO *fp, const BIGNUM *a); ++# else ++int BN_print(void *fp, const BIGNUM *a); ++# endif ++int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); ++int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); ++int BN_rshift1(BIGNUM *r, const BIGNUM *a); ++void BN_clear(BIGNUM *a); + BIGNUM *BN_dup(const BIGNUM *a); +-int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +-int BN_set_bit(BIGNUM *a, int n); +-int BN_clear_bit(BIGNUM *a, int n); +-char * BN_bn2hex(const BIGNUM *a); +-char * BN_bn2dec(const BIGNUM *a); +-int BN_hex2bn(BIGNUM **a, const char *str); +-int BN_dec2bn(BIGNUM **a, const char *str); +-int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); +-int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ ++int BN_ucmp(const BIGNUM *a, const BIGNUM *b); ++int BN_set_bit(BIGNUM *a, int n); ++int BN_clear_bit(BIGNUM *a, int n); ++char *BN_bn2hex(const BIGNUM *a); ++char *BN_bn2dec(const BIGNUM *a); ++int BN_hex2bn(BIGNUM **a, const char *str); ++int BN_dec2bn(BIGNUM **a, const char *str); ++int BN_asc2bn(BIGNUM **a, const char *str); ++int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); ++int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns ++ * -2 for ++ * error */ + BIGNUM *BN_mod_inverse(BIGNUM *ret, +- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); ++ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + BIGNUM *BN_mod_sqrt(BIGNUM *ret, +- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); ++ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); ++ ++void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + + /* Deprecated versions */ +-#ifndef OPENSSL_NO_DEPRECATED +-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, +- const BIGNUM *add, const BIGNUM *rem, +- void (*callback)(int,int,void *),void *cb_arg); +-int BN_is_prime(const BIGNUM *p,int nchecks, +- void (*callback)(int,int,void *), +- BN_CTX *ctx,void *cb_arg); +-int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, +- void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, +- int do_trial_division); +-#endif /* !defined(OPENSSL_NO_DEPRECATED) */ ++# ifndef OPENSSL_NO_DEPRECATED ++BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, ++ const BIGNUM *add, const BIGNUM *rem, ++ void (*callback) (int, int, void *), void *cb_arg); ++int BN_is_prime(const BIGNUM *p, int nchecks, ++ void (*callback) (int, int, void *), ++ BN_CTX *ctx, void *cb_arg); ++int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, ++ void (*callback) (int, int, void *), BN_CTX *ctx, ++ void *cb_arg, int do_trial_division); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + + /* Newer versions */ +-int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, +- const BIGNUM *rem, BN_GENCB *cb); +-int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); +-int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, +- int do_trial_division, BN_GENCB *cb); ++int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, ++ const BIGNUM *rem, BN_GENCB *cb); ++int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); ++int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, ++ int do_trial_division, BN_GENCB *cb); + + int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + + int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, +- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, +- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, +- BIGNUM *Xp1, BIGNUM *Xp2, +- const BIGNUM *Xp, +- const BIGNUM *e, BN_CTX *ctx, +- BN_GENCB *cb); +- +-BN_MONT_CTX *BN_MONT_CTX_new(void ); ++ const BIGNUM *Xp, const BIGNUM *Xp1, ++ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, ++ BN_GENCB *cb); ++int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, ++ BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, ++ BN_CTX *ctx, BN_GENCB *cb); ++ ++BN_MONT_CTX *BN_MONT_CTX_new(void); + void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, +- BN_MONT_CTX *mont, BN_CTX *ctx); +-#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ +- (r),(a),&((mont)->RR),(mont),(ctx)) +-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, +- BN_MONT_CTX *mont, BN_CTX *ctx); ++int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ BN_MONT_CTX *mont, BN_CTX *ctx); ++# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ ++ (r),(a),&((mont)->RR),(mont),(ctx)) ++int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, ++ BN_MONT_CTX *mont, BN_CTX *ctx); + void BN_MONT_CTX_free(BN_MONT_CTX *mont); +-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); +-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); ++int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); ++BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); + BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, +- const BIGNUM *mod, BN_CTX *ctx); ++ const BIGNUM *mod, BN_CTX *ctx); + + /* BN_BLINDING flags */ +-#define BN_BLINDING_NO_UPDATE 0x00000001 +-#define BN_BLINDING_NO_RECREATE 0x00000002 ++# define BN_BLINDING_NO_UPDATE 0x00000001 ++# define BN_BLINDING_NO_RECREATE 0x00000002 + +-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod); ++BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); + void BN_BLINDING_free(BN_BLINDING *b); +-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); ++int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); + int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); + int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); + int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); ++int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, ++ BN_CTX *); ++# ifndef OPENSSL_NO_DEPRECATED + unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); + void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); ++# endif ++CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); + void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); + BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +- const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, +- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), +- BN_MONT_CTX *m_ctx); +- +-#ifndef OPENSSL_NO_DEPRECATED +-void BN_set_params(int mul,int high,int low,int mont); +-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ +-#endif ++ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, ++ int (*bn_mod_exp) (BIGNUM *r, ++ const BIGNUM *a, ++ const BIGNUM *p, ++ const BIGNUM *m, ++ BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx), ++ BN_MONT_CTX *m_ctx); ++ ++# ifndef OPENSSL_NO_DEPRECATED ++void BN_set_params(int mul, int high, int low, int mont); ++int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ ++# endif + +-void BN_RECP_CTX_init(BN_RECP_CTX *recp); ++void BN_RECP_CTX_init(BN_RECP_CTX *recp); + BN_RECP_CTX *BN_RECP_CTX_new(void); +-void BN_RECP_CTX_free(BN_RECP_CTX *recp); +-int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); +-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, +- BN_RECP_CTX *recp,BN_CTX *ctx); +-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx); +-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, +- BN_RECP_CTX *recp, BN_CTX *ctx); +- +-/* Functions for arithmetic over binary polynomials represented by BIGNUMs. +- * ++void BN_RECP_CTX_free(BN_RECP_CTX *recp); ++int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); ++int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, ++ BN_RECP_CTX *recp, BN_CTX *ctx); ++int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx); ++int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, ++ BN_RECP_CTX *recp, BN_CTX *ctx); ++ ++# ifndef OPENSSL_NO_EC2M ++ ++/* ++ * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is +- * ignored. +- * +- * Note that input arguments are not const so that their bit arrays can +- * be expanded to the appropriate size if needed. ++ * ignored. Note that input arguments are not const so that their bit arrays ++ * can be expanded to the appropriate size if needed. + */ + +-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/ +-#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/ +-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */ +-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- BN_CTX *ctx); /* r = (a * a) mod p */ +-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, +- BN_CTX *ctx); /* r = (1 / b) mod p */ +-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ +-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ +-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- BN_CTX *ctx); /* r = sqrt(a) mod p */ +-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- BN_CTX *ctx); /* r^2 + r = a mod p */ +-#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +-/* Some functions allow for representation of the irreducible polynomials ++/* ++ * r = a + b ++ */ ++int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) ++/* ++ * r=a mod p ++ */ ++int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); ++/* r = (a * b) mod p */ ++int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx); ++/* r = (a * a) mod p */ ++int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++/* r = (1 / b) mod p */ ++int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); ++/* r = (a / b) mod p */ ++int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx); ++/* r = (a ^ b) mod p */ ++int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx); ++/* r = sqrt(a) mod p */ ++int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ BN_CTX *ctx); ++/* r^2 + r = a mod p */ ++int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ BN_CTX *ctx); ++# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) ++/*- ++ * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); +- /* r = a mod p */ +-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */ +-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], +- BN_CTX *ctx); /* r = (a * a) mod p */ +-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], +- BN_CTX *ctx); /* r = (1 / b) mod p */ +-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */ +-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ +-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, +- const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ +-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, +- const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ +-int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); +-int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); +- +-/* faster mod functions for the 'NIST primes' +- * 0 <= a < p^2 */ ++/* r = a mod p */ ++int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); ++/* r = (a * b) mod p */ ++int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const int p[], BN_CTX *ctx); ++/* r = (a * a) mod p */ ++int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], ++ BN_CTX *ctx); ++/* r = (1 / b) mod p */ ++int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], ++ BN_CTX *ctx); ++/* r = (a / b) mod p */ ++int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const int p[], BN_CTX *ctx); ++/* r = (a ^ b) mod p */ ++int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const int p[], BN_CTX *ctx); ++/* r = sqrt(a) mod p */ ++int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, ++ const int p[], BN_CTX *ctx); ++/* r^2 + r = a mod p */ ++int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, ++ const int p[], BN_CTX *ctx); ++int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); ++int BN_GF2m_arr2poly(const int p[], BIGNUM *a); ++ ++# endif ++ ++/* ++ * faster mod functions for the 'NIST primes' 0 <= a < p^2 ++ */ + int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +@@ -660,15 +721,16 @@ const BIGNUM *BN_get0_nist_prime_521(void); + + /* library internal functions */ + +-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ +- (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) +-#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) ++# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ ++ (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) ++# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) + BIGNUM *bn_expand2(BIGNUM *a, int words); +-#ifndef OPENSSL_NO_DEPRECATED ++# ifndef OPENSSL_NO_DEPRECATED + BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ +-#endif ++# endif + +-/* Bignum consistency macros ++/*- ++ * Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading +@@ -696,75 +758,92 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ + * coverage for openssl's own code. + */ + +-#ifdef BN_DEBUG ++# ifdef BN_DEBUG + + /* We only need assert() when debugging */ +-#include ++# include + +-#ifdef BN_DEBUG_RAND ++# ifdef BN_DEBUG_RAND + /* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +-#ifndef RAND_pseudo_bytes +-int RAND_pseudo_bytes(unsigned char *buf,int num); +-#define BN_DEBUG_TRIX +-#endif +-#define bn_pollute(a) \ +- do { \ +- const BIGNUM *_bnum1 = (a); \ +- if(_bnum1->top < _bnum1->dmax) { \ +- unsigned char _tmp_char; \ +- /* We cast away const without the compiler knowing, any \ +- * *genuinely* constant variables that aren't mutable \ +- * wouldn't be constructed with top!=dmax. */ \ +- BN_ULONG *_not_const; \ +- memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ +- RAND_pseudo_bytes(&_tmp_char, 1); \ +- memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ +- (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ +- } \ +- } while(0) +-#ifdef BN_DEBUG_TRIX +-#undef RAND_pseudo_bytes +-#endif +-#else +-#define bn_pollute(a) +-#endif +-#define bn_check_top(a) \ +- do { \ +- const BIGNUM *_bnum2 = (a); \ +- if (_bnum2 != NULL) { \ +- assert((_bnum2->top == 0) || \ +- (_bnum2->d[_bnum2->top - 1] != 0)); \ +- bn_pollute(_bnum2); \ +- } \ +- } while(0) ++# ifndef RAND_pseudo_bytes ++int RAND_pseudo_bytes(unsigned char *buf, int num); ++# define BN_DEBUG_TRIX ++# endif ++# define bn_pollute(a) \ ++ do { \ ++ const BIGNUM *_bnum1 = (a); \ ++ if(_bnum1->top < _bnum1->dmax) { \ ++ unsigned char _tmp_char; \ ++ /* We cast away const without the compiler knowing, any \ ++ * *genuinely* constant variables that aren't mutable \ ++ * wouldn't be constructed with top!=dmax. */ \ ++ BN_ULONG *_not_const; \ ++ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ ++ /* Debug only - safe to ignore error return */ \ ++ RAND_pseudo_bytes(&_tmp_char, 1); \ ++ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ ++ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ ++ } \ ++ } while(0) ++# ifdef BN_DEBUG_TRIX ++# undef RAND_pseudo_bytes ++# endif ++# else ++# define bn_pollute(a) ++# endif ++# define bn_check_top(a) \ ++ do { \ ++ const BIGNUM *_bnum2 = (a); \ ++ if (_bnum2 != NULL) { \ ++ assert((_bnum2->top == 0) || \ ++ (_bnum2->d[_bnum2->top - 1] != 0)); \ ++ bn_pollute(_bnum2); \ ++ } \ ++ } while(0) ++ ++# define bn_fix_top(a) bn_check_top(a) ++ ++# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) ++# define bn_wcheck_size(bn, words) \ ++ do { \ ++ const BIGNUM *_bnum2 = (bn); \ ++ assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ ++ /* avoid unused variable warning with NDEBUG */ \ ++ (void)(_bnum2); \ ++ } while(0) ++ ++# else /* !BN_DEBUG */ ++ ++# define bn_pollute(a) ++# define bn_check_top(a) ++# define bn_fix_top(a) bn_correct_top(a) ++# define bn_check_size(bn, bits) ++# define bn_wcheck_size(bn, words) + +-#define bn_fix_top(a) bn_check_top(a) +- +-#else /* !BN_DEBUG */ +- +-#define bn_pollute(a) +-#define bn_check_top(a) +-#define bn_fix_top(a) bn_correct_top(a) +- +-#endif ++# endif + +-#define bn_correct_top(a) \ ++# define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ +- if ((a)->top > 0) \ +- { \ +- for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ +- if (*(ftl--)) break; \ +- } \ +- bn_pollute(a); \ +- } +- +-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); ++ int tmp_top = (a)->top; \ ++ if (tmp_top > 0) \ ++ { \ ++ for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ ++ if (*(ftl--)) break; \ ++ (a)->top = tmp_top; \ ++ } \ ++ bn_pollute(a); \ ++ } ++ ++BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, ++ BN_ULONG w); + BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +-void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); ++void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); + BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); +-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); ++BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ int num); ++BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ int num); + + /* Primes from RFC 2409 */ + BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); +@@ -778,10 +857,11 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); + BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); + BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); + +-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); ++int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_BN_strings(void); +@@ -789,65 +869,69 @@ void ERR_load_BN_strings(void); + /* Error codes for the BN functions. */ + + /* Function codes. */ +-#define BN_F_BNRAND 127 +-#define BN_F_BN_BLINDING_CONVERT_EX 100 +-#define BN_F_BN_BLINDING_CREATE_PARAM 128 +-#define BN_F_BN_BLINDING_INVERT_EX 101 +-#define BN_F_BN_BLINDING_NEW 102 +-#define BN_F_BN_BLINDING_UPDATE 103 +-#define BN_F_BN_BN2DEC 104 +-#define BN_F_BN_BN2HEX 105 +-#define BN_F_BN_CTX_GET 116 +-#define BN_F_BN_CTX_NEW 106 +-#define BN_F_BN_CTX_START 129 +-#define BN_F_BN_DIV 107 +-#define BN_F_BN_DIV_NO_BRANCH 138 +-#define BN_F_BN_DIV_RECP 130 +-#define BN_F_BN_EXP 123 +-#define BN_F_BN_EXPAND2 108 +-#define BN_F_BN_EXPAND_INTERNAL 120 +-#define BN_F_BN_GF2M_MOD 131 +-#define BN_F_BN_GF2M_MOD_EXP 132 +-#define BN_F_BN_GF2M_MOD_MUL 133 +-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +-#define BN_F_BN_GF2M_MOD_SQR 136 +-#define BN_F_BN_GF2M_MOD_SQRT 137 +-#define BN_F_BN_MOD_EXP2_MONT 118 +-#define BN_F_BN_MOD_EXP_MONT 109 +-#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +-#define BN_F_BN_MOD_EXP_MONT_WORD 117 +-#define BN_F_BN_MOD_EXP_RECP 125 +-#define BN_F_BN_MOD_EXP_SIMPLE 126 +-#define BN_F_BN_MOD_INVERSE 110 +-#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +-#define BN_F_BN_MOD_LSHIFT_QUICK 119 +-#define BN_F_BN_MOD_MUL_RECIPROCAL 111 +-#define BN_F_BN_MOD_SQRT 121 +-#define BN_F_BN_MPI2BN 112 +-#define BN_F_BN_NEW 113 +-#define BN_F_BN_RAND 114 +-#define BN_F_BN_RAND_RANGE 122 +-#define BN_F_BN_USUB 115 ++# define BN_F_BNRAND 127 ++# define BN_F_BN_BLINDING_CONVERT_EX 100 ++# define BN_F_BN_BLINDING_CREATE_PARAM 128 ++# define BN_F_BN_BLINDING_INVERT_EX 101 ++# define BN_F_BN_BLINDING_NEW 102 ++# define BN_F_BN_BLINDING_UPDATE 103 ++# define BN_F_BN_BN2DEC 104 ++# define BN_F_BN_BN2HEX 105 ++# define BN_F_BN_CTX_GET 116 ++# define BN_F_BN_CTX_NEW 106 ++# define BN_F_BN_CTX_START 129 ++# define BN_F_BN_DIV 107 ++# define BN_F_BN_DIV_NO_BRANCH 138 ++# define BN_F_BN_DIV_RECP 130 ++# define BN_F_BN_EXP 123 ++# define BN_F_BN_EXPAND2 108 ++# define BN_F_BN_EXPAND_INTERNAL 120 ++# define BN_F_BN_GF2M_MOD 131 ++# define BN_F_BN_GF2M_MOD_EXP 132 ++# define BN_F_BN_GF2M_MOD_MUL 133 ++# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 ++# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 ++# define BN_F_BN_GF2M_MOD_SQR 136 ++# define BN_F_BN_GF2M_MOD_SQRT 137 ++# define BN_F_BN_LSHIFT 145 ++# define BN_F_BN_MOD_EXP2_MONT 118 ++# define BN_F_BN_MOD_EXP_MONT 109 ++# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 ++# define BN_F_BN_MOD_EXP_MONT_WORD 117 ++# define BN_F_BN_MOD_EXP_RECP 125 ++# define BN_F_BN_MOD_EXP_SIMPLE 126 ++# define BN_F_BN_MOD_INVERSE 110 ++# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 ++# define BN_F_BN_MOD_LSHIFT_QUICK 119 ++# define BN_F_BN_MOD_MUL_RECIPROCAL 111 ++# define BN_F_BN_MOD_SQRT 121 ++# define BN_F_BN_MPI2BN 112 ++# define BN_F_BN_NEW 113 ++# define BN_F_BN_RAND 114 ++# define BN_F_BN_RAND_RANGE 122 ++# define BN_F_BN_RSHIFT 146 ++# define BN_F_BN_USUB 115 + + /* Reason codes. */ +-#define BN_R_ARG2_LT_ARG3 100 +-#define BN_R_BAD_RECIPROCAL 101 +-#define BN_R_BIGNUM_TOO_LONG 114 +-#define BN_R_CALLED_WITH_EVEN_MODULUS 102 +-#define BN_R_DIV_BY_ZERO 103 +-#define BN_R_ENCODING_ERROR 104 +-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +-#define BN_R_INPUT_NOT_REDUCED 110 +-#define BN_R_INVALID_LENGTH 106 +-#define BN_R_INVALID_RANGE 115 +-#define BN_R_NOT_A_SQUARE 111 +-#define BN_R_NOT_INITIALIZED 107 +-#define BN_R_NO_INVERSE 108 +-#define BN_R_NO_SOLUTION 116 +-#define BN_R_P_IS_NOT_PRIME 112 +-#define BN_R_TOO_MANY_ITERATIONS 113 +-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 ++# define BN_R_ARG2_LT_ARG3 100 ++# define BN_R_BAD_RECIPROCAL 101 ++# define BN_R_BIGNUM_TOO_LONG 114 ++# define BN_R_BITS_TOO_SMALL 118 ++# define BN_R_CALLED_WITH_EVEN_MODULUS 102 ++# define BN_R_DIV_BY_ZERO 103 ++# define BN_R_ENCODING_ERROR 104 ++# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 ++# define BN_R_INPUT_NOT_REDUCED 110 ++# define BN_R_INVALID_LENGTH 106 ++# define BN_R_INVALID_RANGE 115 ++# define BN_R_INVALID_SHIFT 119 ++# define BN_R_NOT_A_SQUARE 111 ++# define BN_R_NOT_INITIALIZED 107 ++# define BN_R_NO_INVERSE 108 ++# define BN_R_NO_SOLUTION 116 ++# define BN_R_P_IS_NOT_PRIME 112 ++# define BN_R_TOO_MANY_ITERATIONS 113 ++# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +index 92e9539..03a33cf 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +@@ -77,6 +77,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, + if (num <= 0) + return (c1); + ++# ifndef OPENSSL_SMALL_FOOTPRINT + while (num & ~3) { + mul_add(rp[0], ap[0], w, c1); + mul_add(rp[1], ap[1], w, c1); +@@ -86,15 +87,12 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, + rp += 4; + num -= 4; + } +- if (num) { ++# endif ++ while (num) { + mul_add(rp[0], ap[0], w, c1); +- if (--num == 0) +- return c1; +- mul_add(rp[1], ap[1], w, c1); +- if (--num == 0) +- return c1; +- mul_add(rp[2], ap[2], w, c1); +- return c1; ++ ap++; ++ rp++; ++ num--; + } + + return (c1); +@@ -108,6 +106,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) + if (num <= 0) + return (c1); + ++# ifndef OPENSSL_SMALL_FOOTPRINT + while (num & ~3) { + mul(rp[0], ap[0], w, c1); + mul(rp[1], ap[1], w, c1); +@@ -117,14 +116,12 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) + rp += 4; + num -= 4; + } +- if (num) { ++# endif ++ while (num) { + mul(rp[0], ap[0], w, c1); +- if (--num == 0) +- return c1; +- mul(rp[1], ap[1], w, c1); +- if (--num == 0) +- return c1; +- mul(rp[2], ap[2], w, c1); ++ ap++; ++ rp++; ++ num--; + } + return (c1); + } +@@ -134,6 +131,8 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) + assert(n >= 0); + if (n <= 0) + return; ++ ++# ifndef OPENSSL_SMALL_FOOTPRINT + while (n & ~3) { + sqr(r[0], r[1], a[0]); + sqr(r[2], r[3], a[1]); +@@ -143,14 +142,12 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) + r += 8; + n -= 4; + } +- if (n) { ++# endif ++ while (n) { + sqr(r[0], r[1], a[0]); +- if (--n == 0) +- return; +- sqr(r[2], r[3], a[1]); +- if (--n == 0) +- return; +- sqr(r[4], r[5], a[2]); ++ a++; ++ r += 2; ++ n--; + } + } + +@@ -170,21 +167,22 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, + bl = LBITS(w); + bh = HBITS(w); + +- for (;;) { ++# ifndef OPENSSL_SMALL_FOOTPRINT ++ while (num & ~3) { + mul_add(rp[0], ap[0], bl, bh, c); +- if (--num == 0) +- break; + mul_add(rp[1], ap[1], bl, bh, c); +- if (--num == 0) +- break; + mul_add(rp[2], ap[2], bl, bh, c); +- if (--num == 0) +- break; + mul_add(rp[3], ap[3], bl, bh, c); +- if (--num == 0) +- break; + ap += 4; + rp += 4; ++ num -= 4; ++ } ++# endif ++ while (num) { ++ mul_add(rp[0], ap[0], bl, bh, c); ++ ap++; ++ rp++; ++ num--; + } + return (c); + } +@@ -201,21 +199,22 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) + bl = LBITS(w); + bh = HBITS(w); + +- for (;;) { ++# ifndef OPENSSL_SMALL_FOOTPRINT ++ while (num & ~3) { + mul(rp[0], ap[0], bl, bh, carry); +- if (--num == 0) +- break; + mul(rp[1], ap[1], bl, bh, carry); +- if (--num == 0) +- break; + mul(rp[2], ap[2], bl, bh, carry); +- if (--num == 0) +- break; + mul(rp[3], ap[3], bl, bh, carry); +- if (--num == 0) +- break; + ap += 4; + rp += 4; ++ num -= 4; ++ } ++# endif ++ while (num) { ++ mul(rp[0], ap[0], bl, bh, carry); ++ ap++; ++ rp++; ++ num--; + } + return (carry); + } +@@ -225,25 +224,23 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) + assert(n >= 0); + if (n <= 0) + return; +- for (;;) { +- sqr64(r[0], r[1], a[0]); +- if (--n == 0) +- break; + ++# ifndef OPENSSL_SMALL_FOOTPRINT ++ while (n & ~3) { ++ sqr64(r[0], r[1], a[0]); + sqr64(r[2], r[3], a[1]); +- if (--n == 0) +- break; +- + sqr64(r[4], r[5], a[2]); +- if (--n == 0) +- break; +- + sqr64(r[6], r[7], a[3]); +- if (--n == 0) +- break; +- + a += 4; + r += 8; ++ n -= 4; ++ } ++# endif ++ while (n) { ++ sqr64(r[0], r[1], a[0]); ++ a++; ++ r += 2; ++ n--; + } + } + +@@ -335,34 +332,34 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, + if (n <= 0) + return ((BN_ULONG)0); + +- for (;;) { ++# ifndef OPENSSL_SMALL_FOOTPRINT ++ while (n & ~3) { + ll += (BN_ULLONG) a[0] + b[0]; + r[0] = (BN_ULONG)ll & BN_MASK2; + ll >>= BN_BITS2; +- if (--n <= 0) +- break; +- + ll += (BN_ULLONG) a[1] + b[1]; + r[1] = (BN_ULONG)ll & BN_MASK2; + ll >>= BN_BITS2; +- if (--n <= 0) +- break; +- + ll += (BN_ULLONG) a[2] + b[2]; + r[2] = (BN_ULONG)ll & BN_MASK2; + ll >>= BN_BITS2; +- if (--n <= 0) +- break; +- + ll += (BN_ULLONG) a[3] + b[3]; + r[3] = (BN_ULONG)ll & BN_MASK2; + ll >>= BN_BITS2; +- if (--n <= 0) +- break; +- + a += 4; + b += 4; + r += 4; ++ n -= 4; ++ } ++# endif ++ while (n) { ++ ll += (BN_ULLONG) a[0] + b[0]; ++ r[0] = (BN_ULONG)ll & BN_MASK2; ++ ll >>= BN_BITS2; ++ a++; ++ b++; ++ r++; ++ n--; + } + return ((BN_ULONG)ll); + } +@@ -377,46 +374,49 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, + return ((BN_ULONG)0); + + c = 0; +- for (;;) { ++# ifndef OPENSSL_SMALL_FOOTPRINT ++ while (n & ~3) { + t = a[0]; + t = (t + c) & BN_MASK2; + c = (t < c); + l = (t + b[0]) & BN_MASK2; + c += (l < t); + r[0] = l; +- if (--n <= 0) +- break; +- + t = a[1]; + t = (t + c) & BN_MASK2; + c = (t < c); + l = (t + b[1]) & BN_MASK2; + c += (l < t); + r[1] = l; +- if (--n <= 0) +- break; +- + t = a[2]; + t = (t + c) & BN_MASK2; + c = (t < c); + l = (t + b[2]) & BN_MASK2; + c += (l < t); + r[2] = l; +- if (--n <= 0) +- break; +- + t = a[3]; + t = (t + c) & BN_MASK2; + c = (t < c); + l = (t + b[3]) & BN_MASK2; + c += (l < t); + r[3] = l; +- if (--n <= 0) +- break; +- + a += 4; + b += 4; + r += 4; ++ n -= 4; ++ } ++# endif ++ while (n) { ++ t = a[0]; ++ t = (t + c) & BN_MASK2; ++ c = (t < c); ++ l = (t + b[0]) & BN_MASK2; ++ c += (l < t); ++ r[0] = l; ++ a++; ++ b++; ++ r++; ++ n--; + } + return ((BN_ULONG)c); + } +@@ -432,47 +432,49 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, + if (n <= 0) + return ((BN_ULONG)0); + +- for (;;) { ++#ifndef OPENSSL_SMALL_FOOTPRINT ++ while (n & ~3) { + t1 = a[0]; + t2 = b[0]; + r[0] = (t1 - t2 - c) & BN_MASK2; + if (t1 != t2) + c = (t1 < t2); +- if (--n <= 0) +- break; +- + t1 = a[1]; + t2 = b[1]; + r[1] = (t1 - t2 - c) & BN_MASK2; + if (t1 != t2) + c = (t1 < t2); +- if (--n <= 0) +- break; +- + t1 = a[2]; + t2 = b[2]; + r[2] = (t1 - t2 - c) & BN_MASK2; + if (t1 != t2) + c = (t1 < t2); +- if (--n <= 0) +- break; +- + t1 = a[3]; + t2 = b[3]; + r[3] = (t1 - t2 - c) & BN_MASK2; + if (t1 != t2) + c = (t1 < t2); +- if (--n <= 0) +- break; +- + a += 4; + b += 4; + r += 4; ++ n -= 4; ++ } ++#endif ++ while (n) { ++ t1 = a[0]; ++ t2 = b[0]; ++ r[0] = (t1 - t2 - c) & BN_MASK2; ++ if (t1 != t2) ++ c = (t1 < t2); ++ a++; ++ b++; ++ r++; ++ n--; + } + return (c); + } + +-#ifdef BN_MUL_COMBA ++#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) + + # undef bn_mul_comba8 + # undef bn_mul_comba4 +@@ -487,121 +489,144 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, + * c=(c2,c1,c0) + */ + ++# ifdef BN_LLONG + /* +- * Keep in mind that carrying into high part of multiplication result +- * can not overflow, because it cannot be all-ones. ++ * Keep in mind that additions to multiplication result can not ++ * overflow, because its high half cannot be all-ones. + */ +-# ifdef BN_LLONG +-# define mul_add_c(a,b,c0,c1,c2) \ +- t=(BN_ULLONG)a*b; \ +- t1=(BN_ULONG)Lw(t); \ +- t2=(BN_ULONG)Hw(t); \ +- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ +- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; +- +-# define mul_add_c2(a,b,c0,c1,c2) \ +- t=(BN_ULLONG)a*b; \ +- tt=(t+t)&BN_MASK; \ +- if (tt < t) c2++; \ +- t1=(BN_ULONG)Lw(tt); \ +- t2=(BN_ULONG)Hw(tt); \ +- c0=(c0+t1)&BN_MASK2; \ +- if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \ +- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; +- +-# define sqr_add_c(a,i,c0,c1,c2) \ +- t=(BN_ULLONG)a[i]*a[i]; \ +- t1=(BN_ULONG)Lw(t); \ +- t2=(BN_ULONG)Hw(t); \ +- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ +- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; ++# define mul_add_c(a,b,c0,c1,c2) do { \ ++ BN_ULONG hi; \ ++ BN_ULLONG t = (BN_ULLONG)(a)*(b); \ ++ t += c0; /* no carry */ \ ++ c0 = (BN_ULONG)Lw(t); \ ++ hi = (BN_ULONG)Hw(t); \ ++ c1 = (c1+hi)&BN_MASK2; if (c1 ++/* ++ * This is essentially reference implementation, which may or may not ++ * result in performance improvement. E.g. on IA-32 this routine was ++ * observed to give 40% faster rsa1024 private key operations and 10% ++ * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only ++ * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a ++ * reference implementation, one to be used as starting point for ++ * platform-specific assembler. Mentioned numbers apply to compiler ++ * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and ++ * can vary not only from platform to platform, but even for compiler ++ * versions. Assembler vs. assembler improvement coefficients can ++ * [and are known to] differ and are to be documented elsewhere. ++ */ ++int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ const BN_ULONG *np, const BN_ULONG *n0p, int num) ++{ ++ BN_ULONG c0, c1, ml, *tp, n0; ++# ifdef mul64 ++ BN_ULONG mh; ++# endif ++ volatile BN_ULONG *vp; ++ int i = 0, j; ++ ++# if 0 /* template for platform-specific ++ * implementation */ ++ if (ap == bp) ++ return bn_sqr_mont(rp, ap, np, n0p, num); ++# endif ++ vp = tp = alloca((num + 2) * sizeof(BN_ULONG)); ++ ++ n0 = *n0p; ++ ++ c0 = 0; ++ ml = bp[0]; ++# ifdef mul64 ++ mh = HBITS(ml); ++ ml = LBITS(ml); ++ for (j = 0; j < num; ++j) ++ mul(tp[j], ap[j], ml, mh, c0); ++# else ++ for (j = 0; j < num; ++j) ++ mul(tp[j], ap[j], ml, c0); ++# endif ++ ++ tp[num] = c0; ++ tp[num + 1] = 0; ++ goto enter; ++ ++ for (i = 0; i < num; i++) { ++ c0 = 0; ++ ml = bp[i]; ++# ifdef mul64 ++ mh = HBITS(ml); ++ ml = LBITS(ml); ++ for (j = 0; j < num; ++j) ++ mul_add(tp[j], ap[j], ml, mh, c0); ++# else ++ for (j = 0; j < num; ++j) ++ mul_add(tp[j], ap[j], ml, c0); ++# endif ++ c1 = (tp[num] + c0) & BN_MASK2; ++ tp[num] = c1; ++ tp[num + 1] = (c1 < c0 ? 1 : 0); ++ enter: ++ c1 = tp[0]; ++ ml = (c1 * n0) & BN_MASK2; ++ c0 = 0; ++# ifdef mul64 ++ mh = HBITS(ml); ++ ml = LBITS(ml); ++ mul_add(c1, np[0], ml, mh, c0); ++# else ++ mul_add(c1, ml, np[0], c0); ++# endif ++ for (j = 1; j < num; j++) { ++ c1 = tp[j]; ++# ifdef mul64 ++ mul_add(c1, np[j], ml, mh, c0); ++# else ++ mul_add(c1, ml, np[j], c0); ++# endif ++ tp[j - 1] = c1 & BN_MASK2; ++ } ++ c1 = (tp[num] + c0) & BN_MASK2; ++ tp[num - 1] = c1; ++ tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0); ++ } ++ ++ if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) { ++ c0 = bn_sub_words(rp, tp, np, num); ++ if (tp[num] != 0 || c0 == 0) { ++ for (i = 0; i < num + 2; i++) ++ vp[i] = 0; ++ return 1; ++ } ++ } ++ for (i = 0; i < num; i++) ++ rp[i] = tp[i], vp[i] = 0; ++ vp[num] = 0; ++ vp[num + 1] = 0; ++ return 1; ++} ++# else ++/* ++ * Return value of 0 indicates that multiplication/convolution was not ++ * performed to signal the caller to fall down to alternative/original ++ * code-path. ++ */ ++int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ const BN_ULONG *np, const BN_ULONG *n0, int num) ++{ ++ return 0; ++} ++# endif /* OPENSSL_BN_ASM_MONT */ ++# endif ++ + #else /* !BN_MUL_COMBA */ + + /* hmm... is it faster just to do a multiply? */ + # undef bn_sqr_comba4 +-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) ++void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) + { + BN_ULONG t[8]; + bn_sqr_normal(r, a, 4, t); + } + + # undef bn_sqr_comba8 +-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) ++void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) + { + BN_ULONG t[16]; + bn_sqr_normal(r, a, 8, t); +@@ -917,4 +1038,56 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) + r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]); + } + ++# ifdef OPENSSL_NO_ASM ++# ifdef OPENSSL_BN_ASM_MONT ++# include ++int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ const BN_ULONG *np, const BN_ULONG *n0p, int num) ++{ ++ BN_ULONG c0, c1, *tp, n0 = *n0p; ++ volatile BN_ULONG *vp; ++ int i = 0, j; ++ ++ vp = tp = alloca((num + 2) * sizeof(BN_ULONG)); ++ ++ for (i = 0; i <= num; i++) ++ tp[i] = 0; ++ ++ for (i = 0; i < num; i++) { ++ c0 = bn_mul_add_words(tp, ap, num, bp[i]); ++ c1 = (tp[num] + c0) & BN_MASK2; ++ tp[num] = c1; ++ tp[num + 1] = (c1 < c0 ? 1 : 0); ++ ++ c0 = bn_mul_add_words(tp, np, num, tp[0] * n0); ++ c1 = (tp[num] + c0) & BN_MASK2; ++ tp[num] = c1; ++ tp[num + 1] += (c1 < c0 ? 1 : 0); ++ for (j = 0; j <= num; j++) ++ tp[j] = tp[j + 1]; ++ } ++ ++ if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) { ++ c0 = bn_sub_words(rp, tp, np, num); ++ if (tp[num] != 0 || c0 == 0) { ++ for (i = 0; i < num + 2; i++) ++ vp[i] = 0; ++ return 1; ++ } ++ } ++ for (i = 0; i < num; i++) ++ rp[i] = tp[i], vp[i] = 0; ++ vp[num] = 0; ++ vp[num + 1] = 0; ++ return 1; ++} ++# else ++int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ const BN_ULONG *np, const BN_ULONG *n0, int num) ++{ ++ return 0; ++} ++# endif /* OPENSSL_BN_ASM_MONT */ ++# endif ++ + #endif /* !BN_MUL_COMBA */ +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c +index d74ad2c..d448daa 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c +@@ -1,6 +1,6 @@ + /* crypto/bn/bn_blind.c */ + /* ==================================================================== +- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -120,8 +120,11 @@ struct bn_blinding_st { + BIGNUM *Ai; + BIGNUM *e; + BIGNUM *mod; /* just a reference */ ++#ifndef OPENSSL_NO_DEPRECATED + unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used + * only by crypto/rsa/rsa_eay.c, rsa_lib.c */ ++#endif ++ CRYPTO_THREADID tid; + int counter; + unsigned long flags; + BN_MONT_CTX *m_ctx; +@@ -161,6 +164,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) + * use. + */ + ret->counter = -1; ++ CRYPTO_THREADID_current(&ret->tid); + return (ret); + err: + if (ret != NULL) +@@ -274,6 +278,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + return (ret); + } + ++#ifndef OPENSSL_NO_DEPRECATED + unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) + { + return b->thread_id; +@@ -283,6 +288,12 @@ void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) + { + b->thread_id = n; + } ++#endif ++ ++CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) ++{ ++ return &b->tid; ++} + + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) + { +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +index 1d756a0..526c6a0 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +@@ -155,9 +155,9 @@ static void ctxdbg(BN_CTX *ctx) + unsigned int bnidx = 0, fpidx = 0; + BN_POOL_ITEM *item = ctx->pool.head; + BN_STACK *stack = &ctx->stack; +- fprintf(stderr, "(%08x): ", (unsigned int)ctx); ++ fprintf(stderr, "(%16p): ", ctx); + while (bnidx < ctx->used) { +- fprintf(stderr, "%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); ++ fprintf(stderr, "%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); + if (!(bnidx % BN_CTX_POOL_SIZE)) + item = item->next; + } +@@ -166,8 +166,8 @@ static void ctxdbg(BN_CTX *ctx) + fprintf(stderr, " : "); + while (fpidx < stack->depth) { + while (bnidx++ < stack->indexes[fpidx]) +- fprintf(stderr, " "); +- fprintf(stderr, "^^ "); ++ fprintf(stderr, " "); ++ fprintf(stderr, "^^^ "); + bnidx++; + fpidx++; + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c +index 836e046..72e6ce3 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_div.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_div.c +@@ -150,6 +150,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + * + * + */ ++# undef bn_div_words + # define bn_div_words(n0,n1,d0) \ + ({ asm volatile ( \ + "divl %4" \ +@@ -164,6 +165,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + * Same story here, but it's 128-bit by 64-bit division. Wow! + * + */ ++# undef bn_div_words + # define bn_div_words(n0,n1,d0) \ + ({ asm volatile ( \ + "divq %4" \ +@@ -178,15 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + # endif /* OPENSSL_NO_ASM */ + + /*- +- * BN_div[_no_branch] computes dv := num / divisor, rounding towards ++ * BN_div computes dv := num / divisor, rounding towards + * zero, and sets up rm such that dv*divisor + rm = num holds. + * Thus: + * dv->neg == num->neg ^ divisor->neg (unless the result is zero) + * rm->neg == num->neg (unless the remainder is zero) + * If 'dv' or 'rm' is NULL, the respective value is not returned. + */ +-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, +- const BIGNUM *divisor, BN_CTX *ctx); + int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + BN_CTX *ctx) + { +@@ -195,22 +195,25 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + BN_ULONG *resp, *wnump; + BN_ULONG d0, d1; + int num_n, div_n; ++ int no_branch = 0; + + /* +- * Invalid zero-padding would have particularly bad consequences in the +- * case of 'num', so don't just rely on bn_check_top() for this one +- * (bn_check_top() works only for BN_DEBUG builds) ++ * Invalid zero-padding would have particularly bad consequences so don't ++ * just rely on bn_check_top() here (bn_check_top() works only for ++ * BN_DEBUG builds) + */ +- if (num->top > 0 && num->d[num->top - 1] == 0) { ++ if ((num->top > 0 && num->d[num->top - 1] == 0) || ++ (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) { + BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED); + return 0; + } + + bn_check_top(num); ++ bn_check_top(divisor); + + if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) + || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { +- return BN_div_no_branch(dv, rm, num, divisor, ctx); ++ no_branch = 1; + } + + bn_check_top(dv); +@@ -218,14 +221,16 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + /*- bn_check_top(num); *//* + * 'num' has been checked already + */ +- bn_check_top(divisor); ++ /*- bn_check_top(divisor); *//* ++ * 'divisor' has been checked already ++ */ + + if (BN_is_zero(divisor)) { + BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); + return (0); + } + +- if (BN_ucmp(num, divisor) < 0) { ++ if (!no_branch && BN_ucmp(num, divisor) < 0) { + if (rm != NULL) { + if (BN_copy(rm, num) == NULL) + return (0); +@@ -255,257 +260,24 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + if (!(BN_lshift(snum, num, norm_shift))) + goto err; + snum->neg = 0; +- div_n = sdiv->top; +- num_n = snum->top; +- loop = num_n - div_n; +- /* +- * Lets setup a 'window' into snum This is the part that corresponds to +- * the current 'area' being divided +- */ +- wnum.neg = 0; +- wnum.d = &(snum->d[loop]); +- wnum.top = div_n; +- /* +- * only needed when BN_ucmp messes up the values between top and max +- */ +- wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ +- +- /* Get the top 2 words of sdiv */ +- /* div_n=sdiv->top; */ +- d0 = sdiv->d[div_n - 1]; +- d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; +- +- /* pointer to the 'top' of snum */ +- wnump = &(snum->d[num_n - 1]); + +- /* Setup to 'res' */ +- res->neg = (num->neg ^ divisor->neg); +- if (!bn_wexpand(res, (loop + 1))) +- goto err; +- res->top = loop; +- resp = &(res->d[loop - 1]); +- +- /* space for temp */ +- if (!bn_wexpand(tmp, (div_n + 1))) +- goto err; +- +- if (BN_ucmp(&wnum, sdiv) >= 0) { ++ if (no_branch) { + /* +- * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) the +- * const bignum arguments => clean the values between top and max +- * again ++ * Since we don't know whether snum is larger than sdiv, we pad snum ++ * with enough zeroes without changing its value. + */ +- bn_clear_top2max(&wnum); +- bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); +- *resp = 1; +- } else +- res->top--; +- /* +- * if res->top == 0 then clear the neg value otherwise decrease the resp +- * pointer +- */ +- if (res->top == 0) +- res->neg = 0; +- else +- resp--; +- +- for (i = 0; i < loop - 1; i++, wnump--, resp--) { +- BN_ULONG q, l0; +- /* +- * the first part of the loop uses the top two words of snum and sdiv +- * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv +- */ +-# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) +- BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG); +- q = bn_div_3_words(wnump, d1, d0); +-# else +- BN_ULONG n0, n1, rem = 0; +- +- n0 = wnump[0]; +- n1 = wnump[-1]; +- if (n0 == d0) +- q = BN_MASK2; +- else { /* n0 < d0 */ +- +-# ifdef BN_LLONG +- BN_ULLONG t2; +- +-# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) +- q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); +-# else +- q = bn_div_words(n0, n1, d0); +-# ifdef BN_DEBUG_LEVITTE +- fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ +-X) -> 0x%08X\n", n0, n1, d0, q); +-# endif +-# endif +- +-# ifndef REMAINDER_IS_ALREADY_CALCULATED +- /* +- * rem doesn't have to be BN_ULLONG. The least we +- * know it's less that d0, isn't it? +- */ +- rem = (n1 - q * d0) & BN_MASK2; +-# endif +- t2 = (BN_ULLONG) d1 *q; +- +- for (;;) { +- if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2])) +- break; +- q--; +- rem += d0; +- if (rem < d0) +- break; /* don't let rem overflow */ +- t2 -= d1; +- } +-# else /* !BN_LLONG */ +- BN_ULONG t2l, t2h; +-# if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) +- BN_ULONG ql, qh; +-# endif +- +- q = bn_div_words(n0, n1, d0); +-# ifdef BN_DEBUG_LEVITTE +- fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ +-X) -> 0x%08X\n", n0, n1, d0, q); +-# endif +-# ifndef REMAINDER_IS_ALREADY_CALCULATED +- rem = (n1 - q * d0) & BN_MASK2; +-# endif +- +-# if defined(BN_UMULT_LOHI) +- BN_UMULT_LOHI(t2l, t2h, d1, q); +-# elif defined(BN_UMULT_HIGH) +- t2l = d1 * q; +- t2h = BN_UMULT_HIGH(d1, q); +-# else +- t2l = LBITS(d1); +- t2h = HBITS(d1); +- ql = LBITS(q); +- qh = HBITS(q); +- mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ +-# endif +- +- for (;;) { +- if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) +- break; +- q--; +- rem += d0; +- if (rem < d0) +- break; /* don't let rem overflow */ +- if (t2l < d1) +- t2h--; +- t2l -= d1; +- } +-# endif /* !BN_LLONG */ ++ if (snum->top <= sdiv->top + 1) { ++ if (bn_wexpand(snum, sdiv->top + 2) == NULL) ++ goto err; ++ for (i = snum->top; i < sdiv->top + 2; i++) ++ snum->d[i] = 0; ++ snum->top = sdiv->top + 2; ++ } else { ++ if (bn_wexpand(snum, snum->top + 1) == NULL) ++ goto err; ++ snum->d[snum->top] = 0; ++ snum->top++; + } +-# endif /* !BN_DIV3W */ +- +- l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); +- tmp->d[div_n] = l0; +- wnum.d--; +- /* +- * ingore top values of the bignums just sub the two BN_ULONG arrays +- * with bn_sub_words +- */ +- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { +- /* +- * Note: As we have considered only the leading two BN_ULONGs in +- * the calculation of q, sdiv * q might be greater than wnum (but +- * then (q-1) * sdiv is less or equal than wnum) +- */ +- q--; +- if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) +- /* +- * we can't have an overflow here (assuming that q != 0, but +- * if q == 0 then tmp is zero anyway) +- */ +- (*wnump)++; +- } +- /* store part of the result */ +- *resp = q; +- } +- bn_correct_top(snum); +- if (rm != NULL) { +- /* +- * Keep a copy of the neg flag in num because if rm==num BN_rshift() +- * will overwrite it. +- */ +- int neg = num->neg; +- BN_rshift(rm, snum, norm_shift); +- if (!BN_is_zero(rm)) +- rm->neg = neg; +- bn_check_top(rm); +- } +- BN_CTX_end(ctx); +- return (1); +- err: +- bn_check_top(rm); +- BN_CTX_end(ctx); +- return (0); +-} +- +-/* +- * BN_div_no_branch is a special version of BN_div. It does not contain +- * branches that may leak sensitive information. +- */ +-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, +- const BIGNUM *divisor, BN_CTX *ctx) +-{ +- int norm_shift, i, loop; +- BIGNUM *tmp, wnum, *snum, *sdiv, *res; +- BN_ULONG *resp, *wnump; +- BN_ULONG d0, d1; +- int num_n, div_n; +- +- bn_check_top(dv); +- bn_check_top(rm); +- /*- bn_check_top(num); *//* +- * 'num' has been checked in BN_div() +- */ +- bn_check_top(divisor); +- +- if (BN_is_zero(divisor)) { +- BNerr(BN_F_BN_DIV_NO_BRANCH, BN_R_DIV_BY_ZERO); +- return (0); +- } +- +- BN_CTX_start(ctx); +- tmp = BN_CTX_get(ctx); +- snum = BN_CTX_get(ctx); +- sdiv = BN_CTX_get(ctx); +- if (dv == NULL) +- res = BN_CTX_get(ctx); +- else +- res = dv; +- if (sdiv == NULL || res == NULL) +- goto err; +- +- /* First we normalise the numbers */ +- norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); +- if (!(BN_lshift(sdiv, divisor, norm_shift))) +- goto err; +- sdiv->neg = 0; +- norm_shift += BN_BITS2; +- if (!(BN_lshift(snum, num, norm_shift))) +- goto err; +- snum->neg = 0; +- +- /* +- * Since we don't know whether snum is larger than sdiv, we pad snum with +- * enough zeroes without changing its value. +- */ +- if (snum->top <= sdiv->top + 1) { +- if (bn_wexpand(snum, sdiv->top + 2) == NULL) +- goto err; +- for (i = snum->top; i < sdiv->top + 2; i++) +- snum->d[i] = 0; +- snum->top = sdiv->top + 2; +- } else { +- if (bn_wexpand(snum, snum->top + 1) == NULL) +- goto err; +- snum->d[snum->top] = 0; +- snum->top++; + } + + div_n = sdiv->top; +@@ -535,13 +307,27 @@ static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, + res->neg = (num->neg ^ divisor->neg); + if (!bn_wexpand(res, (loop + 1))) + goto err; +- res->top = loop - 1; ++ res->top = loop - no_branch; + resp = &(res->d[loop - 1]); + + /* space for temp */ + if (!bn_wexpand(tmp, (div_n + 1))) + goto err; + ++ if (!no_branch) { ++ if (BN_ucmp(&wnum, sdiv) >= 0) { ++ /* ++ * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) ++ * the const bignum arguments => clean the values between top and ++ * max again ++ */ ++ bn_clear_top2max(&wnum); ++ bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); ++ *resp = 1; ++ } else ++ res->top--; ++ } ++ + /* + * if res->top == 0 then clear the neg value otherwise decrease the resp + * pointer +@@ -602,9 +388,6 @@ X) -> 0x%08X\n", n0, n1, d0, q); + } + # else /* !BN_LLONG */ + BN_ULONG t2l, t2h; +-# if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) +- BN_ULONG ql, qh; +-# endif + + q = bn_div_words(n0, n1, d0); + # ifdef BN_DEBUG_LEVITTE +@@ -621,11 +404,14 @@ X) -> 0x%08X\n", n0, n1, d0, q); + t2l = d1 * q; + t2h = BN_UMULT_HIGH(d1, q); + # else +- t2l = LBITS(d1); +- t2h = HBITS(d1); +- ql = LBITS(q); +- qh = HBITS(q); +- mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ ++ { ++ BN_ULONG ql, qh; ++ t2l = LBITS(d1); ++ t2h = HBITS(d1); ++ ql = LBITS(q); ++ qh = HBITS(q); ++ mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ ++ } + # endif + + for (;;) { +@@ -679,7 +465,8 @@ X) -> 0x%08X\n", n0, n1, d0, q); + rm->neg = neg; + bn_check_top(rm); + } +- bn_correct_top(res); ++ if (no_branch) ++ bn_correct_top(res); + BN_CTX_end(ctx); + return (1); + err: +@@ -687,5 +474,4 @@ X) -> 0x%08X\n", n0, n1, d0, q); + BN_CTX_end(ctx); + return (0); + } +- + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c +index faa7e22..e7a7038 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_err.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_err.c +@@ -1,6 +1,6 @@ + /* crypto/bn/bn_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = { + {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, + {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, + {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, ++ {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, + {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, + {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, + {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, +@@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = { + {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, + {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, + {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, ++ {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, + {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, + {0, NULL} + }; +@@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { + {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, + {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, + {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, ++ {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, + {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, + {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, + {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, +@@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { + {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, + {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, + {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, ++ {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, + {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, + {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, + {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +index ef67843..24afdd6 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +@@ -112,6 +112,29 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + ++#include ++#ifdef _WIN32 ++# include ++# ifndef alloca ++# define alloca _alloca ++# endif ++#elif defined(__GNUC__) ++# ifndef alloca ++# define alloca(s) __builtin_alloca((s)) ++# endif ++#elif defined(__sun) ++# include ++#endif ++ ++#include "rsaz_exp.h" ++ ++#undef SPARC_T4_MONT ++#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc)) ++# include "sparc_arch.h" ++extern unsigned int OPENSSL_sparcv9cap_P[]; ++# define SPARC_T4_MONT ++#endif ++ + /* maximum precomputation table size for *variable* sliding windows */ + #define TABLE_SIZE 32 + +@@ -156,10 +179,10 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + goto err; + } + } +- ret = 1; +- err: + if (r != rr) + BN_copy(r, rr); ++ ret = 1; ++ err: + BN_CTX_end(ctx); + bn_check_top(r); + return (ret); +@@ -452,6 +475,23 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + wstart = bits - 1; /* The top bit of the window */ + wend = 0; /* The bottom bit of the window */ + ++#if 1 /* by Shay Gueron's suggestion */ ++ j = m->top; /* borrow j */ ++ if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { ++ if (bn_wexpand(r, j) == NULL) ++ goto err; ++ /* 2^(top*BN_BITS2) - m */ ++ r->d[0] = (0 - m->d[0]) & BN_MASK2; ++ for (i = 1; i < j; i++) ++ r->d[i] = (~m->d[i]) & BN_MASK2; ++ r->top = j; ++ /* ++ * Upper words will be zero if the corresponding words of 'm' were ++ * 0xfff[...], so decrement r->top accordingly. ++ */ ++ bn_correct_top(r); ++ } else ++#endif + if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) + goto err; + for (;;) { +@@ -503,6 +543,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + if (wstart < 0) + break; + } ++#if defined(SPARC_T4_MONT) ++ if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { ++ j = mont->N.top; /* borrow j */ ++ val[0]->d[0] = 1; /* borrow val[0] */ ++ for (i = 1; i < j; i++) ++ val[0]->d[i] = 0; ++ val[0]->top = j; ++ if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx)) ++ goto err; ++ } else ++#endif + if (!BN_from_montgomery(rr, r, mont, ctx)) + goto err; + ret = 1; +@@ -514,6 +565,27 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + return (ret); + } + ++#if defined(SPARC_T4_MONT) ++static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) ++{ ++ BN_ULONG ret = 0; ++ int wordpos; ++ ++ wordpos = bitpos / BN_BITS2; ++ bitpos %= BN_BITS2; ++ if (wordpos >= 0 && wordpos < a->top) { ++ ret = a->d[wordpos] & BN_MASK2; ++ if (bitpos) { ++ ret >>= bitpos; ++ if (++wordpos < a->top) ++ ret |= a->d[wordpos] << (BN_BITS2 - bitpos); ++ } ++ } ++ ++ return ret & BN_MASK2; ++} ++#endif ++ + /* + * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific + * layout so that accessing any of these table values shows the same access +@@ -521,23 +593,19 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + * used to transfer a BIGNUM from/to that table. + */ + +-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, ++static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, + unsigned char *buf, int idx, + int width) + { + size_t i, j; + +- if (bn_wexpand(b, top) == NULL) +- return 0; +- while (b->top < top) { +- b->d[b->top++] = 0; +- } +- ++ if (top > b->top) ++ top = b->top; /* this works because 'buf' is explicitly ++ * zeroed */ + for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) { + buf[j] = ((unsigned char *)b->d)[i]; + } + +- bn_correct_top(b); + return 1; + } + +@@ -564,7 +632,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, + * multiple. + */ + #define MOD_EXP_CTIME_ALIGN(x_) \ +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) ++ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) + + /* + * This variant of BN_mod_exp_mont() uses fixed windows and the special +@@ -577,17 +645,18 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) + { +- int i, bits, ret = 0, idx, window, wvalue; ++ int i, bits, ret = 0, window, wvalue; + int top; +- BIGNUM *r; +- const BIGNUM *aa; + BN_MONT_CTX *mont = NULL; + + int numPowers; + unsigned char *powerbufFree = NULL; + int powerbufLen = 0; + unsigned char *powerbuf = NULL; +- BIGNUM *computeTemp = NULL, *am = NULL; ++ BIGNUM tmp, am; ++#if defined(SPARC_T4_MONT) ++ unsigned int t4 = 0; ++#endif + + bn_check_top(a); + bn_check_top(p); +@@ -605,11 +674,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + return ret; + } + +- /* Initialize BIGNUM context and allocate intermediate result */ + BN_CTX_start(ctx); +- r = BN_CTX_get(ctx); +- if (r == NULL) +- goto err; + + /* + * Allocate a montgomery context if it was not supplied by the caller. If +@@ -624,111 +689,436 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + goto err; + } + ++#ifdef RSAZ_ENABLED ++ /* ++ * If the size of the operands allow it, perform the optimized ++ * RSAZ exponentiation. For further information see ++ * crypto/bn/rsaz_exp.c and accompanying assembly modules. ++ */ ++ if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024) ++ && rsaz_avx2_eligible()) { ++ if (NULL == bn_wexpand(rr, 16)) ++ goto err; ++ RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, ++ mont->n0[0]); ++ rr->top = 16; ++ rr->neg = 0; ++ bn_correct_top(rr); ++ ret = 1; ++ goto err; ++ } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) { ++ if (NULL == bn_wexpand(rr, 8)) ++ goto err; ++ RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d); ++ rr->top = 8; ++ rr->neg = 0; ++ bn_correct_top(rr); ++ ret = 1; ++ goto err; ++ } ++#endif ++ + /* Get the window size to use with size of p. */ + window = BN_window_bits_for_ctime_exponent_size(bits); ++#if defined(SPARC_T4_MONT) ++ if (window >= 5 && (top & 15) == 0 && top <= 64 && ++ (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) == ++ (CFR_MONTMUL | CFR_MONTSQR) && (t4 = OPENSSL_sparcv9cap_P[0])) ++ window = 5; ++ else ++#endif ++#if defined(OPENSSL_BN_ASM_MONT5) ++ if (window >= 5) { ++ window = 5; /* ~5% improvement for RSA2048 sign, and even ++ * for RSA4096 */ ++ if ((top & 7) == 0) ++ powerbufLen += 2 * top * sizeof(m->d[0]); ++ } ++#endif ++ (void)0; + + /* + * Allocate a buffer large enough to hold all of the pre-computed powers +- * of a. ++ * of am, am itself and tmp. + */ + numPowers = 1 << window; +- powerbufLen = sizeof(m->d[0]) * top * numPowers; +- if ((powerbufFree = +- (unsigned char *)OPENSSL_malloc(powerbufLen + +- MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) +- == NULL) ++ powerbufLen += sizeof(m->d[0]) * (top * numPowers + ++ ((2 * top) > ++ numPowers ? (2 * top) : numPowers)); ++#ifdef alloca ++ if (powerbufLen < 3072) ++ powerbufFree = ++ alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); ++ else ++#endif ++ if ((powerbufFree = ++ (unsigned char *)OPENSSL_malloc(powerbufLen + ++ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) ++ == NULL) + goto err; + + powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); + memset(powerbuf, 0, powerbufLen); + +- /* +- * Initialize the intermediate result. Do this early to save double +- * conversion, once each for a^0 and intermediate result. +- */ +- if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) +- goto err; +- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) +- goto err; ++#ifdef alloca ++ if (powerbufLen < 3072) ++ powerbufFree = NULL; ++#endif + +- /* Initialize computeTemp as a^1 with montgomery precalcs */ +- computeTemp = BN_CTX_get(ctx); +- am = BN_CTX_get(ctx); +- if (computeTemp == NULL || am == NULL) ++ /* lay down tmp and am right after powers table */ ++ tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers); ++ am.d = tmp.d + top; ++ tmp.top = am.top = 0; ++ tmp.dmax = am.dmax = top; ++ tmp.neg = am.neg = 0; ++ tmp.flags = am.flags = BN_FLG_STATIC_DATA; ++ ++ /* prepare a^0 in Montgomery domain */ ++#if 1 /* by Shay Gueron's suggestion */ ++ if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { ++ /* 2^(top*BN_BITS2) - m */ ++ tmp.d[0] = (0 - m->d[0]) & BN_MASK2; ++ for (i = 1; i < top; i++) ++ tmp.d[i] = (~m->d[i]) & BN_MASK2; ++ tmp.top = top; ++ } else ++#endif ++ if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) + goto err; + ++ /* prepare a^1 in Montgomery domain */ + if (a->neg || BN_ucmp(a, m) >= 0) { +- if (!BN_mod(am, a, m, ctx)) ++ if (!BN_mod(&am, a, m, ctx)) + goto err; +- aa = am; +- } else +- aa = a; +- if (!BN_to_montgomery(am, aa, mont, ctx)) +- goto err; +- if (!BN_copy(computeTemp, am)) +- goto err; +- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) ++ if (!BN_to_montgomery(&am, &am, mont, ctx)) ++ goto err; ++ } else if (!BN_to_montgomery(&am, a, mont, ctx)) + goto err; + +- /* +- * If the window size is greater than 1, then calculate +- * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even powers +- * could instead be computed as (a^(i/2))^2 to use the slight performance +- * advantage of sqr over mul). +- */ +- if (window > 1) { +- for (i = 2; i < numPowers; i++) { ++#if defined(SPARC_T4_MONT) ++ if (t4) { ++ typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np, ++ const BN_ULONG *n0, const void *table, ++ int power, int bits); ++ int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np, ++ const BN_ULONG *n0, const void *table, ++ int power, int bits); ++ int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np, ++ const BN_ULONG *n0, const void *table, ++ int power, int bits); ++ int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np, ++ const BN_ULONG *n0, const void *table, ++ int power, int bits); ++ int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np, ++ const BN_ULONG *n0, const void *table, ++ int power, int bits); ++ static const bn_pwr5_mont_f pwr5_funcs[4] = { ++ bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16, ++ bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32 ++ }; ++ bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1]; ++ ++ typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap, ++ const void *bp, const BN_ULONG *np, ++ const BN_ULONG *n0); ++ int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, ++ const BN_ULONG *np, const BN_ULONG *n0); ++ int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, ++ const void *bp, const BN_ULONG *np, ++ const BN_ULONG *n0); ++ int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, ++ const void *bp, const BN_ULONG *np, ++ const BN_ULONG *n0); ++ int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, ++ const void *bp, const BN_ULONG *np, ++ const BN_ULONG *n0); ++ static const bn_mul_mont_f mul_funcs[4] = { ++ bn_mul_mont_t4_8, bn_mul_mont_t4_16, ++ bn_mul_mont_t4_24, bn_mul_mont_t4_32 ++ }; ++ bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1]; ++ ++ void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, ++ const void *bp, const BN_ULONG *np, ++ const BN_ULONG *n0, int num); ++ void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap, ++ const void *bp, const BN_ULONG *np, ++ const BN_ULONG *n0, int num); ++ void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap, ++ const void *table, const BN_ULONG *np, ++ const BN_ULONG *n0, int num, int power); ++ void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num, ++ void *table, size_t power); ++ void bn_gather5_t4(BN_ULONG *out, size_t num, ++ void *table, size_t power); ++ void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num); ++ ++ BN_ULONG *np = mont->N.d, *n0 = mont->n0; ++ int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less ++ * than 32 */ ++ ++ /* ++ * BN_to_montgomery can contaminate words above .top [in ++ * BN_DEBUG[_DEBUG] build]... ++ */ ++ for (i = am.top; i < top; i++) ++ am.d[i] = 0; ++ for (i = tmp.top; i < top; i++) ++ tmp.d[i] = 0; ++ ++ bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0); ++ bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1); ++ if (!(*mul_worker) (tmp.d, am.d, am.d, np, n0) && ++ !(*mul_worker) (tmp.d, am.d, am.d, np, n0)) ++ bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top); ++ bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2); ++ ++ for (i = 3; i < 32; i++) { + /* Calculate a^i = a^(i-1) * a */ +- if (!BN_mod_mul_montgomery +- (computeTemp, am, computeTemp, mont, ctx)) +- goto err; +- if (!MOD_EXP_CTIME_COPY_TO_PREBUF +- (computeTemp, top, powerbuf, i, numPowers)) +- goto err; ++ if (!(*mul_worker) (tmp.d, tmp.d, am.d, np, n0) && ++ !(*mul_worker) (tmp.d, tmp.d, am.d, np, n0)) ++ bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top); ++ bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i); + } +- } + +- /* +- * Adjust the number of bits up to a multiple of the window size. If the +- * exponent length is not a multiple of the window size, then this pads +- * the most significant bits with zeros to normalize the scanning loop to +- * there's no special cases. * NOTE: Making the window size a power of +- * two less than the native * word size ensures that the padded bits +- * won't go past the last * word in the internal BIGNUM structure. Going +- * past the end will * still produce the correct result, but causes a +- * different branch * to be taken in the BN_is_bit_set function. +- */ +- bits = ((bits + window - 1) / window) * window; +- idx = bits - 1; /* The top bit of the window */ ++ /* switch to 64-bit domain */ ++ np = alloca(top * sizeof(BN_ULONG)); ++ top /= 2; ++ bn_flip_t4(np, mont->N.d, top); + +- /* +- * Scan the exponent one window at a time starting from the most +- * significant bits. +- */ +- while (idx >= 0) { +- wvalue = 0; /* The 'value' of the window */ ++ bits--; ++ for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) ++ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); ++ bn_gather5_t4(tmp.d, top, powerbuf, wvalue); + +- /* Scan the window, squaring the result as we go */ +- for (i = 0; i < window; i++, idx--) { +- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) +- goto err; +- wvalue = (wvalue << 1) + BN_is_bit_set(p, idx); ++ /* ++ * Scan the exponent one window at a time starting from the most ++ * significant bits. ++ */ ++ while (bits >= 0) { ++ if (bits < stride) ++ stride = bits + 1; ++ bits -= stride; ++ wvalue = bn_get_bits(p, bits + 1); ++ ++ if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) ++ continue; ++ /* retry once and fall back */ ++ if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) ++ continue; ++ ++ bits += stride - 5; ++ wvalue >>= stride - 5; ++ wvalue &= 31; ++ bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top, ++ wvalue); + } + ++ bn_flip_t4(tmp.d, tmp.d, top); ++ top *= 2; ++ /* back to 32-bit domain */ ++ tmp.top = top; ++ bn_correct_top(&tmp); ++ OPENSSL_cleanse(np, top * sizeof(BN_ULONG)); ++ } else ++#endif ++#if defined(OPENSSL_BN_ASM_MONT5) ++ if (window == 5 && top > 1) { + /* +- * Fetch the appropriate pre-computed value from the pre-buf ++ * This optimization uses ideas from http://eprint.iacr.org/2011/239, ++ * specifically optimization of cache-timing attack countermeasures ++ * and pre-computation optimization. + */ +- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF +- (computeTemp, top, powerbuf, wvalue, numPowers)) ++ ++ /* ++ * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as ++ * 512-bit RSA is hardly relevant, we omit it to spare size... ++ */ ++ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, ++ const void *table, const BN_ULONG *np, ++ const BN_ULONG *n0, int num, int power); ++ void bn_scatter5(const BN_ULONG *inp, size_t num, ++ void *table, size_t power); ++ void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power); ++ void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, ++ const void *table, const BN_ULONG *np, ++ const BN_ULONG *n0, int num, int power); ++ int bn_get_bits5(const BN_ULONG *ap, int off); ++ int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap, ++ const BN_ULONG *not_used, const BN_ULONG *np, ++ const BN_ULONG *n0, int num); ++ ++ BN_ULONG *np = mont->N.d, *n0 = mont->n0, *np2; ++ ++ /* ++ * BN_to_montgomery can contaminate words above .top [in ++ * BN_DEBUG[_DEBUG] build]... ++ */ ++ for (i = am.top; i < top; i++) ++ am.d[i] = 0; ++ for (i = tmp.top; i < top; i++) ++ tmp.d[i] = 0; ++ ++ if (top & 7) ++ np2 = np; ++ else ++ for (np2 = am.d + top, i = 0; i < top; i++) ++ np2[2 * i] = np[i]; ++ ++ bn_scatter5(tmp.d, top, powerbuf, 0); ++ bn_scatter5(am.d, am.top, powerbuf, 1); ++ bn_mul_mont(tmp.d, am.d, am.d, np, n0, top); ++ bn_scatter5(tmp.d, top, powerbuf, 2); ++ ++# if 0 ++ for (i = 3; i < 32; i++) { ++ /* Calculate a^i = a^(i-1) * a */ ++ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1); ++ bn_scatter5(tmp.d, top, powerbuf, i); ++ } ++# else ++ /* same as above, but uses squaring for 1/2 of operations */ ++ for (i = 4; i < 32; i *= 2) { ++ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_scatter5(tmp.d, top, powerbuf, i); ++ } ++ for (i = 3; i < 8; i += 2) { ++ int j; ++ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1); ++ bn_scatter5(tmp.d, top, powerbuf, i); ++ for (j = 2 * i; j < 32; j *= 2) { ++ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_scatter5(tmp.d, top, powerbuf, j); ++ } ++ } ++ for (; i < 16; i += 2) { ++ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1); ++ bn_scatter5(tmp.d, top, powerbuf, i); ++ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_scatter5(tmp.d, top, powerbuf, 2 * i); ++ } ++ for (; i < 32; i += 2) { ++ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1); ++ bn_scatter5(tmp.d, top, powerbuf, i); ++ } ++# endif ++ bits--; ++ for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) ++ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); ++ bn_gather5(tmp.d, top, powerbuf, wvalue); ++ ++ /* ++ * Scan the exponent one window at a time starting from the most ++ * significant bits. ++ */ ++ if (top & 7) ++ while (bits >= 0) { ++ for (wvalue = 0, i = 0; i < 5; i++, bits--) ++ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); ++ ++ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); ++ bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, ++ wvalue); ++ } else { ++ while (bits >= 0) { ++ wvalue = bn_get_bits5(p->d, bits - 4); ++ bits -= 5; ++ bn_power5(tmp.d, tmp.d, powerbuf, np2, n0, top, wvalue); ++ } ++ } ++ ++ ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np2, n0, top); ++ tmp.top = top; ++ bn_correct_top(&tmp); ++ if (ret) { ++ if (!BN_copy(rr, &tmp)) ++ ret = 0; ++ goto err; /* non-zero ret means it's not error */ ++ } ++ } else ++#endif ++ { ++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers)) + goto err; ++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers)) ++ goto err; ++ ++ /* ++ * If the window size is greater than 1, then calculate ++ * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even ++ * powers could instead be computed as (a^(i/2))^2 to use the slight ++ * performance advantage of sqr over mul). ++ */ ++ if (window > 1) { ++ if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx)) ++ goto err; ++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF ++ (&tmp, top, powerbuf, 2, numPowers)) ++ goto err; ++ for (i = 3; i < numPowers; i++) { ++ /* Calculate a^i = a^(i-1) * a */ ++ if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) ++ goto err; ++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF ++ (&tmp, top, powerbuf, i, numPowers)) ++ goto err; ++ } ++ } + +- /* Multiply the result into the intermediate result */ +- if (!BN_mod_mul_montgomery(r, r, computeTemp, mont, ctx)) ++ bits--; ++ for (wvalue = 0, i = bits % window; i >= 0; i--, bits--) ++ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); ++ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF ++ (&tmp, top, powerbuf, wvalue, numPowers)) + goto err; ++ ++ /* ++ * Scan the exponent one window at a time starting from the most ++ * significant bits. ++ */ ++ while (bits >= 0) { ++ wvalue = 0; /* The 'value' of the window */ ++ ++ /* Scan the window, squaring the result as we go */ ++ for (i = 0; i < window; i++, bits--) { ++ if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) ++ goto err; ++ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); ++ } ++ ++ /* ++ * Fetch the appropriate pre-computed value from the pre-buf ++ */ ++ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF ++ (&am, top, powerbuf, wvalue, numPowers)) ++ goto err; ++ ++ /* Multiply the result into the intermediate result */ ++ if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) ++ goto err; ++ } + } + + /* Convert the final result from montgomery to standard format */ +- if (!BN_from_montgomery(rr, r, mont, ctx)) ++#if defined(SPARC_T4_MONT) ++ if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { ++ am.d[0] = 1; /* borrow am */ ++ for (i = 1; i < top; i++) ++ am.d[i] = 0; ++ if (!BN_mod_mul_montgomery(rr, &tmp, &am, mont, ctx)) ++ goto err; ++ } else ++#endif ++ if (!BN_from_montgomery(rr, &tmp, mont, ctx)) + goto err; + ret = 1; + err: +@@ -736,12 +1126,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + BN_MONT_CTX_free(mont); + if (powerbuf != NULL) { + OPENSSL_cleanse(powerbuf, powerbufLen); +- OPENSSL_free(powerbufFree); ++ if (powerbufFree) ++ OPENSSL_free(powerbufFree); + } +- if (am != NULL) +- BN_clear(am); +- if (computeTemp != NULL) +- BN_clear(computeTemp); + BN_CTX_end(ctx); + return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +index cd5f86b..97c55ab 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +@@ -222,8 +222,9 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) + static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx); +-BIGNUM *BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, +- BN_CTX *ctx) ++ ++BIGNUM *BN_mod_inverse(BIGNUM *in, ++ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) + { + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM *ret = NULL; +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +index 3386f72..cfa1c7c 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +@@ -95,146 +95,47 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + ++#ifndef OPENSSL_NO_EC2M ++ + /* + * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should + * fail. + */ +-#define MAX_ITERATIONS 50 ++# define MAX_ITERATIONS 50 + + static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, + 64, 65, 68, 69, 80, 81, 84, 85 + }; + + /* Platform-specific macros to accelerate squaring. */ +-#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +-# define SQR1(w) \ ++# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) ++# define SQR1(w) \ + SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ + SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ + SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ + SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] +-# define SQR0(w) \ ++# define SQR0(w) \ + SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ + SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ + SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] +-#endif +-#ifdef THIRTY_TWO_BIT +-# define SQR1(w) \ ++# endif ++# ifdef THIRTY_TWO_BIT ++# define SQR1(w) \ + SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ + SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] +-# define SQR0(w) \ ++# define SQR0(w) \ + SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] +-#endif +-#ifdef SIXTEEN_BIT +-# define SQR1(w) \ +- SQR_tb[(w) >> 12 & 0xF] << 8 | SQR_tb[(w) >> 8 & 0xF] +-# define SQR0(w) \ +- SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] +-#endif +-#ifdef EIGHT_BIT +-# define SQR1(w) \ +- SQR_tb[(w) >> 4 & 0xF] +-# define SQR0(w) \ +- SQR_tb[(w) & 15] +-#endif ++# endif + ++# if !defined(OPENSSL_BN_ASM_GF2m) + /* + * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is + * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that + * the variables have the right amount of space allocated. + */ +-#ifdef EIGHT_BIT +-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, +- const BN_ULONG b) +-{ +- register BN_ULONG h, l, s; +- BN_ULONG tab[4], top1b = a >> 7; +- register BN_ULONG a1, a2; +- +- a1 = a & (0x7F); +- a2 = a1 << 1; +- +- tab[0] = 0; +- tab[1] = a1; +- tab[2] = a2; +- tab[3] = a1 ^ a2; +- +- s = tab[b & 0x3]; +- l = s; +- s = tab[b >> 2 & 0x3]; +- l ^= s << 2; +- h = s >> 6; +- s = tab[b >> 4 & 0x3]; +- l ^= s << 4; +- h ^= s >> 4; +- s = tab[b >> 6]; +- l ^= s << 6; +- h ^= s >> 2; +- +- /* compensate for the top bit of a */ +- +- if (top1b & 01) { +- l ^= b << 7; +- h ^= b >> 1; +- } +- +- *r1 = h; +- *r0 = l; +-} +-#endif +-#ifdef SIXTEEN_BIT +-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, +- const BN_ULONG b) +-{ +- register BN_ULONG h, l, s; +- BN_ULONG tab[4], top1b = a >> 15; +- register BN_ULONG a1, a2; +- +- a1 = a & (0x7FFF); +- a2 = a1 << 1; +- +- tab[0] = 0; +- tab[1] = a1; +- tab[2] = a2; +- tab[3] = a1 ^ a2; +- +- s = tab[b & 0x3]; +- l = s; +- s = tab[b >> 2 & 0x3]; +- l ^= s << 2; +- h = s >> 14; +- s = tab[b >> 4 & 0x3]; +- l ^= s << 4; +- h ^= s >> 12; +- s = tab[b >> 6 & 0x3]; +- l ^= s << 6; +- h ^= s >> 10; +- s = tab[b >> 8 & 0x3]; +- l ^= s << 8; +- h ^= s >> 8; +- s = tab[b >> 10 & 0x3]; +- l ^= s << 10; +- h ^= s >> 6; +- s = tab[b >> 12 & 0x3]; +- l ^= s << 12; +- h ^= s >> 4; +- s = tab[b >> 14]; +- l ^= s << 14; +- h ^= s >> 2; +- +- /* compensate for the top bit of a */ +- +- if (top1b & 01) { +- l ^= b << 15; +- h ^= b >> 1; +- } +- +- *r1 = h; +- *r0 = l; +-} +-#endif +-#ifdef THIRTY_TWO_BIT ++# ifdef THIRTY_TWO_BIT + static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, + const BN_ULONG b) + { +@@ -302,8 +203,8 @@ static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, + *r1 = h; + *r0 = l; + } +-#endif +-#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) ++# endif ++# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) + static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, + const BN_ULONG b) + { +@@ -399,7 +300,7 @@ static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, + *r1 = h; + *r0 = l; + } +-#endif ++# endif + + /* + * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, +@@ -418,6 +319,10 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, + r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ + r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ + } ++# else ++void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, ++ BN_ULONG b0); ++# endif + + /* + * Add polynomials a and b and store result in r; r could be a or b, a and b +@@ -463,7 +368,7 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + */ + + /* Performs modular reduction of a and store result in r. r could be a. */ +-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) ++int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) + { + int j, k; + int n, dN, d0, d1; +@@ -545,8 +450,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) + d0 = p[k] % BN_BITS2; + d1 = BN_BITS2 - d0; + z[n] ^= (zz << d0); +- tmp_ulong = zz >> d1; +- if (d0 && tmp_ulong) ++ if (d0 && (tmp_ulong = zz >> d1)) + z[n + 1] ^= tmp_ulong; + } + +@@ -565,23 +469,16 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) + int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) + { + int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr = NULL; ++ int arr[6]; + bn_check_top(a); + bn_check_top(p); +- if ((arr = +- (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) +- goto err; +- ret = BN_GF2m_poly2arr(p, arr, max); +- if (!ret || ret > max) { ++ ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0])); ++ if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) { + BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH); +- goto err; ++ return 0; + } + ret = BN_GF2m_mod_arr(r, a, arr); + bn_check_top(r); +- err: +- if (arr) +- OPENSSL_free(arr); + return ret; + } + +@@ -590,7 +487,7 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) + * the result in r. r could be a or b; a could be b. + */ + int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx) ++ const int p[], BN_CTX *ctx) + { + int zlen, i, j, k, ret = 0; + BIGNUM *s; +@@ -648,13 +545,12 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx) + { + int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr = NULL; ++ const int max = BN_num_bits(p) + 1; ++ int *arr = NULL; + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); +- if ((arr = +- (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -670,7 +566,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + } + + /* Square a, reduce the result mod p, and store it in a. r could be a. */ +-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], ++int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx) + { + int i, ret = 0; +@@ -708,13 +604,12 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], + int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + { + int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr = NULL; ++ const int max = BN_num_bits(p) + 1; ++ int *arr = NULL; + + bn_check_top(a); + bn_check_top(p); +- if ((arr = +- (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -737,7 +632,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + */ + int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + { +- BIGNUM *b, *c, *u, *v, *tmp; ++ BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp; + int ret = 0; + + bn_check_top(a); +@@ -745,23 +640,26 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + + BN_CTX_start(ctx); + +- b = BN_CTX_get(ctx); +- c = BN_CTX_get(ctx); +- u = BN_CTX_get(ctx); +- v = BN_CTX_get(ctx); +- if (v == NULL) ++ if ((b = BN_CTX_get(ctx)) == NULL) + goto err; +- +- if (!BN_one(b)) ++ if ((c = BN_CTX_get(ctx)) == NULL) + goto err; +- if (!BN_GF2m_mod(u, a, p)) ++ if ((u = BN_CTX_get(ctx)) == NULL) + goto err; +- if (!BN_copy(v, p)) ++ if ((v = BN_CTX_get(ctx)) == NULL) + goto err; + ++ if (!BN_GF2m_mod(u, a, p)) ++ goto err; + if (BN_is_zero(u)) + goto err; + ++ if (!BN_copy(v, p)) ++ goto err; ++# if 0 ++ if (!BN_one(b)) ++ goto err; ++ + while (1) { + while (!BN_is_odd(u)) { + if (BN_is_zero(u)) +@@ -793,6 +691,93 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + if (!BN_GF2m_add(b, b, c)) + goto err; + } ++# else ++ { ++ int i; ++ int ubits = BN_num_bits(u); ++ int vbits = BN_num_bits(v); /* v is copy of p */ ++ int top = p->top; ++ BN_ULONG *udp, *bdp, *vdp, *cdp; ++ ++ bn_wexpand(u, top); ++ udp = u->d; ++ for (i = u->top; i < top; i++) ++ udp[i] = 0; ++ u->top = top; ++ bn_wexpand(b, top); ++ bdp = b->d; ++ bdp[0] = 1; ++ for (i = 1; i < top; i++) ++ bdp[i] = 0; ++ b->top = top; ++ bn_wexpand(c, top); ++ cdp = c->d; ++ for (i = 0; i < top; i++) ++ cdp[i] = 0; ++ c->top = top; ++ vdp = v->d; /* It pays off to "cache" *->d pointers, ++ * because it allows optimizer to be more ++ * aggressive. But we don't have to "cache" ++ * p->d, because *p is declared 'const'... */ ++ while (1) { ++ while (ubits && !(udp[0] & 1)) { ++ BN_ULONG u0, u1, b0, b1, mask; ++ ++ u0 = udp[0]; ++ b0 = bdp[0]; ++ mask = (BN_ULONG)0 - (b0 & 1); ++ b0 ^= p->d[0] & mask; ++ for (i = 0; i < top - 1; i++) { ++ u1 = udp[i + 1]; ++ udp[i] = ((u0 >> 1) | (u1 << (BN_BITS2 - 1))) & BN_MASK2; ++ u0 = u1; ++ b1 = bdp[i + 1] ^ (p->d[i + 1] & mask); ++ bdp[i] = ((b0 >> 1) | (b1 << (BN_BITS2 - 1))) & BN_MASK2; ++ b0 = b1; ++ } ++ udp[i] = u0 >> 1; ++ bdp[i] = b0 >> 1; ++ ubits--; ++ } ++ ++ if (ubits <= BN_BITS2) { ++ if (udp[0] == 0) /* poly was reducible */ ++ goto err; ++ if (udp[0] == 1) ++ break; ++ } ++ ++ if (ubits < vbits) { ++ i = ubits; ++ ubits = vbits; ++ vbits = i; ++ tmp = u; ++ u = v; ++ v = tmp; ++ tmp = b; ++ b = c; ++ c = tmp; ++ udp = vdp; ++ vdp = v->d; ++ bdp = cdp; ++ cdp = c->d; ++ } ++ for (i = 0; i < top; i++) { ++ udp[i] ^= vdp[i]; ++ bdp[i] ^= cdp[i]; ++ } ++ if (ubits == vbits) { ++ BN_ULONG ul; ++ int utop = (ubits - 1) / BN_BITS2; ++ ++ while ((ul = udp[utop]) == 0 && utop) ++ utop--; ++ ubits = utop * BN_BITS2 + BN_num_bits_word(ul); ++ } ++ } ++ bn_correct_top(b); ++ } ++# endif + + if (!BN_copy(r, b)) + goto err; +@@ -800,6 +785,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + ret = 1; + + err: ++# ifdef BN_DEBUG /* BN_CTX_end would complain about the ++ * expanded form */ ++ bn_correct_top(c); ++ bn_correct_top(u); ++ bn_correct_top(v); ++# endif + BN_CTX_end(ctx); + return ret; + } +@@ -810,7 +801,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + * wrapper function is only provided for convenience; for best performance, + * use the BN_GF2m_mod_inv function. + */ +-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], ++int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], + BN_CTX *ctx) + { + BIGNUM *field; +@@ -831,7 +822,7 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], + return ret; + } + +-#ifndef OPENSSL_SUN_GF2M_DIV ++# ifndef OPENSSL_SUN_GF2M_DIV + /* + * Divide y by x, reduce modulo p, and store the result in r. r could be x + * or y, x could equal y. +@@ -862,7 +853,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, + BN_CTX_end(ctx); + return ret; + } +-#else ++# else + /* + * Divide y by x, reduce modulo p, and store the result in r. r could be x + * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from +@@ -949,7 +940,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, + BN_CTX_end(ctx); + return ret; + } +-#endif ++# endif + + /* + * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx +@@ -958,7 +949,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, + * convenience; for best performance, use the BN_GF2m_mod_div function. + */ + int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, +- const unsigned int p[], BN_CTX *ctx) ++ const int p[], BN_CTX *ctx) + { + BIGNUM *field; + int ret = 0; +@@ -986,7 +977,7 @@ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, + * P1363. + */ + int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx) ++ const int p[], BN_CTX *ctx) + { + int ret = 0, i, n; + BIGNUM *u; +@@ -1035,13 +1026,12 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx) + { + int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr = NULL; ++ const int max = BN_num_bits(p) + 1; ++ int *arr = NULL; + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); +- if ((arr = +- (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -1060,7 +1050,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + * Compute the square root of a, reduce modulo p, and store the result in r. + * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363. + */ +-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], ++int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx) + { + int ret = 0; +@@ -1097,12 +1087,11 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], + int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + { + int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr = NULL; ++ const int max = BN_num_bits(p) + 1; ++ int *arr = NULL; + bn_check_top(a); + bn_check_top(p); +- if ((arr = +- (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -1121,11 +1110,10 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns + * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363. + */ +-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, +- const unsigned int p[], BN_CTX *ctx) ++int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], ++ BN_CTX *ctx) + { +- int ret = 0, count = 0; +- unsigned int j; ++ int ret = 0, count = 0, j; + BIGNUM *a, *z, *rho, *w, *w2, *tmp; + + bn_check_top(a_); +@@ -1230,12 +1218,11 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx) + { + int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr = NULL; ++ const int max = BN_num_bits(p) + 1; ++ int *arr = NULL; + bn_check_top(a); + bn_check_top(p); +- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * +- max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -1252,21 +1239,17 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + + /* + * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * +- * x^i , where a_0 is *not* zero) into an array of integers corresponding to +- * the bits with non-zero coefficient. Up to max elements of the array will +- * be filled. Return value is total number of coefficients that would be +- * extracted if array was large enough. ++ * x^i) into an array of integers corresponding to the bits with non-zero ++ * coefficient. Array is terminated with -1. Up to max elements of the array ++ * will be filled. Return value is total number of array elements that would ++ * be filled if array was large enough. + */ +-int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max) ++int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) + { + int i, j, k = 0; + BN_ULONG mask; + +- if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) +- /* +- * a_0 == 0 => return error (the unsigned int array must be +- * terminated by 0) +- */ ++ if (BN_is_zero(a)) + return 0; + + for (i = a->top - 1; i >= 0; i--) { +@@ -1284,86 +1267,31 @@ int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max) + } + } + ++ if (k < max) { ++ p[k] = -1; ++ k++; ++ } ++ + return k; + } + + /* + * Convert the coefficient array representation of a polynomial to a +- * bit-string. The array must be terminated by 0. ++ * bit-string. The array must be terminated by -1. + */ +-int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) ++int BN_GF2m_arr2poly(const int p[], BIGNUM *a) + { + int i; + + bn_check_top(a); + BN_zero(a); +- for (i = 0; p[i] != 0; i++) { ++ for (i = 0; p[i] != -1; i++) { + if (BN_set_bit(a, p[i]) == 0) + return 0; + } +- BN_set_bit(a, 0); + bn_check_top(a); + + return 1; + } + +-/* +- * Constant-time conditional swap of a and b. +- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. +- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, +- * and that no more than nwords are used by either a or b. +- * a and b cannot be the same number +- */ +-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) +-{ +- BN_ULONG t; +- int i; +- +- bn_wcheck_size(a, nwords); +- bn_wcheck_size(b, nwords); +- +- assert(a != b); +- assert((condition & (condition - 1)) == 0); +- assert(sizeof(BN_ULONG) >= sizeof(int)); +- +- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; +- +- t = (a->top ^ b->top) & condition; +- a->top ^= t; +- b->top ^= t; +- +-#define BN_CONSTTIME_SWAP(ind) \ +- do { \ +- t = (a->d[ind] ^ b->d[ind]) & condition; \ +- a->d[ind] ^= t; \ +- b->d[ind] ^= t; \ +- } while (0) +- +- switch (nwords) { +- default: +- for (i = 10; i < nwords; i++) +- BN_CONSTTIME_SWAP(i); +- /* Fallthrough */ +- case 10: +- BN_CONSTTIME_SWAP(9); /* Fallthrough */ +- case 9: +- BN_CONSTTIME_SWAP(8); /* Fallthrough */ +- case 8: +- BN_CONSTTIME_SWAP(7); /* Fallthrough */ +- case 7: +- BN_CONSTTIME_SWAP(6); /* Fallthrough */ +- case 6: +- BN_CONSTTIME_SWAP(5); /* Fallthrough */ +- case 5: +- BN_CONSTTIME_SWAP(4); /* Fallthrough */ +- case 4: +- BN_CONSTTIME_SWAP(3); /* Fallthrough */ +- case 3: +- BN_CONSTTIME_SWAP(2); /* Fallthrough */ +- case 2: +- BN_CONSTTIME_SWAP(1); /* Fallthrough */ +- case 1: +- BN_CONSTTIME_SWAP(0); +- } +-#undef BN_CONSTTIME_SWAP +-} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h b/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h +index 27ac439..00f4f09 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -110,16 +110,15 @@ + */ + + #ifndef HEADER_BN_LCL_H +-#define HEADER_BN_LCL_H ++# define HEADER_BN_LCL_H + +-#include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +- +-/* ++/*- + * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions + * + * +@@ -144,73 +143,86 @@ extern "C" { + * (with draws in between). Very small exponents are often selected + * with low Hamming weight, so we use w = 1 for b <= 23. + */ +-#if 1 +-#define BN_window_bits_for_exponent_size(b) \ +- ((b) > 671 ? 6 : \ +- (b) > 239 ? 5 : \ +- (b) > 79 ? 4 : \ +- (b) > 23 ? 3 : 1) +-#else +-/* Old SSLeay/OpenSSL table. +- * Maximum window size was 5, so this table differs for b==1024; +- * but it coincides for other interesting values (b==160, b==512). ++# if 1 ++# define BN_window_bits_for_exponent_size(b) \ ++ ((b) > 671 ? 6 : \ ++ (b) > 239 ? 5 : \ ++ (b) > 79 ? 4 : \ ++ (b) > 23 ? 3 : 1) ++# else ++/* ++ * Old SSLeay/OpenSSL table. Maximum window size was 5, so this table differs ++ * for b==1024; but it coincides for other interesting values (b==160, ++ * b==512). + */ +-#define BN_window_bits_for_exponent_size(b) \ +- ((b) > 255 ? 5 : \ +- (b) > 127 ? 4 : \ +- (b) > 17 ? 3 : 1) +-#endif +- +- ++# define BN_window_bits_for_exponent_size(b) \ ++ ((b) > 255 ? 5 : \ ++ (b) > 127 ? 4 : \ ++ (b) > 17 ? 3 : 1) ++# endif + +-/* BN_mod_exp_mont_conttime is based on the assumption that the +- * L1 data cache line width of the target processor is at least +- * the following value. ++/* ++ * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache ++ * line width of the target processor is at least the following value. + */ +-#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) +-#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) ++# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) ++# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) + +-/* Window sizes optimized for fixed window size modular exponentiation +- * algorithm (BN_mod_exp_mont_consttime). +- * +- * To achieve the security goals of BN_mode_exp_mont_consttime, the +- * maximum size of the window must not exceed +- * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). +- * +- * Window size thresholds are defined for cache line sizes of 32 and 64, +- * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A +- * window size of 7 should only be used on processors that have a 128 +- * byte or greater cache line size. ++/* ++ * Window sizes optimized for fixed window size modular exponentiation ++ * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of ++ * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed ++ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are ++ * defined for cache line sizes of 32 and 64, cache line sizes where ++ * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be ++ * used on processors that have a 128 byte or greater cache line size. + */ +-#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 ++# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 + + # define BN_window_bits_for_ctime_exponent_size(b) \ +- ((b) > 937 ? 6 : \ +- (b) > 306 ? 5 : \ +- (b) > 89 ? 4 : \ +- (b) > 22 ? 3 : 1) +-# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) ++ ((b) > 937 ? 6 : \ ++ (b) > 306 ? 5 : \ ++ (b) > 89 ? 4 : \ ++ (b) > 22 ? 3 : 1) ++# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) + +-#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 ++# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 + + # define BN_window_bits_for_ctime_exponent_size(b) \ +- ((b) > 306 ? 5 : \ +- (b) > 89 ? 4 : \ +- (b) > 22 ? 3 : 1) +-# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) +- +-#endif ++ ((b) > 306 ? 5 : \ ++ (b) > 89 ? 4 : \ ++ (b) > 22 ? 3 : 1) ++# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) + ++# endif + + /* Pentium pro 16,16,16,32,64 */ + /* Alpha 16,16,16,16.64 */ +-#define BN_MULL_SIZE_NORMAL (16) /* 32 */ +-#define BN_MUL_RECURSIVE_SIZE_NORMAL (16) /* 32 less than */ +-#define BN_SQR_RECURSIVE_SIZE_NORMAL (16) /* 32 */ +-#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */ +-#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */ ++# define BN_MULL_SIZE_NORMAL (16)/* 32 */ ++# define BN_MUL_RECURSIVE_SIZE_NORMAL (16)/* 32 less than */ ++# define BN_SQR_RECURSIVE_SIZE_NORMAL (16)/* 32 */ ++# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */ ++# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */ + +-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) ++/* ++ * 2011-02-22 SMS. In various places, a size_t variable or a type cast to ++ * size_t was used to perform integer-only operations on pointers. This ++ * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t ++ * is still only 32 bits. What's needed in these cases is an integer type ++ * with the same size as a pointer, which size_t is not certain to be. The ++ * only fix here is VMS-specific. ++ */ ++# if defined(OPENSSL_SYS_VMS) ++# if __INITIAL_POINTER_SIZE == 64 ++# define PTR_SIZE_INT long long ++# else /* __INITIAL_POINTER_SIZE == 64 */ ++# define PTR_SIZE_INT int ++# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ ++# elif !defined(PTR_SIZE_INT) /* defined(OPENSSL_SYS_VMS) */ ++# define PTR_SIZE_INT size_t ++# endif /* defined(OPENSSL_SYS_VMS) [else] */ ++ ++# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) + /* + * BN_UMULT_HIGH section. + * +@@ -232,256 +244,291 @@ extern "C" { + * exhibiting "native" performance in C. That's what BN_UMULT_HIGH + * macro is about:-) + * +- * ++ * + */ +-# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) +-# if defined(__DECC) +-# include +-# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) +-# elif defined(__GNUC__) +-# define BN_UMULT_HIGH(a,b) ({ \ +- register BN_ULONG ret; \ +- asm ("umulh %1,%2,%0" \ +- : "=r"(ret) \ +- : "r"(a), "r"(b)); \ +- ret; }) +-# endif /* compiler */ +-# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG) +-# if defined(__GNUC__) +-# define BN_UMULT_HIGH(a,b) ({ \ +- register BN_ULONG ret; \ +- asm ("mulhdu %0,%1,%2" \ +- : "=r"(ret) \ +- : "r"(a), "r"(b)); \ +- ret; }) +-# endif /* compiler */ +-# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) +-# if defined(__GNUC__) +-# define BN_UMULT_HIGH(a,b) ({ \ +- register BN_ULONG ret,discard; \ +- asm ("mulq %3" \ +- : "=a"(discard),"=d"(ret) \ +- : "a"(a), "g"(b) \ +- : "cc"); \ +- ret; }) +-# define BN_UMULT_LOHI(low,high,a,b) \ +- asm ("mulq %3" \ +- : "=a"(low),"=d"(high) \ +- : "a"(a),"g"(b) \ +- : "cc"); +-# endif +-# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) +-# if defined(_MSC_VER) && _MSC_VER>=1400 +- unsigned __int64 __umulh (unsigned __int64 a,unsigned __int64 b); +- unsigned __int64 _umul128 (unsigned __int64 a,unsigned __int64 b, +- unsigned __int64 *h); +-# pragma intrinsic(__umulh,_umul128) +-# define BN_UMULT_HIGH(a,b) __umulh((a),(b)) +-# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) +-# endif +-# endif /* cpu */ +-#endif /* OPENSSL_NO_ASM */ ++# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) ++# if defined(__DECC) ++# include ++# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) ++# elif defined(__GNUC__) && __GNUC__>=2 ++# define BN_UMULT_HIGH(a,b) ({ \ ++ register BN_ULONG ret; \ ++ asm ("umulh %1,%2,%0" \ ++ : "=r"(ret) \ ++ : "r"(a), "r"(b)); \ ++ ret; }) ++# endif /* compiler */ ++# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG) ++# if defined(__GNUC__) && __GNUC__>=2 ++# define BN_UMULT_HIGH(a,b) ({ \ ++ register BN_ULONG ret; \ ++ asm ("mulhdu %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a), "r"(b)); \ ++ ret; }) ++# endif /* compiler */ ++# elif (defined(__x86_64) || defined(__x86_64__)) && \ ++ (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) ++# if defined(__GNUC__) && __GNUC__>=2 ++# define BN_UMULT_HIGH(a,b) ({ \ ++ register BN_ULONG ret,discard; \ ++ asm ("mulq %3" \ ++ : "=a"(discard),"=d"(ret) \ ++ : "a"(a), "g"(b) \ ++ : "cc"); \ ++ ret; }) ++# define BN_UMULT_LOHI(low,high,a,b) \ ++ asm ("mulq %3" \ ++ : "=a"(low),"=d"(high) \ ++ : "a"(a),"g"(b) \ ++ : "cc"); ++# endif ++# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) ++# if defined(_MSC_VER) && _MSC_VER>=1400 ++unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b); ++unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, ++ unsigned __int64 *h); ++# pragma intrinsic(__umulh,_umul128) ++# define BN_UMULT_HIGH(a,b) __umulh((a),(b)) ++# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) ++# endif ++# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) ++# if defined(__GNUC__) && __GNUC__>=2 ++# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) ++ /* "h" constraint is no more since 4.4 */ ++# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) ++# define BN_UMULT_LOHI(low,high,a,b) ({ \ ++ __uint128_t ret=(__uint128_t)(a)*(b); \ ++ (high)=ret>>64; (low)=ret; }) ++# else ++# define BN_UMULT_HIGH(a,b) ({ \ ++ register BN_ULONG ret; \ ++ asm ("dmultu %1,%2" \ ++ : "=h"(ret) \ ++ : "r"(a), "r"(b) : "l"); \ ++ ret; }) ++# define BN_UMULT_LOHI(low,high,a,b)\ ++ asm ("dmultu %2,%3" \ ++ : "=l"(low),"=h"(high) \ ++ : "r"(a), "r"(b)); ++# endif ++# endif ++# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) ++# if defined(__GNUC__) && __GNUC__>=2 ++# define BN_UMULT_HIGH(a,b) ({ \ ++ register BN_ULONG ret; \ ++ asm ("umulh %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a), "r"(b)); \ ++ ret; }) ++# endif ++# endif /* cpu */ ++# endif /* OPENSSL_NO_ASM */ + + /************************************************************* + * Using the long long type + */ +-#define Lw(t) (((BN_ULONG)(t))&BN_MASK2) +-#define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) +- +-#ifdef BN_DEBUG_RAND +-#define bn_clear_top2max(a) \ +- { \ +- int ind = (a)->dmax - (a)->top; \ +- BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ +- for (; ind != 0; ind--) \ +- *(++ftl) = 0x0; \ +- } +-#else +-#define bn_clear_top2max(a) +-#endif +- +-#ifdef BN_LLONG +-#define mul_add(r,a,w,c) { \ +- BN_ULLONG t; \ +- t=(BN_ULLONG)w * (a) + (r) + (c); \ +- (r)= Lw(t); \ +- (c)= Hw(t); \ +- } +- +-#define mul(r,a,w,c) { \ +- BN_ULLONG t; \ +- t=(BN_ULLONG)w * (a) + (c); \ +- (r)= Lw(t); \ +- (c)= Hw(t); \ +- } +- +-#define sqr(r0,r1,a) { \ +- BN_ULLONG t; \ +- t=(BN_ULLONG)(a)*(a); \ +- (r0)=Lw(t); \ +- (r1)=Hw(t); \ +- } +- +-#elif defined(BN_UMULT_LOHI) +-#define mul_add(r,a,w,c) { \ +- BN_ULONG high,low,ret,tmp=(a); \ +- ret = (r); \ +- BN_UMULT_LOHI(low,high,w,tmp); \ +- ret += (c); \ +- (c) = (ret<(c))?1:0; \ +- (c) += high; \ +- ret += low; \ +- (c) += (ret>BN_BITS2))&BN_MASK2) ++ ++# ifdef BN_DEBUG_RAND ++# define bn_clear_top2max(a) \ ++ { \ ++ int ind = (a)->dmax - (a)->top; \ ++ BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ ++ for (; ind != 0; ind--) \ ++ *(++ftl) = 0x0; \ ++ } ++# else ++# define bn_clear_top2max(a) ++# endif ++ ++# ifdef BN_LLONG ++# define mul_add(r,a,w,c) { \ ++ BN_ULLONG t; \ ++ t=(BN_ULLONG)w * (a) + (r) + (c); \ ++ (r)= Lw(t); \ ++ (c)= Hw(t); \ ++ } ++ ++# define mul(r,a,w,c) { \ ++ BN_ULLONG t; \ ++ t=(BN_ULLONG)w * (a) + (c); \ ++ (r)= Lw(t); \ ++ (c)= Hw(t); \ ++ } ++ ++# define sqr(r0,r1,a) { \ ++ BN_ULLONG t; \ ++ t=(BN_ULLONG)(a)*(a); \ ++ (r0)=Lw(t); \ ++ (r1)=Hw(t); \ ++ } ++ ++# elif defined(BN_UMULT_LOHI) ++# define mul_add(r,a,w,c) { \ ++ BN_ULONG high,low,ret,tmp=(a); \ ++ ret = (r); \ ++ BN_UMULT_LOHI(low,high,w,tmp); \ ++ ret += (c); \ ++ (c) = (ret<(c))?1:0; \ ++ (c) += high; \ ++ ret += low; \ ++ (c) += (ret>BN_BITS4)&BN_MASK2l) +-#define L2HBITS(a) (((a)<>BN_BITS4)&BN_MASK2l) ++# define L2HBITS(a) (((a)<>BN_BITS2)&BN_MASKl) +-#define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<>BN_BITS2)&BN_MASKl) ++# define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<>(BN_BITS4-1); \ +- m =(m&BN_MASK2l)<<(BN_BITS4+1); \ +- l=(l+m)&BN_MASK2; if (l < m) h++; \ +- (lo)=l; \ +- (ho)=h; \ +- } +- +-#define mul_add(r,a,bl,bh,c) { \ +- BN_ULONG l,h; \ ++ h=(in); \ ++ l=LBITS(h); \ ++ h=HBITS(h); \ ++ m =(l)*(h); \ ++ l*=l; \ ++ h*=h; \ ++ h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \ ++ m =(m&BN_MASK2l)<<(BN_BITS4+1); \ ++ l=(l+m)&BN_MASK2; if (l < m) h++; \ ++ (lo)=l; \ ++ (ho)=h; \ ++ } ++ ++# define mul_add(r,a,bl,bh,c) { \ ++ BN_ULONG l,h; \ + \ +- h= (a); \ +- l=LBITS(h); \ +- h=HBITS(h); \ +- mul64(l,h,(bl),(bh)); \ ++ h= (a); \ ++ l=LBITS(h); \ ++ h=HBITS(h); \ ++ mul64(l,h,(bl),(bh)); \ + \ +- /* non-multiply part */ \ +- l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ +- (c)=(r); \ +- l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ +- (c)=h&BN_MASK2; \ +- (r)=l; \ +- } +- +-#define mul(r,a,bl,bh,c) { \ +- BN_ULONG l,h; \ ++ /* non-multiply part */ \ ++ l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ ++ (c)=(r); \ ++ l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ ++ (c)=h&BN_MASK2; \ ++ (r)=l; \ ++ } ++ ++# define mul(r,a,bl,bh,c) { \ ++ BN_ULONG l,h; \ + \ +- h= (a); \ +- l=LBITS(h); \ +- h=HBITS(h); \ +- mul64(l,h,(bl),(bh)); \ ++ h= (a); \ ++ l=LBITS(h); \ ++ h=HBITS(h); \ ++ mul64(l,h,(bl),(bh)); \ + \ +- /* non-multiply part */ \ +- l+=(c); if ((l&BN_MASK2) < (c)) h++; \ +- (c)=h&BN_MASK2; \ +- (r)=l&BN_MASK2; \ +- } +-#endif /* !BN_LLONG */ +- +-void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb); +-void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); +-void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); ++ /* non-multiply part */ \ ++ l+=(c); if ((l&BN_MASK2) < (c)) h++; \ ++ (c)=h&BN_MASK2; \ ++ (r)=l&BN_MASK2; \ ++ } ++# endif /* !BN_LLONG */ ++ ++# if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS) ++# undef bn_div_words ++# endif ++ ++void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); ++void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); ++void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); + void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp); +-void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a); +-void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a); +-int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); +-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, +- int cl, int dl); +-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, +- int dna,int dnb,BN_ULONG *t); +-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, +- int n,int tna,int tnb,BN_ULONG *t); +-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t); +-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); +-void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, +- BN_ULONG *t); +-void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, +- BN_ULONG *t); ++void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a); ++void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a); ++int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n); ++int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); ++void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, ++ int dna, int dnb, BN_ULONG *t); ++void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, ++ int n, int tna, int tnb, BN_ULONG *t); ++void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t); ++void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); ++void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, ++ BN_ULONG *t); ++void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, ++ BN_ULONG *t); + BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, +- int cl, int dl); ++ int cl, int dl); + BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, +- int cl, int dl); +-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); ++ int cl, int dl); ++int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ const BN_ULONG *np, const BN_ULONG *n0, int num); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +index becb957..80105ff 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +@@ -135,15 +135,16 @@ int BN_get_params(int which) + + const BIGNUM *BN_value_one(void) + { +- static BN_ULONG data_one = 1L; +- static BIGNUM const_one = { &data_one, 1, 1, 0, BN_FLG_STATIC_DATA }; ++ static const BN_ULONG data_one = 1L; ++ static const BIGNUM const_one = ++ { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA }; + + return (&const_one); + } + + int BN_num_bits_word(BN_ULONG l) + { +- static const char bits[256] = { ++ static const unsigned char bits[256] = { + 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, + 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, + 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, +@@ -203,7 +204,7 @@ int BN_num_bits_word(BN_ULONG l) + } else + #endif + { +-#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) ++#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) + if (l & 0xff00L) + return (bits[(int)(l >> 8)] + 8); + else +@@ -773,7 +774,7 @@ int BN_is_bit_set(const BIGNUM *a, int n) + j = n % BN_BITS2; + if (a->top <= i) + return 0; +- return (((a->d[i]) >> j) & ((BN_ULONG)1)); ++ return (int)(((a->d[i]) >> j) & ((BN_ULONG)1)); + } + + int BN_mask_bits(BIGNUM *a, int n) +@@ -852,3 +853,64 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl) + } + return bn_cmp_words(a, b, cl); + } ++ ++/* ++ * Constant-time conditional swap of a and b. ++ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. ++ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, ++ * and that no more than nwords are used by either a or b. ++ * a and b cannot be the same number ++ */ ++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) ++{ ++ BN_ULONG t; ++ int i; ++ ++ bn_wcheck_size(a, nwords); ++ bn_wcheck_size(b, nwords); ++ ++ assert(a != b); ++ assert((condition & (condition - 1)) == 0); ++ assert(sizeof(BN_ULONG) >= sizeof(int)); ++ ++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; ++ ++ t = (a->top ^ b->top) & condition; ++ a->top ^= t; ++ b->top ^= t; ++ ++#define BN_CONSTTIME_SWAP(ind) \ ++ do { \ ++ t = (a->d[ind] ^ b->d[ind]) & condition; \ ++ a->d[ind] ^= t; \ ++ b->d[ind] ^= t; \ ++ } while (0) ++ ++ switch (nwords) { ++ default: ++ for (i = 10; i < nwords; i++) ++ BN_CONSTTIME_SWAP(i); ++ /* Fallthrough */ ++ case 10: ++ BN_CONSTTIME_SWAP(9); /* Fallthrough */ ++ case 9: ++ BN_CONSTTIME_SWAP(8); /* Fallthrough */ ++ case 8: ++ BN_CONSTTIME_SWAP(7); /* Fallthrough */ ++ case 7: ++ BN_CONSTTIME_SWAP(6); /* Fallthrough */ ++ case 6: ++ BN_CONSTTIME_SWAP(5); /* Fallthrough */ ++ case 5: ++ BN_CONSTTIME_SWAP(4); /* Fallthrough */ ++ case 4: ++ BN_CONSTTIME_SWAP(3); /* Fallthrough */ ++ case 3: ++ BN_CONSTTIME_SWAP(2); /* Fallthrough */ ++ case 2: ++ BN_CONSTTIME_SWAP(1); /* Fallthrough */ ++ case 1: ++ BN_CONSTTIME_SWAP(0); ++ } ++#undef BN_CONSTTIME_SWAP ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +index bf40e82..aadd5db 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +@@ -122,20 +122,7 @@ + + #define MONT_WORD /* use the faster word-based algorithm */ + +-#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) +-/* +- * This condition means we have a specific non-default build: In the 0.9.8 +- * branch, OPENSSL_BN_ASM_MONT is normally not set for any BN_BITS2<=32 +- * platform; an explicit "enable-montasm" is required. I.e., if we are here, +- * the user intentionally deviates from the normal stable build to get better +- * Montgomery performance from the 0.9.9-dev backport. In this case only, we +- * also enable BN_from_montgomery_word() (another non-stable feature from +- * 0.9.9-dev). +- */ +-# define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +-#endif +- +-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD ++#ifdef MONT_WORD + static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); + #endif + +@@ -150,12 +137,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + if (num > 1 && a->top == num && b->top == num) { + if (bn_wexpand(r, num) == NULL) + return (0); +-# if 0 /* for OpenSSL 0.9.9 mont->n0 */ +- if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) +-# else +- if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, &mont->n0, num)) +-# endif +- { ++ if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { + r->neg = a->neg ^ b->neg; + r->top = num; + bn_correct_top(r); +@@ -178,7 +160,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + goto err; + } + /* reduce from aRR to aR */ +-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD ++#ifdef MONT_WORD + if (!BN_from_montgomery_word(r, tmp, mont)) + goto err; + #else +@@ -192,49 +174,43 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + return (ret); + } + +-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD ++#ifdef MONT_WORD + static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) + { + BIGNUM *n; +- BN_ULONG *ap, *np, *rp, n0, v, *nrp; +- int al, nl, max, i, x, ri; ++ BN_ULONG *ap, *np, *rp, n0, v, carry; ++ int nl, max, i; + + n = &(mont->N); +- /* +- * mont->ri is the size of mont->N in bits (rounded up to the word size) +- */ +- al = ri = mont->ri / BN_BITS2; +- + nl = n->top; +- if ((al == 0) || (nl == 0)) { ++ if (nl == 0) { + ret->top = 0; + return (1); + } + +- max = (nl + al + 1); /* allow for overflow (no?) XXX */ ++ max = (2 * nl); /* carry is stored separately */ + if (bn_wexpand(r, max) == NULL) + return (0); + + r->neg ^= n->neg; + np = n->d; + rp = r->d; +- nrp = &(r->d[nl]); + + /* clear the top words of T */ ++# if 1 + for (i = r->top; i < max; i++) /* memset? XXX */ +- r->d[i] = 0; ++ rp[i] = 0; ++# else ++ memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); ++# endif + + r->top = max; +-# if 0 /* for OpenSSL 0.9.9 mont->n0 */ + n0 = mont->n0[0]; +-# else +- n0 = mont->n0; +-# endif + + # ifdef BN_COUNT + fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); + # endif +- for (i = 0; i < nl; i++) { ++ for (carry = 0, i = 0; i < nl; i++, rp++) { + # ifdef __TANDEM + { + long long t1; +@@ -251,285 +227,78 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) + # else + v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); + # endif +- nrp++; +- rp++; +- if (((nrp[-1] += v) & BN_MASK2) >= v) +- continue; +- else { +- if (((++nrp[0]) & BN_MASK2) != 0) +- continue; +- if (((++nrp[1]) & BN_MASK2) != 0) +- continue; +- for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ; +- } +- } +- bn_correct_top(r); +- +- /* +- * mont->ri will be a multiple of the word size and below code is kind of +- * BN_rshift(ret,r,mont->ri) equivalent +- */ +- if (r->top <= ri) { +- ret->top = 0; +- return (1); ++ v = (v + carry + rp[nl]) & BN_MASK2; ++ carry |= (v != rp[nl]); ++ carry &= (v <= rp[nl]); ++ rp[nl] = v; + } +- al = r->top - ri; + +- if (bn_wexpand(ret, ri) == NULL) ++ if (bn_wexpand(ret, nl) == NULL) + return (0); +- x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1); +- ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */ ++ ret->top = nl; + ret->neg = r->neg; + + rp = ret->d; +- ap = &(r->d[ri]); ++ ap = &(r->d[nl]); + ++# define BRANCH_FREE 1 ++# if BRANCH_FREE + { +- size_t m1, m2; ++ BN_ULONG *nrp; ++ size_t m; + +- v = bn_sub_words(rp, ap, np, ri); ++ v = bn_sub_words(rp, ap, np, nl) - carry; + /* +- * this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ +- /* +- * in other words if subtraction result is real, then trick +- * unconditional memcpy below to perform in-place "refresh" instead +- * of actual copy. +- */ +- m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al> (sizeof(al) * 8 - 1)) & 1); /* al>ri */ +- m1 |= m2; /* (al!=ri) */ +- m1 |= (0 - (size_t)v); /* (al!=ri || v) */ +- m1 &= ~m2; /* (al!=ri || v) && !al>ri */ +- nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1)); +- } +- +- /* +- * 'iN); +- +- ap = a->d; +- /* +- * mont->ri is the size of mont->N in bits (rounded up to the word size) +- */ +- al = ri = mont->ri / BN_BITS2; +- +- nl = n->top; +- if ((al == 0) || (nl == 0)) { +- r->top = 0; +- return (1); +- } +- +- max = (nl + al + 1); /* allow for overflow (no?) XXX */ +- if (bn_wexpand(r, max) == NULL) +- goto err; +- +- r->neg = a->neg ^ n->neg; +- np = n->d; +- rp = r->d; +- nrp = &(r->d[nl]); +- +- /* clear the top words of T */ +-# if 1 +- for (i = r->top; i < max; i++) /* memset? XXX */ +- r->d[i] = 0; +-# else +- memset(&(r->d[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); +-# endif +- +- r->top = max; +- n0 = mont->n0; +- +-# ifdef BN_COUNT +- fprintf(stderr, "word BN_from_montgomery %d * %d\n", nl, nl); +-# endif +- for (i = 0; i < nl; i++) { +-# ifdef __TANDEM +- { +- long long t1; +- long long t2; +- long long t3; +- t1 = rp[0] * (n0 & 0177777); +- t2 = 037777600000l; +- t2 = n0 & t2; +- t3 = rp[0] & 0177777; +- t2 = (t3 * t2) & BN_MASK2; +- t1 = t1 + t2; +- v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); +- } +-# else +- v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); +-# endif +- nrp++; +- rp++; +- if (((nrp[-1] += v) & BN_MASK2) >= v) +- continue; +- else { +- if (((++nrp[0]) & BN_MASK2) != 0) +- continue; +- if (((++nrp[1]) & BN_MASK2) != 0) +- continue; +- for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ; +- } +- } +- bn_correct_top(r); +- +- /* +- * mont->ri will be a multiple of the word size and below code is kind of +- * BN_rshift(ret,r,mont->ri) equivalent +- */ +- if (r->top <= ri) { +- ret->top = 0; +- retn = 1; +- goto err; +- } +- al = r->top - ri; +- +-# define BRANCH_FREE 1 +-# if BRANCH_FREE +- if (bn_wexpand(ret, ri) == NULL) +- goto err; +- x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1); +- ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */ +- ret->neg = r->neg; +- +- rp = ret->d; +- ap = &(r->d[ri]); +- +- { +- size_t m1, m2; +- +- v = bn_sub_words(rp, ap, np, ri); +- /* +- * this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ +- /* +- * in other words if subtraction result is real, then trick +- * unconditional memcpy below to perform in-place "refresh" instead +- * of actual copy. +- */ +- m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al> (sizeof(al) * 8 - 1)) & 1); /* al>ri */ +- m1 |= m2; /* (al!=ri) */ +- m1 |= (0 - (size_t)v); /* (al!=ri || v) */ +- m1 &= ~m2; /* (al!=ri || v) && !al>ri */ +- nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1)); +- } +- +- /* +- * 'itop = al; +- ret->neg = r->neg; +- +- rp = ret->d; +- ap = &(r->d[ri]); +- al -= 4; +- for (i = 0; i < al; i += 4) { +- BN_ULONG t1, t2, t3, t4; +- +- t1 = ap[i + 0]; +- t2 = ap[i + 1]; +- t3 = ap[i + 2]; +- t4 = ap[i + 3]; +- rp[i + 0] = t1; +- rp[i + 1] = t2; +- rp[i + 2] = t3; +- rp[i + 3] = t4; +- } +- al += 4; +- for (; i < al; i++) +- rp[i] = ap[i]; +-# endif +-# else /* !MONT_WORD */ ++#else /* !MONT_WORD */ + BIGNUM *t1, *t2; + + BN_CTX_start(ctx); +@@ -552,21 +321,18 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, + goto err; + if (!BN_rshift(ret, t2, mont->ri)) + goto err; +-# endif /* MONT_WORD */ + +-# if !defined(BRANCH_FREE) || BRANCH_FREE==0 + if (BN_ucmp(ret, &(mont->N)) >= 0) { + if (!BN_usub(ret, ret, &(mont->N))) + goto err; + } +-# endif + retn = 1; + bn_check_top(ret); + err: + BN_CTX_end(ctx); ++#endif /* MONT_WORD */ + return (retn); + } +-#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ + + BN_MONT_CTX *BN_MONT_CTX_new(void) + { +@@ -586,11 +352,7 @@ void BN_MONT_CTX_init(BN_MONT_CTX *ctx) + BN_init(&(ctx->RR)); + BN_init(&(ctx->N)); + BN_init(&(ctx->Ni)); +-#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + ctx->n0[0] = ctx->n0[1] = 0; +-#else +- ctx->n0 = 0; +-#endif + ctx->flags = 0; + } + +@@ -624,32 +386,25 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) + BIGNUM tmod; + BN_ULONG buf[2]; + +- mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; +- BN_zero(R); +-# if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if +- * defined(OPENSSL_BN_ASM_MONT) && +- * (BN_BITS2<=32)", only certain BN_BITS2<=32 +- * platforms actually need this */ +- if (!(BN_set_bit(R, 2 * BN_BITS2))) +- goto err; /* R */ +-# else +- if (!(BN_set_bit(R, BN_BITS2))) +- goto err; /* R */ +-# endif +- +- buf[0] = mod->d[0]; /* tmod = N mod word size */ +- buf[1] = 0; +- + BN_init(&tmod); + tmod.d = buf; +- tmod.top = buf[0] != 0 ? 1 : 0; + tmod.dmax = 2; + tmod.neg = 0; + +-# if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if +- * defined(OPENSSL_BN_ASM_MONT) && +- * (BN_BITS2<=32)"; only certain BN_BITS2<=32 +- * platforms actually need this */ ++ mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; ++ ++# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) ++ /* ++ * Only certain BN_BITS2<=32 platforms actually make use of n0[1], ++ * and we could use the #else case (with a shorter R value) for the ++ * others. However, currently only the assembler files do know which ++ * is which. ++ */ ++ ++ BN_zero(R); ++ if (!(BN_set_bit(R, 2 * BN_BITS2))) ++ goto err; ++ + tmod.top = 0; + if ((buf[0] = mod->d[0])) + tmod.top = 1; +@@ -681,6 +436,13 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; + # else ++ BN_zero(R); ++ if (!(BN_set_bit(R, BN_BITS2))) ++ goto err; /* R */ ++ ++ buf[0] = mod->d[0]; /* tmod = N mod word size */ ++ buf[1] = 0; ++ tmod.top = buf[0] != 0 ? 1 : 0; + /* Ri = R^-1 mod N */ + if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) + goto err; +@@ -699,12 +461,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) + /* + * Ni = (R*Ri-1)/N, keep only least significant word: + */ +-# if 0 /* for OpenSSL 0.9.9 mont->n0 */ + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = 0; +-# else +- mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; +-# endif + # endif + } + #else /* !MONT_WORD */ +@@ -753,12 +511,8 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) + if (!BN_copy(&(to->Ni), &(from->Ni))) + return NULL; + to->ri = from->ri; +-#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + to->n0[0] = from->n0[0]; + to->n0[1] = from->n0[1]; +-#else +- to->n0 = from->n0; +-#endif + return (to); + } + +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +index 66b2eb6..4a45404 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +@@ -298,26 +298,25 @@ const BIGNUM *BN_get0_nist_prime_521(void) + return &_bignum_nist_p_521; + } + +-static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) ++static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max) + { + int i; +- BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + + #ifdef BN_DEBUG + OPENSSL_assert(top <= max); + #endif +- for (i = (top); i != 0; i--) +- *_tmp1++ = *_tmp2++; +- for (i = (max) - (top); i != 0; i--) +- *_tmp1++ = (BN_ULONG)0; ++ for (i = 0; i < top; i++) ++ dst[i] = src[i]; ++ for (; i < max; i++) ++ dst[i] = 0; + } + +-static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) ++static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top) + { + int i; +- BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); +- for (i = (top); i != 0; i--) +- *_tmp1++ = *_tmp2++; ++ ++ for (i = 0; i < top; i++) ++ dst[i] = src[i]; + } + + #if BN_BITS2 == 64 +@@ -331,6 +330,13 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) + :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) + # define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); + # define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) ++# if defined(L_ENDIAN) ++# if defined(__arch64__) ++# define NIST_INT64 long ++# else ++# define NIST_INT64 long long ++# endif ++# endif + #else + # define bn_cp_64(to, n, from, m) \ + { \ +@@ -342,9 +348,12 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) + bn_32_set_0(to, (n)*2); \ + bn_32_set_0(to, (n)*2+1); \ + } +-# if BN_BITS2 == 32 +-# define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; +-# define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; ++# define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; ++# define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; ++# if defined(_WIN32) && !defined(__GNUC__) ++# define NIST_INT64 __int64 ++# elif defined(BN_LLONG) ++# define NIST_INT64 long long + # endif + #endif /* BN_BITS2 != 64 */ + +@@ -361,9 +370,13 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + int top = a->top, i; + int carry; + register BN_ULONG *r_d, *a_d = a->d; +- BN_ULONG t_d[BN_NIST_192_TOP], +- buf[BN_NIST_192_TOP], c_d[BN_NIST_192_TOP], *res; +- size_t mask; ++ union { ++ BN_ULONG bn[BN_NIST_192_TOP]; ++ unsigned int ui[BN_NIST_192_TOP * sizeof(BN_ULONG) / ++ sizeof(unsigned int)]; ++ } buf; ++ BN_ULONG c_d[BN_NIST_192_TOP], *res; ++ PTR_SIZE_INT mask; + static const BIGNUM _bignum_nist_p_192_sqr = { + (BN_ULONG *)_nist_p_192_sqr, + sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), +@@ -391,16 +404,66 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + } else + r_d = a_d; + +- nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, ++ nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, + BN_NIST_192_TOP); + +- nist_set_192(t_d, buf, 0, 3, 3); +- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); +- nist_set_192(t_d, buf, 4, 4, 0); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); +- nist_set_192(t_d, buf, 5, 5, 5) +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); ++#if defined(NIST_INT64) ++ { ++ NIST_INT64 acc; /* accumulator */ ++ unsigned int *rp = (unsigned int *)r_d; ++ const unsigned int *bp = (const unsigned int *)buf.ui; ++ ++ acc = rp[0]; ++ acc += bp[3 * 2 - 6]; ++ acc += bp[5 * 2 - 6]; ++ rp[0] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[1]; ++ acc += bp[3 * 2 - 5]; ++ acc += bp[5 * 2 - 5]; ++ rp[1] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[2]; ++ acc += bp[3 * 2 - 6]; ++ acc += bp[4 * 2 - 6]; ++ acc += bp[5 * 2 - 6]; ++ rp[2] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[3]; ++ acc += bp[3 * 2 - 5]; ++ acc += bp[4 * 2 - 5]; ++ acc += bp[5 * 2 - 5]; ++ rp[3] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[4]; ++ acc += bp[4 * 2 - 6]; ++ acc += bp[5 * 2 - 6]; ++ rp[4] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[5]; ++ acc += bp[4 * 2 - 5]; ++ acc += bp[5 * 2 - 5]; ++ rp[5] = (unsigned int)acc; ++ ++ carry = (int)(acc >> 32); ++ } ++#else ++ { ++ BN_ULONG t_d[BN_NIST_192_TOP]; + ++ nist_set_192(t_d, buf.bn, 0, 3, 3); ++ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); ++ nist_set_192(t_d, buf.bn, 4, 4, 0); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); ++ nist_set_192(t_d, buf.bn, 5, 5, 5) ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); ++ } ++#endif + if (carry > 0) + carry = + (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], +@@ -415,9 +478,12 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + * this is what happens below, but without explicit if:-) a. + */ + mask = +- 0 - (size_t)bn_sub_words(c_d, r_d, _nist_p_192[0], BN_NIST_192_TOP); +- mask &= 0 - (size_t)carry; +- res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); ++ 0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0], ++ BN_NIST_192_TOP); ++ mask &= 0 - (PTR_SIZE_INT) carry; ++ res = c_d; ++ res = (BN_ULONG *) ++ (((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_192_TOP); + r->top = BN_NIST_192_TOP; + bn_correct_top(r); +@@ -445,12 +511,16 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + int top = a->top, i; + int carry; + BN_ULONG *r_d, *a_d = a->d; +- BN_ULONG t_d[BN_NIST_224_TOP], +- buf[BN_NIST_224_TOP], c_d[BN_NIST_224_TOP], *res; +- size_t mask; ++ union { ++ BN_ULONG bn[BN_NIST_224_TOP]; ++ unsigned int ui[BN_NIST_224_TOP * sizeof(BN_ULONG) / ++ sizeof(unsigned int)]; ++ } buf; ++ BN_ULONG c_d[BN_NIST_224_TOP], *res; ++ PTR_SIZE_INT mask; + union { + bn_addsub_f f; +- size_t p; ++ PTR_SIZE_INT p; + } u; + static const BIGNUM _bignum_nist_p_224_sqr = { + (BN_ULONG *)_nist_p_224_sqr, +@@ -481,27 +551,89 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + + #if BN_BITS2==64 + /* copy upper 256 bits of 448 bit number ... */ +- nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP - 1), ++ nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1), + top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP); + /* ... and right shift by 32 to obtain upper 224 bits */ +- nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8); ++ nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8); + /* truncate lower part to 224 bits too */ + r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l; + #else +- nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, ++ nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, + BN_NIST_224_TOP); + #endif +- nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); +- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); +- nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); +- nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); +- nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); + +-#if BN_BITS2==64 +- carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32); ++#if defined(NIST_INT64) && BN_BITS2!=64 ++ { ++ NIST_INT64 acc; /* accumulator */ ++ unsigned int *rp = (unsigned int *)r_d; ++ const unsigned int *bp = (const unsigned int *)buf.ui; ++ ++ acc = rp[0]; ++ acc -= bp[7 - 7]; ++ acc -= bp[11 - 7]; ++ rp[0] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[1]; ++ acc -= bp[8 - 7]; ++ acc -= bp[12 - 7]; ++ rp[1] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[2]; ++ acc -= bp[9 - 7]; ++ acc -= bp[13 - 7]; ++ rp[2] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[3]; ++ acc += bp[7 - 7]; ++ acc += bp[11 - 7]; ++ acc -= bp[10 - 7]; ++ rp[3] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[4]; ++ acc += bp[8 - 7]; ++ acc += bp[12 - 7]; ++ acc -= bp[11 - 7]; ++ rp[4] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[5]; ++ acc += bp[9 - 7]; ++ acc += bp[13 - 7]; ++ acc -= bp[12 - 7]; ++ rp[5] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[6]; ++ acc += bp[10 - 7]; ++ acc -= bp[13 - 7]; ++ rp[6] = (unsigned int)acc; ++ ++ carry = (int)(acc >> 32); ++# if BN_BITS2==64 ++ rp[7] = carry; ++# endif ++ } ++#else ++ { ++ BN_ULONG t_d[BN_NIST_224_TOP]; ++ ++ nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0); ++ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); ++ nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); ++ nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); ++ nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); ++ ++# if BN_BITS2==64 ++ carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32); ++# endif ++ } + #endif + u.f = bn_sub_words; + if (carry > 0) { +@@ -522,15 +654,19 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + carry = + (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], + BN_NIST_224_TOP); +- mask = 0 - (size_t)carry; +- u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask); ++ mask = 0 - (PTR_SIZE_INT) carry; ++ u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | ++ ((PTR_SIZE_INT) bn_add_words & ~mask); + } else + carry = 1; + + /* otherwise it's effectively same as in BN_nist_mod_192... */ +- mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); +- mask &= 0 - (size_t)carry; +- res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); ++ mask = ++ 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); ++ mask &= 0 - (PTR_SIZE_INT) carry; ++ res = c_d; ++ res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | ++ ((PTR_SIZE_INT) r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_224_TOP); + r->top = BN_NIST_224_TOP; + bn_correct_top(r); +@@ -556,12 +692,16 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + int i, top = a->top; + int carry = 0; + register BN_ULONG *a_d = a->d, *r_d; +- BN_ULONG t_d[BN_NIST_256_TOP], +- buf[BN_NIST_256_TOP], c_d[BN_NIST_256_TOP], *res; +- size_t mask; ++ union { ++ BN_ULONG bn[BN_NIST_256_TOP]; ++ unsigned int ui[BN_NIST_256_TOP * sizeof(BN_ULONG) / ++ sizeof(unsigned int)]; ++ } buf; ++ BN_ULONG c_d[BN_NIST_256_TOP], *res; ++ PTR_SIZE_INT mask; + union { + bn_addsub_f f; +- size_t p; ++ PTR_SIZE_INT p; + } u; + static const BIGNUM _bignum_nist_p_256_sqr = { + (BN_ULONG *)_nist_p_256_sqr, +@@ -590,63 +730,163 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + } else + r_d = a_d; + +- nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, ++ nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, + BN_NIST_256_TOP); + +- /* +- * S1 +- */ +- nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); +- /* +- * S2 +- */ +- nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0); +- carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); +- /* left shift */ ++#if defined(NIST_INT64) + { +- register BN_ULONG *ap, t, c; +- ap = t_d; +- c = 0; +- for (i = BN_NIST_256_TOP; i != 0; --i) { +- t = *ap; +- *(ap++) = ((t << 1) | c) & BN_MASK2; +- c = (t & BN_TBIT) ? 1 : 0; +- } +- carry <<= 1; +- carry |= c; ++ NIST_INT64 acc; /* accumulator */ ++ unsigned int *rp = (unsigned int *)r_d; ++ const unsigned int *bp = (const unsigned int *)buf.ui; ++ ++ acc = rp[0]; ++ acc += bp[8 - 8]; ++ acc += bp[9 - 8]; ++ acc -= bp[11 - 8]; ++ acc -= bp[12 - 8]; ++ acc -= bp[13 - 8]; ++ acc -= bp[14 - 8]; ++ rp[0] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[1]; ++ acc += bp[9 - 8]; ++ acc += bp[10 - 8]; ++ acc -= bp[12 - 8]; ++ acc -= bp[13 - 8]; ++ acc -= bp[14 - 8]; ++ acc -= bp[15 - 8]; ++ rp[1] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[2]; ++ acc += bp[10 - 8]; ++ acc += bp[11 - 8]; ++ acc -= bp[13 - 8]; ++ acc -= bp[14 - 8]; ++ acc -= bp[15 - 8]; ++ rp[2] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[3]; ++ acc += bp[11 - 8]; ++ acc += bp[11 - 8]; ++ acc += bp[12 - 8]; ++ acc += bp[12 - 8]; ++ acc += bp[13 - 8]; ++ acc -= bp[15 - 8]; ++ acc -= bp[8 - 8]; ++ acc -= bp[9 - 8]; ++ rp[3] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[4]; ++ acc += bp[12 - 8]; ++ acc += bp[12 - 8]; ++ acc += bp[13 - 8]; ++ acc += bp[13 - 8]; ++ acc += bp[14 - 8]; ++ acc -= bp[9 - 8]; ++ acc -= bp[10 - 8]; ++ rp[4] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[5]; ++ acc += bp[13 - 8]; ++ acc += bp[13 - 8]; ++ acc += bp[14 - 8]; ++ acc += bp[14 - 8]; ++ acc += bp[15 - 8]; ++ acc -= bp[10 - 8]; ++ acc -= bp[11 - 8]; ++ rp[5] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[6]; ++ acc += bp[14 - 8]; ++ acc += bp[14 - 8]; ++ acc += bp[15 - 8]; ++ acc += bp[15 - 8]; ++ acc += bp[14 - 8]; ++ acc += bp[13 - 8]; ++ acc -= bp[8 - 8]; ++ acc -= bp[9 - 8]; ++ rp[6] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[7]; ++ acc += bp[15 - 8]; ++ acc += bp[15 - 8]; ++ acc += bp[15 - 8]; ++ acc += bp[8 - 8]; ++ acc -= bp[10 - 8]; ++ acc -= bp[11 - 8]; ++ acc -= bp[12 - 8]; ++ acc -= bp[13 - 8]; ++ rp[7] = (unsigned int)acc; ++ ++ carry = (int)(acc >> 32); + } +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /* +- * S3 +- */ +- nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /* +- * S4 +- */ +- nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /* +- * D1 +- */ +- nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /* +- * D2 +- */ +- nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /* +- * D3 +- */ +- nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /* +- * D4 +- */ +- nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++#else ++ { ++ BN_ULONG t_d[BN_NIST_256_TOP]; + ++ /* ++ * S1 ++ */ ++ nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0); ++ /* ++ * S2 ++ */ ++ nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0); ++ carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); ++ /* left shift */ ++ { ++ register BN_ULONG *ap, t, c; ++ ap = t_d; ++ c = 0; ++ for (i = BN_NIST_256_TOP; i != 0; --i) { ++ t = *ap; ++ *(ap++) = ((t << 1) | c) & BN_MASK2; ++ c = (t & BN_TBIT) ? 1 : 0; ++ } ++ carry <<= 1; ++ carry |= c; ++ } ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * S3 ++ */ ++ nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * S4 ++ */ ++ nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * D1 ++ */ ++ nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * D2 ++ */ ++ nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * D3 ++ */ ++ nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * D4 ++ */ ++ nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ ++ } ++#endif + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) +@@ -657,14 +897,18 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + carry = + (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], + BN_NIST_256_TOP); +- mask = 0 - (size_t)carry; +- u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask); ++ mask = 0 - (PTR_SIZE_INT) carry; ++ u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | ++ ((PTR_SIZE_INT) bn_add_words & ~mask); + } else + carry = 1; + +- mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); +- mask &= 0 - (size_t)carry; +- res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); ++ mask = ++ 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); ++ mask &= 0 - (PTR_SIZE_INT) carry; ++ res = c_d; ++ res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | ++ ((PTR_SIZE_INT) r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_256_TOP); + r->top = BN_NIST_256_TOP; + bn_correct_top(r); +@@ -694,12 +938,16 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + int i, top = a->top; + int carry = 0; + register BN_ULONG *r_d, *a_d = a->d; +- BN_ULONG t_d[BN_NIST_384_TOP], +- buf[BN_NIST_384_TOP], c_d[BN_NIST_384_TOP], *res; +- size_t mask; ++ union { ++ BN_ULONG bn[BN_NIST_384_TOP]; ++ unsigned int ui[BN_NIST_384_TOP * sizeof(BN_ULONG) / ++ sizeof(unsigned int)]; ++ } buf; ++ BN_ULONG c_d[BN_NIST_384_TOP], *res; ++ PTR_SIZE_INT mask; + union { + bn_addsub_f f; +- size_t p; ++ PTR_SIZE_INT p; + } u; + static const BIGNUM _bignum_nist_p_384_sqr = { + (BN_ULONG *)_nist_p_384_sqr, +@@ -728,67 +976,198 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + } else + r_d = a_d; + +- nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, ++ nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, + BN_NIST_384_TOP); + +- /* +- * S1 +- */ +- nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4); +- /* left shift */ ++#if defined(NIST_INT64) + { +- register BN_ULONG *ap, t, c; +- ap = t_d; +- c = 0; +- for (i = 3; i != 0; --i) { +- t = *ap; +- *(ap++) = ((t << 1) | c) & BN_MASK2; +- c = (t & BN_TBIT) ? 1 : 0; +- } +- *ap = c; ++ NIST_INT64 acc; /* accumulator */ ++ unsigned int *rp = (unsigned int *)r_d; ++ const unsigned int *bp = (const unsigned int *)buf.ui; ++ ++ acc = rp[0]; ++ acc += bp[12 - 12]; ++ acc += bp[21 - 12]; ++ acc += bp[20 - 12]; ++ acc -= bp[23 - 12]; ++ rp[0] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[1]; ++ acc += bp[13 - 12]; ++ acc += bp[22 - 12]; ++ acc += bp[23 - 12]; ++ acc -= bp[12 - 12]; ++ acc -= bp[20 - 12]; ++ rp[1] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[2]; ++ acc += bp[14 - 12]; ++ acc += bp[23 - 12]; ++ acc -= bp[13 - 12]; ++ acc -= bp[21 - 12]; ++ rp[2] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[3]; ++ acc += bp[15 - 12]; ++ acc += bp[12 - 12]; ++ acc += bp[20 - 12]; ++ acc += bp[21 - 12]; ++ acc -= bp[14 - 12]; ++ acc -= bp[22 - 12]; ++ acc -= bp[23 - 12]; ++ rp[3] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[4]; ++ acc += bp[21 - 12]; ++ acc += bp[21 - 12]; ++ acc += bp[16 - 12]; ++ acc += bp[13 - 12]; ++ acc += bp[12 - 12]; ++ acc += bp[20 - 12]; ++ acc += bp[22 - 12]; ++ acc -= bp[15 - 12]; ++ acc -= bp[23 - 12]; ++ acc -= bp[23 - 12]; ++ rp[4] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[5]; ++ acc += bp[22 - 12]; ++ acc += bp[22 - 12]; ++ acc += bp[17 - 12]; ++ acc += bp[14 - 12]; ++ acc += bp[13 - 12]; ++ acc += bp[21 - 12]; ++ acc += bp[23 - 12]; ++ acc -= bp[16 - 12]; ++ rp[5] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[6]; ++ acc += bp[23 - 12]; ++ acc += bp[23 - 12]; ++ acc += bp[18 - 12]; ++ acc += bp[15 - 12]; ++ acc += bp[14 - 12]; ++ acc += bp[22 - 12]; ++ acc -= bp[17 - 12]; ++ rp[6] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[7]; ++ acc += bp[19 - 12]; ++ acc += bp[16 - 12]; ++ acc += bp[15 - 12]; ++ acc += bp[23 - 12]; ++ acc -= bp[18 - 12]; ++ rp[7] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[8]; ++ acc += bp[20 - 12]; ++ acc += bp[17 - 12]; ++ acc += bp[16 - 12]; ++ acc -= bp[19 - 12]; ++ rp[8] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[9]; ++ acc += bp[21 - 12]; ++ acc += bp[18 - 12]; ++ acc += bp[17 - 12]; ++ acc -= bp[20 - 12]; ++ rp[9] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[10]; ++ acc += bp[22 - 12]; ++ acc += bp[19 - 12]; ++ acc += bp[18 - 12]; ++ acc -= bp[21 - 12]; ++ rp[10] = (unsigned int)acc; ++ acc >>= 32; ++ ++ acc += rp[11]; ++ acc += bp[23 - 12]; ++ acc += bp[20 - 12]; ++ acc += bp[19 - 12]; ++ acc -= bp[22 - 12]; ++ rp[11] = (unsigned int)acc; ++ ++ carry = (int)(acc >> 32); + } +- carry = (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2), ++#else ++ { ++ BN_ULONG t_d[BN_NIST_384_TOP]; ++ ++ /* ++ * S1 ++ */ ++ nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4); ++ /* left shift */ ++ { ++ register BN_ULONG *ap, t, c; ++ ap = t_d; ++ c = 0; ++ for (i = 3; i != 0; --i) { ++ t = *ap; ++ *(ap++) = ((t << 1) | c) & BN_MASK2; ++ c = (t & BN_TBIT) ? 1 : 0; ++ } ++ *ap = c; ++ } ++ carry = ++ (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2), + t_d, BN_NIST_256_TOP); +- /* +- * S2 +- */ +- carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP); +- /* +- * S3 +- */ +- nist_set_384(t_d, buf, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, 21); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /* +- * S4 +- */ +- nist_set_384(t_d, buf, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, 0); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /* +- * S5 +- */ +- nist_set_384(t_d, buf, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /* +- * S6 +- */ +- nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /* +- * D1 +- */ +- nist_set_384(t_d, buf, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /* +- * D2 +- */ +- nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /* +- * D3 +- */ +- nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * S2 ++ */ ++ carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP); ++ /* ++ * S3 ++ */ ++ nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, ++ 21); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * S4 ++ */ ++ nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, ++ 0); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * S5 ++ */ ++ nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * S6 ++ */ ++ nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * D1 ++ */ ++ nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, ++ 23); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * D2 ++ */ ++ nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * D3 ++ */ ++ nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); + ++ } ++#endif + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) +@@ -799,14 +1178,18 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + carry = + (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], + BN_NIST_384_TOP); +- mask = 0 - (size_t)carry; +- u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask); ++ mask = 0 - (PTR_SIZE_INT) carry; ++ u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | ++ ((PTR_SIZE_INT) bn_add_words & ~mask); + } else + carry = 1; + +- mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); +- mask &= 0 - (size_t)carry; +- res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); ++ mask = ++ 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); ++ mask &= 0 - (PTR_SIZE_INT) carry; ++ res = c_d; ++ res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | ++ ((PTR_SIZE_INT) r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_384_TOP); + r->top = BN_NIST_384_TOP; + bn_correct_top(r); +@@ -823,7 +1206,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + { + int top = a->top, i; + BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; +- size_t mask; ++ PTR_SIZE_INT mask; + static const BIGNUM _bignum_nist_p_521_sqr = { + (BN_ULONG *)_nist_p_521_sqr, + sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), +@@ -856,17 +1239,21 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); + /* ... and right shift */ + for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { +- tmp = val >> BN_NIST_521_RSHIFT; +- val = t_d[i + 1]; +- t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; ++ t_d[i] = (val >> BN_NIST_521_RSHIFT | ++ (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2; ++ val = tmp; + } + t_d[i] = val >> BN_NIST_521_RSHIFT; + /* lower 521 bits */ + r_d[i] &= BN_NIST_521_TOP_MASK; + + bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP); +- mask = 0 - (size_t)bn_sub_words(t_d, r_d, _nist_p_521, BN_NIST_521_TOP); +- res = (BN_ULONG *)(((size_t)t_d & ~mask) | ((size_t)r_d & mask)); ++ mask = ++ 0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521, ++ BN_NIST_521_TOP); ++ res = t_d; ++ res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | ++ ((PTR_SIZE_INT) r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_521_TOP); + r->top = BN_NIST_521_TOP; + bn_correct_top(r); +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c +deleted file mode 100644 +index efdebdd..0000000 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c ++++ /dev/null +@@ -1,86 +0,0 @@ +-/* crypto/bn/bn_opt.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#ifndef BN_DEBUG +-# undef NDEBUG /* avoid conflicting definitions */ +-# define NDEBUG +-#endif +- +-#include +-#include +-#include +-#include "cryptlib.h" +-#include "bn_lcl.h" +- +-char *BN_options(void) +-{ +- static int init = 0; +- static char data[16]; +- +- if (!init) { +- init++; +-#ifdef BN_LLONG +- BIO_snprintf(data, sizeof data, "bn(%d,%d)", +- (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); +-#else +- BIO_snprintf(data, sizeof data, "bn(%d,%d)", +- (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); +-#endif +- } +- return (data); +-} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.h b/Cryptlib/OpenSSL/crypto/bn/bn_prime.h +index 51d2194..5cf0de1 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.h ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,271 +57,270 @@ + */ + + #ifndef EIGHT_BIT +-#define NUMPRIMES 2048 ++# define NUMPRIMES 2048 + typedef unsigned short prime_t; + #else +-#define NUMPRIMES 54 ++# define NUMPRIMES 54 + typedef unsigned char prime_t; + #endif +-static const prime_t primes[NUMPRIMES]= +- { +- 2, 3, 5, 7, 11, 13, 17, 19, +- 23, 29, 31, 37, 41, 43, 47, 53, +- 59, 61, 67, 71, 73, 79, 83, 89, +- 97, 101, 103, 107, 109, 113, 127, 131, +- 137, 139, 149, 151, 157, 163, 167, 173, +- 179, 181, 191, 193, 197, 199, 211, 223, +- 227, 229, 233, 239, 241, 251, ++static const prime_t primes[NUMPRIMES] = { ++ 2, 3, 5, 7, 11, 13, 17, 19, ++ 23, 29, 31, 37, 41, 43, 47, 53, ++ 59, 61, 67, 71, 73, 79, 83, 89, ++ 97, 101, 103, 107, 109, 113, 127, 131, ++ 137, 139, 149, 151, 157, 163, 167, 173, ++ 179, 181, 191, 193, 197, 199, 211, 223, ++ 227, 229, 233, 239, 241, 251, + #ifndef EIGHT_BIT +- 257, 263, +- 269, 271, 277, 281, 283, 293, 307, 311, +- 313, 317, 331, 337, 347, 349, 353, 359, +- 367, 373, 379, 383, 389, 397, 401, 409, +- 419, 421, 431, 433, 439, 443, 449, 457, +- 461, 463, 467, 479, 487, 491, 499, 503, +- 509, 521, 523, 541, 547, 557, 563, 569, +- 571, 577, 587, 593, 599, 601, 607, 613, +- 617, 619, 631, 641, 643, 647, 653, 659, +- 661, 673, 677, 683, 691, 701, 709, 719, +- 727, 733, 739, 743, 751, 757, 761, 769, +- 773, 787, 797, 809, 811, 821, 823, 827, +- 829, 839, 853, 857, 859, 863, 877, 881, +- 883, 887, 907, 911, 919, 929, 937, 941, +- 947, 953, 967, 971, 977, 983, 991, 997, +- 1009,1013,1019,1021,1031,1033,1039,1049, +- 1051,1061,1063,1069,1087,1091,1093,1097, +- 1103,1109,1117,1123,1129,1151,1153,1163, +- 1171,1181,1187,1193,1201,1213,1217,1223, +- 1229,1231,1237,1249,1259,1277,1279,1283, +- 1289,1291,1297,1301,1303,1307,1319,1321, +- 1327,1361,1367,1373,1381,1399,1409,1423, +- 1427,1429,1433,1439,1447,1451,1453,1459, +- 1471,1481,1483,1487,1489,1493,1499,1511, +- 1523,1531,1543,1549,1553,1559,1567,1571, +- 1579,1583,1597,1601,1607,1609,1613,1619, +- 1621,1627,1637,1657,1663,1667,1669,1693, +- 1697,1699,1709,1721,1723,1733,1741,1747, +- 1753,1759,1777,1783,1787,1789,1801,1811, +- 1823,1831,1847,1861,1867,1871,1873,1877, +- 1879,1889,1901,1907,1913,1931,1933,1949, +- 1951,1973,1979,1987,1993,1997,1999,2003, +- 2011,2017,2027,2029,2039,2053,2063,2069, +- 2081,2083,2087,2089,2099,2111,2113,2129, +- 2131,2137,2141,2143,2153,2161,2179,2203, +- 2207,2213,2221,2237,2239,2243,2251,2267, +- 2269,2273,2281,2287,2293,2297,2309,2311, +- 2333,2339,2341,2347,2351,2357,2371,2377, +- 2381,2383,2389,2393,2399,2411,2417,2423, +- 2437,2441,2447,2459,2467,2473,2477,2503, +- 2521,2531,2539,2543,2549,2551,2557,2579, +- 2591,2593,2609,2617,2621,2633,2647,2657, +- 2659,2663,2671,2677,2683,2687,2689,2693, +- 2699,2707,2711,2713,2719,2729,2731,2741, +- 2749,2753,2767,2777,2789,2791,2797,2801, +- 2803,2819,2833,2837,2843,2851,2857,2861, +- 2879,2887,2897,2903,2909,2917,2927,2939, +- 2953,2957,2963,2969,2971,2999,3001,3011, +- 3019,3023,3037,3041,3049,3061,3067,3079, +- 3083,3089,3109,3119,3121,3137,3163,3167, +- 3169,3181,3187,3191,3203,3209,3217,3221, +- 3229,3251,3253,3257,3259,3271,3299,3301, +- 3307,3313,3319,3323,3329,3331,3343,3347, +- 3359,3361,3371,3373,3389,3391,3407,3413, +- 3433,3449,3457,3461,3463,3467,3469,3491, +- 3499,3511,3517,3527,3529,3533,3539,3541, +- 3547,3557,3559,3571,3581,3583,3593,3607, +- 3613,3617,3623,3631,3637,3643,3659,3671, +- 3673,3677,3691,3697,3701,3709,3719,3727, +- 3733,3739,3761,3767,3769,3779,3793,3797, +- 3803,3821,3823,3833,3847,3851,3853,3863, +- 3877,3881,3889,3907,3911,3917,3919,3923, +- 3929,3931,3943,3947,3967,3989,4001,4003, +- 4007,4013,4019,4021,4027,4049,4051,4057, +- 4073,4079,4091,4093,4099,4111,4127,4129, +- 4133,4139,4153,4157,4159,4177,4201,4211, +- 4217,4219,4229,4231,4241,4243,4253,4259, +- 4261,4271,4273,4283,4289,4297,4327,4337, +- 4339,4349,4357,4363,4373,4391,4397,4409, +- 4421,4423,4441,4447,4451,4457,4463,4481, +- 4483,4493,4507,4513,4517,4519,4523,4547, +- 4549,4561,4567,4583,4591,4597,4603,4621, +- 4637,4639,4643,4649,4651,4657,4663,4673, +- 4679,4691,4703,4721,4723,4729,4733,4751, +- 4759,4783,4787,4789,4793,4799,4801,4813, +- 4817,4831,4861,4871,4877,4889,4903,4909, +- 4919,4931,4933,4937,4943,4951,4957,4967, +- 4969,4973,4987,4993,4999,5003,5009,5011, +- 5021,5023,5039,5051,5059,5077,5081,5087, +- 5099,5101,5107,5113,5119,5147,5153,5167, +- 5171,5179,5189,5197,5209,5227,5231,5233, +- 5237,5261,5273,5279,5281,5297,5303,5309, +- 5323,5333,5347,5351,5381,5387,5393,5399, +- 5407,5413,5417,5419,5431,5437,5441,5443, +- 5449,5471,5477,5479,5483,5501,5503,5507, +- 5519,5521,5527,5531,5557,5563,5569,5573, +- 5581,5591,5623,5639,5641,5647,5651,5653, +- 5657,5659,5669,5683,5689,5693,5701,5711, +- 5717,5737,5741,5743,5749,5779,5783,5791, +- 5801,5807,5813,5821,5827,5839,5843,5849, +- 5851,5857,5861,5867,5869,5879,5881,5897, +- 5903,5923,5927,5939,5953,5981,5987,6007, +- 6011,6029,6037,6043,6047,6053,6067,6073, +- 6079,6089,6091,6101,6113,6121,6131,6133, +- 6143,6151,6163,6173,6197,6199,6203,6211, +- 6217,6221,6229,6247,6257,6263,6269,6271, +- 6277,6287,6299,6301,6311,6317,6323,6329, +- 6337,6343,6353,6359,6361,6367,6373,6379, +- 6389,6397,6421,6427,6449,6451,6469,6473, +- 6481,6491,6521,6529,6547,6551,6553,6563, +- 6569,6571,6577,6581,6599,6607,6619,6637, +- 6653,6659,6661,6673,6679,6689,6691,6701, +- 6703,6709,6719,6733,6737,6761,6763,6779, +- 6781,6791,6793,6803,6823,6827,6829,6833, +- 6841,6857,6863,6869,6871,6883,6899,6907, +- 6911,6917,6947,6949,6959,6961,6967,6971, +- 6977,6983,6991,6997,7001,7013,7019,7027, +- 7039,7043,7057,7069,7079,7103,7109,7121, +- 7127,7129,7151,7159,7177,7187,7193,7207, +- 7211,7213,7219,7229,7237,7243,7247,7253, +- 7283,7297,7307,7309,7321,7331,7333,7349, +- 7351,7369,7393,7411,7417,7433,7451,7457, +- 7459,7477,7481,7487,7489,7499,7507,7517, +- 7523,7529,7537,7541,7547,7549,7559,7561, +- 7573,7577,7583,7589,7591,7603,7607,7621, +- 7639,7643,7649,7669,7673,7681,7687,7691, +- 7699,7703,7717,7723,7727,7741,7753,7757, +- 7759,7789,7793,7817,7823,7829,7841,7853, +- 7867,7873,7877,7879,7883,7901,7907,7919, +- 7927,7933,7937,7949,7951,7963,7993,8009, +- 8011,8017,8039,8053,8059,8069,8081,8087, +- 8089,8093,8101,8111,8117,8123,8147,8161, +- 8167,8171,8179,8191,8209,8219,8221,8231, +- 8233,8237,8243,8263,8269,8273,8287,8291, +- 8293,8297,8311,8317,8329,8353,8363,8369, +- 8377,8387,8389,8419,8423,8429,8431,8443, +- 8447,8461,8467,8501,8513,8521,8527,8537, +- 8539,8543,8563,8573,8581,8597,8599,8609, +- 8623,8627,8629,8641,8647,8663,8669,8677, +- 8681,8689,8693,8699,8707,8713,8719,8731, +- 8737,8741,8747,8753,8761,8779,8783,8803, +- 8807,8819,8821,8831,8837,8839,8849,8861, +- 8863,8867,8887,8893,8923,8929,8933,8941, +- 8951,8963,8969,8971,8999,9001,9007,9011, +- 9013,9029,9041,9043,9049,9059,9067,9091, +- 9103,9109,9127,9133,9137,9151,9157,9161, +- 9173,9181,9187,9199,9203,9209,9221,9227, +- 9239,9241,9257,9277,9281,9283,9293,9311, +- 9319,9323,9337,9341,9343,9349,9371,9377, +- 9391,9397,9403,9413,9419,9421,9431,9433, +- 9437,9439,9461,9463,9467,9473,9479,9491, +- 9497,9511,9521,9533,9539,9547,9551,9587, +- 9601,9613,9619,9623,9629,9631,9643,9649, +- 9661,9677,9679,9689,9697,9719,9721,9733, +- 9739,9743,9749,9767,9769,9781,9787,9791, +- 9803,9811,9817,9829,9833,9839,9851,9857, +- 9859,9871,9883,9887,9901,9907,9923,9929, +- 9931,9941,9949,9967,9973,10007,10009,10037, +- 10039,10061,10067,10069,10079,10091,10093,10099, +- 10103,10111,10133,10139,10141,10151,10159,10163, +- 10169,10177,10181,10193,10211,10223,10243,10247, +- 10253,10259,10267,10271,10273,10289,10301,10303, +- 10313,10321,10331,10333,10337,10343,10357,10369, +- 10391,10399,10427,10429,10433,10453,10457,10459, +- 10463,10477,10487,10499,10501,10513,10529,10531, +- 10559,10567,10589,10597,10601,10607,10613,10627, +- 10631,10639,10651,10657,10663,10667,10687,10691, +- 10709,10711,10723,10729,10733,10739,10753,10771, +- 10781,10789,10799,10831,10837,10847,10853,10859, +- 10861,10867,10883,10889,10891,10903,10909,10937, +- 10939,10949,10957,10973,10979,10987,10993,11003, +- 11027,11047,11057,11059,11069,11071,11083,11087, +- 11093,11113,11117,11119,11131,11149,11159,11161, +- 11171,11173,11177,11197,11213,11239,11243,11251, +- 11257,11261,11273,11279,11287,11299,11311,11317, +- 11321,11329,11351,11353,11369,11383,11393,11399, +- 11411,11423,11437,11443,11447,11467,11471,11483, +- 11489,11491,11497,11503,11519,11527,11549,11551, +- 11579,11587,11593,11597,11617,11621,11633,11657, +- 11677,11681,11689,11699,11701,11717,11719,11731, +- 11743,11777,11779,11783,11789,11801,11807,11813, +- 11821,11827,11831,11833,11839,11863,11867,11887, +- 11897,11903,11909,11923,11927,11933,11939,11941, +- 11953,11959,11969,11971,11981,11987,12007,12011, +- 12037,12041,12043,12049,12071,12073,12097,12101, +- 12107,12109,12113,12119,12143,12149,12157,12161, +- 12163,12197,12203,12211,12227,12239,12241,12251, +- 12253,12263,12269,12277,12281,12289,12301,12323, +- 12329,12343,12347,12373,12377,12379,12391,12401, +- 12409,12413,12421,12433,12437,12451,12457,12473, +- 12479,12487,12491,12497,12503,12511,12517,12527, +- 12539,12541,12547,12553,12569,12577,12583,12589, +- 12601,12611,12613,12619,12637,12641,12647,12653, +- 12659,12671,12689,12697,12703,12713,12721,12739, +- 12743,12757,12763,12781,12791,12799,12809,12821, +- 12823,12829,12841,12853,12889,12893,12899,12907, +- 12911,12917,12919,12923,12941,12953,12959,12967, +- 12973,12979,12983,13001,13003,13007,13009,13033, +- 13037,13043,13049,13063,13093,13099,13103,13109, +- 13121,13127,13147,13151,13159,13163,13171,13177, +- 13183,13187,13217,13219,13229,13241,13249,13259, +- 13267,13291,13297,13309,13313,13327,13331,13337, +- 13339,13367,13381,13397,13399,13411,13417,13421, +- 13441,13451,13457,13463,13469,13477,13487,13499, +- 13513,13523,13537,13553,13567,13577,13591,13597, +- 13613,13619,13627,13633,13649,13669,13679,13681, +- 13687,13691,13693,13697,13709,13711,13721,13723, +- 13729,13751,13757,13759,13763,13781,13789,13799, +- 13807,13829,13831,13841,13859,13873,13877,13879, +- 13883,13901,13903,13907,13913,13921,13931,13933, +- 13963,13967,13997,13999,14009,14011,14029,14033, +- 14051,14057,14071,14081,14083,14087,14107,14143, +- 14149,14153,14159,14173,14177,14197,14207,14221, +- 14243,14249,14251,14281,14293,14303,14321,14323, +- 14327,14341,14347,14369,14387,14389,14401,14407, +- 14411,14419,14423,14431,14437,14447,14449,14461, +- 14479,14489,14503,14519,14533,14537,14543,14549, +- 14551,14557,14561,14563,14591,14593,14621,14627, +- 14629,14633,14639,14653,14657,14669,14683,14699, +- 14713,14717,14723,14731,14737,14741,14747,14753, +- 14759,14767,14771,14779,14783,14797,14813,14821, +- 14827,14831,14843,14851,14867,14869,14879,14887, +- 14891,14897,14923,14929,14939,14947,14951,14957, +- 14969,14983,15013,15017,15031,15053,15061,15073, +- 15077,15083,15091,15101,15107,15121,15131,15137, +- 15139,15149,15161,15173,15187,15193,15199,15217, +- 15227,15233,15241,15259,15263,15269,15271,15277, +- 15287,15289,15299,15307,15313,15319,15329,15331, +- 15349,15359,15361,15373,15377,15383,15391,15401, +- 15413,15427,15439,15443,15451,15461,15467,15473, +- 15493,15497,15511,15527,15541,15551,15559,15569, +- 15581,15583,15601,15607,15619,15629,15641,15643, +- 15647,15649,15661,15667,15671,15679,15683,15727, +- 15731,15733,15737,15739,15749,15761,15767,15773, +- 15787,15791,15797,15803,15809,15817,15823,15859, +- 15877,15881,15887,15889,15901,15907,15913,15919, +- 15923,15937,15959,15971,15973,15991,16001,16007, +- 16033,16057,16061,16063,16067,16069,16073,16087, +- 16091,16097,16103,16111,16127,16139,16141,16183, +- 16187,16189,16193,16217,16223,16229,16231,16249, +- 16253,16267,16273,16301,16319,16333,16339,16349, +- 16361,16363,16369,16381,16411,16417,16421,16427, +- 16433,16447,16451,16453,16477,16481,16487,16493, +- 16519,16529,16547,16553,16561,16567,16573,16603, +- 16607,16619,16631,16633,16649,16651,16657,16661, +- 16673,16691,16693,16699,16703,16729,16741,16747, +- 16759,16763,16787,16811,16823,16829,16831,16843, +- 16871,16879,16883,16889,16901,16903,16921,16927, +- 16931,16937,16943,16963,16979,16981,16987,16993, +- 17011,17021,17027,17029,17033,17041,17047,17053, +- 17077,17093,17099,17107,17117,17123,17137,17159, +- 17167,17183,17189,17191,17203,17207,17209,17231, +- 17239,17257,17291,17293,17299,17317,17321,17327, +- 17333,17341,17351,17359,17377,17383,17387,17389, +- 17393,17401,17417,17419,17431,17443,17449,17467, +- 17471,17477,17483,17489,17491,17497,17509,17519, +- 17539,17551,17569,17573,17579,17581,17597,17599, +- 17609,17623,17627,17657,17659,17669,17681,17683, +- 17707,17713,17729,17737,17747,17749,17761,17783, +- 17789,17791,17807,17827,17837,17839,17851,17863, ++ 257, 263, ++ 269, 271, 277, 281, 283, 293, 307, 311, ++ 313, 317, 331, 337, 347, 349, 353, 359, ++ 367, 373, 379, 383, 389, 397, 401, 409, ++ 419, 421, 431, 433, 439, 443, 449, 457, ++ 461, 463, 467, 479, 487, 491, 499, 503, ++ 509, 521, 523, 541, 547, 557, 563, 569, ++ 571, 577, 587, 593, 599, 601, 607, 613, ++ 617, 619, 631, 641, 643, 647, 653, 659, ++ 661, 673, 677, 683, 691, 701, 709, 719, ++ 727, 733, 739, 743, 751, 757, 761, 769, ++ 773, 787, 797, 809, 811, 821, 823, 827, ++ 829, 839, 853, 857, 859, 863, 877, 881, ++ 883, 887, 907, 911, 919, 929, 937, 941, ++ 947, 953, 967, 971, 977, 983, 991, 997, ++ 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, ++ 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, ++ 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, ++ 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, ++ 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, ++ 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, ++ 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, ++ 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, ++ 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, ++ 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, ++ 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, ++ 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, ++ 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, ++ 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, ++ 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, ++ 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, ++ 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, ++ 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, ++ 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, ++ 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, ++ 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, ++ 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, ++ 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, ++ 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, ++ 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, ++ 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, ++ 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, ++ 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, ++ 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, ++ 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, ++ 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, ++ 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, ++ 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, ++ 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, ++ 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, ++ 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, ++ 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, ++ 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, ++ 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, ++ 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, ++ 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, ++ 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, ++ 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, ++ 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, ++ 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, ++ 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, ++ 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, ++ 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, ++ 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, ++ 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, ++ 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, ++ 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, ++ 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, ++ 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, ++ 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, ++ 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, ++ 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, ++ 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, ++ 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, ++ 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, ++ 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, ++ 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, ++ 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, ++ 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, ++ 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, ++ 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, ++ 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, ++ 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, ++ 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, ++ 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, ++ 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, ++ 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, ++ 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, ++ 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, ++ 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, ++ 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, ++ 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, ++ 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, ++ 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, ++ 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, ++ 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, ++ 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, ++ 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, ++ 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, ++ 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, ++ 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, ++ 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, ++ 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, ++ 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, ++ 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, ++ 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, ++ 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, ++ 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, ++ 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, ++ 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, ++ 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, ++ 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, ++ 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, ++ 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, ++ 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, ++ 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, ++ 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, ++ 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, ++ 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, ++ 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, ++ 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, ++ 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, ++ 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, ++ 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, ++ 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, ++ 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, ++ 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, ++ 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, ++ 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, ++ 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, ++ 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, ++ 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, ++ 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, ++ 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, ++ 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, ++ 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, ++ 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, ++ 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, ++ 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, ++ 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, ++ 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, ++ 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, ++ 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, ++ 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, ++ 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, ++ 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, ++ 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, ++ 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, ++ 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, ++ 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, ++ 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, ++ 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, ++ 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, ++ 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, ++ 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, ++ 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, ++ 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, ++ 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, ++ 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, ++ 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, ++ 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, ++ 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, ++ 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, ++ 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, ++ 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, ++ 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, ++ 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, ++ 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, ++ 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, ++ 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, ++ 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, ++ 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, ++ 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, ++ 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, ++ 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, ++ 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, ++ 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, ++ 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, ++ 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, ++ 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, ++ 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, ++ 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, ++ 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, ++ 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, ++ 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, ++ 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, ++ 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, ++ 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, ++ 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, ++ 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, ++ 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, ++ 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, ++ 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, ++ 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, ++ 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, ++ 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, ++ 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, ++ 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, ++ 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, ++ 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, ++ 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, ++ 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, ++ 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, ++ 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, ++ 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, ++ 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, ++ 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, ++ 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, ++ 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, ++ 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, ++ 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, ++ 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, ++ 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, ++ 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, ++ 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, ++ 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, ++ 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, ++ 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, ++ 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, ++ 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, ++ 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, ++ 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, ++ 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, ++ 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, ++ 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, ++ 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, ++ 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, ++ 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, ++ 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, ++ 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, ++ 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, ++ 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, ++ 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, ++ 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, ++ 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, ++ 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, ++ 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, ++ 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, ++ 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, ++ 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, ++ 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, ++ 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, ++ 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, ++ 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, ++ 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, ++ 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, ++ 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, ++ 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, ++ 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, ++ 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, + #endif +- }; ++}; +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c +index 15bc51a..ab10b95 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_print.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_print.c +@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) + char *buf; + char *p; + +- buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); ++ if (a->neg && BN_is_zero(a)) { ++ /* "-0" == 3 bytes including NULL terminator */ ++ buf = OPENSSL_malloc(3); ++ } else { ++ buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); ++ } + if (buf == NULL) { + BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); + goto err; +@@ -304,6 +309,24 @@ int BN_dec2bn(BIGNUM **bn, const char *a) + return (0); + } + ++int BN_asc2bn(BIGNUM **bn, const char *a) ++{ ++ const char *p = a; ++ if (*p == '-') ++ p++; ++ ++ if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) { ++ if (!BN_hex2bn(bn, p + 2)) ++ return 0; ++ } else { ++ if (!BN_dec2bn(bn, p)) ++ return 0; ++ } ++ if (*a == '-') ++ (*bn)->neg = 1; ++ return 1; ++} ++ + #ifndef OPENSSL_NO_BIO + # ifndef OPENSSL_NO_FP_API + int BN_print_fp(FILE *fp, const BIGNUM *a) +@@ -345,3 +368,21 @@ int BN_print(BIO *bp, const BIGNUM *a) + return (ret); + } + #endif ++ ++char *BN_options(void) ++{ ++ static int init = 0; ++ static char data[16]; ++ ++ if (!init) { ++ init++; ++#ifdef BN_LLONG ++ BIO_snprintf(data, sizeof data, "bn(%d,%d)", ++ (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); ++#else ++ BIO_snprintf(data, sizeof data, "bn(%d,%d)", ++ (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); ++#endif ++ } ++ return (data); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +index 7ac71ec..f9fb2e9 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +@@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + int ret = 0, bit, bytes, mask; + time_t tim; + ++ if (bits < 0 || (bits == 1 && top > 0)) { ++ BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); ++ return 0; ++ } ++ + if (bits == 0) { + BN_zero(rnd); + return 1; +@@ -157,7 +162,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + unsigned char c; + + for (i = 0; i < bytes; i++) { +- RAND_pseudo_bytes(&c, 1); ++ if (RAND_pseudo_bytes(&c, 1) < 0) ++ goto err; + if (c >= 128 && i > 0) + buf[i] = buf[i - 1]; + else if (c < 42) +@@ -168,7 +174,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + } + #endif + +- if (top != -1) { ++ if (top >= 0) { + if (top) { + if (bit == 0) { + buf[0] = 1; +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +index 67904c9..9673d9a 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +@@ -96,7 +96,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) + int BN_rshift1(BIGNUM *r, const BIGNUM *a) + { + BN_ULONG *ap, *rp, t, c; +- int i; ++ int i, j; + + bn_check_top(r); + bn_check_top(a); +@@ -105,21 +105,25 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) + BN_zero(r); + return (1); + } ++ i = a->top; ++ ap = a->d; ++ j = i - (ap[i - 1] == 1); + if (a != r) { +- if (bn_wexpand(r, a->top) == NULL) ++ if (bn_wexpand(r, j) == NULL) + return (0); +- r->top = a->top; + r->neg = a->neg; + } +- ap = a->d; + rp = r->d; +- c = 0; +- for (i = a->top - 1; i >= 0; i--) { +- t = ap[i]; ++ t = ap[--i]; ++ c = (t & 1) ? BN_TBIT : 0; ++ if (t >>= 1) ++ rp[i] = t; ++ while (i > 0) { ++ t = ap[--i]; + rp[i] = ((t >> 1) & BN_MASK2) | c; + c = (t & 1) ? BN_TBIT : 0; + } +- bn_correct_top(r); ++ r->top = j; + bn_check_top(r); + return (1); + } +@@ -133,6 +137,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) + bn_check_top(r); + bn_check_top(a); + ++ if (n < 0) { ++ BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); ++ return 0; ++ } ++ + r->neg = a->neg; + nw = n / BN_BITS2; + if (bn_wexpand(r, a->top + nw + 1) == NULL) +@@ -170,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) + bn_check_top(r); + bn_check_top(a); + ++ if (n < 0) { ++ BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); ++ return 0; ++ } ++ + nw = n / BN_BITS2; + rb = n % BN_BITS2; + lb = BN_BITS2 - rb; +@@ -177,9 +191,10 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) + BN_zero(r); + return (1); + } ++ i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; + if (r != a) { + r->neg = a->neg; +- if (bn_wexpand(r, a->top - nw + 1) == NULL) ++ if (bn_wexpand(r, i) == NULL) + return (0); + } else { + if (n == 0) +@@ -189,7 +204,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) + f = &(a->d[nw]); + t = r->d; + j = a->top - nw; +- r->top = j; ++ r->top = i; + + if (rb == 0) { + for (i = j; i != 0; i--) +@@ -201,9 +216,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) + l = *(f++); + *(t++) = (tmp | (l << lb)) & BN_MASK2; + } +- *(t++) = (l >> rb) & BN_MASK2; ++ if ((l = (l >> rb) & BN_MASK2)) ++ *(t) = l; + } +- bn_correct_top(r); + bn_check_top(r); + return (1); + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h +new file mode 100644 +index 0000000..33361de +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h +@@ -0,0 +1,56 @@ ++/****************************************************************************** ++* Copyright(c) 2012, Intel Corp. ++* Developers and authors: ++* Shay Gueron (1, 2), and Vlad Krasnov (1) ++* (1) Intel Corporation, Israel Development Center, Haifa, Israel ++* (2) University of Haifa, Israel ++****************************************************************************** ++* LICENSE: ++* This submission to OpenSSL is to be made available under the OpenSSL ++* license, and only to the OpenSSL project, in order to allow integration ++* into the publicly distributed code. ++* The use of this code, or portions of this code, or concepts embedded in ++* this code, or modification of this code and/or algorithm(s) in it, or the ++* use of this code for any other purpose than stated above, requires special ++* licensing. ++****************************************************************************** ++* DISCLAIMER: ++* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AND THE COPYRIGHT OWNERS ++* ``AS IS''. ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ++* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS OR THE COPYRIGHT ++* OWNERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, ++* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ++* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ++* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ++* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ++* POSSIBILITY OF SUCH DAMAGE. ++******************************************************************************/ ++ ++#ifndef RSAZ_EXP_H ++# define RSAZ_EXP_H ++ ++# undef RSAZ_ENABLED ++# if defined(OPENSSL_BN_ASM_MONT) && \ ++ (defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_AMD64) || defined(_M_X64)) ++# define RSAZ_ENABLED ++ ++# include ++ ++void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], ++ const BN_ULONG base_norm[16], ++ const BN_ULONG exponent[16], ++ const BN_ULONG m_norm[16], const BN_ULONG RR[16], ++ BN_ULONG k0); ++int rsaz_avx2_eligible(); ++ ++void RSAZ_512_mod_exp(BN_ULONG result[8], ++ const BN_ULONG base_norm[8], const BN_ULONG exponent[8], ++ const BN_ULONG m_norm[8], BN_ULONG k0, ++ const BN_ULONG RR[8]); ++ ++# endif ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c +index dfb8e85..631eec3 100644 +--- a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c ++++ b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c +@@ -1,6 +1,6 @@ + /* crypto/buffer/buf_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c +index 88be76f..ebc5ab4 100644 +--- a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c ++++ b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c +@@ -1,62 +1,74 @@ +-/* crypto/buffer/buf_str.c */ +-/* ==================================================================== +- * Copyright (c) 2007 The OpenSSL Project. All rights reserved. ++/* crypto/buffer/buffer.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +- * +- * 1. Redistributions of source code must retain the above copyright ++ * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. +- * + * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include "cryptlib.h" + #include + ++size_t BUF_strnlen(const char *str, size_t maxlen) ++{ ++ const char *p; ++ ++ for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ; ++ ++ return p - str; ++} ++ + char *BUF_strdup(const char *str) + { + if (str == NULL) +@@ -71,6 +83,8 @@ char *BUF_strndup(const char *str, size_t siz) + if (str == NULL) + return (NULL); + ++ siz = BUF_strnlen(str, siz); ++ + ret = OPENSSL_malloc(siz + 1); + if (ret == NULL) { + BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE); +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c +index f59849f..eff3e08 100644 +--- a/Cryptlib/OpenSSL/crypto/buffer/buffer.c ++++ b/Cryptlib/OpenSSL/crypto/buffer/buffer.c +@@ -88,21 +88,17 @@ void BUF_MEM_free(BUF_MEM *a) + return; + + if (a->data != NULL) { +- memset(a->data, 0, (unsigned int)a->max); ++ OPENSSL_cleanse(a->data, a->max); + OPENSSL_free(a->data); + } + OPENSSL_free(a); + } + +-int BUF_MEM_grow(BUF_MEM *str, int len) ++int BUF_MEM_grow(BUF_MEM *str, size_t len) + { + char *ret; +- unsigned int n; ++ size_t n; + +- if (len < 0) { +- BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE); +- return 0; +- } + if (str->length >= len) { + str->length = len; + return (len); +@@ -134,15 +130,11 @@ int BUF_MEM_grow(BUF_MEM *str, int len) + return (len); + } + +-int BUF_MEM_grow_clean(BUF_MEM *str, int len) ++int BUF_MEM_grow_clean(BUF_MEM *str, size_t len) + { + char *ret; +- unsigned int n; ++ size_t n; + +- if (len < 0) { +- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); +- return 0; +- } + if (str->length >= len) { + memset(&str->data[len], 0, str->length - len); + str->length = len; +@@ -174,3 +166,22 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) + } + return (len); + } ++ ++void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size) ++{ ++ size_t i; ++ if (in) { ++ out += size - 1; ++ for (i = 0; i < size; i++) ++ *out-- = *in++; ++ } else { ++ unsigned char *q; ++ char c; ++ q = out + size - 1; ++ for (i = 0; i < size / 2; i++) { ++ c = *q; ++ *q-- = *out; ++ *out++ = c; ++ } ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c +deleted file mode 100644 +index f2f16e5..0000000 +--- a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c ++++ /dev/null +@@ -1,123 +0,0 @@ +-/* crypto/cast/c_cfb64.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "cast_lcl.h" +- +-/* +- * The input and output encrypted as though 64bit cfb mode is being used. +- * The extra state information to record how much of the 64bit block we have +- * used is contained in *num; +- */ +- +-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, const CAST_KEY *schedule, +- unsigned char *ivec, int *num, int enc) +-{ +- register CAST_LONG v0, v1, t; +- register int n = *num; +- register long l = length; +- CAST_LONG ti[2]; +- unsigned char *iv, c, cc; +- +- iv = ivec; +- if (enc) { +- while (l--) { +- if (n == 0) { +- n2l(iv, v0); +- ti[0] = v0; +- n2l(iv, v1); +- ti[1] = v1; +- CAST_encrypt((CAST_LONG *)ti, schedule); +- iv = ivec; +- t = ti[0]; +- l2n(t, iv); +- t = ti[1]; +- l2n(t, iv); +- iv = ivec; +- } +- c = *(in++) ^ iv[n]; +- *(out++) = c; +- iv[n] = c; +- n = (n + 1) & 0x07; +- } +- } else { +- while (l--) { +- if (n == 0) { +- n2l(iv, v0); +- ti[0] = v0; +- n2l(iv, v1); +- ti[1] = v1; +- CAST_encrypt((CAST_LONG *)ti, schedule); +- iv = ivec; +- t = ti[0]; +- l2n(t, iv); +- t = ti[1]; +- l2n(t, iv); +- iv = ivec; +- } +- cc = *(in++); +- c = iv[n]; +- iv[n] = cc; +- *(out++) = c ^ cc; +- n = (n + 1) & 0x07; +- } +- } +- v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; +- *num = n; +-} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c +deleted file mode 100644 +index 4793f28..0000000 +--- a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c ++++ /dev/null +@@ -1,83 +0,0 @@ +-/* crypto/cast/c_ecb.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "cast_lcl.h" +-#include +- +-const char CAST_version[] = "CAST" OPENSSL_VERSION_PTEXT; +- +-void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, +- const CAST_KEY *ks, int enc) +-{ +- CAST_LONG l, d[2]; +- +- n2l(in, l); +- d[0] = l; +- n2l(in, l); +- d[1] = l; +- if (enc) +- CAST_encrypt(d, ks); +- else +- CAST_decrypt(d, ks); +- l = d[0]; +- l2n(l, out); +- l = d[1]; +- l2n(l, out); +- l = d[0] = d[1] = 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_enc.c b/Cryptlib/OpenSSL/crypto/cast/c_enc.c +deleted file mode 100644 +index 6e1d50f..0000000 +--- a/Cryptlib/OpenSSL/crypto/cast/c_enc.c ++++ /dev/null +@@ -1,200 +0,0 @@ +-/* crypto/cast/c_enc.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "cast_lcl.h" +- +-void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) +-{ +- register CAST_LONG l, r, t; +- const register CAST_LONG *k; +- +- k = &(key->data[0]); +- l = data[0]; +- r = data[1]; +- +- E_CAST(0, k, l, r, +, ^, -); +- E_CAST(1, k, r, l, ^, -, +); +- E_CAST(2, k, l, r, -, +, ^); +- E_CAST(3, k, r, l, +, ^, -); +- E_CAST(4, k, l, r, ^, -, +); +- E_CAST(5, k, r, l, -, +, ^); +- E_CAST(6, k, l, r, +, ^, -); +- E_CAST(7, k, r, l, ^, -, +); +- E_CAST(8, k, l, r, -, +, ^); +- E_CAST(9, k, r, l, +, ^, -); +- E_CAST(10, k, l, r, ^, -, +); +- E_CAST(11, k, r, l, -, +, ^); +- if (!key->short_key) { +- E_CAST(12, k, l, r, +, ^, -); +- E_CAST(13, k, r, l, ^, -, +); +- E_CAST(14, k, l, r, -, +, ^); +- E_CAST(15, k, r, l, +, ^, -); +- } +- +- data[1] = l & 0xffffffffL; +- data[0] = r & 0xffffffffL; +-} +- +-void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) +-{ +- register CAST_LONG l, r, t; +- const register CAST_LONG *k; +- +- k = &(key->data[0]); +- l = data[0]; +- r = data[1]; +- +- if (!key->short_key) { +- E_CAST(15, k, l, r, +, ^, -); +- E_CAST(14, k, r, l, -, +, ^); +- E_CAST(13, k, l, r, ^, -, +); +- E_CAST(12, k, r, l, +, ^, -); +- } +- E_CAST(11, k, l, r, -, +, ^); +- E_CAST(10, k, r, l, ^, -, +); +- E_CAST(9, k, l, r, +, ^, -); +- E_CAST(8, k, r, l, -, +, ^); +- E_CAST(7, k, l, r, ^, -, +); +- E_CAST(6, k, r, l, +, ^, -); +- E_CAST(5, k, l, r, -, +, ^); +- E_CAST(4, k, r, l, ^, -, +); +- E_CAST(3, k, l, r, +, ^, -); +- E_CAST(2, k, r, l, -, +, ^); +- E_CAST(1, k, l, r, ^, -, +); +- E_CAST(0, k, r, l, +, ^, -); +- +- data[1] = l & 0xffffffffL; +- data[0] = r & 0xffffffffL; +-} +- +-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, +- long length, const CAST_KEY *ks, unsigned char *iv, +- int enc) +-{ +- register CAST_LONG tin0, tin1; +- register CAST_LONG tout0, tout1, xor0, xor1; +- register long l = length; +- CAST_LONG tin[2]; +- +- if (enc) { +- n2l(iv, tout0); +- n2l(iv, tout1); +- iv -= 8; +- for (l -= 8; l >= 0; l -= 8) { +- n2l(in, tin0); +- n2l(in, tin1); +- tin0 ^= tout0; +- tin1 ^= tout1; +- tin[0] = tin0; +- tin[1] = tin1; +- CAST_encrypt(tin, ks); +- tout0 = tin[0]; +- tout1 = tin[1]; +- l2n(tout0, out); +- l2n(tout1, out); +- } +- if (l != -8) { +- n2ln(in, tin0, tin1, l + 8); +- tin0 ^= tout0; +- tin1 ^= tout1; +- tin[0] = tin0; +- tin[1] = tin1; +- CAST_encrypt(tin, ks); +- tout0 = tin[0]; +- tout1 = tin[1]; +- l2n(tout0, out); +- l2n(tout1, out); +- } +- l2n(tout0, iv); +- l2n(tout1, iv); +- } else { +- n2l(iv, xor0); +- n2l(iv, xor1); +- iv -= 8; +- for (l -= 8; l >= 0; l -= 8) { +- n2l(in, tin0); +- n2l(in, tin1); +- tin[0] = tin0; +- tin[1] = tin1; +- CAST_decrypt(tin, ks); +- tout0 = tin[0] ^ xor0; +- tout1 = tin[1] ^ xor1; +- l2n(tout0, out); +- l2n(tout1, out); +- xor0 = tin0; +- xor1 = tin1; +- } +- if (l != -8) { +- n2l(in, tin0); +- n2l(in, tin1); +- tin[0] = tin0; +- tin[1] = tin1; +- CAST_decrypt(tin, ks); +- tout0 = tin[0] ^ xor0; +- tout1 = tin[1] ^ xor1; +- l2nn(tout0, tout1, out, l + 8); +- xor0 = tin0; +- xor1 = tin1; +- } +- l2n(xor0, iv); +- l2n(xor1, iv); +- } +- tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; +- tin[0] = tin[1] = 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c +deleted file mode 100644 +index 4e0a7c2..0000000 +--- a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c ++++ /dev/null +@@ -1,110 +0,0 @@ +-/* crypto/cast/c_ofb64.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "cast_lcl.h" +- +-/* +- * The input and output encrypted as though 64bit ofb mode is being used. +- * The extra state information to record how much of the 64bit block we have +- * used is contained in *num; +- */ +-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, const CAST_KEY *schedule, +- unsigned char *ivec, int *num) +-{ +- register CAST_LONG v0, v1, t; +- register int n = *num; +- register long l = length; +- unsigned char d[8]; +- register char *dp; +- CAST_LONG ti[2]; +- unsigned char *iv; +- int save = 0; +- +- iv = ivec; +- n2l(iv, v0); +- n2l(iv, v1); +- ti[0] = v0; +- ti[1] = v1; +- dp = (char *)d; +- l2n(v0, dp); +- l2n(v1, dp); +- while (l--) { +- if (n == 0) { +- CAST_encrypt((CAST_LONG *)ti, schedule); +- dp = (char *)d; +- t = ti[0]; +- l2n(t, dp); +- t = ti[1]; +- l2n(t, dp); +- save++; +- } +- *(out++) = *(in++) ^ d[n]; +- n = (n + 1) & 0x07; +- } +- if (save) { +- v0 = ti[0]; +- v1 = ti[1]; +- iv = ivec; +- l2n(v0, iv); +- l2n(v1, iv); +- } +- t = v0 = v1 = ti[0] = ti[1] = 0; +- *num = n; +-} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_skey.c b/Cryptlib/OpenSSL/crypto/cast/c_skey.c +deleted file mode 100644 +index a04f86a..0000000 +--- a/Cryptlib/OpenSSL/crypto/cast/c_skey.c ++++ /dev/null +@@ -1,172 +0,0 @@ +-/* crypto/cast/c_skey.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-#include "cast_lcl.h" +-#include "cast_s.h" +- +-#define CAST_exp(l,A,a,n) \ +- A[n/4]=l; \ +- a[n+3]=(l )&0xff; \ +- a[n+2]=(l>> 8)&0xff; \ +- a[n+1]=(l>>16)&0xff; \ +- a[n+0]=(l>>24)&0xff; +- +-#define S4 CAST_S_table4 +-#define S5 CAST_S_table5 +-#define S6 CAST_S_table6 +-#define S7 CAST_S_table7 +- +-FIPS_NON_FIPS_VCIPHER_Init(CAST) +-{ +- CAST_LONG x[16]; +- CAST_LONG z[16]; +- CAST_LONG k[32]; +- CAST_LONG X[4], Z[4]; +- CAST_LONG l, *K; +- int i; +- +- for (i = 0; i < 16; i++) +- x[i] = 0; +- if (len > 16) +- len = 16; +- for (i = 0; i < len; i++) +- x[i] = data[i]; +- if (len <= 10) +- key->short_key = 1; +- else +- key->short_key = 0; +- +- K = &k[0]; +- X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL; +- X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL; +- X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL; +- X[3] = +- ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL; +- +- for (;;) { +- l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; +- CAST_exp(l, Z, z, 0); +- l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; +- CAST_exp(l, Z, z, 4); +- l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; +- CAST_exp(l, Z, z, 8); +- l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; +- CAST_exp(l, Z, z, 12); +- +- K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]]; +- K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]]; +- K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]]; +- K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]]; +- +- l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; +- CAST_exp(l, X, x, 0); +- l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; +- CAST_exp(l, X, x, 4); +- l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; +- CAST_exp(l, X, x, 8); +- l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; +- CAST_exp(l, X, x, 12); +- +- K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]]; +- K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]]; +- K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]]; +- K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]]; +- +- l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; +- CAST_exp(l, Z, z, 0); +- l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; +- CAST_exp(l, Z, z, 4); +- l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; +- CAST_exp(l, Z, z, 8); +- l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; +- CAST_exp(l, Z, z, 12); +- +- K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]]; +- K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]]; +- K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]]; +- K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]]; +- +- l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; +- CAST_exp(l, X, x, 0); +- l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; +- CAST_exp(l, X, x, 4); +- l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; +- CAST_exp(l, X, x, 8); +- l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; +- CAST_exp(l, X, x, 12); +- +- K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]]; +- K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]]; +- K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]]; +- K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]]; +- if (K != k) +- break; +- K += 16; +- } +- +- for (i = 0; i < 16; i++) { +- key->data[i * 2] = k[i]; +- key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f; +- } +-} +diff --git a/Cryptlib/OpenSSL/crypto/cast/cast_lcl.h b/Cryptlib/OpenSSL/crypto/cast/cast_lcl.h +deleted file mode 100644 +index e756021..0000000 +--- a/Cryptlib/OpenSSL/crypto/cast/cast_lcl.h ++++ /dev/null +@@ -1,227 +0,0 @@ +-/* crypto/cast/cast_lcl.h */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +- +-#include "e_os.h" +- +-#ifdef OPENSSL_SYS_WIN32 +-#include +-#endif +- +- +-#undef c2l +-#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ +- l|=((unsigned long)(*((c)++)))<< 8L, \ +- l|=((unsigned long)(*((c)++)))<<16L, \ +- l|=((unsigned long)(*((c)++)))<<24L) +- +-/* NOTE - c is not incremented as per c2l */ +-#undef c2ln +-#define c2ln(c,l1,l2,n) { \ +- c+=n; \ +- l1=l2=0; \ +- switch (n) { \ +- case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ +- case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ +- case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ +- case 5: l2|=((unsigned long)(*(--(c)))); \ +- case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ +- case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ +- case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ +- case 1: l1|=((unsigned long)(*(--(c)))); \ +- } \ +- } +- +-#undef l2c +-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +- +-/* NOTE - c is not incremented as per l2c */ +-#undef l2cn +-#define l2cn(l1,l2,c,n) { \ +- c+=n; \ +- switch (n) { \ +- case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ +- case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ +- case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ +- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ +- case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ +- case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ +- case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ +- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ +- } \ +- } +- +-/* NOTE - c is not incremented as per n2l */ +-#define n2ln(c,l1,l2,n) { \ +- c+=n; \ +- l1=l2=0; \ +- switch (n) { \ +- case 8: l2 =((unsigned long)(*(--(c)))) ; \ +- case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ +- case 6: l2|=((unsigned long)(*(--(c))))<<16; \ +- case 5: l2|=((unsigned long)(*(--(c))))<<24; \ +- case 4: l1 =((unsigned long)(*(--(c)))) ; \ +- case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ +- case 2: l1|=((unsigned long)(*(--(c))))<<16; \ +- case 1: l1|=((unsigned long)(*(--(c))))<<24; \ +- } \ +- } +- +-/* NOTE - c is not incremented as per l2n */ +-#define l2nn(l1,l2,c,n) { \ +- c+=n; \ +- switch (n) { \ +- case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ +- case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ +- case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ +- case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ +- case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ +- case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ +- case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ +- case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ +- } \ +- } +- +-#undef n2l +-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ +- l|=((unsigned long)(*((c)++)))<<16L, \ +- l|=((unsigned long)(*((c)++)))<< 8L, \ +- l|=((unsigned long)(*((c)++)))) +- +-#undef l2n +-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l) )&0xff)) +- +-#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) +-#define ROTL(a,n) (_lrotl(a,n)) +-#else +-#define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n)))) +-#endif +- +-#define C_M 0x3fc +-#define C_0 22L +-#define C_1 14L +-#define C_2 6L +-#define C_3 2L /* left shift */ +- +-/* The rotate has an extra 16 added to it to help the x86 asm */ +-#if defined(CAST_PTR) +-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \ +- { \ +- int i; \ +- t=(key[n*2] OP1 R)&0xffffffffL; \ +- i=key[n*2+1]; \ +- t=ROTL(t,i); \ +- L^= (((((*(CAST_LONG *)((unsigned char *) \ +- CAST_S_table0+((t>>C_2)&C_M)) OP2 \ +- *(CAST_LONG *)((unsigned char *) \ +- CAST_S_table1+((t<>C_0)&C_M)))&0xffffffffL) OP1 \ +- *(CAST_LONG *)((unsigned char *) \ +- CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \ +- } +-#elif defined(CAST_PTR2) +-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \ +- { \ +- int i; \ +- CAST_LONG u,v,w; \ +- w=(key[n*2] OP1 R)&0xffffffffL; \ +- i=key[n*2+1]; \ +- w=ROTL(w,i); \ +- u=w>>C_2; \ +- v=w<>C_0; \ +- t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\ +- v=w>>C_1; \ +- u&=C_M; \ +- v&=C_M; \ +- t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\ +- t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\ +- L^=(t&0xffffffff); \ +- } +-#else +-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \ +- { \ +- CAST_LONG a,b,c,d; \ +- t=(key[n*2] OP1 R)&0xffffffff; \ +- t=ROTL(t,(key[n*2+1])); \ +- a=CAST_S_table0[(t>> 8)&0xff]; \ +- b=CAST_S_table1[(t )&0xff]; \ +- c=CAST_S_table2[(t>>24)&0xff]; \ +- d=CAST_S_table3[(t>>16)&0xff]; \ +- L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \ +- } +-#endif +- +-extern const CAST_LONG CAST_S_table0[256]; +-extern const CAST_LONG CAST_S_table1[256]; +-extern const CAST_LONG CAST_S_table2[256]; +-extern const CAST_LONG CAST_S_table3[256]; +-extern const CAST_LONG CAST_S_table4[256]; +-extern const CAST_LONG CAST_S_table5[256]; +-extern const CAST_LONG CAST_S_table6[256]; +-extern const CAST_LONG CAST_S_table7[256]; +diff --git a/Cryptlib/OpenSSL/crypto/cast/cast_s.h b/Cryptlib/OpenSSL/crypto/cast/cast_s.h +deleted file mode 100644 +index c483fd5..0000000 +--- a/Cryptlib/OpenSSL/crypto/cast/cast_s.h ++++ /dev/null +@@ -1,585 +0,0 @@ +-/* crypto/cast/cast_s.h */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +-OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={ +- 0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a, +- 0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949, +- 0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675, +- 0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e, +- 0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2, +- 0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d, +- 0xa1c9e0d6,0x346c4819,0x61b76d87,0x22540f2f, +- 0x2abe32e1,0xaa54166b,0x22568e3a,0xa2d341d0, +- 0x66db40c8,0xa784392f,0x004dff2f,0x2db9d2de, +- 0x97943fac,0x4a97c1d8,0x527644b7,0xb5f437a7, +- 0xb82cbaef,0xd751d159,0x6ff7f0ed,0x5a097a1f, +- 0x827b68d0,0x90ecf52e,0x22b0c054,0xbc8e5935, +- 0x4b6d2f7f,0x50bb64a2,0xd2664910,0xbee5812d, +- 0xb7332290,0xe93b159f,0xb48ee411,0x4bff345d, +- 0xfd45c240,0xad31973f,0xc4f6d02e,0x55fc8165, +- 0xd5b1caad,0xa1ac2dae,0xa2d4b76d,0xc19b0c50, +- 0x882240f2,0x0c6e4f38,0xa4e4bfd7,0x4f5ba272, +- 0x564c1d2f,0xc59c5319,0xb949e354,0xb04669fe, +- 0xb1b6ab8a,0xc71358dd,0x6385c545,0x110f935d, +- 0x57538ad5,0x6a390493,0xe63d37e0,0x2a54f6b3, +- 0x3a787d5f,0x6276a0b5,0x19a6fcdf,0x7a42206a, +- 0x29f9d4d5,0xf61b1891,0xbb72275e,0xaa508167, +- 0x38901091,0xc6b505eb,0x84c7cb8c,0x2ad75a0f, +- 0x874a1427,0xa2d1936b,0x2ad286af,0xaa56d291, +- 0xd7894360,0x425c750d,0x93b39e26,0x187184c9, +- 0x6c00b32d,0x73e2bb14,0xa0bebc3c,0x54623779, +- 0x64459eab,0x3f328b82,0x7718cf82,0x59a2cea6, +- 0x04ee002e,0x89fe78e6,0x3fab0950,0x325ff6c2, +- 0x81383f05,0x6963c5c8,0x76cb5ad6,0xd49974c9, +- 0xca180dcf,0x380782d5,0xc7fa5cf6,0x8ac31511, +- 0x35e79e13,0x47da91d0,0xf40f9086,0xa7e2419e, +- 0x31366241,0x051ef495,0xaa573b04,0x4a805d8d, +- 0x548300d0,0x00322a3c,0xbf64cddf,0xba57a68e, +- 0x75c6372b,0x50afd341,0xa7c13275,0x915a0bf5, +- 0x6b54bfab,0x2b0b1426,0xab4cc9d7,0x449ccd82, +- 0xf7fbf265,0xab85c5f3,0x1b55db94,0xaad4e324, +- 0xcfa4bd3f,0x2deaa3e2,0x9e204d02,0xc8bd25ac, +- 0xeadf55b3,0xd5bd9e98,0xe31231b2,0x2ad5ad6c, +- 0x954329de,0xadbe4528,0xd8710f69,0xaa51c90f, +- 0xaa786bf6,0x22513f1e,0xaa51a79b,0x2ad344cc, +- 0x7b5a41f0,0xd37cfbad,0x1b069505,0x41ece491, +- 0xb4c332e6,0x032268d4,0xc9600acc,0xce387e6d, +- 0xbf6bb16c,0x6a70fb78,0x0d03d9c9,0xd4df39de, +- 0xe01063da,0x4736f464,0x5ad328d8,0xb347cc96, +- 0x75bb0fc3,0x98511bfb,0x4ffbcc35,0xb58bcf6a, +- 0xe11f0abc,0xbfc5fe4a,0xa70aec10,0xac39570a, +- 0x3f04442f,0x6188b153,0xe0397a2e,0x5727cb79, +- 0x9ceb418f,0x1cacd68d,0x2ad37c96,0x0175cb9d, +- 0xc69dff09,0xc75b65f0,0xd9db40d8,0xec0e7779, +- 0x4744ead4,0xb11c3274,0xdd24cb9e,0x7e1c54bd, +- 0xf01144f9,0xd2240eb1,0x9675b3fd,0xa3ac3755, +- 0xd47c27af,0x51c85f4d,0x56907596,0xa5bb15e6, +- 0x580304f0,0xca042cf1,0x011a37ea,0x8dbfaadb, +- 0x35ba3e4a,0x3526ffa0,0xc37b4d09,0xbc306ed9, +- 0x98a52666,0x5648f725,0xff5e569d,0x0ced63d0, +- 0x7c63b2cf,0x700b45e1,0xd5ea50f1,0x85a92872, +- 0xaf1fbda7,0xd4234870,0xa7870bf3,0x2d3b4d79, +- 0x42e04198,0x0cd0ede7,0x26470db8,0xf881814c, +- 0x474d6ad7,0x7c0c5e5c,0xd1231959,0x381b7298, +- 0xf5d2f4db,0xab838653,0x6e2f1e23,0x83719c9e, +- 0xbd91e046,0x9a56456e,0xdc39200c,0x20c8c571, +- 0x962bda1c,0xe1e696ff,0xb141ab08,0x7cca89b9, +- 0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d, +- 0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf, +- }; +-OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={ +- 0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380, +- 0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651, +- 0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba, +- 0x99c430ef,0x5f0c0794,0x18dcdb7d,0xa1d6eff3, +- 0xa0b52f7b,0x59e83605,0xee15b094,0xe9ffd909, +- 0xdc440086,0xef944459,0xba83ccb3,0xe0c3cdfb, +- 0xd1da4181,0x3b092ab1,0xf997f1c1,0xa5e6cf7b, +- 0x01420ddb,0xe4e7ef5b,0x25a1ff41,0xe180f806, +- 0x1fc41080,0x179bee7a,0xd37ac6a9,0xfe5830a4, +- 0x98de8b7f,0x77e83f4e,0x79929269,0x24fa9f7b, +- 0xe113c85b,0xacc40083,0xd7503525,0xf7ea615f, +- 0x62143154,0x0d554b63,0x5d681121,0xc866c359, +- 0x3d63cf73,0xcee234c0,0xd4d87e87,0x5c672b21, +- 0x071f6181,0x39f7627f,0x361e3084,0xe4eb573b, +- 0x602f64a4,0xd63acd9c,0x1bbc4635,0x9e81032d, +- 0x2701f50c,0x99847ab4,0xa0e3df79,0xba6cf38c, +- 0x10843094,0x2537a95e,0xf46f6ffe,0xa1ff3b1f, +- 0x208cfb6a,0x8f458c74,0xd9e0a227,0x4ec73a34, +- 0xfc884f69,0x3e4de8df,0xef0e0088,0x3559648d, +- 0x8a45388c,0x1d804366,0x721d9bfd,0xa58684bb, +- 0xe8256333,0x844e8212,0x128d8098,0xfed33fb4, +- 0xce280ae1,0x27e19ba5,0xd5a6c252,0xe49754bd, +- 0xc5d655dd,0xeb667064,0x77840b4d,0xa1b6a801, +- 0x84db26a9,0xe0b56714,0x21f043b7,0xe5d05860, +- 0x54f03084,0x066ff472,0xa31aa153,0xdadc4755, +- 0xb5625dbf,0x68561be6,0x83ca6b94,0x2d6ed23b, +- 0xeccf01db,0xa6d3d0ba,0xb6803d5c,0xaf77a709, +- 0x33b4a34c,0x397bc8d6,0x5ee22b95,0x5f0e5304, +- 0x81ed6f61,0x20e74364,0xb45e1378,0xde18639b, +- 0x881ca122,0xb96726d1,0x8049a7e8,0x22b7da7b, +- 0x5e552d25,0x5272d237,0x79d2951c,0xc60d894c, +- 0x488cb402,0x1ba4fe5b,0xa4b09f6b,0x1ca815cf, +- 0xa20c3005,0x8871df63,0xb9de2fcb,0x0cc6c9e9, +- 0x0beeff53,0xe3214517,0xb4542835,0x9f63293c, +- 0xee41e729,0x6e1d2d7c,0x50045286,0x1e6685f3, +- 0xf33401c6,0x30a22c95,0x31a70850,0x60930f13, +- 0x73f98417,0xa1269859,0xec645c44,0x52c877a9, +- 0xcdff33a6,0xa02b1741,0x7cbad9a2,0x2180036f, +- 0x50d99c08,0xcb3f4861,0xc26bd765,0x64a3f6ab, +- 0x80342676,0x25a75e7b,0xe4e6d1fc,0x20c710e6, +- 0xcdf0b680,0x17844d3b,0x31eef84d,0x7e0824e4, +- 0x2ccb49eb,0x846a3bae,0x8ff77888,0xee5d60f6, +- 0x7af75673,0x2fdd5cdb,0xa11631c1,0x30f66f43, +- 0xb3faec54,0x157fd7fa,0xef8579cc,0xd152de58, +- 0xdb2ffd5e,0x8f32ce19,0x306af97a,0x02f03ef8, +- 0x99319ad5,0xc242fa0f,0xa7e3ebb0,0xc68e4906, +- 0xb8da230c,0x80823028,0xdcdef3c8,0xd35fb171, +- 0x088a1bc8,0xbec0c560,0x61a3c9e8,0xbca8f54d, +- 0xc72feffa,0x22822e99,0x82c570b4,0xd8d94e89, +- 0x8b1c34bc,0x301e16e6,0x273be979,0xb0ffeaa6, +- 0x61d9b8c6,0x00b24869,0xb7ffce3f,0x08dc283b, +- 0x43daf65a,0xf7e19798,0x7619b72f,0x8f1c9ba4, +- 0xdc8637a0,0x16a7d3b1,0x9fc393b7,0xa7136eeb, +- 0xc6bcc63e,0x1a513742,0xef6828bc,0x520365d6, +- 0x2d6a77ab,0x3527ed4b,0x821fd216,0x095c6e2e, +- 0xdb92f2fb,0x5eea29cb,0x145892f5,0x91584f7f, +- 0x5483697b,0x2667a8cc,0x85196048,0x8c4bacea, +- 0x833860d4,0x0d23e0f9,0x6c387e8a,0x0ae6d249, +- 0xb284600c,0xd835731d,0xdcb1c647,0xac4c56ea, +- 0x3ebd81b3,0x230eabb0,0x6438bc87,0xf0b5b1fa, +- 0x8f5ea2b3,0xfc184642,0x0a036b7a,0x4fb089bd, +- 0x649da589,0xa345415e,0x5c038323,0x3e5d3bb9, +- 0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef, +- 0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1, +- }; +-OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={ +- 0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907, +- 0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90, +- 0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae, +- 0x920e8806,0xf0ad0548,0xe13c8d83,0x927010d5, +- 0x11107d9f,0x07647db9,0xb2e3e4d4,0x3d4f285e, +- 0xb9afa820,0xfade82e0,0xa067268b,0x8272792e, +- 0x553fb2c0,0x489ae22b,0xd4ef9794,0x125e3fbc, +- 0x21fffcee,0x825b1bfd,0x9255c5ed,0x1257a240, +- 0x4e1a8302,0xbae07fff,0x528246e7,0x8e57140e, +- 0x3373f7bf,0x8c9f8188,0xa6fc4ee8,0xc982b5a5, +- 0xa8c01db7,0x579fc264,0x67094f31,0xf2bd3f5f, +- 0x40fff7c1,0x1fb78dfc,0x8e6bd2c1,0x437be59b, +- 0x99b03dbf,0xb5dbc64b,0x638dc0e6,0x55819d99, +- 0xa197c81c,0x4a012d6e,0xc5884a28,0xccc36f71, +- 0xb843c213,0x6c0743f1,0x8309893c,0x0feddd5f, +- 0x2f7fe850,0xd7c07f7e,0x02507fbf,0x5afb9a04, +- 0xa747d2d0,0x1651192e,0xaf70bf3e,0x58c31380, +- 0x5f98302e,0x727cc3c4,0x0a0fb402,0x0f7fef82, +- 0x8c96fdad,0x5d2c2aae,0x8ee99a49,0x50da88b8, +- 0x8427f4a0,0x1eac5790,0x796fb449,0x8252dc15, +- 0xefbd7d9b,0xa672597d,0xada840d8,0x45f54504, +- 0xfa5d7403,0xe83ec305,0x4f91751a,0x925669c2, +- 0x23efe941,0xa903f12e,0x60270df2,0x0276e4b6, +- 0x94fd6574,0x927985b2,0x8276dbcb,0x02778176, +- 0xf8af918d,0x4e48f79e,0x8f616ddf,0xe29d840e, +- 0x842f7d83,0x340ce5c8,0x96bbb682,0x93b4b148, +- 0xef303cab,0x984faf28,0x779faf9b,0x92dc560d, +- 0x224d1e20,0x8437aa88,0x7d29dc96,0x2756d3dc, +- 0x8b907cee,0xb51fd240,0xe7c07ce3,0xe566b4a1, +- 0xc3e9615e,0x3cf8209d,0x6094d1e3,0xcd9ca341, +- 0x5c76460e,0x00ea983b,0xd4d67881,0xfd47572c, +- 0xf76cedd9,0xbda8229c,0x127dadaa,0x438a074e, +- 0x1f97c090,0x081bdb8a,0x93a07ebe,0xb938ca15, +- 0x97b03cff,0x3dc2c0f8,0x8d1ab2ec,0x64380e51, +- 0x68cc7bfb,0xd90f2788,0x12490181,0x5de5ffd4, +- 0xdd7ef86a,0x76a2e214,0xb9a40368,0x925d958f, +- 0x4b39fffa,0xba39aee9,0xa4ffd30b,0xfaf7933b, +- 0x6d498623,0x193cbcfa,0x27627545,0x825cf47a, +- 0x61bd8ba0,0xd11e42d1,0xcead04f4,0x127ea392, +- 0x10428db7,0x8272a972,0x9270c4a8,0x127de50b, +- 0x285ba1c8,0x3c62f44f,0x35c0eaa5,0xe805d231, +- 0x428929fb,0xb4fcdf82,0x4fb66a53,0x0e7dc15b, +- 0x1f081fab,0x108618ae,0xfcfd086d,0xf9ff2889, +- 0x694bcc11,0x236a5cae,0x12deca4d,0x2c3f8cc5, +- 0xd2d02dfe,0xf8ef5896,0xe4cf52da,0x95155b67, +- 0x494a488c,0xb9b6a80c,0x5c8f82bc,0x89d36b45, +- 0x3a609437,0xec00c9a9,0x44715253,0x0a874b49, +- 0xd773bc40,0x7c34671c,0x02717ef6,0x4feb5536, +- 0xa2d02fff,0xd2bf60c4,0xd43f03c0,0x50b4ef6d, +- 0x07478cd1,0x006e1888,0xa2e53f55,0xb9e6d4bc, +- 0xa2048016,0x97573833,0xd7207d67,0xde0f8f3d, +- 0x72f87b33,0xabcc4f33,0x7688c55d,0x7b00a6b0, +- 0x947b0001,0x570075d2,0xf9bb88f8,0x8942019e, +- 0x4264a5ff,0x856302e0,0x72dbd92b,0xee971b69, +- 0x6ea22fde,0x5f08ae2b,0xaf7a616d,0xe5c98767, +- 0xcf1febd2,0x61efc8c2,0xf1ac2571,0xcc8239c2, +- 0x67214cb8,0xb1e583d1,0xb7dc3e62,0x7f10bdce, +- 0xf90a5c38,0x0ff0443d,0x606e6dc6,0x60543a49, +- 0x5727c148,0x2be98a1d,0x8ab41738,0x20e1be24, +- 0xaf96da0f,0x68458425,0x99833be5,0x600d457d, +- 0x282f9350,0x8334b362,0xd91d1120,0x2b6d8da0, +- 0x642b1e31,0x9c305a00,0x52bce688,0x1b03588a, +- 0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5, +- 0xdfef4636,0xa133c501,0xe9d3531c,0xee353783, +- }; +-OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={ +- 0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298, +- 0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1, +- 0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120, +- 0xfd059d43,0x6497b7b1,0xf3641f63,0x241e4adf, +- 0x28147f5f,0x4fa2b8cd,0xc9430040,0x0cc32220, +- 0xfdd30b30,0xc0a5374f,0x1d2d00d9,0x24147b15, +- 0xee4d111a,0x0fca5167,0x71ff904c,0x2d195ffe, +- 0x1a05645f,0x0c13fefe,0x081b08ca,0x05170121, +- 0x80530100,0xe83e5efe,0xac9af4f8,0x7fe72701, +- 0xd2b8ee5f,0x06df4261,0xbb9e9b8a,0x7293ea25, +- 0xce84ffdf,0xf5718801,0x3dd64b04,0xa26f263b, +- 0x7ed48400,0x547eebe6,0x446d4ca0,0x6cf3d6f5, +- 0x2649abdf,0xaea0c7f5,0x36338cc1,0x503f7e93, +- 0xd3772061,0x11b638e1,0x72500e03,0xf80eb2bb, +- 0xabe0502e,0xec8d77de,0x57971e81,0xe14f6746, +- 0xc9335400,0x6920318f,0x081dbb99,0xffc304a5, +- 0x4d351805,0x7f3d5ce3,0xa6c866c6,0x5d5bcca9, +- 0xdaec6fea,0x9f926f91,0x9f46222f,0x3991467d, +- 0xa5bf6d8e,0x1143c44f,0x43958302,0xd0214eeb, +- 0x022083b8,0x3fb6180c,0x18f8931e,0x281658e6, +- 0x26486e3e,0x8bd78a70,0x7477e4c1,0xb506e07c, +- 0xf32d0a25,0x79098b02,0xe4eabb81,0x28123b23, +- 0x69dead38,0x1574ca16,0xdf871b62,0x211c40b7, +- 0xa51a9ef9,0x0014377b,0x041e8ac8,0x09114003, +- 0xbd59e4d2,0xe3d156d5,0x4fe876d5,0x2f91a340, +- 0x557be8de,0x00eae4a7,0x0ce5c2ec,0x4db4bba6, +- 0xe756bdff,0xdd3369ac,0xec17b035,0x06572327, +- 0x99afc8b0,0x56c8c391,0x6b65811c,0x5e146119, +- 0x6e85cb75,0xbe07c002,0xc2325577,0x893ff4ec, +- 0x5bbfc92d,0xd0ec3b25,0xb7801ab7,0x8d6d3b24, +- 0x20c763ef,0xc366a5fc,0x9c382880,0x0ace3205, +- 0xaac9548a,0xeca1d7c7,0x041afa32,0x1d16625a, +- 0x6701902c,0x9b757a54,0x31d477f7,0x9126b031, +- 0x36cc6fdb,0xc70b8b46,0xd9e66a48,0x56e55a79, +- 0x026a4ceb,0x52437eff,0x2f8f76b4,0x0df980a5, +- 0x8674cde3,0xedda04eb,0x17a9be04,0x2c18f4df, +- 0xb7747f9d,0xab2af7b4,0xefc34d20,0x2e096b7c, +- 0x1741a254,0xe5b6a035,0x213d42f6,0x2c1c7c26, +- 0x61c2f50f,0x6552daf9,0xd2c231f8,0x25130f69, +- 0xd8167fa2,0x0418f2c8,0x001a96a6,0x0d1526ab, +- 0x63315c21,0x5e0a72ec,0x49bafefd,0x187908d9, +- 0x8d0dbd86,0x311170a7,0x3e9b640c,0xcc3e10d7, +- 0xd5cad3b6,0x0caec388,0xf73001e1,0x6c728aff, +- 0x71eae2a1,0x1f9af36e,0xcfcbd12f,0xc1de8417, +- 0xac07be6b,0xcb44a1d8,0x8b9b0f56,0x013988c3, +- 0xb1c52fca,0xb4be31cd,0xd8782806,0x12a3a4e2, +- 0x6f7de532,0x58fd7eb6,0xd01ee900,0x24adffc2, +- 0xf4990fc5,0x9711aac5,0x001d7b95,0x82e5e7d2, +- 0x109873f6,0x00613096,0xc32d9521,0xada121ff, +- 0x29908415,0x7fbb977f,0xaf9eb3db,0x29c9ed2a, +- 0x5ce2a465,0xa730f32c,0xd0aa3fe8,0x8a5cc091, +- 0xd49e2ce7,0x0ce454a9,0xd60acd86,0x015f1919, +- 0x77079103,0xdea03af6,0x78a8565e,0xdee356df, +- 0x21f05cbe,0x8b75e387,0xb3c50651,0xb8a5c3ef, +- 0xd8eeb6d2,0xe523be77,0xc2154529,0x2f69efdf, +- 0xafe67afb,0xf470c4b2,0xf3e0eb5b,0xd6cc9876, +- 0x39e4460c,0x1fda8538,0x1987832f,0xca007367, +- 0xa99144f8,0x296b299e,0x492fc295,0x9266beab, +- 0xb5676e69,0x9bd3ddda,0xdf7e052f,0xdb25701c, +- 0x1b5e51ee,0xf65324e6,0x6afce36c,0x0316cc04, +- 0x8644213e,0xb7dc59d0,0x7965291f,0xccd6fd43, +- 0x41823979,0x932bcdf6,0xb657c34d,0x4edfd282, +- 0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e, +- 0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2, +- }; +-OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={ +- 0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911, +- 0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f, +- 0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00, +- 0x2ab722d8,0x386381cb,0xacf6243a,0x69befd7a, +- 0xe6a2e77f,0xf0c720cd,0xc4494816,0xccf5c180, +- 0x38851640,0x15b0a848,0xe68b18cb,0x4caadeff, +- 0x5f480a01,0x0412b2aa,0x259814fc,0x41d0efe2, +- 0x4e40b48d,0x248eb6fb,0x8dba1cfe,0x41a99b02, +- 0x1a550a04,0xba8f65cb,0x7251f4e7,0x95a51725, +- 0xc106ecd7,0x97a5980a,0xc539b9aa,0x4d79fe6a, +- 0xf2f3f763,0x68af8040,0xed0c9e56,0x11b4958b, +- 0xe1eb5a88,0x8709e6b0,0xd7e07156,0x4e29fea7, +- 0x6366e52d,0x02d1c000,0xc4ac8e05,0x9377f571, +- 0x0c05372a,0x578535f2,0x2261be02,0xd642a0c9, +- 0xdf13a280,0x74b55bd2,0x682199c0,0xd421e5ec, +- 0x53fb3ce8,0xc8adedb3,0x28a87fc9,0x3d959981, +- 0x5c1ff900,0xfe38d399,0x0c4eff0b,0x062407ea, +- 0xaa2f4fb1,0x4fb96976,0x90c79505,0xb0a8a774, +- 0xef55a1ff,0xe59ca2c2,0xa6b62d27,0xe66a4263, +- 0xdf65001f,0x0ec50966,0xdfdd55bc,0x29de0655, +- 0x911e739a,0x17af8975,0x32c7911c,0x89f89468, +- 0x0d01e980,0x524755f4,0x03b63cc9,0x0cc844b2, +- 0xbcf3f0aa,0x87ac36e9,0xe53a7426,0x01b3d82b, +- 0x1a9e7449,0x64ee2d7e,0xcddbb1da,0x01c94910, +- 0xb868bf80,0x0d26f3fd,0x9342ede7,0x04a5c284, +- 0x636737b6,0x50f5b616,0xf24766e3,0x8eca36c1, +- 0x136e05db,0xfef18391,0xfb887a37,0xd6e7f7d4, +- 0xc7fb7dc9,0x3063fcdf,0xb6f589de,0xec2941da, +- 0x26e46695,0xb7566419,0xf654efc5,0xd08d58b7, +- 0x48925401,0xc1bacb7f,0xe5ff550f,0xb6083049, +- 0x5bb5d0e8,0x87d72e5a,0xab6a6ee1,0x223a66ce, +- 0xc62bf3cd,0x9e0885f9,0x68cb3e47,0x086c010f, +- 0xa21de820,0xd18b69de,0xf3f65777,0xfa02c3f6, +- 0x407edac3,0xcbb3d550,0x1793084d,0xb0d70eba, +- 0x0ab378d5,0xd951fb0c,0xded7da56,0x4124bbe4, +- 0x94ca0b56,0x0f5755d1,0xe0e1e56e,0x6184b5be, +- 0x580a249f,0x94f74bc0,0xe327888e,0x9f7b5561, +- 0xc3dc0280,0x05687715,0x646c6bd7,0x44904db3, +- 0x66b4f0a3,0xc0f1648a,0x697ed5af,0x49e92ff6, +- 0x309e374f,0x2cb6356a,0x85808573,0x4991f840, +- 0x76f0ae02,0x083be84d,0x28421c9a,0x44489406, +- 0x736e4cb8,0xc1092910,0x8bc95fc6,0x7d869cf4, +- 0x134f616f,0x2e77118d,0xb31b2be1,0xaa90b472, +- 0x3ca5d717,0x7d161bba,0x9cad9010,0xaf462ba2, +- 0x9fe459d2,0x45d34559,0xd9f2da13,0xdbc65487, +- 0xf3e4f94e,0x176d486f,0x097c13ea,0x631da5c7, +- 0x445f7382,0x175683f4,0xcdc66a97,0x70be0288, +- 0xb3cdcf72,0x6e5dd2f3,0x20936079,0x459b80a5, +- 0xbe60e2db,0xa9c23101,0xeba5315c,0x224e42f2, +- 0x1c5c1572,0xf6721b2c,0x1ad2fff3,0x8c25404e, +- 0x324ed72f,0x4067b7fd,0x0523138e,0x5ca3bc78, +- 0xdc0fd66e,0x75922283,0x784d6b17,0x58ebb16e, +- 0x44094f85,0x3f481d87,0xfcfeae7b,0x77b5ff76, +- 0x8c2302bf,0xaaf47556,0x5f46b02a,0x2b092801, +- 0x3d38f5f7,0x0ca81f36,0x52af4a8a,0x66d5e7c0, +- 0xdf3b0874,0x95055110,0x1b5ad7a8,0xf61ed5ad, +- 0x6cf6e479,0x20758184,0xd0cefa65,0x88f7be58, +- 0x4a046826,0x0ff6f8f3,0xa09c7f70,0x5346aba0, +- 0x5ce96c28,0xe176eda3,0x6bac307f,0x376829d2, +- 0x85360fa9,0x17e3fe2a,0x24b79767,0xf5a96b20, +- 0xd6cd2595,0x68ff1ebf,0x7555442c,0xf19f06be, +- 0xf9e0659a,0xeeb9491d,0x34010718,0xbb30cab8, +- 0xe822fe15,0x88570983,0x750e6249,0xda627e55, +- 0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4, +- }; +-OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={ +- 0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c, +- 0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac, +- 0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9, +- 0x1ab6a6b8,0xde5ebe39,0xf38ff732,0x8989b138, +- 0x33f14961,0xc01937bd,0xf506c6da,0xe4625e7e, +- 0xa308ea99,0x4e23e33c,0x79cbd7cc,0x48a14367, +- 0xa3149619,0xfec94bd5,0xa114174a,0xeaa01866, +- 0xa084db2d,0x09a8486f,0xa888614a,0x2900af98, +- 0x01665991,0xe1992863,0xc8f30c60,0x2e78ef3c, +- 0xd0d51932,0xcf0fec14,0xf7ca07d2,0xd0a82072, +- 0xfd41197e,0x9305a6b0,0xe86be3da,0x74bed3cd, +- 0x372da53c,0x4c7f4448,0xdab5d440,0x6dba0ec3, +- 0x083919a7,0x9fbaeed9,0x49dbcfb0,0x4e670c53, +- 0x5c3d9c01,0x64bdb941,0x2c0e636a,0xba7dd9cd, +- 0xea6f7388,0xe70bc762,0x35f29adb,0x5c4cdd8d, +- 0xf0d48d8c,0xb88153e2,0x08a19866,0x1ae2eac8, +- 0x284caf89,0xaa928223,0x9334be53,0x3b3a21bf, +- 0x16434be3,0x9aea3906,0xefe8c36e,0xf890cdd9, +- 0x80226dae,0xc340a4a3,0xdf7e9c09,0xa694a807, +- 0x5b7c5ecc,0x221db3a6,0x9a69a02f,0x68818a54, +- 0xceb2296f,0x53c0843a,0xfe893655,0x25bfe68a, +- 0xb4628abc,0xcf222ebf,0x25ac6f48,0xa9a99387, +- 0x53bddb65,0xe76ffbe7,0xe967fd78,0x0ba93563, +- 0x8e342bc1,0xe8a11be9,0x4980740d,0xc8087dfc, +- 0x8de4bf99,0xa11101a0,0x7fd37975,0xda5a26c0, +- 0xe81f994f,0x9528cd89,0xfd339fed,0xb87834bf, +- 0x5f04456d,0x22258698,0xc9c4c83b,0x2dc156be, +- 0x4f628daa,0x57f55ec5,0xe2220abe,0xd2916ebf, +- 0x4ec75b95,0x24f2c3c0,0x42d15d99,0xcd0d7fa0, +- 0x7b6e27ff,0xa8dc8af0,0x7345c106,0xf41e232f, +- 0x35162386,0xe6ea8926,0x3333b094,0x157ec6f2, +- 0x372b74af,0x692573e4,0xe9a9d848,0xf3160289, +- 0x3a62ef1d,0xa787e238,0xf3a5f676,0x74364853, +- 0x20951063,0x4576698d,0xb6fad407,0x592af950, +- 0x36f73523,0x4cfb6e87,0x7da4cec0,0x6c152daa, +- 0xcb0396a8,0xc50dfe5d,0xfcd707ab,0x0921c42f, +- 0x89dff0bb,0x5fe2be78,0x448f4f33,0x754613c9, +- 0x2b05d08d,0x48b9d585,0xdc049441,0xc8098f9b, +- 0x7dede786,0xc39a3373,0x42410005,0x6a091751, +- 0x0ef3c8a6,0x890072d6,0x28207682,0xa9a9f7be, +- 0xbf32679d,0xd45b5b75,0xb353fd00,0xcbb0e358, +- 0x830f220a,0x1f8fb214,0xd372cf08,0xcc3c4a13, +- 0x8cf63166,0x061c87be,0x88c98f88,0x6062e397, +- 0x47cf8e7a,0xb6c85283,0x3cc2acfb,0x3fc06976, +- 0x4e8f0252,0x64d8314d,0xda3870e3,0x1e665459, +- 0xc10908f0,0x513021a5,0x6c5b68b7,0x822f8aa0, +- 0x3007cd3e,0x74719eef,0xdc872681,0x073340d4, +- 0x7e432fd9,0x0c5ec241,0x8809286c,0xf592d891, +- 0x08a930f6,0x957ef305,0xb7fbffbd,0xc266e96f, +- 0x6fe4ac98,0xb173ecc0,0xbc60b42a,0x953498da, +- 0xfba1ae12,0x2d4bd736,0x0f25faab,0xa4f3fceb, +- 0xe2969123,0x257f0c3d,0x9348af49,0x361400bc, +- 0xe8816f4a,0x3814f200,0xa3f94043,0x9c7a54c2, +- 0xbc704f57,0xda41e7f9,0xc25ad33a,0x54f4a084, +- 0xb17f5505,0x59357cbe,0xedbd15c8,0x7f97c5ab, +- 0xba5ac7b5,0xb6f6deaf,0x3a479c3a,0x5302da25, +- 0x653d7e6a,0x54268d49,0x51a477ea,0x5017d55b, +- 0xd7d25d88,0x44136c76,0x0404a8c8,0xb8e5a121, +- 0xb81a928a,0x60ed5869,0x97c55b96,0xeaec991b, +- 0x29935913,0x01fdb7f1,0x088e8dfa,0x9ab6f6f5, +- 0x3b4cbf9f,0x4a5de3ab,0xe6051d35,0xa0e1d855, +- 0xd36b4cf1,0xf544edeb,0xb0e93524,0xbebb8fbd, +- 0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454, +- 0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f, +- }; +-OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={ +- 0x85e04019,0x332bf567,0x662dbfff,0xcfc65693, +- 0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f, +- 0x0227bce7,0x4d642916,0x18fac300,0x50f18b82, +- 0x2cb2cb11,0xb232e75c,0x4b3695f2,0xb28707de, +- 0xa05fbcf6,0xcd4181e9,0xe150210c,0xe24ef1bd, +- 0xb168c381,0xfde4e789,0x5c79b0d8,0x1e8bfd43, +- 0x4d495001,0x38be4341,0x913cee1d,0x92a79c3f, +- 0x089766be,0xbaeeadf4,0x1286becf,0xb6eacb19, +- 0x2660c200,0x7565bde4,0x64241f7a,0x8248dca9, +- 0xc3b3ad66,0x28136086,0x0bd8dfa8,0x356d1cf2, +- 0x107789be,0xb3b2e9ce,0x0502aa8f,0x0bc0351e, +- 0x166bf52a,0xeb12ff82,0xe3486911,0xd34d7516, +- 0x4e7b3aff,0x5f43671b,0x9cf6e037,0x4981ac83, +- 0x334266ce,0x8c9341b7,0xd0d854c0,0xcb3a6c88, +- 0x47bc2829,0x4725ba37,0xa66ad22b,0x7ad61f1e, +- 0x0c5cbafa,0x4437f107,0xb6e79962,0x42d2d816, +- 0x0a961288,0xe1a5c06e,0x13749e67,0x72fc081a, +- 0xb1d139f7,0xf9583745,0xcf19df58,0xbec3f756, +- 0xc06eba30,0x07211b24,0x45c28829,0xc95e317f, +- 0xbc8ec511,0x38bc46e9,0xc6e6fa14,0xbae8584a, +- 0xad4ebc46,0x468f508b,0x7829435f,0xf124183b, +- 0x821dba9f,0xaff60ff4,0xea2c4e6d,0x16e39264, +- 0x92544a8b,0x009b4fc3,0xaba68ced,0x9ac96f78, +- 0x06a5b79a,0xb2856e6e,0x1aec3ca9,0xbe838688, +- 0x0e0804e9,0x55f1be56,0xe7e5363b,0xb3a1f25d, +- 0xf7debb85,0x61fe033c,0x16746233,0x3c034c28, +- 0xda6d0c74,0x79aac56c,0x3ce4e1ad,0x51f0c802, +- 0x98f8f35a,0x1626a49f,0xeed82b29,0x1d382fe3, +- 0x0c4fb99a,0xbb325778,0x3ec6d97b,0x6e77a6a9, +- 0xcb658b5c,0xd45230c7,0x2bd1408b,0x60c03eb7, +- 0xb9068d78,0xa33754f4,0xf430c87d,0xc8a71302, +- 0xb96d8c32,0xebd4e7be,0xbe8b9d2d,0x7979fb06, +- 0xe7225308,0x8b75cf77,0x11ef8da4,0xe083c858, +- 0x8d6b786f,0x5a6317a6,0xfa5cf7a0,0x5dda0033, +- 0xf28ebfb0,0xf5b9c310,0xa0eac280,0x08b9767a, +- 0xa3d9d2b0,0x79d34217,0x021a718d,0x9ac6336a, +- 0x2711fd60,0x438050e3,0x069908a8,0x3d7fedc4, +- 0x826d2bef,0x4eeb8476,0x488dcf25,0x36c9d566, +- 0x28e74e41,0xc2610aca,0x3d49a9cf,0xbae3b9df, +- 0xb65f8de6,0x92aeaf64,0x3ac7d5e6,0x9ea80509, +- 0xf22b017d,0xa4173f70,0xdd1e16c3,0x15e0d7f9, +- 0x50b1b887,0x2b9f4fd5,0x625aba82,0x6a017962, +- 0x2ec01b9c,0x15488aa9,0xd716e740,0x40055a2c, +- 0x93d29a22,0xe32dbf9a,0x058745b9,0x3453dc1e, +- 0xd699296e,0x496cff6f,0x1c9f4986,0xdfe2ed07, +- 0xb87242d1,0x19de7eae,0x053e561a,0x15ad6f8c, +- 0x66626c1c,0x7154c24c,0xea082b2a,0x93eb2939, +- 0x17dcb0f0,0x58d4f2ae,0x9ea294fb,0x52cf564c, +- 0x9883fe66,0x2ec40581,0x763953c3,0x01d6692e, +- 0xd3a0c108,0xa1e7160e,0xe4f2dfa6,0x693ed285, +- 0x74904698,0x4c2b0edd,0x4f757656,0x5d393378, +- 0xa132234f,0x3d321c5d,0xc3f5e194,0x4b269301, +- 0xc79f022f,0x3c997e7e,0x5e4f9504,0x3ffafbbd, +- 0x76f7ad0e,0x296693f4,0x3d1fce6f,0xc61e45be, +- 0xd3b5ab34,0xf72bf9b7,0x1b0434c0,0x4e72b567, +- 0x5592a33d,0xb5229301,0xcfd2a87f,0x60aeb767, +- 0x1814386b,0x30bcc33d,0x38a0c07d,0xfd1606f2, +- 0xc363519b,0x589dd390,0x5479f8e6,0x1cb8d647, +- 0x97fd61a9,0xea7759f4,0x2d57539d,0x569a58cf, +- 0xe84e63ad,0x462e1b78,0x6580f87e,0xf3817914, +- 0x91da55f4,0x40a230f3,0xd1988f35,0xb6e318d2, +- 0x3ffa50bc,0x3d40f021,0xc3c0bdae,0x4958c24c, +- 0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada, +- 0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3, +- }; +-OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={ +- 0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095, +- 0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5, +- 0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174, +- 0x2a42931c,0x76e38111,0xb12def3a,0x37ddddfc, +- 0xde9adeb1,0x0a0cc32c,0xbe197029,0x84a00940, +- 0xbb243a0f,0xb4d137cf,0xb44e79f0,0x049eedfd, +- 0x0b15a15d,0x480d3168,0x8bbbde5a,0x669ded42, +- 0xc7ece831,0x3f8f95e7,0x72df191b,0x7580330d, +- 0x94074251,0x5c7dcdfa,0xabbe6d63,0xaa402164, +- 0xb301d40a,0x02e7d1ca,0x53571dae,0x7a3182a2, +- 0x12a8ddec,0xfdaa335d,0x176f43e8,0x71fb46d4, +- 0x38129022,0xce949ad4,0xb84769ad,0x965bd862, +- 0x82f3d055,0x66fb9767,0x15b80b4e,0x1d5b47a0, +- 0x4cfde06f,0xc28ec4b8,0x57e8726e,0x647a78fc, +- 0x99865d44,0x608bd593,0x6c200e03,0x39dc5ff6, +- 0x5d0b00a3,0xae63aff2,0x7e8bd632,0x70108c0c, +- 0xbbd35049,0x2998df04,0x980cf42a,0x9b6df491, +- 0x9e7edd53,0x06918548,0x58cb7e07,0x3b74ef2e, +- 0x522fffb1,0xd24708cc,0x1c7e27cd,0xa4eb215b, +- 0x3cf1d2e2,0x19b47a38,0x424f7618,0x35856039, +- 0x9d17dee7,0x27eb35e6,0xc9aff67b,0x36baf5b8, +- 0x09c467cd,0xc18910b1,0xe11dbf7b,0x06cd1af8, +- 0x7170c608,0x2d5e3354,0xd4de495a,0x64c6d006, +- 0xbcc0c62c,0x3dd00db3,0x708f8f34,0x77d51b42, +- 0x264f620f,0x24b8d2bf,0x15c1b79e,0x46a52564, +- 0xf8d7e54e,0x3e378160,0x7895cda5,0x859c15a5, +- 0xe6459788,0xc37bc75f,0xdb07ba0c,0x0676a3ab, +- 0x7f229b1e,0x31842e7b,0x24259fd7,0xf8bef472, +- 0x835ffcb8,0x6df4c1f2,0x96f5b195,0xfd0af0fc, +- 0xb0fe134c,0xe2506d3d,0x4f9b12ea,0xf215f225, +- 0xa223736f,0x9fb4c428,0x25d04979,0x34c713f8, +- 0xc4618187,0xea7a6e98,0x7cd16efc,0x1436876c, +- 0xf1544107,0xbedeee14,0x56e9af27,0xa04aa441, +- 0x3cf7c899,0x92ecbae6,0xdd67016d,0x151682eb, +- 0xa842eedf,0xfdba60b4,0xf1907b75,0x20e3030f, +- 0x24d8c29e,0xe139673b,0xefa63fb8,0x71873054, +- 0xb6f2cf3b,0x9f326442,0xcb15a4cc,0xb01a4504, +- 0xf1e47d8d,0x844a1be5,0xbae7dfdc,0x42cbda70, +- 0xcd7dae0a,0x57e85b7a,0xd53f5af6,0x20cf4d8c, +- 0xcea4d428,0x79d130a4,0x3486ebfb,0x33d3cddc, +- 0x77853b53,0x37effcb5,0xc5068778,0xe580b3e6, +- 0x4e68b8f4,0xc5c8b37e,0x0d809ea2,0x398feb7c, +- 0x132a4f94,0x43b7950e,0x2fee7d1c,0x223613bd, +- 0xdd06caa2,0x37df932b,0xc4248289,0xacf3ebc3, +- 0x5715f6b7,0xef3478dd,0xf267616f,0xc148cbe4, +- 0x9052815e,0x5e410fab,0xb48a2465,0x2eda7fa4, +- 0xe87b40e4,0xe98ea084,0x5889e9e1,0xefd390fc, +- 0xdd07d35b,0xdb485694,0x38d7e5b2,0x57720101, +- 0x730edebc,0x5b643113,0x94917e4f,0x503c2fba, +- 0x646f1282,0x7523d24a,0xe0779695,0xf9c17a8f, +- 0x7a5b2121,0xd187b896,0x29263a4d,0xba510cdf, +- 0x81f47c9f,0xad1163ed,0xea7b5965,0x1a00726e, +- 0x11403092,0x00da6d77,0x4a0cdd61,0xad1f4603, +- 0x605bdfb0,0x9eedc364,0x22ebe6a8,0xcee7d28a, +- 0xa0e736a0,0x5564a6b9,0x10853209,0xc7eb8f37, +- 0x2de705ca,0x8951570f,0xdf09822b,0xbd691a6c, +- 0xaa12e4f2,0x87451c0f,0xe0f6a27a,0x3ada4819, +- 0x4cf1764f,0x0d771c2b,0x67cdb156,0x350d8384, +- 0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d, +- 0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c, +- 0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347, +- 0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82, +- 0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d, +- 0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e, +- }; +diff --git a/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c b/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c +new file mode 100644 +index 0000000..bf933e0 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c +@@ -0,0 +1,96 @@ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2010. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include "asn1_locl.h" ++ ++/* ++ * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output ++ * length and to free up a CMAC key. ++ */ ++ ++static int cmac_size(const EVP_PKEY *pkey) ++{ ++ return EVP_MAX_BLOCK_LENGTH; ++} ++ ++static void cmac_key_free(EVP_PKEY *pkey) ++{ ++ CMAC_CTX *cmctx = (CMAC_CTX *)pkey->pkey.ptr; ++ if (cmctx) ++ CMAC_CTX_free(cmctx); ++} ++ ++const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { ++ EVP_PKEY_CMAC, ++ EVP_PKEY_CMAC, ++ 0, ++ ++ "CMAC", ++ "OpenSSL CMAC method", ++ ++ 0, 0, 0, 0, ++ ++ 0, 0, 0, ++ ++ cmac_size, ++ 0, ++ 0, 0, 0, 0, 0, 0, 0, ++ ++ cmac_key_free, ++ 0, ++ 0, 0 ++}; +diff --git a/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c b/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c +new file mode 100644 +index 0000000..a2300df +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c +@@ -0,0 +1,216 @@ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2010. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include "evp_locl.h" ++ ++/* The context structure and "key" is simply a CMAC_CTX */ ++ ++static int pkey_cmac_init(EVP_PKEY_CTX *ctx) ++{ ++ ctx->data = CMAC_CTX_new(); ++ if (!ctx->data) ++ return 0; ++ ctx->keygen_info_count = 0; ++ return 1; ++} ++ ++static int pkey_cmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) ++{ ++ if (!pkey_cmac_init(dst)) ++ return 0; ++ if (!CMAC_CTX_copy(dst->data, src->data)) ++ return 0; ++ return 1; ++} ++ ++static void pkey_cmac_cleanup(EVP_PKEY_CTX *ctx) ++{ ++ CMAC_CTX_free(ctx->data); ++} ++ ++static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ++{ ++ CMAC_CTX *cmkey = CMAC_CTX_new(); ++ CMAC_CTX *cmctx = ctx->data; ++ if (!cmkey) ++ return 0; ++ if (!CMAC_CTX_copy(cmkey, cmctx)) { ++ CMAC_CTX_free(cmkey); ++ return 0; ++ } ++ EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey); ++ ++ return 1; ++} ++ ++static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ if (!CMAC_Update(ctx->pctx->data, data, count)) ++ return 0; ++ return 1; ++} ++ ++static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) ++{ ++ EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); ++ mctx->update = int_update; ++ return 1; ++} ++ ++static int cmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, ++ EVP_MD_CTX *mctx) ++{ ++ return CMAC_Final(ctx->data, sig, siglen); ++} ++ ++static int pkey_cmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++{ ++ CMAC_CTX *cmctx = ctx->data; ++ switch (type) { ++ ++ case EVP_PKEY_CTRL_SET_MAC_KEY: ++ if (!p2 || p1 < 0) ++ return 0; ++ if (!CMAC_Init(cmctx, p2, p1, NULL, NULL)) ++ return 0; ++ break; ++ ++ case EVP_PKEY_CTRL_CIPHER: ++ if (!CMAC_Init(cmctx, NULL, 0, p2, ctx->engine)) ++ return 0; ++ break; ++ ++ case EVP_PKEY_CTRL_MD: ++ if (ctx->pkey && !CMAC_CTX_copy(ctx->data, ++ (CMAC_CTX *)ctx->pkey->pkey.ptr)) ++ return 0; ++ if (!CMAC_Init(cmctx, NULL, 0, NULL, NULL)) ++ return 0; ++ break; ++ ++ default: ++ return -2; ++ ++ } ++ return 1; ++} ++ ++static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx, ++ const char *type, const char *value) ++{ ++ if (!value) { ++ return 0; ++ } ++ if (!strcmp(type, "key")) { ++ void *p = (void *)value; ++ return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(p), p); ++ } ++ if (!strcmp(type, "cipher")) { ++ const EVP_CIPHER *c; ++ c = EVP_get_cipherbyname(value); ++ if (!c) ++ return 0; ++ return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c); ++ } ++ if (!strcmp(type, "hexkey")) { ++ unsigned char *key; ++ int r; ++ long keylen; ++ key = string_to_hex(value, &keylen); ++ if (!key) ++ return 0; ++ r = pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); ++ OPENSSL_free(key); ++ return r; ++ } ++ return -2; ++} ++ ++const EVP_PKEY_METHOD cmac_pkey_meth = { ++ EVP_PKEY_CMAC, ++ EVP_PKEY_FLAG_SIGCTX_CUSTOM, ++ pkey_cmac_init, ++ pkey_cmac_copy, ++ pkey_cmac_cleanup, ++ ++ 0, 0, ++ ++ 0, ++ pkey_cmac_keygen, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ cmac_signctx_init, ++ cmac_signctx, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ pkey_cmac_ctrl, ++ pkey_cmac_ctrl_str ++}; +diff --git a/Cryptlib/OpenSSL/crypto/cmac/cmac.c b/Cryptlib/OpenSSL/crypto/cmac/cmac.c +new file mode 100644 +index 0000000..774e6dc +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/cmac/cmac.c +@@ -0,0 +1,298 @@ ++/* crypto/cmac/cmac.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include ++#include ++#include "cryptlib.h" ++#include ++ ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ ++struct CMAC_CTX_st { ++ /* Cipher context to use */ ++ EVP_CIPHER_CTX cctx; ++ /* Keys k1 and k2 */ ++ unsigned char k1[EVP_MAX_BLOCK_LENGTH]; ++ unsigned char k2[EVP_MAX_BLOCK_LENGTH]; ++ /* Temporary block */ ++ unsigned char tbl[EVP_MAX_BLOCK_LENGTH]; ++ /* Last (possibly partial) block */ ++ unsigned char last_block[EVP_MAX_BLOCK_LENGTH]; ++ /* Number of bytes in last block: -1 means context not initialised */ ++ int nlast_block; ++}; ++ ++/* Make temporary keys K1 and K2 */ ++ ++static void make_kn(unsigned char *k1, unsigned char *l, int bl) ++{ ++ int i; ++ /* Shift block to left, including carry */ ++ for (i = 0; i < bl; i++) { ++ k1[i] = l[i] << 1; ++ if (i < bl - 1 && l[i + 1] & 0x80) ++ k1[i] |= 1; ++ } ++ /* If MSB set fixup with R */ ++ if (l[0] & 0x80) ++ k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b; ++} ++ ++CMAC_CTX *CMAC_CTX_new(void) ++{ ++ CMAC_CTX *ctx; ++ ctx = OPENSSL_malloc(sizeof(CMAC_CTX)); ++ if (!ctx) ++ return NULL; ++ EVP_CIPHER_CTX_init(&ctx->cctx); ++ ctx->nlast_block = -1; ++ return ctx; ++} ++ ++void CMAC_CTX_cleanup(CMAC_CTX *ctx) ++{ ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->cctx.engine) { ++ FIPS_cmac_ctx_cleanup(ctx); ++ return; ++ } ++#endif ++ EVP_CIPHER_CTX_cleanup(&ctx->cctx); ++ OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); ++ OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); ++ OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH); ++ OPENSSL_cleanse(ctx->last_block, EVP_MAX_BLOCK_LENGTH); ++ ctx->nlast_block = -1; ++} ++ ++EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) ++{ ++ return &ctx->cctx; ++} ++ ++void CMAC_CTX_free(CMAC_CTX *ctx) ++{ ++ if (!ctx) ++ return; ++ CMAC_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++} ++ ++int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) ++{ ++ int bl; ++ if (in->nlast_block == -1) ++ return 0; ++ if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) ++ return 0; ++ bl = EVP_CIPHER_CTX_block_size(&in->cctx); ++ memcpy(out->k1, in->k1, bl); ++ memcpy(out->k2, in->k2, bl); ++ memcpy(out->tbl, in->tbl, bl); ++ memcpy(out->last_block, in->last_block, bl); ++ out->nlast_block = in->nlast_block; ++ return 1; ++} ++ ++int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, ++ const EVP_CIPHER *cipher, ENGINE *impl) ++{ ++ static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH]; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ /* If we have an ENGINE need to allow non FIPS */ ++ if ((impl || ctx->cctx.engine) ++ && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { ++ EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); ++ return 0; ++ } ++ /* ++ * Other algorithm blocking will be done in FIPS_cmac_init, via ++ * FIPS_cipherinit(). ++ */ ++ if (!impl && !ctx->cctx.engine) ++ return FIPS_cmac_init(ctx, key, keylen, cipher, NULL); ++ } ++#endif ++ /* All zeros means restart */ ++ if (!key && !cipher && !impl && keylen == 0) { ++ /* Not initialised */ ++ if (ctx->nlast_block == -1) ++ return 0; ++ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) ++ return 0; ++ memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx)); ++ ctx->nlast_block = 0; ++ return 1; ++ } ++ /* Initialiase context */ ++ if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) ++ return 0; ++ /* Non-NULL key means initialisation complete */ ++ if (key) { ++ int bl; ++ if (!EVP_CIPHER_CTX_cipher(&ctx->cctx)) ++ return 0; ++ if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) ++ return 0; ++ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) ++ return 0; ++ bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); ++ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) ++ return 0; ++ make_kn(ctx->k1, ctx->tbl, bl); ++ make_kn(ctx->k2, ctx->k1, bl); ++ OPENSSL_cleanse(ctx->tbl, bl); ++ /* Reset context again ready for first data block */ ++ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) ++ return 0; ++ /* Zero tbl so resume works */ ++ memset(ctx->tbl, 0, bl); ++ ctx->nlast_block = 0; ++ } ++ return 1; ++} ++ ++int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) ++{ ++ const unsigned char *data = in; ++ size_t bl; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->cctx.engine) ++ return FIPS_cmac_update(ctx, in, dlen); ++#endif ++ if (ctx->nlast_block == -1) ++ return 0; ++ if (dlen == 0) ++ return 1; ++ bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); ++ /* Copy into partial block if we need to */ ++ if (ctx->nlast_block > 0) { ++ size_t nleft; ++ nleft = bl - ctx->nlast_block; ++ if (dlen < nleft) ++ nleft = dlen; ++ memcpy(ctx->last_block + ctx->nlast_block, data, nleft); ++ dlen -= nleft; ++ ctx->nlast_block += nleft; ++ /* If no more to process return */ ++ if (dlen == 0) ++ return 1; ++ data += nleft; ++ /* Else not final block so encrypt it */ ++ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl)) ++ return 0; ++ } ++ /* Encrypt all but one of the complete blocks left */ ++ while (dlen > bl) { ++ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl)) ++ return 0; ++ dlen -= bl; ++ data += bl; ++ } ++ /* Copy any data left to last block buffer */ ++ memcpy(ctx->last_block, data, dlen); ++ ctx->nlast_block = dlen; ++ return 1; ++ ++} ++ ++int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) ++{ ++ int i, bl, lb; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->cctx.engine) ++ return FIPS_cmac_final(ctx, out, poutlen); ++#endif ++ if (ctx->nlast_block == -1) ++ return 0; ++ bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); ++ *poutlen = (size_t)bl; ++ if (!out) ++ return 1; ++ lb = ctx->nlast_block; ++ /* Is last block complete? */ ++ if (lb == bl) { ++ for (i = 0; i < bl; i++) ++ out[i] = ctx->last_block[i] ^ ctx->k1[i]; ++ } else { ++ ctx->last_block[lb] = 0x80; ++ if (bl - lb > 1) ++ memset(ctx->last_block + lb + 1, 0, bl - lb - 1); ++ for (i = 0; i < bl; i++) ++ out[i] = ctx->last_block[i] ^ ctx->k2[i]; ++ } ++ if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { ++ OPENSSL_cleanse(out, bl); ++ return 0; ++ } ++ return 1; ++} ++ ++int CMAC_resume(CMAC_CTX *ctx) ++{ ++ if (ctx->nlast_block == -1) ++ return 0; ++ /* ++ * The buffer "tbl" containes the last fully encrypted block which is the ++ * last IV (or all zeroes if no last encrypted block). The last block has ++ * not been modified since CMAC_final(). So reinitliasing using the last ++ * decrypted block will allow CMAC to continue after calling ++ * CMAC_Final(). ++ */ ++ return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); ++} +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c +index adf1663..e9aabbd 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/c_rle.c ++++ b/Cryptlib/OpenSSL/crypto/comp/c_rle.c +@@ -33,7 +33,7 @@ static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, + { + /* int i; */ + +- if (olen < (ilen + 1)) { ++ if (ilen == 0 || olen < (ilen - 1)) { + /* ZZZZZZZZZZZZZZZZZZZZZZ */ + return (-1); + } +@@ -49,7 +49,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, + { + int i; + +- if (ilen == 0 || olen < (ilen - 1)) { ++ if (olen < (ilen - 1)) { + /* ZZZZZZZZZZZZZZZZZZZZZZ */ + return (-1); + } +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c +index 07ef739..6731af8 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c ++++ b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c +@@ -746,6 +746,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + default: + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; ++ + } + + return ret; +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c +index edc8819..8ca159b 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/comp_err.c ++++ b/Cryptlib/OpenSSL/crypto/comp/comp_err.c +@@ -1,6 +1,6 @@ + /* crypto/comp/comp_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +index d994ef8..4cf7553 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +@@ -70,18 +70,12 @@ + #include + #include "e_os.h" + +-static void value_free_hash(CONF_VALUE *a, LHASH *conf); +-static void value_free_stack(CONF_VALUE *a, LHASH *conf); +-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *) +-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *) +-/* +- * We don't use function pointer casting or wrapper functions - but cast each +- * callback parameter inside the callback functions. +- */ +-/* static unsigned long hash(CONF_VALUE *v); */ +-static unsigned long hash(const void *v_void); +-/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */ +-static int cmp_conf(const void *a_void, const void *b_void); ++static void value_free_hash_doall_arg(CONF_VALUE *a, ++ LHASH_OF(CONF_VALUE) *conf); ++static void value_free_stack_doall(CONF_VALUE *a); ++static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE, ++ LHASH_OF(CONF_VALUE)) ++static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE) + + /* Up until OpenSSL 0.9.5a, this was get_section */ + CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) +@@ -92,7 +86,7 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) + return (NULL); + vv.name = NULL; + vv.section = (char *)section; +- v = (CONF_VALUE *)lh_retrieve(conf->data, &vv); ++ v = lh_CONF_VALUE_retrieve(conf->data, &vv); + return (v); + } + +@@ -121,7 +115,7 @@ int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) + return 0; + } + +- v = (CONF_VALUE *)lh_insert(conf->data, value); ++ v = lh_CONF_VALUE_insert(conf->data, value); + if (v != NULL) { + (void)sk_CONF_VALUE_delete_ptr(ts, v); + OPENSSL_free(v->name); +@@ -143,24 +137,24 @@ char *_CONF_get_string(const CONF *conf, const char *section, + if (section != NULL) { + vv.name = (char *)name; + vv.section = (char *)section; +- v = (CONF_VALUE *)lh_retrieve(conf->data, &vv); ++ v = lh_CONF_VALUE_retrieve(conf->data, &vv); + if (v != NULL) + return (v->value); + if (strcmp(section, "ENV") == 0) { +- p = Getenv(name); ++ p = getenv(name); + if (p != NULL) + return (p); + } + } + vv.section = "default"; + vv.name = (char *)name; +- v = (CONF_VALUE *)lh_retrieve(conf->data, &vv); ++ v = lh_CONF_VALUE_retrieve(conf->data, &vv); + if (v != NULL) + return (v->value); + else + return (NULL); + } else +- return (Getenv(name)); ++ return (getenv(name)); + } + + #if 0 /* There's no way to provide error checking +@@ -185,13 +179,41 @@ long _CONF_get_number(CONF *conf, char *section, char *name) + } + #endif + ++static unsigned long conf_value_hash(const CONF_VALUE *v) ++{ ++ return (lh_strhash(v->section) << 2) ^ lh_strhash(v->name); ++} ++ ++static IMPLEMENT_LHASH_HASH_FN(conf_value, CONF_VALUE) ++ ++static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) ++{ ++ int i; ++ ++ if (a->section != b->section) { ++ i = strcmp(a->section, b->section); ++ if (i) ++ return (i); ++ } ++ ++ if ((a->name != NULL) && (b->name != NULL)) { ++ i = strcmp(a->name, b->name); ++ return (i); ++ } else if (a->name == b->name) ++ return (0); ++ else ++ return ((a->name == NULL) ? -1 : 1); ++} ++ ++static IMPLEMENT_LHASH_COMP_FN(conf_value, CONF_VALUE) ++ + int _CONF_new_data(CONF *conf) + { + if (conf == NULL) { + return 0; + } + if (conf->data == NULL) +- if ((conf->data = lh_new(hash, cmp_conf)) == NULL) { ++ if ((conf->data = lh_CONF_VALUE_new()) == NULL) { + return 0; + } + return 1; +@@ -202,104 +224,77 @@ void _CONF_free_data(CONF *conf) + if (conf == NULL || conf->data == NULL) + return; + +- conf->data->down_load = 0; /* evil thing to make sure the +- * 'OPENSSL_free()' works as expected */ +- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), conf->data); ++ lh_CONF_VALUE_down_load(conf->data) = 0; /* evil thing to make * sure the ++ * 'OPENSSL_free()' works as * ++ * expected */ ++ lh_CONF_VALUE_doall_arg(conf->data, ++ LHASH_DOALL_ARG_FN(value_free_hash), ++ LHASH_OF(CONF_VALUE), conf->data); + + /* + * We now have only 'section' entries in the hash table. Due to problems + * with + */ + +- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack), +- conf->data); +- lh_free(conf->data); ++ lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack)); ++ lh_CONF_VALUE_free(conf->data); + } + +-static void value_free_hash(CONF_VALUE *a, LHASH *conf) ++static void value_free_hash_doall_arg(CONF_VALUE *a, ++ LHASH_OF(CONF_VALUE) *conf) + { +- if (a->name != NULL) { +- a = (CONF_VALUE *)lh_delete(conf, a); +- } ++ if (a->name != NULL) ++ (void)lh_CONF_VALUE_delete(conf, a); + } + +-static void value_free_stack(CONF_VALUE *a, LHASH *conf) ++static void value_free_stack_doall(CONF_VALUE *a) + { + CONF_VALUE *vv; +- STACK *sk; ++ STACK_OF(CONF_VALUE) *sk; + int i; + + if (a->name != NULL) + return; + +- sk = (STACK *) a->value; +- for (i = sk_num(sk) - 1; i >= 0; i--) { +- vv = (CONF_VALUE *)sk_value(sk, i); ++ sk = (STACK_OF(CONF_VALUE) *)a->value; ++ for (i = sk_CONF_VALUE_num(sk) - 1; i >= 0; i--) { ++ vv = sk_CONF_VALUE_value(sk, i); + OPENSSL_free(vv->value); + OPENSSL_free(vv->name); + OPENSSL_free(vv); + } + if (sk != NULL) +- sk_free(sk); ++ sk_CONF_VALUE_free(sk); + OPENSSL_free(a->section); + OPENSSL_free(a); + } + +-/* static unsigned long hash(CONF_VALUE *v) */ +-static unsigned long hash(const void *v_void) +-{ +- CONF_VALUE *v = (CONF_VALUE *)v_void; +- return ((lh_strhash(v->section) << 2) ^ lh_strhash(v->name)); +-} +- +-/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */ +-static int cmp_conf(const void *a_void, const void *b_void) +-{ +- int i; +- CONF_VALUE *a = (CONF_VALUE *)a_void; +- CONF_VALUE *b = (CONF_VALUE *)b_void; +- +- if (a->section != b->section) { +- i = strcmp(a->section, b->section); +- if (i) +- return (i); +- } +- +- if ((a->name != NULL) && (b->name != NULL)) { +- i = strcmp(a->name, b->name); +- return (i); +- } else if (a->name == b->name) +- return (0); +- else +- return ((a->name == NULL) ? -1 : 1); +-} +- + /* Up until OpenSSL 0.9.5a, this was new_section */ + CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) + { +- STACK *sk = NULL; ++ STACK_OF(CONF_VALUE) *sk = NULL; + int ok = 0, i; + CONF_VALUE *v = NULL, *vv; + +- if ((sk = sk_new_null()) == NULL) ++ if ((sk = sk_CONF_VALUE_new_null()) == NULL) + goto err; +- if ((v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) ++ if ((v = OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) + goto err; + i = strlen(section) + 1; +- if ((v->section = (char *)OPENSSL_malloc(i)) == NULL) ++ if ((v->section = OPENSSL_malloc(i)) == NULL) + goto err; + + memcpy(v->section, section, i); + v->name = NULL; + v->value = (char *)sk; + +- vv = (CONF_VALUE *)lh_insert(conf->data, v); ++ vv = lh_CONF_VALUE_insert(conf->data, v); + OPENSSL_assert(vv == NULL); + ok = 1; + err: + if (!ok) { + if (sk != NULL) +- sk_free(sk); ++ sk_CONF_VALUE_free(sk); + if (v != NULL) + OPENSSL_free(v); + v = NULL; +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +index 8ca68e1..faca9ae 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +@@ -130,7 +130,7 @@ static CONF *def_create(CONF_METHOD *meth) + { + CONF *ret; + +- ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); ++ ret = OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); + if (ret) + if (meth->init(ret) == 0) { + OPENSSL_free(ret); +@@ -145,7 +145,7 @@ static int def_init_default(CONF *conf) + return 0; + + conf->meth = &default_method; +- conf->meth_data = (void *)CONF_type_default; ++ conf->meth_data = CONF_type_default; + conf->data = NULL; + + return 1; +@@ -217,8 +217,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) + CONF_VALUE *v = NULL, *tv; + CONF_VALUE *sv = NULL; + char *section = NULL, *buf; +-/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/ +-/* STACK_OF(CONF_VALUE) *ts=NULL;*/ + char *start, *psection, *pname; + void *h = (void *)(conf->data); + +@@ -244,7 +242,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) + CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + goto err; + } +-/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ + + bufnum = 0; + again = 0; +@@ -332,7 +329,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) + CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + goto err; + } +-/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ + continue; + } else { + pname = s; +@@ -386,11 +382,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) + CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + goto err; + } +-/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/ +- } else { ++ } else + tv = sv; +-/* ts=section_sk;*/ +- } + #if 1 + if (_CONF_add_string(conf, tv, v) == 0) { + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); +@@ -592,7 +585,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) + CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); + goto err; + } +- BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from))); ++ if (!BUF_MEM_grow_clean(buf, ++ (strlen(p) + buf->length - (e - from)))) { ++ CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + while (*p) + buf->data[to++] = *(p++); + +@@ -682,7 +679,7 @@ static char *scan_dquote(CONF *conf, char *p) + return (p); + } + +-static void dump_value(CONF_VALUE *a, BIO *out) ++static void dump_value_doall_arg(CONF_VALUE *a, BIO *out) + { + if (a->name) + BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); +@@ -690,11 +687,12 @@ static void dump_value(CONF_VALUE *a, BIO *out) + BIO_printf(out, "[[%s]]\n", a->section); + } + +-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *) ++static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE, BIO) + + static int def_dump(const CONF *conf, BIO *out) + { +- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out); ++ lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), ++ BIO, out); + return 1; + } + +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.h b/Cryptlib/OpenSSL/crypto/conf/conf_def.h +index 92a7d8a..7d897b8 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.h ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,132 +49,133 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* THIS FILE WAS AUTOMAGICALLY GENERATED! +- Please modify and use keysets.pl to regenerate it. */ ++/* ++ * THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to ++ * regenerate it. ++ */ + +-#define CONF_NUMBER 1 +-#define CONF_UPPER 2 +-#define CONF_LOWER 4 +-#define CONF_UNDER 256 +-#define CONF_PUNCTUATION 512 +-#define CONF_WS 16 +-#define CONF_ESC 32 +-#define CONF_QUOTE 64 +-#define CONF_DQUOTE 1024 +-#define CONF_COMMENT 128 +-#define CONF_FCOMMENT 2048 +-#define CONF_EOF 8 +-#define CONF_HIGHBIT 4096 +-#define CONF_ALPHA (CONF_UPPER|CONF_LOWER) +-#define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) ++#define CONF_NUMBER 1 ++#define CONF_UPPER 2 ++#define CONF_LOWER 4 ++#define CONF_UNDER 256 ++#define CONF_PUNCTUATION 512 ++#define CONF_WS 16 ++#define CONF_ESC 32 ++#define CONF_QUOTE 64 ++#define CONF_DQUOTE 1024 ++#define CONF_COMMENT 128 ++#define CONF_FCOMMENT 2048 ++#define CONF_EOF 8 ++#define CONF_HIGHBIT 4096 ++#define CONF_ALPHA (CONF_UPPER|CONF_LOWER) ++#define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) + #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \ +- CONF_PUNCTUATION) ++ CONF_PUNCTUATION) + +-#define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) ++#define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) + #ifndef CHARSET_EBCDIC +-#define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) +-#define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) +-#define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) +-#define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) +-#define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) +-#define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) +-#define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) +-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \ +- (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT) +-#define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) +-#define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) +-#define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) +- +-#else /*CHARSET_EBCDIC*/ ++# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) ++# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) ++# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) ++# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) ++# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) ++# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) ++# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) ++# define IS_ALPHA_NUMERIC_PUNCT(c,a) \ ++ (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT) ++# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) ++# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) ++# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) + +-#define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) +-#define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) +-#define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) +-#define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) +-#define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) +-#define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) +-#define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) +-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \ +- (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT) +-#define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) +-#define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) +-#define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) +-#endif /*CHARSET_EBCDIC*/ ++#else /* CHARSET_EBCDIC */ + +-static unsigned short CONF_type_default[256]={ +- 0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, +- 0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000, +- 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, +- 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, +- 0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040, +- 0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200, +- 0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001, +- 0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200, +- 0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, +- 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, +- 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, +- 0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100, +- 0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, +- 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, +- 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, +- 0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- }; ++# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) ++# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) ++# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) ++# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) ++# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) ++# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) ++# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) ++# define IS_ALPHA_NUMERIC_PUNCT(c,a) \ ++ (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT) ++# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) ++# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) ++# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) ++#endif /* CHARSET_EBCDIC */ + +-static unsigned short CONF_type_win32[256]={ +- 0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, +- 0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000, +- 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, +- 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, +- 0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000, +- 0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200, +- 0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001, +- 0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200, +- 0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, +- 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, +- 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, +- 0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100, +- 0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, +- 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, +- 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, +- 0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, +- }; ++static unsigned short CONF_type_default[256] = { ++ 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, ++ 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, ++ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, ++ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, ++ 0x0010, 0x0200, 0x0040, 0x0080, 0x0000, 0x0200, 0x0200, 0x0040, ++ 0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, ++ 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, ++ 0x0001, 0x0001, 0x0000, 0x0200, 0x0000, 0x0000, 0x0000, 0x0200, ++ 0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, ++ 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, ++ 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, ++ 0x0002, 0x0002, 0x0002, 0x0000, 0x0020, 0x0000, 0x0200, 0x0100, ++ 0x0040, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, ++ 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, ++ 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, ++ 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++}; + ++static unsigned short CONF_type_win32[256] = { ++ 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, ++ 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, ++ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, ++ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, ++ 0x0010, 0x0200, 0x0400, 0x0000, 0x0000, 0x0200, 0x0200, 0x0000, ++ 0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, ++ 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, ++ 0x0001, 0x0001, 0x0000, 0x0A00, 0x0000, 0x0000, 0x0000, 0x0200, ++ 0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, ++ 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, ++ 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, ++ 0x0002, 0x0002, 0x0002, 0x0000, 0x0000, 0x0000, 0x0200, 0x0100, ++ 0x0000, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, ++ 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, ++ 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, ++ 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, ++}; +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c +index 20fb12c..bb5e2fe 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_err.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_err.c +@@ -1,6 +1,6 @@ + /* crypto/conf/conf_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -75,6 +75,7 @@ static ERR_STRING_DATA CONF_str_functs[] = { + {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, + {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, + {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, ++ {ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"}, + {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, + {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, + {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, +@@ -96,6 +97,7 @@ static ERR_STRING_DATA CONF_str_functs[] = { + + static ERR_STRING_DATA CONF_str_reasons[] = { + {ERR_REASON(CONF_R_ERROR_LOADING_DSO), "error loading dso"}, ++ {ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL), "list cannot be null"}, + {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET), + "missing close square bracket"}, + {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"}, +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +index 5d5aef8..5281384 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +@@ -70,7 +70,7 @@ static CONF_METHOD *default_CONF_method = NULL; + + /* Init a 'CONF' structure from an old LHASH */ + +-void CONF_set_nconf(CONF *conf, LHASH *hash) ++void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash) + { + if (default_CONF_method == NULL) + default_CONF_method = NCONF_default(); +@@ -90,9 +90,10 @@ int CONF_set_default_method(CONF_METHOD *meth) + return 1; + } + +-LHASH *CONF_load(LHASH *conf, const char *file, long *eline) ++LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, ++ long *eline) + { +- LHASH *ltmp; ++ LHASH_OF(CONF_VALUE) *ltmp; + BIO *in = NULL; + + #ifdef OPENSSL_SYS_VMS +@@ -112,10 +113,11 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline) + } + + #ifndef OPENSSL_NO_FP_API +-LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline) ++LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, ++ long *eline) + { + BIO *btmp; +- LHASH *ltmp; ++ LHASH_OF(CONF_VALUE) *ltmp; + if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { + CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB); + return NULL; +@@ -126,7 +128,8 @@ LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline) + } + #endif + +-LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline) ++LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, ++ long *eline) + { + CONF ctmp; + int ret; +@@ -139,7 +142,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline) + return NULL; + } + +-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section) ++STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, ++ const char *section) + { + if (conf == NULL) { + return NULL; +@@ -150,7 +154,8 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section) + } + } + +-char *CONF_get_string(LHASH *conf, const char *group, const char *name) ++char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, ++ const char *name) + { + if (conf == NULL) { + return NCONF_get_string(NULL, group, name); +@@ -161,7 +166,8 @@ char *CONF_get_string(LHASH *conf, const char *group, const char *name) + } + } + +-long CONF_get_number(LHASH *conf, const char *group, const char *name) ++long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, ++ const char *name) + { + int status; + long result = 0; +@@ -181,7 +187,7 @@ long CONF_get_number(LHASH *conf, const char *group, const char *name) + return result; + } + +-void CONF_free(LHASH *conf) ++void CONF_free(LHASH_OF(CONF_VALUE) *conf) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +@@ -189,7 +195,7 @@ void CONF_free(LHASH *conf) + } + + #ifndef OPENSSL_NO_FP_API +-int CONF_dump_fp(LHASH *conf, FILE *out) ++int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) + { + BIO *btmp; + int ret; +@@ -204,7 +210,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out) + } + #endif + +-int CONF_dump_bio(LHASH *conf, BIO *out) ++int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c +index 4123eba..b4dbd66 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c +@@ -64,7 +64,6 @@ + #include + #include + #include +-#include + #ifndef OPENSSL_NO_ENGINE + # include + #endif +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c +index ffc477c..9acfca4 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c +@@ -562,8 +562,13 @@ int CONF_parse_list(const char *list_, int sep, int nospc, + { + int ret; + const char *lstart, *tmpend, *p; +- lstart = list_; + ++ if (list_ == NULL) { ++ CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL); ++ return 0; ++ } ++ ++ lstart = list_; + for (;;) { + if (nospc) { + while (*lstart && isspace((unsigned char)*lstart)) +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c +index d03de24..544fe97 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c +@@ -86,23 +86,10 @@ void OPENSSL_config(const char *config_name) + /* Need to load ENGINEs */ + ENGINE_load_builtin_engines(); + #endif +- /* Add others here? */ +- + ERR_clear_error(); +- if (CONF_modules_load_file(NULL, config_name, ++ CONF_modules_load_file(NULL, config_name, + CONF_MFLAGS_DEFAULT_SECTION | +- CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +- BIO *bio_err; +- ERR_load_crypto_strings(); +- if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { +- BIO_printf(bio_err, "Auto configuration failed\n"); +- ERR_print_errors(bio_err); +- BIO_free(bio_err); +- } +- exit(1); +- } +- +- return; ++ CONF_MFLAGS_IGNORE_MISSING_FILE); + } + + void OPENSSL_no_config() +diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c +index a3a7201..a513838 100644 +--- a/Cryptlib/OpenSSL/crypto/cpt_err.c ++++ b/Cryptlib/OpenSSL/crypto/cpt_err.c +@@ -1,6 +1,6 @@ + /* crypto/cpt_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -76,6 +76,7 @@ static ERR_STRING_DATA CRYPTO_str_functs[] = { + {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, + {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, + {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, ++ {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"}, + {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, + {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, + {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, +@@ -83,6 +84,7 @@ static ERR_STRING_DATA CRYPTO_str_functs[] = { + }; + + static ERR_STRING_DATA CRYPTO_str_reasons[] = { ++ {ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, + {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK), + "no dynlock create callback"}, + {0, NULL} +diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c +index 0864a9b..ca0e3cc 100644 +--- a/Cryptlib/OpenSSL/crypto/cryptlib.c ++++ b/Cryptlib/OpenSSL/crypto/cryptlib.c +@@ -1,6 +1,6 @@ + /* crypto/cryptlib.c */ + /* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -121,18 +121,277 @@ + static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ + #endif + ++DECLARE_STACK_OF(CRYPTO_dynlock) ++ ++/* real #defines in crypto.h, keep these upto date */ ++static const char *const lock_names[CRYPTO_NUM_LOCKS] = { ++ "<>", ++ "err", ++ "ex_data", ++ "x509", ++ "x509_info", ++ "x509_pkey", ++ "x509_crl", ++ "x509_req", ++ "dsa", ++ "rsa", ++ "evp_pkey", ++ "x509_store", ++ "ssl_ctx", ++ "ssl_cert", ++ "ssl_session", ++ "ssl_sess_cert", ++ "ssl", ++ "ssl_method", ++ "rand", ++ "rand2", ++ "debug_malloc", ++ "BIO", ++ "gethostbyname", ++ "getservbyname", ++ "readdir", ++ "RSA_blinding", ++ "dh", ++ "debug_malloc2", ++ "dso", ++ "dynlock", ++ "engine", ++ "ui", ++ "ecdsa", ++ "ec", ++ "ecdh", ++ "bn", ++ "ec_pre_comp", ++ "store", ++ "comp", ++ "fips", ++ "fips2", ++#if CRYPTO_NUM_LOCKS != 41 ++# error "Inconsistency between crypto.h and cryptlib.c" ++#endif ++}; ++ ++/* ++ * This is for applications to allocate new type names in the non-dynamic ++ * array of lock names. These are numbered with positive numbers. ++ */ ++static STACK_OF(OPENSSL_STRING) *app_locks = NULL; ++ ++/* ++ * For applications that want a more dynamic way of handling threads, the ++ * following stack is used. These are externally numbered with negative ++ * numbers. ++ */ ++static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL; ++ + static void (MS_FAR *locking_callback) (int mode, int type, +- const char *file, int line) = NULL; ++ const char *file, int line) = 0; + static int (MS_FAR *add_lock_callback) (int *pointer, int amount, + int type, const char *file, +- int line) = NULL; +-static unsigned long (MS_FAR *id_callback) (void) = NULL; ++ int line) = 0; ++#ifndef OPENSSL_NO_DEPRECATED ++static unsigned long (MS_FAR *id_callback) (void) = 0; ++#endif ++static void (MS_FAR *threadid_callback) (CRYPTO_THREADID *) = 0; ++static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) ++ (const char *file, int line) = 0; ++static void (MS_FAR *dynlock_lock_callback) (int mode, ++ struct CRYPTO_dynlock_value *l, ++ const char *file, int line) = 0; ++static void (MS_FAR *dynlock_destroy_callback) (struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line) = 0; ++ ++int CRYPTO_get_new_lockid(char *name) ++{ ++ char *str; ++ int i; ++ ++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) ++ /* ++ * A hack to make Visual C++ 5.0 work correctly when linking as a DLL ++ * using /MT. Without this, the application cannot use any floating point ++ * printf's. It also seems to be needed for Visual C 1.5 (win16) ++ */ ++ SSLeay_MSVC5_hack = (double)name[0] * (double)name[1]; ++#endif ++ ++ if ((app_locks == NULL) ++ && ((app_locks = sk_OPENSSL_STRING_new_null()) == NULL)) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ if ((str = BUF_strdup(name)) == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ i = sk_OPENSSL_STRING_push(app_locks, str); ++ if (!i) ++ OPENSSL_free(str); ++ else ++ i += CRYPTO_NUM_LOCKS; /* gap of one :-) */ ++ return (i); ++} + + int CRYPTO_num_locks(void) + { + return CRYPTO_NUM_LOCKS; + } + ++int CRYPTO_get_new_dynlockid(void) ++{ ++ int i = 0; ++ CRYPTO_dynlock *pointer = NULL; ++ ++ if (dynlock_create_callback == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ++ CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); ++ return (0); ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ if ((dyn_locks == NULL) ++ && ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ pointer = (CRYPTO_dynlock *) OPENSSL_malloc(sizeof(CRYPTO_dynlock)); ++ if (pointer == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ pointer->references = 1; ++ pointer->data = dynlock_create_callback(__FILE__, __LINE__); ++ if (pointer->data == NULL) { ++ OPENSSL_free(pointer); ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ /* First, try to find an existing empty slot */ ++ i = sk_CRYPTO_dynlock_find(dyn_locks, NULL); ++ /* If there was none, push, thereby creating a new one */ ++ if (i == -1) ++ /* ++ * Since sk_push() returns the number of items on the stack, not the ++ * location of the pushed item, we need to transform the returned ++ * number into a position, by decreasing it. ++ */ ++ i = sk_CRYPTO_dynlock_push(dyn_locks, pointer) - 1; ++ else ++ /* ++ * If we found a place with a NULL pointer, put our pointer in it. ++ */ ++ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, pointer); ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (i == -1) { ++ dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); ++ OPENSSL_free(pointer); ++ } else ++ i += 1; /* to avoid 0 */ ++ return -i; ++} ++ ++void CRYPTO_destroy_dynlockid(int i) ++{ ++ CRYPTO_dynlock *pointer = NULL; ++ if (i) ++ i = -i - 1; ++ if (dynlock_destroy_callback == NULL) ++ return; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ return; ++ } ++ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); ++ if (pointer != NULL) { ++ --pointer->references; ++#ifdef REF_CHECK ++ if (pointer->references < 0) { ++ fprintf(stderr, ++ "CRYPTO_destroy_dynlockid, bad reference count\n"); ++ abort(); ++ } else ++#endif ++ if (pointer->references <= 0) { ++ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); ++ } else ++ pointer = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (pointer) { ++ dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); ++ OPENSSL_free(pointer); ++ } ++} ++ ++struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) ++{ ++ CRYPTO_dynlock *pointer = NULL; ++ if (i) ++ i = -i - 1; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) ++ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); ++ if (pointer) ++ pointer->references++; ++ ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (pointer) ++ return pointer->data; ++ return NULL; ++} ++ ++struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) ++ (const char *file, int line) { ++ return (dynlock_create_callback); ++} ++ ++void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, ++ struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line) { ++ return (dynlock_lock_callback); ++} ++ ++void (*CRYPTO_get_dynlock_destroy_callback(void)) ++ (struct CRYPTO_dynlock_value *l, const char *file, int line) { ++ return (dynlock_destroy_callback); ++} ++ ++void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) ++ (const char *file, int line)) ++{ ++ dynlock_create_callback = func; ++} ++ ++void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode, ++ struct ++ CRYPTO_dynlock_value *l, ++ const char *file, ++ int line)) ++{ ++ dynlock_lock_callback = func; ++} ++ ++void CRYPTO_set_dynlock_destroy_callback(void (*func) ++ (struct CRYPTO_dynlock_value *l, ++ const char *file, int line)) ++{ ++ dynlock_destroy_callback = func; ++} ++ + void (*CRYPTO_get_locking_callback(void)) (int mode, int type, + const char *file, int line) { + return (locking_callback); +@@ -146,6 +405,11 @@ int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, + void CRYPTO_set_locking_callback(void (*func) (int mode, int type, + const char *file, int line)) + { ++ /* ++ * Calling this here ensures initialisation before any threads are ++ * started. ++ */ ++ OPENSSL_init(); + locking_callback = func; + } + +@@ -155,6 +419,110 @@ void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type, + add_lock_callback = func; + } + ++/* ++ * the memset() here and in set_pointer() seem overkill, but for the sake of ++ * CRYPTO_THREADID_cmp() this avoids any platform silliness that might cause ++ * two "equal" THREADID structs to not be memcmp()-identical. ++ */ ++void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val) ++{ ++ memset(id, 0, sizeof(*id)); ++ id->val = val; ++} ++ ++static const unsigned char hash_coeffs[] = { 3, 5, 7, 11, 13, 17, 19, 23 }; ++ ++void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) ++{ ++ unsigned char *dest = (void *)&id->val; ++ unsigned int accum = 0; ++ unsigned char dnum = sizeof(id->val); ++ ++ memset(id, 0, sizeof(*id)); ++ id->ptr = ptr; ++ if (sizeof(id->val) >= sizeof(id->ptr)) { ++ /* ++ * 'ptr' can be embedded in 'val' without loss of uniqueness ++ */ ++ id->val = (unsigned long)id->ptr; ++ return; ++ } ++ /* ++ * hash ptr ==> val. Each byte of 'val' gets the mod-256 total of a ++ * linear function over the bytes in 'ptr', the co-efficients of which ++ * are a sequence of low-primes (hash_coeffs is an 8-element cycle) - the ++ * starting prime for the sequence varies for each byte of 'val' (unique ++ * polynomials unless pointers are >64-bit). For added spice, the totals ++ * accumulate rather than restarting from zero, and the index of the ++ * 'val' byte is added each time (position dependence). If I was a ++ * black-belt, I'd scan big-endian pointers in reverse to give low-order ++ * bits more play, but this isn't crypto and I'd prefer nobody mistake it ++ * as such. Plus I'm lazy. ++ */ ++ while (dnum--) { ++ const unsigned char *src = (void *)&id->ptr; ++ unsigned char snum = sizeof(id->ptr); ++ while (snum--) ++ accum += *(src++) * hash_coeffs[(snum + dnum) & 7]; ++ accum += dnum; ++ *(dest++) = accum & 255; ++ } ++} ++ ++int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *)) ++{ ++ if (threadid_callback) ++ return 0; ++ threadid_callback = func; ++ return 1; ++} ++ ++void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *) { ++ return threadid_callback; ++} ++ ++void CRYPTO_THREADID_current(CRYPTO_THREADID *id) ++{ ++ if (threadid_callback) { ++ threadid_callback(id); ++ return; ++ } ++#ifndef OPENSSL_NO_DEPRECATED ++ /* If the deprecated callback was set, fall back to that */ ++ if (id_callback) { ++ CRYPTO_THREADID_set_numeric(id, id_callback()); ++ return; ++ } ++#endif ++ /* Else pick a backup */ ++#ifdef OPENSSL_SYS_WIN16 ++ CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask()); ++#elif defined(OPENSSL_SYS_WIN32) ++ CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId()); ++#elif defined(OPENSSL_SYS_BEOS) ++ CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL)); ++#else ++ /* For everything else, default to using the address of 'errno' */ ++ CRYPTO_THREADID_set_pointer(id, (void *)&errno); ++#endif ++} ++ ++int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) ++{ ++ return memcmp(a, b, sizeof(*a)); ++} ++ ++void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) ++{ ++ memcpy(dest, src, sizeof(*src)); ++} ++ ++unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id) ++{ ++ return id->val; ++} ++ ++#ifndef OPENSSL_NO_DEPRECATED + unsigned long (*CRYPTO_get_id_callback(void)) (void) { + return (id_callback); + } +@@ -169,33 +537,28 @@ unsigned long CRYPTO_thread_id(void) + unsigned long ret = 0; + + if (id_callback == NULL) { +-#ifdef OPENSSL_SYS_WIN16 ++# ifdef OPENSSL_SYS_WIN16 + ret = (unsigned long)GetCurrentTask(); +-#elif defined(OPENSSL_SYS_WIN32) ++# elif defined(OPENSSL_SYS_WIN32) + ret = (unsigned long)GetCurrentThreadId(); +-#elif defined(GETPID_IS_MEANINGLESS) ++# elif defined(GETPID_IS_MEANINGLESS) + ret = 1L; +-#else ++# elif defined(OPENSSL_SYS_BEOS) ++ ret = (unsigned long)find_thread(NULL); ++# else + ret = (unsigned long)getpid(); +-#endif ++# endif + } else + ret = id_callback(); + return (ret); + } +- +-static void (*do_dynlock_cb) (int mode, int type, const char *file, int line); +- +-void int_CRYPTO_set_do_dynlock_callback(void (*dyn_cb) +- (int mode, int type, +- const char *file, int line)) +-{ +- do_dynlock_cb = dyn_cb; +-} ++#endif + + void CRYPTO_lock(int mode, int type, const char *file, int line) + { + #ifdef LOCK_DEBUG + { ++ CRYPTO_THREADID id; + char *rw_text, *operation_text; + + if (mode & CRYPTO_LOCK) +@@ -212,14 +575,23 @@ void CRYPTO_lock(int mode, int type, const char *file, int line) + else + rw_text = "ERROR"; + ++ CRYPTO_THREADID_current(&id); + fprintf(stderr, "lock:%08lx:(%s)%s %-18s %s:%d\n", +- CRYPTO_thread_id(), rw_text, operation_text, ++ CRYPTO_THREADID_hash(&id), rw_text, operation_text, + CRYPTO_get_lock_name(type), file, line); + } + #endif + if (type < 0) { +- if (do_dynlock_cb) +- do_dynlock_cb(mode, type, file, line); ++ if (dynlock_lock_callback != NULL) { ++ struct CRYPTO_dynlock_value *pointer ++ = CRYPTO_get_dynlock_value(type); ++ ++ OPENSSL_assert(pointer != NULL); ++ ++ dynlock_lock_callback(mode, pointer, file, line); ++ ++ CRYPTO_destroy_dynlockid(type); ++ } + } else if (locking_callback != NULL) + locking_callback(mode, type, file, line); + } +@@ -236,19 +608,27 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, + + ret = add_lock_callback(pointer, amount, type, file, line); + #ifdef LOCK_DEBUG +- fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", +- CRYPTO_thread_id(), +- before, amount, ret, CRYPTO_get_lock_name(type), file, line); ++ { ++ CRYPTO_THREADID id; ++ CRYPTO_THREADID_current(&id); ++ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", ++ CRYPTO_THREADID_hash(&id), before, amount, ret, ++ CRYPTO_get_lock_name(type), file, line); ++ } + #endif + } else { + CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, type, file, line); + + ret = *pointer + amount; + #ifdef LOCK_DEBUG +- fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", +- CRYPTO_thread_id(), +- *pointer, amount, ret, +- CRYPTO_get_lock_name(type), file, line); ++ { ++ CRYPTO_THREADID id; ++ CRYPTO_THREADID_current(&id); ++ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", ++ CRYPTO_THREADID_hash(&id), ++ *pointer, amount, ret, ++ CRYPTO_get_lock_name(type), file, line); ++ } + #endif + *pointer = ret; + CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, type, file, line); +@@ -256,39 +636,95 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, + return (ret); + } + ++const char *CRYPTO_get_lock_name(int type) ++{ ++ if (type < 0) ++ return ("dynamic"); ++ else if (type < CRYPTO_NUM_LOCKS) ++ return (lock_names[type]); ++ else if (type - CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks)) ++ return ("ERROR"); ++ else ++ return (sk_OPENSSL_STRING_value(app_locks, type - CRYPTO_NUM_LOCKS)); ++} ++ + #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) + +-unsigned long OPENSSL_ia32cap_P = 0; ++extern unsigned int OPENSSL_ia32cap_P[4]; + unsigned long *OPENSSL_ia32cap_loc(void) + { +- return &OPENSSL_ia32cap_P; ++ if (sizeof(long) == 4) ++ /* ++ * If 32-bit application pulls address of OPENSSL_ia32cap_P[0] ++ * clear second element to maintain the illusion that vector ++ * is 32-bit. ++ */ ++ OPENSSL_ia32cap_P[1] = 0; ++ ++ OPENSSL_ia32cap_P[2] = 0; ++ ++ return (unsigned long *)OPENSSL_ia32cap_P; + } + + # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) + # define OPENSSL_CPUID_SETUP ++# if defined(_WIN32) ++typedef unsigned __int64 IA32CAP; ++# else ++typedef unsigned long long IA32CAP; ++# endif + void OPENSSL_cpuid_setup(void) + { + static int trigger = 0; +- unsigned long OPENSSL_ia32_cpuid(void); ++ IA32CAP OPENSSL_ia32_cpuid(unsigned int *); ++ IA32CAP vec; + char *env; + + if (trigger) + return; + + trigger = 1; +- if ((env = getenv("OPENSSL_ia32cap"))) +- OPENSSL_ia32cap_P = strtoul(env, NULL, 0) | (1 << 10); +- else +- OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid() | (1 << 10); ++ if ((env = getenv("OPENSSL_ia32cap"))) { ++ int off = (env[0] == '~') ? 1 : 0; ++# if defined(_WIN32) ++ if (!sscanf(env + off, "%I64i", &vec)) ++ vec = strtoul(env + off, NULL, 0); ++# else ++ if (!sscanf(env + off, "%lli", (long long *)&vec)) ++ vec = strtoul(env + off, NULL, 0); ++# endif ++ if (off) ++ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~vec; ++ else if (env[0] == ':') ++ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); ++ ++ OPENSSL_ia32cap_P[2] = 0; ++ if ((env = strchr(env, ':'))) { ++ unsigned int vecx; ++ env++; ++ off = (env[0] == '~') ? 1 : 0; ++ vecx = strtoul(env + off, NULL, 0); ++ if (off) ++ OPENSSL_ia32cap_P[2] &= ~vecx; ++ else ++ OPENSSL_ia32cap_P[2] = vecx; ++ } ++ } else ++ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); ++ + /* + * |(1<<10) sets a reserved bit to signal that variable + * was initialized already... This is to avoid interference + * with cpuid snippets in ELF .init segment. + */ ++ OPENSSL_ia32cap_P[0] = (unsigned int)vec | (1 << 10); ++ OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32); + } ++# else ++unsigned int OPENSSL_ia32cap_P[4]; + # endif + + #else +@@ -298,77 +734,21 @@ unsigned long *OPENSSL_ia32cap_loc(void) + } + #endif + int OPENSSL_NONPIC_relocated = 0; +-#if !defined(OPENSSL_CPUID_SETUP) ++#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) + void OPENSSL_cpuid_setup(void) + { + } + #endif + + #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) +- +-# ifdef OPENSSL_FIPS +- +-# include +-# if defined(__GNUC__) && __GNUC__>=2 +-static int DllInit(void) __attribute__ ((constructor)); +-# elif defined(_MSC_VER) +-static int DllInit(void); +-# ifdef _WIN64 +-# pragma section(".CRT$XCU",read) +-__declspec(allocate(".CRT$XCU")) +-# else +-# pragma data_seg(".CRT$XCU") +-# endif +-static int (*p) (void) = DllInit; +-# pragma data_seg() +-# endif +- +-static int DllInit(void) +-{ +-# if defined(_WIN32_WINNT) +- union { +- int (*f) (void); +- BYTE *p; +- } t = { +- DllInit +- }; +- HANDLE hModuleSnap = INVALID_HANDLE_VALUE; +- IMAGE_DOS_HEADER *dos_header; +- IMAGE_NT_HEADERS *nt_headers; +- MODULEENTRY32 me32 = { sizeof(me32) }; +- +- hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0); +- if (hModuleSnap != INVALID_HANDLE_VALUE && +- Module32First(hModuleSnap, &me32)) +- do { +- if (t.p >= me32.modBaseAddr && +- t.p < me32.modBaseAddr + me32.modBaseSize) { +- dos_header = (IMAGE_DOS_HEADER *) me32.modBaseAddr; +- if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) { +- nt_headers = (IMAGE_NT_HEADERS *) +- ((BYTE *) dos_header + dos_header->e_lfanew); +- if (nt_headers->Signature == IMAGE_NT_SIGNATURE && +- me32.modBaseAddr != +- (BYTE *) nt_headers->OptionalHeader.ImageBase) +- OPENSSL_NONPIC_relocated = 1; +- } +- break; +- } +- } while (Module32Next(hModuleSnap, &me32)); +- +- if (hModuleSnap != INVALID_HANDLE_VALUE) +- CloseHandle(hModuleSnap); +-# endif +- OPENSSL_cpuid_setup(); +- return 0; +-} +- +-# else +- +-# ifdef __CYGWIN__ ++# ifdef __CYGWIN__ + /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ +-# include +-# endif ++# include ++/* ++ * this has side-effect of _WIN32 getting defined, which otherwise is ++ * mutually exclusive with __CYGWIN__... ++ */ ++# endif + + /* + * All we really need to do is remove the 'error' state when a thread +@@ -380,7 +760,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) + switch (fdwReason) { + case DLL_PROCESS_ATTACH: + OPENSSL_cpuid_setup(); +-# if defined(_WIN32_WINNT) ++# if defined(_WIN32_WINNT) + { + IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL; + IMAGE_NT_HEADERS *nt_headers; +@@ -394,7 +774,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) + OPENSSL_NONPIC_relocated = 1; + } + } +-# endif ++# endif + break; + case DLL_THREAD_ATTACH: + break; +@@ -405,12 +785,21 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) + } + return (TRUE); + } +-# endif +- + #endif + + #if defined(_WIN32) && !defined(__CYGWIN__) + # include ++# include ++# ifdef __WATCOMC__ ++# if defined(_UNICODE) || defined(__UNICODE__) ++# define _vsntprintf _vsnwprintf ++# else ++# define _vsntprintf _vsnprintf ++# endif ++# endif ++# ifdef _MSC_VER ++# define alloca _alloca ++# endif + + # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 + int OPENSSL_isservice(void) +@@ -418,8 +807,23 @@ int OPENSSL_isservice(void) + HWINSTA h; + DWORD len; + WCHAR *name; ++ static union { ++ void *p; ++ int (*f) (void); ++ } _OPENSSL_isservice = { ++ NULL ++ }; ++ ++ if (_OPENSSL_isservice.p == NULL) { ++ HANDLE h = GetModuleHandle(NULL); ++ if (h != NULL) ++ _OPENSSL_isservice.p = GetProcAddress(h, "_OPENSSL_isservice"); ++ if (_OPENSSL_isservice.p == NULL) ++ _OPENSSL_isservice.p = (void *)-1; ++ } + +- (void)GetDesktopWindow(); /* return value is ignored */ ++ if (_OPENSSL_isservice.p != (void *)-1) ++ return (*_OPENSSL_isservice.f) (); + + h = GetProcessWindowStation(); + if (h == NULL) +@@ -432,11 +836,7 @@ int OPENSSL_isservice(void) + if (len > 512) + return -1; /* paranoia */ + len++, len &= ~1; /* paranoia */ +-# ifdef _MSC_VER +- name = (WCHAR *)_alloca(len + sizeof(WCHAR)); +-# else + name = (WCHAR *)alloca(len + sizeof(WCHAR)); +-# endif + if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len)) + return -1; + +@@ -476,8 +876,12 @@ void OPENSSL_showfatal(const char *fmta, ...) + if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL && + GetFileType(h) != FILE_TYPE_UNKNOWN) { + /* must be console application */ ++ int len; ++ DWORD out; ++ + va_start(ap, fmta); +- vfprintf(stderr, fmta, ap); ++ len = _vsnprintf((char *)buf, sizeof(buf), fmta, ap); ++ WriteFile(h, buf, len < 0 ? sizeof(buf) : (DWORD) len, &out, NULL); + va_end(ap); + return; + } +@@ -491,11 +895,7 @@ void OPENSSL_showfatal(const char *fmta, ...) + size_t len_0 = strlen(fmta) + 1, i; + WCHAR *fmtw; + +-# ifdef _MSC_VER +- fmtw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR)); +-# else + fmtw = (WCHAR *)alloca(len_0 * sizeof(WCHAR)); +-# endif + if (fmtw == NULL) { + fmt = (const TCHAR *)L"no stack?"; + break; +@@ -582,7 +982,17 @@ void OpenSSLDie(const char *file, int line, const char *assertion) + OPENSSL_showfatal + ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line, + assertion); ++#if !defined(_WIN32) || defined(__CYGWIN__) + abort(); ++#else ++ /* ++ * Win32 abort() customarily shows a dialog, but we just did that... ++ */ ++# if !defined(_WIN32_WCE) ++ raise(SIGABRT); ++# endif ++ _exit(3); ++#endif + } + + void *OPENSSL_stderr(void) +@@ -590,8 +1000,6 @@ void *OPENSSL_stderr(void) + return stderr; + } + +-#ifndef OPENSSL_FIPS +- + int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) + { + size_t i; +@@ -604,4 +1012,3 @@ int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) + + return x; + } +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.h b/Cryptlib/OpenSSL/crypto/cryptlib.h +index fc249c5..fba180a 100644 +--- a/Cryptlib/OpenSSL/crypto/cryptlib.h ++++ b/Cryptlib/OpenSSL/crypto/cryptlib.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,50 +57,50 @@ + */ + + #ifndef HEADER_CRYPTLIB_H +-#define HEADER_CRYPTLIB_H ++# define HEADER_CRYPTLIB_H + +-#include +-#include ++# include ++# include + +-#include "e_os.h" ++# include "e_os.h" + +-#ifdef OPENSSL_USE_APPLINK +-#define BIO_FLAGS_UPLINK 0x8000 +-#include "ms/uplink.h" +-#endif ++# ifdef OPENSSL_USE_APPLINK ++# define BIO_FLAGS_UPLINK 0x8000 ++# include "ms/uplink.h" ++# endif + +-#include +-#include +-#include +-#include +-#include ++# include ++# include ++# include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifndef OPENSSL_SYS_VMS +-#define X509_CERT_AREA OPENSSLDIR +-#define X509_CERT_DIR OPENSSLDIR "/certs" +-#define X509_CERT_FILE OPENSSLDIR "/cert.pem" +-#define X509_PRIVATE_DIR OPENSSLDIR "/private" +-#else +-#define X509_CERT_AREA "SSLROOT:[000000]" +-#define X509_CERT_DIR "SSLCERTS:" +-#define X509_CERT_FILE "SSLCERTS:cert.pem" +-#define X509_PRIVATE_DIR "SSLPRIVATE:" +-#endif ++# ifndef OPENSSL_SYS_VMS ++# define X509_CERT_AREA OPENSSLDIR ++# define X509_CERT_DIR OPENSSLDIR "/certs" ++# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_PRIVATE_DIR OPENSSLDIR "/private" ++# else ++# define X509_CERT_AREA "SSLROOT:[000000]" ++# define X509_CERT_DIR "SSLCERTS:" ++# define X509_CERT_FILE "SSLCERTS:cert.pem" ++# define X509_PRIVATE_DIR "SSLPRIVATE:" ++# endif + +-#define X509_CERT_DIR_EVP "SSL_CERT_DIR" +-#define X509_CERT_FILE_EVP "SSL_CERT_FILE" ++# define X509_CERT_DIR_EVP "SSL_CERT_DIR" ++# define X509_CERT_FILE_EVP "SSL_CERT_FILE" + + /* size of string representations */ +-#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +-#define HEX_SIZE(type) (sizeof(type)*2) ++# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) ++# define HEX_SIZE(type) (sizeof(type)*2) + + void OPENSSL_cpuid_setup(void); +-extern unsigned long OPENSSL_ia32cap_P; +-void OPENSSL_showfatal(const char *,...); ++extern unsigned int OPENSSL_ia32cap_P[]; ++void OPENSSL_showfatal(const char *fmta, ...); + void *OPENSSL_stderr(void); + extern int OPENSSL_NONPIC_relocated; + +diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c +index 0280225..bfff699 100644 +--- a/Cryptlib/OpenSSL/crypto/cversion.c ++++ b/Cryptlib/OpenSSL/crypto/cversion.c +@@ -68,30 +68,25 @@ const char *SSLeay_version(int t) + return OPENSSL_VERSION_TEXT; + if (t == SSLEAY_BUILT_ON) { + #ifdef DATE +- static char buf[sizeof(DATE) + 11]; +- +- BIO_snprintf(buf, sizeof buf, "built on: %s", DATE); +- return (buf); ++# ifdef OPENSSL_USE_BUILD_DATE ++ return (DATE); ++# else ++ return ("built on: reproducible build, date unspecified"); ++# endif + #else + return ("built on: date not available"); + #endif + } + if (t == SSLEAY_CFLAGS) { + #ifdef CFLAGS +- static char buf[sizeof(CFLAGS) + 11]; +- +- BIO_snprintf(buf, sizeof buf, "compiler: %s", CFLAGS); +- return (buf); ++ return (CFLAGS); + #else + return ("compiler: information not available"); + #endif + } + if (t == SSLEAY_PLATFORM) { + #ifdef PLATFORM +- static char buf[sizeof(PLATFORM) + 11]; +- +- BIO_snprintf(buf, sizeof buf, "platform: %s", PLATFORM); +- return (buf); ++ return (PLATFORM); + #else + return ("platform: information not available"); + #endif +diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c +index 7be2a35..c0b062d 100644 +--- a/Cryptlib/OpenSSL/crypto/des/des_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/des_enc.c +@@ -57,6 +57,7 @@ + */ + + #include "des_locl.h" ++#include "spr.h" + + void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) + { +@@ -109,11 +110,9 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) + D_ENCRYPT(l, r, 28); /* 15 */ + D_ENCRYPT(r, l, 30); /* 16 */ + #else +- for (i = 0; i < 32; i += 8) { ++ for (i = 0; i < 32; i += 4) { + D_ENCRYPT(l, r, i + 0); /* 1 */ + D_ENCRYPT(r, l, i + 2); /* 2 */ +- D_ENCRYPT(l, r, i + 4); /* 3 */ +- D_ENCRYPT(r, l, i + 6); /* 4 */ + } + #endif + } else { +@@ -135,11 +134,9 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) + D_ENCRYPT(l, r, 2); /* 2 */ + D_ENCRYPT(r, l, 0); /* 1 */ + #else +- for (i = 30; i > 0; i -= 8) { ++ for (i = 30; i > 0; i -= 4) { + D_ENCRYPT(l, r, i - 0); /* 16 */ + D_ENCRYPT(r, l, i - 2); /* 15 */ +- D_ENCRYPT(l, r, i - 4); /* 14 */ +- D_ENCRYPT(r, l, i - 6); /* 13 */ + } + #endif + } +@@ -203,11 +200,9 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) + D_ENCRYPT(l, r, 28); /* 15 */ + D_ENCRYPT(r, l, 30); /* 16 */ + #else +- for (i = 0; i < 32; i += 8) { ++ for (i = 0; i < 32; i += 4) { + D_ENCRYPT(l, r, i + 0); /* 1 */ + D_ENCRYPT(r, l, i + 2); /* 2 */ +- D_ENCRYPT(l, r, i + 4); /* 3 */ +- D_ENCRYPT(r, l, i + 6); /* 4 */ + } + #endif + } else { +@@ -229,11 +224,9 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) + D_ENCRYPT(l, r, 2); /* 2 */ + D_ENCRYPT(r, l, 0); /* 1 */ + #else +- for (i = 30; i > 0; i -= 8) { ++ for (i = 30; i > 0; i -= 4) { + D_ENCRYPT(l, r, i - 0); /* 16 */ + D_ENCRYPT(r, l, i - 2); /* 15 */ +- D_ENCRYPT(l, r, i - 4); /* 14 */ +- D_ENCRYPT(r, l, i - 6); /* 13 */ + } + #endif + } +@@ -285,10 +278,8 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + + #ifndef DES_DEFAULT_OPTIONS + +-# if !defined(OPENSSL_FIPS_DES_ASM) +- +-# undef CBC_ENC_C__DONT_UPDATE_IV +-# include "ncbc_enc.c" /* DES_ncbc_encrypt */ ++# undef CBC_ENC_C__DONT_UPDATE_IV ++# include "ncbc_enc.c" /* DES_ncbc_encrypt */ + + void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *ks1, +@@ -395,6 +386,4 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + tin[0] = tin[1] = 0; + } + +-# endif +- + #endif /* DES_DEFAULT_OPTIONS */ +diff --git a/Cryptlib/OpenSSL/crypto/des/des_lib.c b/Cryptlib/OpenSSL/crypto/des/des_lib.c +deleted file mode 100644 +index 391fe4c..0000000 +--- a/Cryptlib/OpenSSL/crypto/des/des_lib.c ++++ /dev/null +@@ -1,104 +0,0 @@ +-/* crypto/des/ecb_enc.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include "des_locl.h" +-#include "des_ver.h" +-#include +-#include +- +-OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT; +-OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT; +- +-const char *DES_options(void) +-{ +- static int init = 1; +- static char buf[32]; +- +- if (init) { +- const char *ptr, *unroll, *risc, *size; +- +-#ifdef DES_PTR +- ptr = "ptr"; +-#else +- ptr = "idx"; +-#endif +-#if defined(DES_RISC1) || defined(DES_RISC2) +-# ifdef DES_RISC1 +- risc = "risc1"; +-# endif +-# ifdef DES_RISC2 +- risc = "risc2"; +-# endif +-#else +- risc = "cisc"; +-#endif +-#ifdef DES_UNROLL +- unroll = "16"; +-#else +- unroll = "4"; +-#endif +- if (sizeof(DES_LONG) != sizeof(long)) +- size = "int"; +- else +- size = "long"; +- BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, +- size); +- init = 0; +- } +- return (buf); +-} +diff --git a/Cryptlib/OpenSSL/crypto/des/des_locl.h b/Cryptlib/OpenSSL/crypto/des/des_locl.h +index 4b9ecff..23ea9d3 100644 +--- a/Cryptlib/OpenSSL/crypto/des/des_locl.h ++++ b/Cryptlib/OpenSSL/crypto/des/des_locl.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,372 +57,387 @@ + */ + + #ifndef HEADER_DES_LOCL_H +-#define HEADER_DES_LOCL_H ++# define HEADER_DES_LOCL_H + +-#include ++# include + +-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +-#ifndef OPENSSL_SYS_MSDOS +-#define OPENSSL_SYS_MSDOS +-#endif +-#endif +- +-#include +-#include ++# if defined(OPENSSL_SYS_WIN32) ++# ifndef OPENSSL_SYS_MSDOS ++# define OPENSSL_SYS_MSDOS ++# endif ++# endif + +-#ifndef OPENSSL_SYS_MSDOS +-#if !defined(OPENSSL_SYS_VMS) || defined(__DECC) +-#ifdef OPENSSL_UNISTD +-# include OPENSSL_UNISTD +-#else +-# include +-#endif +-#include +-#endif +-#endif +-#include ++# include ++# include ++ ++# ifndef OPENSSL_SYS_MSDOS ++# if !defined(OPENSSL_SYS_VMS) || defined(__DECC) ++# ifdef OPENSSL_UNISTD ++# include OPENSSL_UNISTD ++# else ++# include ++# endif ++# include ++# endif ++# endif ++# include + +-#ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */ +-#include +-#include +-#include +-#include +-#endif ++# ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */ ++# include ++# include ++# include ++# include ++# endif + +-#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS) +-#include +-#endif ++# if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS) ++# include ++# endif + +-#ifdef OPENSSL_BUILD_SHLIBCRYPTO +-# undef OPENSSL_EXTERN +-# define OPENSSL_EXTERN OPENSSL_EXPORT +-#endif ++# ifdef OPENSSL_BUILD_SHLIBCRYPTO ++# undef OPENSSL_EXTERN ++# define OPENSSL_EXTERN OPENSSL_EXPORT ++# endif + +-#define ITERATIONS 16 +-#define HALF_ITERATIONS 8 ++# define ITERATIONS 16 ++# define HALF_ITERATIONS 8 + + /* used in des_read and des_write */ +-#define MAXWRITE (1024*16) +-#define BSIZE (MAXWRITE+4) ++# define MAXWRITE (1024*16) ++# define BSIZE (MAXWRITE+4) + +-#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ +- l|=((DES_LONG)(*((c)++)))<< 8L, \ +- l|=((DES_LONG)(*((c)++)))<<16L, \ +- l|=((DES_LONG)(*((c)++)))<<24L) ++# define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ ++ l|=((DES_LONG)(*((c)++)))<< 8L, \ ++ l|=((DES_LONG)(*((c)++)))<<16L, \ ++ l|=((DES_LONG)(*((c)++)))<<24L) + + /* NOTE - c is not incremented as per c2l */ +-#define c2ln(c,l1,l2,n) { \ +- c+=n; \ +- l1=l2=0; \ +- switch (n) { \ +- case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ +- case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ +- case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ +- case 5: l2|=((DES_LONG)(*(--(c)))); \ +- case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ +- case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ +- case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ +- case 1: l1|=((DES_LONG)(*(--(c)))); \ +- } \ +- } +- +-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +- +-/* replacements for htonl and ntohl since I have no idea what to do +- * when faced with machines with 8 byte longs. */ +-#define HDRSIZE 4 +- +-#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ +- l|=((DES_LONG)(*((c)++)))<<16L, \ +- l|=((DES_LONG)(*((c)++)))<< 8L, \ +- l|=((DES_LONG)(*((c)++)))) +- +-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l) )&0xff)) ++# define c2ln(c,l1,l2,n) { \ ++ c+=n; \ ++ l1=l2=0; \ ++ switch (n) { \ ++ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ ++ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ ++ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ ++ case 5: l2|=((DES_LONG)(*(--(c)))); \ ++ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ ++ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ ++ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ ++ case 1: l1|=((DES_LONG)(*(--(c)))); \ ++ } \ ++ } ++ ++# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ ++ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) ++ ++/* ++ * replacements for htonl and ntohl since I have no idea what to do when ++ * faced with machines with 8 byte longs. ++ */ ++# define HDRSIZE 4 + +-/* NOTE - c is not incremented as per l2c */ +-#define l2cn(l1,l2,c,n) { \ +- c+=n; \ +- switch (n) { \ +- case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ +- case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ +- case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ +- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ +- case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ +- case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ +- case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ +- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ +- } \ +- } +- +-#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC) +-#define ROTATE(a,n) (_lrotr(a,n)) +-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) +-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +-# define ROTATE(a,n) ({ register unsigned int ret; \ +- asm ("rorl %1,%0" \ +- : "=r"(ret) \ +- : "I"(n),"0"(a) \ +- : "cc"); \ +- ret; \ +- }) +-# endif +-#endif +-#ifndef ROTATE +-#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) +-#endif ++# define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ ++ l|=((DES_LONG)(*((c)++)))<<16L, \ ++ l|=((DES_LONG)(*((c)++)))<< 8L, \ ++ l|=((DES_LONG)(*((c)++)))) + +-/* Don't worry about the LOAD_DATA() stuff, that is used by +- * fcrypt() to add it's little bit to the front */ ++# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ ++ *((c)++)=(unsigned char)(((l) )&0xff)) + +-#ifdef DES_FCRYPT ++/* NOTE - c is not incremented as per l2c */ ++# define l2cn(l1,l2,c,n) { \ ++ c+=n; \ ++ switch (n) { \ ++ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ ++ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ ++ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ ++ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ ++ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ ++ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ ++ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ ++ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ ++ } \ ++ } ++ ++# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) ++# define ROTATE(a,n) (_lrotr(a,n)) ++# elif defined(__ICC) ++# define ROTATE(a,n) (_rotr(a,n)) ++# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) ++# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) ++# define ROTATE(a,n) ({ register unsigned int ret; \ ++ asm ("rorl %1,%0" \ ++ : "=r"(ret) \ ++ : "I"(n),"0"(a) \ ++ : "cc"); \ ++ ret; \ ++ }) ++# endif ++# endif ++# ifndef ROTATE ++# define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) ++# endif + +-#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ +- { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } ++/* ++ * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add ++ * it's little bit to the front ++ */ + +-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ +- t=R^(R>>16L); \ +- u=t&E0; t&=E1; \ +- tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ +- tmp=(t<<16); t^=R^s[S+1]; t^=tmp +-#else +-#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) +-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ +- u=R^s[S ]; \ +- t=R^s[S+1] +-#endif ++# ifdef DES_FCRYPT ++ ++# define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ ++ { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } ++ ++# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ ++ t=R^(R>>16L); \ ++ u=t&E0; t&=E1; \ ++ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ ++ tmp=(t<<16); t^=R^s[S+1]; t^=tmp ++# else ++# define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) ++# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ ++ u=R^s[S ]; \ ++ t=R^s[S+1] ++# endif + +-/* The changes to this macro may help or hinder, depending on the +- * compiler and the architecture. gcc2 always seems to do well :-). +- * Inspired by Dana How +- * DO NOT use the alternative version on machines with 8 byte longs. +- * It does not seem to work on the Alpha, even when DES_LONG is 4 +- * bytes, probably an issue of accessing non-word aligned objects :-( */ +-#ifdef DES_PTR +- +-/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there +- * is no reason to not xor all the sub items together. This potentially +- * saves a register since things can be xored directly into L */ +- +-#if defined(DES_RISC1) || defined(DES_RISC2) +-#ifdef DES_RISC1 +-#define D_ENCRYPT(LL,R,S) { \ +- unsigned int u1,u2,u3; \ +- LOAD_DATA(R,S,u,t,E0,E1,u1); \ +- u2=(int)u>>8L; \ +- u1=(int)u&0xfc; \ +- u2&=0xfc; \ +- t=ROTATE(t,4); \ +- u>>=16L; \ +- LL^= *(const DES_LONG *)(des_SP +u1); \ +- LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ +- u3=(int)(u>>8L); \ +- u1=(int)u&0xfc; \ +- u3&=0xfc; \ +- LL^= *(const DES_LONG *)(des_SP+0x400+u1); \ +- LL^= *(const DES_LONG *)(des_SP+0x600+u3); \ +- u2=(int)t>>8L; \ +- u1=(int)t&0xfc; \ +- u2&=0xfc; \ +- t>>=16L; \ +- LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ +- LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ +- u3=(int)t>>8L; \ +- u1=(int)t&0xfc; \ +- u3&=0xfc; \ +- LL^= *(const DES_LONG *)(des_SP+0x500+u1); \ +- LL^= *(const DES_LONG *)(des_SP+0x700+u3); } +-#endif +-#ifdef DES_RISC2 +-#define D_ENCRYPT(LL,R,S) { \ +- unsigned int u1,u2,s1,s2; \ +- LOAD_DATA(R,S,u,t,E0,E1,u1); \ +- u2=(int)u>>8L; \ +- u1=(int)u&0xfc; \ +- u2&=0xfc; \ +- t=ROTATE(t,4); \ +- LL^= *(const DES_LONG *)(des_SP +u1); \ +- LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ +- s1=(int)(u>>16L); \ +- s2=(int)(u>>24L); \ +- s1&=0xfc; \ +- s2&=0xfc; \ +- LL^= *(const DES_LONG *)(des_SP+0x400+s1); \ +- LL^= *(const DES_LONG *)(des_SP+0x600+s2); \ +- u2=(int)t>>8L; \ +- u1=(int)t&0xfc; \ +- u2&=0xfc; \ +- LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ +- LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ +- s1=(int)(t>>16L); \ +- s2=(int)(t>>24L); \ +- s1&=0xfc; \ +- s2&=0xfc; \ +- LL^= *(const DES_LONG *)(des_SP+0x500+s1); \ +- LL^= *(const DES_LONG *)(des_SP+0x700+s2); } +-#endif +-#else +-#define D_ENCRYPT(LL,R,S) { \ +- LOAD_DATA_tmp(R,S,u,t,E0,E1); \ +- t=ROTATE(t,4); \ +- LL^= \ +- *(const DES_LONG *)(des_SP +((u )&0xfc))^ \ +- *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \ +- *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \ +- *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \ +- *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \ +- *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \ +- *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \ +- *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); } +-#endif ++/* ++ * The changes to this macro may help or hinder, depending on the compiler ++ * and the architecture. gcc2 always seems to do well :-). Inspired by Dana ++ * How DO NOT use the alternative version on machines ++ * with 8 byte longs. It does not seem to work on the Alpha, even when ++ * DES_LONG is 4 bytes, probably an issue of accessing non-word aligned ++ * objects :-( ++ */ ++# ifdef DES_PTR + +-#else /* original version */ +- +-#if defined(DES_RISC1) || defined(DES_RISC2) +-#ifdef DES_RISC1 +-#define D_ENCRYPT(LL,R,S) {\ +- unsigned int u1,u2,u3; \ +- LOAD_DATA(R,S,u,t,E0,E1,u1); \ +- u>>=2L; \ +- t=ROTATE(t,6); \ +- u2=(int)u>>8L; \ +- u1=(int)u&0x3f; \ +- u2&=0x3f; \ +- u>>=16L; \ +- LL^=DES_SPtrans[0][u1]; \ +- LL^=DES_SPtrans[2][u2]; \ +- u3=(int)u>>8L; \ +- u1=(int)u&0x3f; \ +- u3&=0x3f; \ +- LL^=DES_SPtrans[4][u1]; \ +- LL^=DES_SPtrans[6][u3]; \ +- u2=(int)t>>8L; \ +- u1=(int)t&0x3f; \ +- u2&=0x3f; \ +- t>>=16L; \ +- LL^=DES_SPtrans[1][u1]; \ +- LL^=DES_SPtrans[3][u2]; \ +- u3=(int)t>>8L; \ +- u1=(int)t&0x3f; \ +- u3&=0x3f; \ +- LL^=DES_SPtrans[5][u1]; \ +- LL^=DES_SPtrans[7][u3]; } +-#endif +-#ifdef DES_RISC2 +-#define D_ENCRYPT(LL,R,S) {\ +- unsigned int u1,u2,s1,s2; \ +- LOAD_DATA(R,S,u,t,E0,E1,u1); \ +- u>>=2L; \ +- t=ROTATE(t,6); \ +- u2=(int)u>>8L; \ +- u1=(int)u&0x3f; \ +- u2&=0x3f; \ +- LL^=DES_SPtrans[0][u1]; \ +- LL^=DES_SPtrans[2][u2]; \ +- s1=(int)u>>16L; \ +- s2=(int)u>>24L; \ +- s1&=0x3f; \ +- s2&=0x3f; \ +- LL^=DES_SPtrans[4][s1]; \ +- LL^=DES_SPtrans[6][s2]; \ +- u2=(int)t>>8L; \ +- u1=(int)t&0x3f; \ +- u2&=0x3f; \ +- LL^=DES_SPtrans[1][u1]; \ +- LL^=DES_SPtrans[3][u2]; \ +- s1=(int)t>>16; \ +- s2=(int)t>>24L; \ +- s1&=0x3f; \ +- s2&=0x3f; \ +- LL^=DES_SPtrans[5][s1]; \ +- LL^=DES_SPtrans[7][s2]; } +-#endif ++/* ++ * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason ++ * to not xor all the sub items together. This potentially saves a register ++ * since things can be xored directly into L ++ */ + +-#else +- +-#define D_ENCRYPT(LL,R,S) {\ +- LOAD_DATA_tmp(R,S,u,t,E0,E1); \ +- t=ROTATE(t,4); \ +- LL^=\ +- DES_SPtrans[0][(u>> 2L)&0x3f]^ \ +- DES_SPtrans[2][(u>>10L)&0x3f]^ \ +- DES_SPtrans[4][(u>>18L)&0x3f]^ \ +- DES_SPtrans[6][(u>>26L)&0x3f]^ \ +- DES_SPtrans[1][(t>> 2L)&0x3f]^ \ +- DES_SPtrans[3][(t>>10L)&0x3f]^ \ +- DES_SPtrans[5][(t>>18L)&0x3f]^ \ +- DES_SPtrans[7][(t>>26L)&0x3f]; } +-#endif +-#endif ++# if defined(DES_RISC1) || defined(DES_RISC2) ++# ifdef DES_RISC1 ++# define D_ENCRYPT(LL,R,S) { \ ++ unsigned int u1,u2,u3; \ ++ LOAD_DATA(R,S,u,t,E0,E1,u1); \ ++ u2=(int)u>>8L; \ ++ u1=(int)u&0xfc; \ ++ u2&=0xfc; \ ++ t=ROTATE(t,4); \ ++ u>>=16L; \ ++ LL^= *(const DES_LONG *)(des_SP +u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ ++ u3=(int)(u>>8L); \ ++ u1=(int)u&0xfc; \ ++ u3&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x400+u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x600+u3); \ ++ u2=(int)t>>8L; \ ++ u1=(int)t&0xfc; \ ++ u2&=0xfc; \ ++ t>>=16L; \ ++ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ ++ u3=(int)t>>8L; \ ++ u1=(int)t&0xfc; \ ++ u3&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x500+u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x700+u3); } ++# endif ++# ifdef DES_RISC2 ++# define D_ENCRYPT(LL,R,S) { \ ++ unsigned int u1,u2,s1,s2; \ ++ LOAD_DATA(R,S,u,t,E0,E1,u1); \ ++ u2=(int)u>>8L; \ ++ u1=(int)u&0xfc; \ ++ u2&=0xfc; \ ++ t=ROTATE(t,4); \ ++ LL^= *(const DES_LONG *)(des_SP +u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ ++ s1=(int)(u>>16L); \ ++ s2=(int)(u>>24L); \ ++ s1&=0xfc; \ ++ s2&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x400+s1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x600+s2); \ ++ u2=(int)t>>8L; \ ++ u1=(int)t&0xfc; \ ++ u2&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ ++ s1=(int)(t>>16L); \ ++ s2=(int)(t>>24L); \ ++ s1&=0xfc; \ ++ s2&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x500+s1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x700+s2); } ++# endif ++# else ++# define D_ENCRYPT(LL,R,S) { \ ++ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ ++ t=ROTATE(t,4); \ ++ LL^= \ ++ *(const DES_LONG *)(des_SP +((u )&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); } ++# endif ++ ++# else /* original version */ ++ ++# if defined(DES_RISC1) || defined(DES_RISC2) ++# ifdef DES_RISC1 ++# define D_ENCRYPT(LL,R,S) {\ ++ unsigned int u1,u2,u3; \ ++ LOAD_DATA(R,S,u,t,E0,E1,u1); \ ++ u>>=2L; \ ++ t=ROTATE(t,6); \ ++ u2=(int)u>>8L; \ ++ u1=(int)u&0x3f; \ ++ u2&=0x3f; \ ++ u>>=16L; \ ++ LL^=DES_SPtrans[0][u1]; \ ++ LL^=DES_SPtrans[2][u2]; \ ++ u3=(int)u>>8L; \ ++ u1=(int)u&0x3f; \ ++ u3&=0x3f; \ ++ LL^=DES_SPtrans[4][u1]; \ ++ LL^=DES_SPtrans[6][u3]; \ ++ u2=(int)t>>8L; \ ++ u1=(int)t&0x3f; \ ++ u2&=0x3f; \ ++ t>>=16L; \ ++ LL^=DES_SPtrans[1][u1]; \ ++ LL^=DES_SPtrans[3][u2]; \ ++ u3=(int)t>>8L; \ ++ u1=(int)t&0x3f; \ ++ u3&=0x3f; \ ++ LL^=DES_SPtrans[5][u1]; \ ++ LL^=DES_SPtrans[7][u3]; } ++# endif ++# ifdef DES_RISC2 ++# define D_ENCRYPT(LL,R,S) {\ ++ unsigned int u1,u2,s1,s2; \ ++ LOAD_DATA(R,S,u,t,E0,E1,u1); \ ++ u>>=2L; \ ++ t=ROTATE(t,6); \ ++ u2=(int)u>>8L; \ ++ u1=(int)u&0x3f; \ ++ u2&=0x3f; \ ++ LL^=DES_SPtrans[0][u1]; \ ++ LL^=DES_SPtrans[2][u2]; \ ++ s1=(int)u>>16L; \ ++ s2=(int)u>>24L; \ ++ s1&=0x3f; \ ++ s2&=0x3f; \ ++ LL^=DES_SPtrans[4][s1]; \ ++ LL^=DES_SPtrans[6][s2]; \ ++ u2=(int)t>>8L; \ ++ u1=(int)t&0x3f; \ ++ u2&=0x3f; \ ++ LL^=DES_SPtrans[1][u1]; \ ++ LL^=DES_SPtrans[3][u2]; \ ++ s1=(int)t>>16; \ ++ s2=(int)t>>24L; \ ++ s1&=0x3f; \ ++ s2&=0x3f; \ ++ LL^=DES_SPtrans[5][s1]; \ ++ LL^=DES_SPtrans[7][s2]; } ++# endif ++ ++# else ++ ++# define D_ENCRYPT(LL,R,S) {\ ++ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ ++ t=ROTATE(t,4); \ ++ LL^=\ ++ DES_SPtrans[0][(u>> 2L)&0x3f]^ \ ++ DES_SPtrans[2][(u>>10L)&0x3f]^ \ ++ DES_SPtrans[4][(u>>18L)&0x3f]^ \ ++ DES_SPtrans[6][(u>>26L)&0x3f]^ \ ++ DES_SPtrans[1][(t>> 2L)&0x3f]^ \ ++ DES_SPtrans[3][(t>>10L)&0x3f]^ \ ++ DES_SPtrans[5][(t>>18L)&0x3f]^ \ ++ DES_SPtrans[7][(t>>26L)&0x3f]; } ++# endif ++# endif + +- /* IP and FP +- * The problem is more of a geometric problem that random bit fiddling. +- 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 +- 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 +- 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 +- 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 +- +- 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 +- 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 +- 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 +- 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 +- +- The output has been subject to swaps of the form +- 0 1 -> 3 1 but the odd and even bits have been put into +- 2 3 2 0 +- different words. The main trick is to remember that +- t=((l>>size)^r)&(mask); +- r^=t; +- l^=(t<>(n))^(b))&(m)),\ +- (b)^=(t),\ +- (a)^=((t)<<(n))) +- +-#define IP(l,r) \ +- { \ +- register DES_LONG tt; \ +- PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ +- PERM_OP(l,r,tt,16,0x0000ffffL); \ +- PERM_OP(r,l,tt, 2,0x33333333L); \ +- PERM_OP(l,r,tt, 8,0x00ff00ffL); \ +- PERM_OP(r,l,tt, 1,0x55555555L); \ +- } +- +-#define FP(l,r) \ +- { \ +- register DES_LONG tt; \ +- PERM_OP(l,r,tt, 1,0x55555555L); \ +- PERM_OP(r,l,tt, 8,0x00ff00ffL); \ +- PERM_OP(l,r,tt, 2,0x33333333L); \ +- PERM_OP(r,l,tt,16,0x0000ffffL); \ +- PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ +- } ++ /*- ++ * IP and FP ++ * The problem is more of a geometric problem that random bit fiddling. ++ 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 ++ 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 ++ 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 ++ 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 ++ ++ 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 ++ 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 ++ 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 ++ 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 ++ ++ The output has been subject to swaps of the form ++ 0 1 -> 3 1 but the odd and even bits have been put into ++ 2 3 2 0 ++ different words. The main trick is to remember that ++ t=((l>>size)^r)&(mask); ++ r^=t; ++ l^=(t<>(n))^(b))&(m)),\ ++ (b)^=(t),\ ++ (a)^=((t)<<(n))) ++ ++# define IP(l,r) \ ++ { \ ++ register DES_LONG tt; \ ++ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ ++ PERM_OP(l,r,tt,16,0x0000ffffL); \ ++ PERM_OP(r,l,tt, 2,0x33333333L); \ ++ PERM_OP(l,r,tt, 8,0x00ff00ffL); \ ++ PERM_OP(r,l,tt, 1,0x55555555L); \ ++ } ++ ++# define FP(l,r) \ ++ { \ ++ register DES_LONG tt; \ ++ PERM_OP(l,r,tt, 1,0x55555555L); \ ++ PERM_OP(r,l,tt, 8,0x00ff00ffL); \ ++ PERM_OP(l,r,tt, 2,0x33333333L); \ ++ PERM_OP(r,l,tt,16,0x0000ffffL); \ ++ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ ++ } + + extern const DES_LONG DES_SPtrans[8][64]; + +-void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, +- DES_LONG Eswap0, DES_LONG Eswap1); ++void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, ++ DES_LONG Eswap0, DES_LONG Eswap1); ++ ++# ifdef OPENSSL_SMALL_FOOTPRINT ++# undef DES_UNROLL ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/des/des_ver.h b/Cryptlib/OpenSSL/crypto/des/des_ver.h +index d1ada25..276de2b 100644 +--- a/Cryptlib/OpenSSL/crypto/des/des_ver.h ++++ b/Cryptlib/OpenSSL/crypto/des/des_ver.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -67,5 +67,7 @@ + #define DES_version OSSL_DES_version + #define libdes_version OSSL_libdes_version + +-OPENSSL_EXTERN const char OSSL_DES_version[]; /* SSLeay version string */ +-OPENSSL_EXTERN const char OSSL_libdes_version[]; /* old libdes version string */ ++/* SSLeay version string */ ++OPENSSL_EXTERN const char OSSL_DES_version[]; ++/* old libdes version string */ ++OPENSSL_EXTERN const char OSSL_libdes_version[]; +diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c +index 63f44cf..f97fd97 100644 +--- a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c +@@ -57,7 +57,51 @@ + */ + + #include "des_locl.h" +-#include "spr.h" ++#include "des_ver.h" ++#include ++#include ++ ++OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT; ++OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT; ++ ++const char *DES_options(void) ++{ ++ static int init = 1; ++ static char buf[32]; ++ ++ if (init) { ++ const char *ptr, *unroll, *risc, *size; ++ ++#ifdef DES_PTR ++ ptr = "ptr"; ++#else ++ ptr = "idx"; ++#endif ++#if defined(DES_RISC1) || defined(DES_RISC2) ++# ifdef DES_RISC1 ++ risc = "risc1"; ++# endif ++# ifdef DES_RISC2 ++ risc = "risc2"; ++# endif ++#else ++ risc = "cisc"; ++#endif ++#ifdef DES_UNROLL ++ unroll = "16"; ++#else ++ unroll = "2"; ++#endif ++ if (sizeof(DES_LONG) != sizeof(long)) ++ size = "int"; ++ else ++ size = "long"; ++ BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, ++ size); ++ init = 0; ++ } ++ return (buf); ++} + + void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc) +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c +index 8746e8b..fcb6654 100644 +--- a/Cryptlib/OpenSSL/crypto/des/enc_read.c ++++ b/Cryptlib/OpenSSL/crypto/des/enc_read.c +@@ -65,7 +65,7 @@ + /* + * extern int errno; + */ +-OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode) = DES_PCBC_MODE; ++OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode, DES_PCBC_MODE) + + /*- + * WARNINGS: +@@ -83,10 +83,12 @@ OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode) = DES_PCBC_MODE; + * - This function uses an internal state and thus cannot be + * used on multiple files. + */ +- + int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, + DES_cblock *iv) + { ++#if defined(OPENSSL_NO_POSIX_IO) ++ return (0); ++#else + /* data to be unencrypted */ + int net_num = 0; + static unsigned char *net = NULL; +@@ -145,15 +147,15 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, + + /* first - get the length */ + while (net_num < HDRSIZE) { +-#ifndef _WIN32 ++# ifndef OPENSSL_SYS_WIN32 + i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); +-#else ++# else + i = _read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); +-#endif +-#ifdef EINTR ++# endif ++# ifdef EINTR + if ((i == -1) && (errno == EINTR)) + continue; +-#endif ++# endif + if (i <= 0) + return (0); + net_num += i; +@@ -173,11 +175,15 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, + + net_num = 0; + while (net_num < rnum) { ++# ifndef OPENSSL_SYS_WIN32 + i = read(fd, (void *)&(net[net_num]), rnum - net_num); +-#ifdef EINTR ++# else ++ i = _read(fd, (void *)&(net[net_num]), rnum - net_num); ++# endif ++# ifdef EINTR + if ((i == -1) && (errno == EINTR)) + continue; +-#endif ++# endif + if (i <= 0) + return (0); + net_num += i; +@@ -225,4 +231,5 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, + } + } + return num; ++#endif /* OPENSSL_NO_POSIX_IO */ + } +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c +index f9437eb..bfaabde 100644 +--- a/Cryptlib/OpenSSL/crypto/des/enc_writ.c ++++ b/Cryptlib/OpenSSL/crypto/des/enc_writ.c +@@ -80,10 +80,13 @@ + int DES_enc_write(int fd, const void *_buf, int len, + DES_key_schedule *sched, DES_cblock *iv) + { +-#ifdef _LIBC ++#if defined(OPENSSL_NO_POSIX_IO) ++ return (-1); ++#else ++# ifdef _LIBC + extern unsigned long time(); + extern int write(); +-#endif ++# endif + const unsigned char *buf = _buf; + long rnum; + int i, j, k, outnum; +@@ -93,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len, + const unsigned char *cp; + static int start = 1; + ++ if (len < 0) ++ return -1; ++ + if (outbuf == NULL) { + outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); + if (outbuf == NULL) +@@ -129,7 +135,9 @@ int DES_enc_write(int fd, const void *_buf, int len, + if (len < 8) { + cp = shortbuf; + memcpy(shortbuf, buf, len); +- RAND_pseudo_bytes(shortbuf + len, 8 - len); ++ if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) { ++ return -1; ++ } + rnum = 8; + } else { + cp = buf; +@@ -150,17 +158,17 @@ int DES_enc_write(int fd, const void *_buf, int len, + /* + * eay 26/08/92 I was not doing writing from where we got up to. + */ +-#ifndef _WIN32 ++# ifndef _WIN32 + i = write(fd, (void *)&(outbuf[j]), outnum - j); +-#else ++# else + i = _write(fd, (void *)&(outbuf[j]), outnum - j); +-#endif ++# endif + if (i == -1) { +-#ifdef EINTR ++# ifdef EINTR + if (errno == EINTR) + i = 0; + else +-#endif ++# endif + /* + * This is really a bad error - very bad It will stuff-up + * both ends. +@@ -170,4 +178,5 @@ int DES_enc_write(int fd, const void *_buf, int len, + } + + return (len); ++#endif /* OPENSSL_NO_POSIX_IO */ + } +diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c +index f6c88e1..b9e8738 100644 +--- a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c ++++ b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c +@@ -99,11 +99,9 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, + #ifndef DES_UNROLL + register int i; + +- for (i = 0; i < 32; i += 8) { ++ for (i = 0; i < 32; i += 4) { + D_ENCRYPT(l, r, i + 0); /* 1 */ + D_ENCRYPT(r, l, i + 2); /* 2 */ +- D_ENCRYPT(l, r, i + 4); /* 1 */ +- D_ENCRYPT(r, l, i + 6); /* 2 */ + } + #else + D_ENCRYPT(l, r, 0); /* 1 */ +diff --git a/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c b/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c +index fda23d5..ab267cb 100644 +--- a/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c +@@ -1,5 +1,5 @@ + /* crypto/des/ncbc_enc.c */ +-/* ++/*- + * #included by: + * cbc_enc.c (DES_cbc_encrypt) + * des_enc.c (DES_ncbc_encrypt) +@@ -10,21 +10,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -39,10 +39,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -54,7 +54,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,84 +65,90 @@ + + #ifdef CBC_ENC_C__DONT_UPDATE_IV + void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- DES_key_schedule *_schedule, DES_cblock *ivec, int enc) ++ DES_key_schedule *_schedule, DES_cblock *ivec, int enc) + #else +-void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- DES_key_schedule *_schedule, DES_cblock *ivec, int enc) ++void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *_schedule, ++ DES_cblock *ivec, int enc) + #endif +- { +- register DES_LONG tin0,tin1; +- register DES_LONG tout0,tout1,xor0,xor1; +- register long l=length; +- DES_LONG tin[2]; +- unsigned char *iv; ++{ ++ register DES_LONG tin0, tin1; ++ register DES_LONG tout0, tout1, xor0, xor1; ++ register long l = length; ++ DES_LONG tin[2]; ++ unsigned char *iv; + +- iv = &(*ivec)[0]; ++ iv = &(*ivec)[0]; + +- if (enc) +- { +- c2l(iv,tout0); +- c2l(iv,tout1); +- for (l-=8; l>=0; l-=8) +- { +- c2l(in,tin0); +- c2l(in,tin1); +- tin0^=tout0; tin[0]=tin0; +- tin1^=tout1; tin[1]=tin1; +- DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT); +- tout0=tin[0]; l2c(tout0,out); +- tout1=tin[1]; l2c(tout1,out); +- } +- if (l != -8) +- { +- c2ln(in,tin0,tin1,l+8); +- tin0^=tout0; tin[0]=tin0; +- tin1^=tout1; tin[1]=tin1; +- DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT); +- tout0=tin[0]; l2c(tout0,out); +- tout1=tin[1]; l2c(tout1,out); +- } ++ if (enc) { ++ c2l(iv, tout0); ++ c2l(iv, tout1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ tin0 ^= tout0; ++ tin[0] = tin0; ++ tin1 ^= tout1; ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); ++ tout0 = tin[0]; ++ l2c(tout0, out); ++ tout1 = tin[1]; ++ l2c(tout1, out); ++ } ++ if (l != -8) { ++ c2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0; ++ tin[0] = tin0; ++ tin1 ^= tout1; ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); ++ tout0 = tin[0]; ++ l2c(tout0, out); ++ tout1 = tin[1]; ++ l2c(tout1, out); ++ } + #ifndef CBC_ENC_C__DONT_UPDATE_IV +- iv = &(*ivec)[0]; +- l2c(tout0,iv); +- l2c(tout1,iv); ++ iv = &(*ivec)[0]; ++ l2c(tout0, iv); ++ l2c(tout1, iv); + #endif +- } +- else +- { +- c2l(iv,xor0); +- c2l(iv,xor1); +- for (l-=8; l>=0; l-=8) +- { +- c2l(in,tin0); tin[0]=tin0; +- c2l(in,tin1); tin[1]=tin1; +- DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2c(tout0,out); +- l2c(tout1,out); +- xor0=tin0; +- xor1=tin1; +- } +- if (l != -8) +- { +- c2l(in,tin0); tin[0]=tin0; +- c2l(in,tin1); tin[1]=tin1; +- DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2cn(tout0,tout1,out,l+8); ++ } else { ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ tin[0] = tin0; ++ c2l(in, tin1); ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2c(tout0, out); ++ l2c(tout1, out); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ if (l != -8) { ++ c2l(in, tin0); ++ tin[0] = tin0; ++ c2l(in, tin1); ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2cn(tout0, tout1, out, l + 8); + #ifndef CBC_ENC_C__DONT_UPDATE_IV +- xor0=tin0; +- xor1=tin1; ++ xor0 = tin0; ++ xor1 = tin1; + #endif +- } +-#ifndef CBC_ENC_C__DONT_UPDATE_IV +- iv = &(*ivec)[0]; +- l2c(xor0,iv); +- l2c(xor1,iv); ++ } ++#ifndef CBC_ENC_C__DONT_UPDATE_IV ++ iv = &(*ivec)[0]; ++ l2c(xor0, iv); ++ l2c(xor1, iv); + #endif +- } +- tin0=tin1=tout0=tout1=xor0=xor1=0; +- tin[0]=tin[1]=0; +- } ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_des.h b/Cryptlib/OpenSSL/crypto/des/rpc_des.h +index 4cbb4d2..4db9062 100644 +--- a/Cryptlib/OpenSSL/crypto/des/rpc_des.h ++++ b/Cryptlib/OpenSSL/crypto/des/rpc_des.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,38 +49,38 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */ +-/* ++/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */ ++/*- + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user. +- * ++ * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. +- * ++ * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. +- * ++ * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. +- * ++ * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. +- * ++ * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 +@@ -91,12 +91,12 @@ + * Copyright (c) 1986 by Sun Microsystems, Inc. + */ + +-#define DES_MAXLEN 65536 /* maximum # of bytes to encrypt */ +-#define DES_QUICKLEN 16 /* maximum # of bytes to encrypt quickly */ ++#define DES_MAXLEN 65536 /* maximum # of bytes to encrypt */ ++#define DES_QUICKLEN 16 /* maximum # of bytes to encrypt quickly */ + + #ifdef HEADER_DES_H +-#undef ENCRYPT +-#undef DECRYPT ++# undef ENCRYPT ++# undef DECRYPT + #endif + + enum desdir { ENCRYPT, DECRYPT }; +@@ -106,26 +106,25 @@ enum desmode { CBC, ECB }; + * parameters to ioctl call + */ + struct desparams { +- unsigned char des_key[8]; /* key (with low bit parity) */ +- enum desdir des_dir; /* direction */ +- enum desmode des_mode; /* mode */ +- unsigned char des_ivec[8]; /* input vector */ +- unsigned des_len; /* number of bytes to crypt */ +- union { +- unsigned char UDES_data[DES_QUICKLEN]; +- unsigned char *UDES_buf; +- } UDES; +-# define des_data UDES.UDES_data /* direct data here if quick */ +-# define des_buf UDES.UDES_buf /* otherwise, pointer to data */ ++ unsigned char des_key[8]; /* key (with low bit parity) */ ++ enum desdir des_dir; /* direction */ ++ enum desmode des_mode; /* mode */ ++ unsigned char des_ivec[8]; /* input vector */ ++ unsigned des_len; /* number of bytes to crypt */ ++ union { ++ unsigned char UDES_data[DES_QUICKLEN]; ++ unsigned char *UDES_buf; ++ } UDES; ++#define des_data UDES.UDES_data /* direct data here if quick */ ++#define des_buf UDES.UDES_buf /* otherwise, pointer to data */ + }; + + /* + * Encrypt an arbitrary sized buffer + */ +-#define DESIOCBLOCK _IOWR(d, 6, struct desparams) ++#define DESIOCBLOCK _IOWR('d', 6, struct desparams) + +-/* ++/* + * Encrypt of small amount of data, quickly + */ +-#define DESIOCQUICK _IOWR(d, 7, struct desparams) +- ++#define DESIOCQUICK _IOWR('d', 7, struct desparams) +diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c +index fdc8d50..8fd8fe1 100644 +--- a/Cryptlib/OpenSSL/crypto/des/set_key.c ++++ b/Cryptlib/OpenSSL/crypto/des/set_key.c +@@ -64,13 +64,13 @@ + * 1.1 added norm_expand_bits + * 1.0 First working version + */ ++#include + #include "des_locl.h" +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key); /* defaults to false */ + ++OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0) ++ /* ++ * defaults to false ++ */ + static const unsigned char odd_parity[256] = { + 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, + 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, +@@ -359,8 +359,17 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) + } + + void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) ++#ifdef OPENSSL_FIPS + { +- static int shifts2[16] = ++ fips_cipher_abort(DES); ++ private_DES_set_key_unchecked(key, schedule); ++} ++ ++void private_DES_set_key_unchecked(const_DES_cblock *key, ++ DES_key_schedule *schedule) ++#endif ++{ ++ static const int shifts2[16] = + { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; + register DES_LONG c, d, t, s, t2; + register const unsigned char *in; +@@ -374,10 +383,6 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) + k = &schedule->ks->deslong[0]; + in = &(*key)[0]; + +-#ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-#endif +- + c2l(in, c); + c2l(in, d); + +diff --git a/Cryptlib/OpenSSL/crypto/des/spr.h b/Cryptlib/OpenSSL/crypto/des/spr.h +index b91936a..e85d310 100644 +--- a/Cryptlib/OpenSSL/crypto/des/spr.h ++++ b/Cryptlib/OpenSSL/crypto/des/spr.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,156 +49,164 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={ +-{ +-/* nibble 0 */ +-0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, +-0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, +-0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, +-0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, +-0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, +-0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, +-0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, +-0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, +-0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, +-0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, +-0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, +-0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, +-0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, +-0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, +-0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, +-0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, +-},{ +-/* nibble 1 */ +-0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, +-0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, +-0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, +-0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, +-0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, +-0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, +-0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, +-0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, +-0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, +-0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, +-0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, +-0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, +-0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, +-0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, +-0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, +-0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, +-},{ +-/* nibble 2 */ +-0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, +-0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, +-0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, +-0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, +-0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, +-0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, +-0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, +-0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, +-0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, +-0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, +-0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, +-0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, +-0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, +-0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, +-0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, +-0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, +-},{ +-/* nibble 3 */ +-0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, +-0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, +-0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, +-0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, +-0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, +-0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, +-0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, +-0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, +-0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, +-0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, +-0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, +-0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, +-0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, +-0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, +-0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, +-0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, +-},{ +-/* nibble 4 */ +-0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, +-0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, +-0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, +-0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, +-0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, +-0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, +-0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, +-0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, +-0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, +-0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, +-0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, +-0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, +-0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, +-0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, +-0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, +-0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, +-},{ +-/* nibble 5 */ +-0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, +-0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, +-0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, +-0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, +-0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, +-0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, +-0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, +-0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, +-0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, +-0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, +-0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, +-0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, +-0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, +-0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, +-0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, +-0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, +-},{ +-/* nibble 6 */ +-0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, +-0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, +-0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, +-0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, +-0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, +-0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, +-0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, +-0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, +-0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, +-0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, +-0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, +-0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, +-0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, +-0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, +-0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, +-0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, +-},{ +-/* nibble 7 */ +-0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, +-0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, +-0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, +-0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, +-0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, +-0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, +-0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, +-0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, +-0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, +-0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, +-0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, +-0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, +-0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, +-0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, +-0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, +-0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, +-}}; ++OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = { ++ { ++ /* nibble 0 */ ++ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, ++ 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, ++ 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, ++ 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, ++ 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, ++ 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, ++ 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, ++ 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, ++ 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, ++ 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, ++ 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, ++ 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, ++ 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, ++ 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, ++ 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, ++ 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, ++ }, ++ { ++ /* nibble 1 */ ++ 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, ++ 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, ++ 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, ++ 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, ++ 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, ++ 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, ++ 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, ++ 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, ++ 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, ++ 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, ++ 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, ++ 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, ++ 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, ++ 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, ++ 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, ++ 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, ++ }, ++ { ++ /* nibble 2 */ ++ 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, ++ 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, ++ 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, ++ 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, ++ 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, ++ 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, ++ 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, ++ 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, ++ 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, ++ 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, ++ 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, ++ 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, ++ 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, ++ 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, ++ 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, ++ 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, ++ }, ++ { ++ /* nibble 3 */ ++ 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, ++ 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, ++ 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, ++ 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, ++ 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, ++ 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, ++ 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, ++ 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, ++ 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, ++ 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, ++ 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, ++ 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, ++ 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, ++ 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, ++ 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, ++ 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, ++ }, ++ { ++ /* nibble 4 */ ++ 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, ++ 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, ++ 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, ++ 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, ++ 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, ++ 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, ++ 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, ++ 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, ++ 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, ++ 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, ++ 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, ++ 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, ++ 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, ++ 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, ++ 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, ++ 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, ++ }, ++ { ++ /* nibble 5 */ ++ 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, ++ 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, ++ 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, ++ 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, ++ 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, ++ 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, ++ 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, ++ 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, ++ 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, ++ 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, ++ 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, ++ 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, ++ 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, ++ 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, ++ 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, ++ 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, ++ }, ++ { ++ /* nibble 6 */ ++ 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, ++ 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, ++ 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, ++ 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, ++ 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, ++ 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, ++ 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, ++ 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, ++ 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, ++ 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, ++ 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, ++ 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, ++ 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, ++ 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, ++ 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, ++ 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, ++ }, ++ { ++ /* nibble 7 */ ++ 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, ++ 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, ++ 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, ++ 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, ++ 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, ++ 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, ++ 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, ++ 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, ++ 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, ++ 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, ++ 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, ++ 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, ++ 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, ++ 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, ++ 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, ++ 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, ++ } ++}; +diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c +index d6468b3..38a478c 100644 +--- a/Cryptlib/OpenSSL/crypto/des/str2key.c ++++ b/Cryptlib/OpenSSL/crypto/des/str2key.c +@@ -56,8 +56,8 @@ + * [including the GNU Public Licence.] + */ + +-#include "des_locl.h" + #include ++#include "des_locl.h" + + void DES_string_to_key(const char *str, DES_cblock *key) + { +diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c +index 3b614f4..6fe021b 100644 +--- a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c +@@ -62,7 +62,7 @@ + + #if 0 /* broken code, preserved just in case anyone + * specifically looks for this */ +-static unsigned char desx_white_in2out[256] = { ++static const unsigned char desx_white_in2out[256] = { + 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C, + 0x1B, 0x33, 0xFD, 0xD0, + 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B, +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c b/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c +new file mode 100644 +index 0000000..ac72468 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c +@@ -0,0 +1,957 @@ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include "asn1_locl.h" ++#ifndef OPENSSL_NO_CMS ++# include ++#endif ++ ++extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; ++ ++/* ++ * i2d/d2i like DH parameter functions which use the appropriate routine for ++ * PKCS#3 DH or X9.42 DH. ++ */ ++ ++static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, ++ long length) ++{ ++ if (pkey->ameth == &dhx_asn1_meth) ++ return d2i_DHxparams(NULL, pp, length); ++ return d2i_DHparams(NULL, pp, length); ++} ++ ++static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp) ++{ ++ if (pkey->ameth == &dhx_asn1_meth) ++ return i2d_DHxparams(a, pp); ++ return i2d_DHparams(a, pp); ++} ++ ++static void int_dh_free(EVP_PKEY *pkey) ++{ ++ DH_free(pkey->pkey.dh); ++} ++ ++static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) ++{ ++ const unsigned char *p, *pm; ++ int pklen, pmlen; ++ int ptype; ++ void *pval; ++ ASN1_STRING *pstr; ++ X509_ALGOR *palg; ++ ASN1_INTEGER *public_key = NULL; ++ ++ DH *dh = NULL; ++ ++ if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) ++ return 0; ++ X509_ALGOR_get0(NULL, &ptype, &pval, palg); ++ ++ if (ptype != V_ASN1_SEQUENCE) { ++ DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); ++ goto err; ++ } ++ ++ pstr = pval; ++ pm = pstr->data; ++ pmlen = pstr->length; ++ ++ if (!(dh = d2i_dhp(pkey, &pm, pmlen))) { ++ DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); ++ goto err; ++ } ++ ++ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) { ++ DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); ++ goto err; ++ } ++ ++ /* We have parameters now set public key */ ++ if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { ++ DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); ++ goto err; ++ } ++ ++ ASN1_INTEGER_free(public_key); ++ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); ++ return 1; ++ ++ err: ++ if (public_key) ++ ASN1_INTEGER_free(public_key); ++ if (dh) ++ DH_free(dh); ++ return 0; ++ ++} ++ ++static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) ++{ ++ DH *dh; ++ int ptype; ++ unsigned char *penc = NULL; ++ int penclen; ++ ASN1_STRING *str; ++ ASN1_INTEGER *pub_key = NULL; ++ ++ dh = pkey->pkey.dh; ++ ++ str = ASN1_STRING_new(); ++ if (!str) { ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ str->length = i2d_dhp(pkey, dh, &str->data); ++ if (str->length <= 0) { ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ptype = V_ASN1_SEQUENCE; ++ ++ pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); ++ if (!pub_key) ++ goto err; ++ ++ penclen = i2d_ASN1_INTEGER(pub_key, &penc); ++ ++ ASN1_INTEGER_free(pub_key); ++ ++ if (penclen <= 0) { ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), ++ ptype, str, penc, penclen)) ++ return 1; ++ ++ err: ++ if (penc) ++ OPENSSL_free(penc); ++ if (str) ++ ASN1_STRING_free(str); ++ ++ return 0; ++} ++ ++/* ++ * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that ++ * the AlgorithmIdentifier contains the paramaters, the private key is ++ * explcitly included and the pubkey must be recalculated. ++ */ ++ ++static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) ++{ ++ const unsigned char *p, *pm; ++ int pklen, pmlen; ++ int ptype; ++ void *pval; ++ ASN1_STRING *pstr; ++ X509_ALGOR *palg; ++ ASN1_INTEGER *privkey = NULL; ++ ++ DH *dh = NULL; ++ ++ if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) ++ return 0; ++ ++ X509_ALGOR_get0(NULL, &ptype, &pval, palg); ++ ++ if (ptype != V_ASN1_SEQUENCE) ++ goto decerr; ++ ++ if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen))) ++ goto decerr; ++ ++ pstr = pval; ++ pm = pstr->data; ++ pmlen = pstr->length; ++ if (!(dh = d2i_dhp(pkey, &pm, pmlen))) ++ goto decerr; ++ /* We have parameters now set private key */ ++ if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { ++ DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR); ++ goto dherr; ++ } ++ /* Calculate public key */ ++ if (!DH_generate_key(dh)) ++ goto dherr; ++ ++ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); ++ ++ ASN1_STRING_clear_free(privkey); ++ ++ return 1; ++ ++ decerr: ++ DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); ++ dherr: ++ DH_free(dh); ++ ASN1_STRING_clear_free(privkey); ++ return 0; ++} ++ ++static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) ++{ ++ ASN1_STRING *params = NULL; ++ ASN1_INTEGER *prkey = NULL; ++ unsigned char *dp = NULL; ++ int dplen; ++ ++ params = ASN1_STRING_new(); ++ ++ if (!params) { ++ DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ params->length = i2d_dhp(pkey, pkey->pkey.dh, ¶ms->data); ++ if (params->length <= 0) { ++ DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ params->type = V_ASN1_SEQUENCE; ++ ++ /* Get private key into integer */ ++ prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); ++ ++ if (!prkey) { ++ DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR); ++ goto err; ++ } ++ ++ dplen = i2d_ASN1_INTEGER(prkey, &dp); ++ ++ ASN1_STRING_clear_free(prkey); ++ prkey = NULL; ++ ++ if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, ++ V_ASN1_SEQUENCE, params, dp, dplen)) ++ goto err; ++ ++ return 1; ++ ++ err: ++ if (dp != NULL) ++ OPENSSL_free(dp); ++ if (params != NULL) ++ ASN1_STRING_free(params); ++ if (prkey != NULL) ++ ASN1_STRING_clear_free(prkey); ++ return 0; ++} ++ ++static void update_buflen(const BIGNUM *b, size_t *pbuflen) ++{ ++ size_t i; ++ if (!b) ++ return; ++ if (*pbuflen < (i = (size_t)BN_num_bytes(b))) ++ *pbuflen = i; ++} ++ ++static int dh_param_decode(EVP_PKEY *pkey, ++ const unsigned char **pder, int derlen) ++{ ++ DH *dh; ++ if (!(dh = d2i_dhp(pkey, pder, derlen))) { ++ DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); ++ return 0; ++ } ++ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); ++ return 1; ++} ++ ++static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) ++{ ++ return i2d_dhp(pkey, pkey->pkey.dh, pder); ++} ++ ++static int do_dh_print(BIO *bp, const DH *x, int indent, ++ ASN1_PCTX *ctx, int ptype) ++{ ++ unsigned char *m = NULL; ++ int reason = ERR_R_BUF_LIB, ret = 0; ++ size_t buf_len = 0; ++ ++ const char *ktype = NULL; ++ ++ BIGNUM *priv_key, *pub_key; ++ ++ if (ptype == 2) ++ priv_key = x->priv_key; ++ else ++ priv_key = NULL; ++ ++ if (ptype > 0) ++ pub_key = x->pub_key; ++ else ++ pub_key = NULL; ++ ++ update_buflen(x->p, &buf_len); ++ ++ if (buf_len == 0) { ++ reason = ERR_R_PASSED_NULL_PARAMETER; ++ goto err; ++ } ++ ++ update_buflen(x->g, &buf_len); ++ update_buflen(x->q, &buf_len); ++ update_buflen(x->j, &buf_len); ++ update_buflen(x->counter, &buf_len); ++ update_buflen(pub_key, &buf_len); ++ update_buflen(priv_key, &buf_len); ++ ++ if (ptype == 2) ++ ktype = "DH Private-Key"; ++ else if (ptype == 1) ++ ktype = "DH Public-Key"; ++ else ++ ktype = "DH Parameters"; ++ ++ m = OPENSSL_malloc(buf_len + 10); ++ if (m == NULL) { ++ reason = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ ++ BIO_indent(bp, indent, 128); ++ if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) ++ goto err; ++ indent += 4; ++ ++ if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent)) ++ goto err; ++ if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent)) ++ goto err; ++ ++ if (!ASN1_bn_print(bp, "prime:", x->p, m, indent)) ++ goto err; ++ if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) ++ goto err; ++ if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent)) ++ goto err; ++ if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent)) ++ goto err; ++ if (x->seed) { ++ int i; ++ BIO_indent(bp, indent, 128); ++ BIO_puts(bp, "seed:"); ++ for (i = 0; i < x->seedlen; i++) { ++ if ((i % 15) == 0) { ++ if (BIO_puts(bp, "\n") <= 0 ++ || !BIO_indent(bp, indent + 4, 128)) ++ goto err; ++ } ++ if (BIO_printf(bp, "%02x%s", x->seed[i], ++ ((i + 1) == x->seedlen) ? "" : ":") <= 0) ++ goto err; ++ } ++ if (BIO_write(bp, "\n", 1) <= 0) ++ return (0); ++ } ++ if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent)) ++ goto err; ++ if (x->length != 0) { ++ BIO_indent(bp, indent, 128); ++ if (BIO_printf(bp, "recommended-private-length: %d bits\n", ++ (int)x->length) <= 0) ++ goto err; ++ } ++ ++ ret = 1; ++ if (0) { ++ err: ++ DHerr(DH_F_DO_DH_PRINT, reason); ++ } ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); ++} ++ ++static int int_dh_size(const EVP_PKEY *pkey) ++{ ++ return (DH_size(pkey->pkey.dh)); ++} ++ ++static int dh_bits(const EVP_PKEY *pkey) ++{ ++ return BN_num_bits(pkey->pkey.dh->p); ++} ++ ++static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) ++{ ++ if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) || ++ BN_cmp(a->pkey.dh->g, b->pkey.dh->g)) ++ return 0; ++ else if (a->ameth == &dhx_asn1_meth) { ++ if (BN_cmp(a->pkey.dh->q, b->pkey.dh->q)) ++ return 0; ++ } ++ return 1; ++} ++ ++static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) ++{ ++ BIGNUM *a; ++ if (src) { ++ a = BN_dup(src); ++ if (!a) ++ return 0; ++ } else ++ a = NULL; ++ if (*dst) ++ BN_free(*dst); ++ *dst = a; ++ return 1; ++} ++ ++static int int_dh_param_copy(DH *to, const DH *from, int is_x942) ++{ ++ if (is_x942 == -1) ++ is_x942 = ! !from->q; ++ if (!int_dh_bn_cpy(&to->p, from->p)) ++ return 0; ++ if (!int_dh_bn_cpy(&to->g, from->g)) ++ return 0; ++ if (is_x942) { ++ if (!int_dh_bn_cpy(&to->q, from->q)) ++ return 0; ++ if (!int_dh_bn_cpy(&to->j, from->j)) ++ return 0; ++ if (to->seed) { ++ OPENSSL_free(to->seed); ++ to->seed = NULL; ++ to->seedlen = 0; ++ } ++ if (from->seed) { ++ to->seed = BUF_memdup(from->seed, from->seedlen); ++ if (!to->seed) ++ return 0; ++ to->seedlen = from->seedlen; ++ } ++ } else ++ to->length = from->length; ++ return 1; ++} ++ ++DH *DHparams_dup(DH *dh) ++{ ++ DH *ret; ++ ret = DH_new(); ++ if (!ret) ++ return NULL; ++ if (!int_dh_param_copy(ret, dh, -1)) { ++ DH_free(ret); ++ return NULL; ++ } ++ return ret; ++} ++ ++static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) ++{ ++ return int_dh_param_copy(to->pkey.dh, from->pkey.dh, ++ from->ameth == &dhx_asn1_meth); ++} ++ ++static int dh_missing_parameters(const EVP_PKEY *a) ++{ ++ if (!a->pkey.dh->p || !a->pkey.dh->g) ++ return 1; ++ return 0; ++} ++ ++static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) ++{ ++ if (dh_cmp_parameters(a, b) == 0) ++ return 0; ++ if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0) ++ return 0; ++ else ++ return 1; ++} ++ ++static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *ctx) ++{ ++ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); ++} ++ ++static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *ctx) ++{ ++ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); ++} ++ ++static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *ctx) ++{ ++ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); ++} ++ ++int DHparams_print(BIO *bp, const DH *x) ++{ ++ return do_dh_print(bp, x, 4, NULL, 0); ++} ++ ++#ifndef OPENSSL_NO_CMS ++static int dh_cms_decrypt(CMS_RecipientInfo *ri); ++static int dh_cms_encrypt(CMS_RecipientInfo *ri); ++#endif ++ ++static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) ++{ ++ switch (op) { ++#ifndef OPENSSL_NO_CMS ++ ++ case ASN1_PKEY_CTRL_CMS_ENVELOPE: ++ if (arg1 == 1) ++ return dh_cms_decrypt(arg2); ++ else if (arg1 == 0) ++ return dh_cms_encrypt(arg2); ++ return -2; ++ ++ case ASN1_PKEY_CTRL_CMS_RI_TYPE: ++ *(int *)arg2 = CMS_RECIPINFO_AGREE; ++ return 1; ++#endif ++ default: ++ return -2; ++ } ++ ++} ++ ++const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { ++ EVP_PKEY_DH, ++ EVP_PKEY_DH, ++ 0, ++ ++ "DH", ++ "OpenSSL PKCS#3 DH method", ++ ++ dh_pub_decode, ++ dh_pub_encode, ++ dh_pub_cmp, ++ dh_public_print, ++ ++ dh_priv_decode, ++ dh_priv_encode, ++ dh_private_print, ++ ++ int_dh_size, ++ dh_bits, ++ ++ dh_param_decode, ++ dh_param_encode, ++ dh_missing_parameters, ++ dh_copy_parameters, ++ dh_cmp_parameters, ++ dh_param_print, ++ 0, ++ ++ int_dh_free, ++ 0 ++}; ++ ++const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { ++ EVP_PKEY_DHX, ++ EVP_PKEY_DHX, ++ 0, ++ ++ "X9.42 DH", ++ "OpenSSL X9.42 DH method", ++ ++ dh_pub_decode, ++ dh_pub_encode, ++ dh_pub_cmp, ++ dh_public_print, ++ ++ dh_priv_decode, ++ dh_priv_encode, ++ dh_private_print, ++ ++ int_dh_size, ++ dh_bits, ++ ++ dh_param_decode, ++ dh_param_encode, ++ dh_missing_parameters, ++ dh_copy_parameters, ++ dh_cmp_parameters, ++ dh_param_print, ++ 0, ++ ++ int_dh_free, ++ dh_pkey_ctrl ++}; ++ ++#ifndef OPENSSL_NO_CMS ++ ++static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, ++ X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) ++{ ++ ASN1_OBJECT *aoid; ++ int atype; ++ void *aval; ++ ASN1_INTEGER *public_key = NULL; ++ int rv = 0; ++ EVP_PKEY *pkpeer = NULL, *pk = NULL; ++ DH *dhpeer = NULL; ++ const unsigned char *p; ++ int plen; ++ ++ X509_ALGOR_get0(&aoid, &atype, &aval, alg); ++ if (OBJ_obj2nid(aoid) != NID_dhpublicnumber) ++ goto err; ++ /* Only absent parameters allowed in RFC XXXX */ ++ if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL) ++ goto err; ++ ++ pk = EVP_PKEY_CTX_get0_pkey(pctx); ++ if (!pk) ++ goto err; ++ if (pk->type != EVP_PKEY_DHX) ++ goto err; ++ /* Get parameters from parent key */ ++ dhpeer = DHparams_dup(pk->pkey.dh); ++ /* We have parameters now set public key */ ++ plen = ASN1_STRING_length(pubkey); ++ p = ASN1_STRING_data(pubkey); ++ if (!p || !plen) ++ goto err; ++ ++ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) { ++ DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR); ++ goto err; ++ } ++ ++ /* We have parameters now set public key */ ++ if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { ++ DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR); ++ goto err; ++ } ++ ++ pkpeer = EVP_PKEY_new(); ++ if (!pkpeer) ++ goto err; ++ EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer); ++ dhpeer = NULL; ++ if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) ++ rv = 1; ++ err: ++ if (public_key) ++ ASN1_INTEGER_free(public_key); ++ if (pkpeer) ++ EVP_PKEY_free(pkpeer); ++ if (dhpeer) ++ DH_free(dhpeer); ++ return rv; ++} ++ ++static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) ++{ ++ int rv = 0; ++ ++ X509_ALGOR *alg, *kekalg = NULL; ++ ASN1_OCTET_STRING *ukm; ++ const unsigned char *p; ++ unsigned char *dukm = NULL; ++ size_t dukmlen = 0; ++ int keylen, plen; ++ const EVP_CIPHER *kekcipher; ++ EVP_CIPHER_CTX *kekctx; ++ ++ if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) ++ goto err; ++ ++ /* ++ * For DH we only have one OID permissible. If ever any more get defined ++ * we will need something cleverer. ++ */ ++ if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) { ++ DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR); ++ goto err; ++ } ++ ++ if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0) ++ goto err; ++ ++ if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0) ++ goto err; ++ ++ if (alg->parameter->type != V_ASN1_SEQUENCE) ++ goto err; ++ ++ p = alg->parameter->value.sequence->data; ++ plen = alg->parameter->value.sequence->length; ++ kekalg = d2i_X509_ALGOR(NULL, &p, plen); ++ if (!kekalg) ++ goto err; ++ kekctx = CMS_RecipientInfo_kari_get0_ctx(ri); ++ if (!kekctx) ++ goto err; ++ kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); ++ if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE) ++ goto err; ++ if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) ++ goto err; ++ if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) ++ goto err; ++ ++ keylen = EVP_CIPHER_CTX_key_length(kekctx); ++ if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0) ++ goto err; ++ /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */ ++ if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, ++ OBJ_nid2obj(EVP_CIPHER_type(kekcipher))) ++ <= 0) ++ goto err; ++ ++ if (ukm) { ++ dukmlen = ASN1_STRING_length(ukm); ++ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); ++ if (!dukm) ++ goto err; ++ } ++ ++ if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0) ++ goto err; ++ dukm = NULL; ++ ++ rv = 1; ++ err: ++ if (kekalg) ++ X509_ALGOR_free(kekalg); ++ if (dukm) ++ OPENSSL_free(dukm); ++ return rv; ++} ++ ++static int dh_cms_decrypt(CMS_RecipientInfo *ri) ++{ ++ EVP_PKEY_CTX *pctx; ++ pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); ++ if (!pctx) ++ return 0; ++ /* See if we need to set peer key */ ++ if (!EVP_PKEY_CTX_get0_peerkey(pctx)) { ++ X509_ALGOR *alg; ++ ASN1_BIT_STRING *pubkey; ++ if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, ++ NULL, NULL, NULL)) ++ return 0; ++ if (!alg || !pubkey) ++ return 0; ++ if (!dh_cms_set_peerkey(pctx, alg, pubkey)) { ++ DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR); ++ return 0; ++ } ++ } ++ /* Set DH derivation parameters and initialise unwrap context */ ++ if (!dh_cms_set_shared_info(pctx, ri)) { ++ DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR); ++ return 0; ++ } ++ return 1; ++} ++ ++static int dh_cms_encrypt(CMS_RecipientInfo *ri) ++{ ++ EVP_PKEY_CTX *pctx; ++ EVP_PKEY *pkey; ++ EVP_CIPHER_CTX *ctx; ++ int keylen; ++ X509_ALGOR *talg, *wrap_alg = NULL; ++ ASN1_OBJECT *aoid; ++ ASN1_BIT_STRING *pubkey; ++ ASN1_STRING *wrap_str; ++ ASN1_OCTET_STRING *ukm; ++ unsigned char *penc = NULL, *dukm = NULL; ++ int penclen; ++ size_t dukmlen = 0; ++ int rv = 0; ++ int kdf_type, wrap_nid; ++ const EVP_MD *kdf_md; ++ pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); ++ if (!pctx) ++ return 0; ++ /* Get ephemeral key */ ++ pkey = EVP_PKEY_CTX_get0_pkey(pctx); ++ if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, ++ NULL, NULL, NULL)) ++ goto err; ++ X509_ALGOR_get0(&aoid, NULL, NULL, talg); ++ /* Is everything uninitialised? */ ++ if (aoid == OBJ_nid2obj(NID_undef)) { ++ ASN1_INTEGER *pubk; ++ pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL); ++ if (!pubk) ++ goto err; ++ /* Set the key */ ++ ++ penclen = i2d_ASN1_INTEGER(pubk, &penc); ++ ASN1_INTEGER_free(pubk); ++ if (penclen <= 0) ++ goto err; ++ ASN1_STRING_set0(pubkey, penc, penclen); ++ pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); ++ pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ ++ penc = NULL; ++ X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber), ++ V_ASN1_UNDEF, NULL); ++ } ++ ++ /* See if custom paraneters set */ ++ kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx); ++ if (kdf_type <= 0) ++ goto err; ++ if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md)) ++ goto err; ++ ++ if (kdf_type == EVP_PKEY_DH_KDF_NONE) { ++ kdf_type = EVP_PKEY_DH_KDF_X9_42; ++ if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0) ++ goto err; ++ } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42) ++ /* Unknown KDF */ ++ goto err; ++ if (kdf_md == NULL) { ++ /* Only SHA1 supported */ ++ kdf_md = EVP_sha1(); ++ if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0) ++ goto err; ++ } else if (EVP_MD_type(kdf_md) != NID_sha1) ++ /* Unsupported digest */ ++ goto err; ++ ++ if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm)) ++ goto err; ++ ++ /* Get wrap NID */ ++ ctx = CMS_RecipientInfo_kari_get0_ctx(ri); ++ wrap_nid = EVP_CIPHER_CTX_type(ctx); ++ if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0) ++ goto err; ++ keylen = EVP_CIPHER_CTX_key_length(ctx); ++ ++ /* Package wrap algorithm in an AlgorithmIdentifier */ ++ ++ wrap_alg = X509_ALGOR_new(); ++ if (!wrap_alg) ++ goto err; ++ wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); ++ wrap_alg->parameter = ASN1_TYPE_new(); ++ if (!wrap_alg->parameter) ++ goto err; ++ if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) ++ goto err; ++ if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) { ++ ASN1_TYPE_free(wrap_alg->parameter); ++ wrap_alg->parameter = NULL; ++ } ++ ++ if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0) ++ goto err; ++ ++ if (ukm) { ++ dukmlen = ASN1_STRING_length(ukm); ++ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); ++ if (!dukm) ++ goto err; ++ } ++ ++ if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0) ++ goto err; ++ dukm = NULL; ++ ++ /* ++ * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter ++ * of another AlgorithmIdentifier. ++ */ ++ penc = NULL; ++ penclen = i2d_X509_ALGOR(wrap_alg, &penc); ++ if (!penc || !penclen) ++ goto err; ++ wrap_str = ASN1_STRING_new(); ++ if (!wrap_str) ++ goto err; ++ ASN1_STRING_set0(wrap_str, penc, penclen); ++ penc = NULL; ++ X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH), ++ V_ASN1_SEQUENCE, wrap_str); ++ ++ rv = 1; ++ ++ err: ++ if (penc) ++ OPENSSL_free(penc); ++ if (wrap_alg) ++ X509_ALGOR_free(wrap_alg); ++ return rv; ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c +index d534986..f470214 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c +@@ -4,7 +4,7 @@ + * 2000. + */ + /* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -65,7 +65,8 @@ + #include + + /* Override the default free and new methods */ +-static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + if (operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)DH_new(); +@@ -87,3 +88,102 @@ ASN1_SEQUENCE_cb(DHparams, dh_cb) = { + } ASN1_SEQUENCE_END_cb(DH, DHparams) + + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) ++ ++/* ++ * Internal only structures for handling X9.42 DH: this gets translated to or ++ * from a DH structure straight away. ++ */ ++ ++typedef struct { ++ ASN1_BIT_STRING *seed; ++ BIGNUM *counter; ++} int_dhvparams; ++ ++typedef struct { ++ BIGNUM *p; ++ BIGNUM *q; ++ BIGNUM *g; ++ BIGNUM *j; ++ int_dhvparams *vparams; ++} int_dhx942_dh; ++ ++ASN1_SEQUENCE(DHvparams) = { ++ ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), ++ ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) ++} ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) ++ ++ASN1_SEQUENCE(DHxparams) = { ++ ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), ++ ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM), ++ ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM), ++ ASN1_OPT(int_dhx942_dh, j, BIGNUM), ++ ASN1_OPT(int_dhx942_dh, vparams, DHvparams), ++} ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) ++ ++int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, ++ const unsigned char **pp, long length); ++int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp); ++ ++IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx) ++ ++/* Application leve function: read in X9.42 DH parameters into DH structure */ ++ ++DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length) ++{ ++ int_dhx942_dh *dhx = NULL; ++ DH *dh = NULL; ++ dh = DH_new(); ++ if (!dh) ++ return NULL; ++ dhx = d2i_int_dhx(NULL, pp, length); ++ if (!dhx) { ++ DH_free(dh); ++ return NULL; ++ } ++ ++ if (a) { ++ if (*a) ++ DH_free(*a); ++ *a = dh; ++ } ++ ++ dh->p = dhx->p; ++ dh->q = dhx->q; ++ dh->g = dhx->g; ++ dh->j = dhx->j; ++ ++ if (dhx->vparams) { ++ dh->seed = dhx->vparams->seed->data; ++ dh->seedlen = dhx->vparams->seed->length; ++ dh->counter = dhx->vparams->counter; ++ dhx->vparams->seed->data = NULL; ++ ASN1_BIT_STRING_free(dhx->vparams->seed); ++ OPENSSL_free(dhx->vparams); ++ dhx->vparams = NULL; ++ } ++ ++ OPENSSL_free(dhx); ++ return dh; ++} ++ ++int i2d_DHxparams(const DH *dh, unsigned char **pp) ++{ ++ int_dhx942_dh dhx; ++ int_dhvparams dhv; ++ ASN1_BIT_STRING bs; ++ dhx.p = dh->p; ++ dhx.g = dh->g; ++ dhx.q = dh->q; ++ dhx.j = dh->j; ++ if (dh->counter && dh->seed && dh->seedlen > 0) { ++ bs.flags = ASN1_STRING_FLAG_BITS_LEFT; ++ bs.data = dh->seed; ++ bs.length = dh->seedlen; ++ dhv.seed = &bs; ++ dhv.counter = dh->counter; ++ dhx.vparams = &dhv; ++ } else ++ dhx.vparams = NULL; ++ ++ return i2d_int_dhx(&dhx, pp); ++} +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c +index 7909fd6..347467c 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_check.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_check.c +@@ -71,35 +71,59 @@ + * should hold. + */ + +-#ifndef OPENSSL_FIPS +- + int DH_check(const DH *dh, int *ret) + { + int ok = 0; + BN_CTX *ctx = NULL; + BN_ULONG l; +- BIGNUM *q = NULL; ++ BIGNUM *t1 = NULL, *t2 = NULL; + + *ret = 0; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +- q = BN_new(); +- if (q == NULL) ++ BN_CTX_start(ctx); ++ t1 = BN_CTX_get(ctx); ++ if (t1 == NULL) ++ goto err; ++ t2 = BN_CTX_get(ctx); ++ if (t2 == NULL) + goto err; + +- if (BN_is_word(dh->g, DH_GENERATOR_2)) { ++ if (dh->q) { ++ if (BN_cmp(dh->g, BN_value_one()) <= 0) ++ *ret |= DH_NOT_SUITABLE_GENERATOR; ++ else if (BN_cmp(dh->g, dh->p) >= 0) ++ *ret |= DH_NOT_SUITABLE_GENERATOR; ++ else { ++ /* Check g^q == 1 mod p */ ++ if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) ++ goto err; ++ if (!BN_is_one(t1)) ++ *ret |= DH_NOT_SUITABLE_GENERATOR; ++ } ++ if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) ++ *ret |= DH_CHECK_Q_NOT_PRIME; ++ /* Check p == 1 mod q i.e. q divides p - 1 */ ++ if (!BN_div(t1, t2, dh->p, dh->q, ctx)) ++ goto err; ++ if (!BN_is_one(t2)) ++ *ret |= DH_CHECK_INVALID_Q_VALUE; ++ if (dh->j && BN_cmp(dh->j, t1)) ++ *ret |= DH_CHECK_INVALID_J_VALUE; ++ ++ } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { + l = BN_mod_word(dh->p, 24); + if (l != 11) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } +-# if 0 ++#if 0 + else if (BN_is_word(dh->g, DH_GENERATOR_3)) { + l = BN_mod_word(dh->p, 12); + if (l != 5) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } +-# endif ++#endif + else if (BN_is_word(dh->g, DH_GENERATOR_5)) { + l = BN_mod_word(dh->p, 10); + if ((l != 3) && (l != 7)) +@@ -109,18 +133,18 @@ int DH_check(const DH *dh, int *ret) + + if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_P_NOT_PRIME; +- else { +- if (!BN_rshift1(q, dh->p)) ++ else if (!dh->q) { ++ if (!BN_rshift1(t1, dh->p)) + goto err; +- if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL)) ++ if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_P_NOT_SAFE_PRIME; + } + ok = 1; + err: +- if (ctx != NULL) ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); + BN_CTX_free(ctx); +- if (q != NULL) +- BN_free(q); ++ } + return (ok); + } + +@@ -147,5 +171,3 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) + BN_free(q); + return (ok); + } +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c +index 7e8ce82..b890cca 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_err.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_err.c +@@ -1,6 +1,6 @@ + /* crypto/dh/dh_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -71,24 +71,44 @@ + + static ERR_STRING_DATA DH_str_functs[] = { + {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, +- {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, + {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, + {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, ++ {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"}, ++ {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"}, ++ {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"}, + {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, + {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, +- {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, ++ {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"}, + {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, ++ {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, ++ {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"}, ++ {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"}, ++ {ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, ++ {ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, ++ {ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"}, + {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, + {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, ++ {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, ++ {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, + {0, NULL} + }; + + static ERR_STRING_DATA DH_str_reasons[] = { + {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"}, ++ {ERR_REASON(DH_R_BN_DECODE_ERROR), "bn decode error"}, ++ {ERR_REASON(DH_R_BN_ERROR), "bn error"}, ++ {ERR_REASON(DH_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, ++ {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, ++ {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"}, + {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, ++ {ERR_REASON(DH_R_NON_FIPS_METHOD), "non fips method"}, ++ {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, ++ {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, ++ {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, ++ {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, + {0, NULL} + }; + +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c +index 560d4bb..5bedb66 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c +@@ -66,7 +66,9 @@ + #include + #include + +-#ifndef OPENSSL_FIPS ++#ifdef OPENSSL_FIPS ++# include ++#endif + + static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + BN_GENCB *cb); +@@ -74,8 +76,19 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, + BN_GENCB *cb) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + if (ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_dh_generate_parameters_ex(ret, prime_len, generator, cb); ++#endif + return dh_builtin_genparams(ret, prime_len, generator, cb); + } + +@@ -139,7 +152,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + goto err; + g = 2; + } +-# if 0 /* does not work for safe primes */ ++#if 0 /* does not work for safe primes */ + else if (generator == DH_GENERATOR_3) { + if (!BN_set_word(t1, 12)) + goto err; +@@ -147,7 +160,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + goto err; + g = 3; + } +-# endif ++#endif + else if (generator == DH_GENERATOR_5) { + if (!BN_set_word(t1, 10)) + goto err; +@@ -189,5 +202,3 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + } + return ok; + } +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c +index 4de8e27..1d80fb2 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_key.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_key.c +@@ -62,8 +62,6 @@ + #include + #include + +-#ifndef OPENSSL_FIPS +- + static int generate_key(DH *dh); + static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); + static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, +@@ -74,14 +72,42 @@ static int dh_finish(DH *dh); + + int DH_generate_key(DH *dh) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + return dh->meth->generate_key(dh); + } + + int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + return dh->meth->compute_key(key, pub_key, dh); + } + ++int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) ++{ ++ int rv, pad; ++ rv = dh->meth->compute_key(key, pub_key, dh); ++ if (rv <= 0) ++ return rv; ++ pad = BN_num_bytes(dh->p) - rv; ++ if (pad > 0) { ++ memmove(key + pad, key, rv); ++ memset(key, 0, pad); ++ } ++ return rv + pad; ++} ++ + static DH_METHOD dh_ossl = { + "OpenSSL DH Method", + generate_key, +@@ -135,11 +161,18 @@ static int generate_key(DH *dh) + } + + if (generate_new_key) { +- l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; /* secret +- * exponent +- * length */ +- if (!BN_rand(priv_key, l, 0, 0)) +- goto err; ++ if (dh->q) { ++ do { ++ if (!BN_rand_range(priv_key, dh->q)) ++ goto err; ++ } ++ while (BN_is_zero(priv_key) || BN_is_one(priv_key)); ++ } else { ++ /* secret exponent length */ ++ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; ++ if (!BN_rand(priv_key, l, 0, 0)) ++ goto err; ++ } + } + + { +@@ -254,5 +287,3 @@ static int dh_finish(DH *dh) + BN_MONT_CTX_free(dh->method_mont_p); + return (1); + } +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c +index 0b8a5a0..bebc160 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c +@@ -64,6 +64,10 @@ + # include + #endif + ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ + const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT; + + static const DH_METHOD *default_DH_method = NULL; +@@ -75,8 +79,16 @@ void DH_set_default_method(const DH_METHOD *meth) + + const DH_METHOD *DH_get_default_method(void) + { +- if (!default_DH_method) ++ if (!default_DH_method) { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_dh_openssl(); ++ else ++ return DH_OpenSSL(); ++#else + default_DH_method = DH_OpenSSL(); ++#endif ++ } + return default_DH_method; + } + +@@ -153,7 +165,7 @@ DH *DH_new_method(ENGINE *engine) + ret->counter = NULL; + ret->method_mont_p = NULL; + ret->references = 1; +- ret->flags = ret->meth->flags; ++ ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + #ifndef OPENSSL_NO_ENGINE +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c b/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c +new file mode 100644 +index 0000000..e5f345a +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c +@@ -0,0 +1,555 @@ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++#include ++#include "evp_locl.h" ++ ++/* DH pkey context structure */ ++ ++typedef struct { ++ /* Parameter gen parameters */ ++ int prime_len; ++ int generator; ++ int use_dsa; ++ int subprime_len; ++ /* message digest used for parameter generation */ ++ const EVP_MD *md; ++ int rfc5114_param; ++ /* Keygen callback info */ ++ int gentmp[2]; ++ /* KDF (if any) to use for DH */ ++ char kdf_type; ++ /* OID to use for KDF */ ++ ASN1_OBJECT *kdf_oid; ++ /* Message digest to use for key derivation */ ++ const EVP_MD *kdf_md; ++ /* User key material */ ++ unsigned char *kdf_ukm; ++ size_t kdf_ukmlen; ++ /* KDF output length */ ++ size_t kdf_outlen; ++} DH_PKEY_CTX; ++ ++static int pkey_dh_init(EVP_PKEY_CTX *ctx) ++{ ++ DH_PKEY_CTX *dctx; ++ dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX)); ++ if (!dctx) ++ return 0; ++ dctx->prime_len = 1024; ++ dctx->subprime_len = -1; ++ dctx->generator = 2; ++ dctx->use_dsa = 0; ++ dctx->md = NULL; ++ dctx->rfc5114_param = 0; ++ ++ dctx->kdf_type = EVP_PKEY_DH_KDF_NONE; ++ dctx->kdf_oid = NULL; ++ dctx->kdf_md = NULL; ++ dctx->kdf_ukm = NULL; ++ dctx->kdf_ukmlen = 0; ++ dctx->kdf_outlen = 0; ++ ++ ctx->data = dctx; ++ ctx->keygen_info = dctx->gentmp; ++ ctx->keygen_info_count = 2; ++ ++ return 1; ++} ++ ++static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) ++{ ++ DH_PKEY_CTX *dctx, *sctx; ++ if (!pkey_dh_init(dst)) ++ return 0; ++ sctx = src->data; ++ dctx = dst->data; ++ dctx->prime_len = sctx->prime_len; ++ dctx->subprime_len = sctx->subprime_len; ++ dctx->generator = sctx->generator; ++ dctx->use_dsa = sctx->use_dsa; ++ dctx->md = sctx->md; ++ dctx->rfc5114_param = sctx->rfc5114_param; ++ ++ dctx->kdf_type = sctx->kdf_type; ++ dctx->kdf_oid = OBJ_dup(sctx->kdf_oid); ++ if (!dctx->kdf_oid) ++ return 0; ++ dctx->kdf_md = sctx->kdf_md; ++ if (dctx->kdf_ukm) { ++ dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); ++ dctx->kdf_ukmlen = sctx->kdf_ukmlen; ++ } ++ dctx->kdf_outlen = sctx->kdf_outlen; ++ return 1; ++} ++ ++static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) ++{ ++ DH_PKEY_CTX *dctx = ctx->data; ++ if (dctx) { ++ if (dctx->kdf_ukm) ++ OPENSSL_free(dctx->kdf_ukm); ++ if (dctx->kdf_oid) ++ ASN1_OBJECT_free(dctx->kdf_oid); ++ OPENSSL_free(dctx); ++ } ++} ++ ++static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++{ ++ DH_PKEY_CTX *dctx = ctx->data; ++ switch (type) { ++ case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: ++ if (p1 < 256) ++ return -2; ++ dctx->prime_len = p1; ++ return 1; ++ ++ case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN: ++ if (dctx->use_dsa == 0) ++ return -2; ++ dctx->subprime_len = p1; ++ return 1; ++ ++ case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: ++ if (dctx->use_dsa) ++ return -2; ++ dctx->generator = p1; ++ return 1; ++ ++ case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE: ++#ifdef OPENSSL_NO_DSA ++ if (p1 != 0) ++ return -2; ++#else ++ if (p1 < 0 || p1 > 2) ++ return -2; ++#endif ++ dctx->use_dsa = p1; ++ return 1; ++ ++ case EVP_PKEY_CTRL_DH_RFC5114: ++ if (p1 < 1 || p1 > 3) ++ return -2; ++ dctx->rfc5114_param = p1; ++ return 1; ++ ++ case EVP_PKEY_CTRL_PEER_KEY: ++ /* Default behaviour is OK */ ++ return 1; ++ ++ case EVP_PKEY_CTRL_DH_KDF_TYPE: ++ if (p1 == -2) ++ return dctx->kdf_type; ++ if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) ++ return -2; ++ dctx->kdf_type = p1; ++ return 1; ++ ++ case EVP_PKEY_CTRL_DH_KDF_MD: ++ dctx->kdf_md = p2; ++ return 1; ++ ++ case EVP_PKEY_CTRL_GET_DH_KDF_MD: ++ *(const EVP_MD **)p2 = dctx->kdf_md; ++ return 1; ++ ++ case EVP_PKEY_CTRL_DH_KDF_OUTLEN: ++ if (p1 <= 0) ++ return -2; ++ dctx->kdf_outlen = (size_t)p1; ++ return 1; ++ ++ case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN: ++ *(int *)p2 = dctx->kdf_outlen; ++ return 1; ++ ++ case EVP_PKEY_CTRL_DH_KDF_UKM: ++ if (dctx->kdf_ukm) ++ OPENSSL_free(dctx->kdf_ukm); ++ dctx->kdf_ukm = p2; ++ if (p2) ++ dctx->kdf_ukmlen = p1; ++ else ++ dctx->kdf_ukmlen = 0; ++ return 1; ++ ++ case EVP_PKEY_CTRL_GET_DH_KDF_UKM: ++ *(unsigned char **)p2 = dctx->kdf_ukm; ++ return dctx->kdf_ukmlen; ++ ++ case EVP_PKEY_CTRL_DH_KDF_OID: ++ if (dctx->kdf_oid) ++ ASN1_OBJECT_free(dctx->kdf_oid); ++ dctx->kdf_oid = p2; ++ return 1; ++ ++ case EVP_PKEY_CTRL_GET_DH_KDF_OID: ++ *(ASN1_OBJECT **)p2 = dctx->kdf_oid; ++ return 1; ++ ++ default: ++ return -2; ++ ++ } ++} ++ ++static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, ++ const char *type, const char *value) ++{ ++ if (!strcmp(type, "dh_paramgen_prime_len")) { ++ int len; ++ len = atoi(value); ++ return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); ++ } ++ if (!strcmp(type, "dh_rfc5114")) { ++ DH_PKEY_CTX *dctx = ctx->data; ++ int len; ++ len = atoi(value); ++ if (len < 0 || len > 3) ++ return -2; ++ dctx->rfc5114_param = len; ++ return 1; ++ } ++ if (!strcmp(type, "dh_paramgen_generator")) { ++ int len; ++ len = atoi(value); ++ return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); ++ } ++ if (!strcmp(type, "dh_paramgen_subprime_len")) { ++ int len; ++ len = atoi(value); ++ return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len); ++ } ++ if (!strcmp(type, "dh_paramgen_type")) { ++ int typ; ++ typ = atoi(value); ++ return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ); ++ } ++ return -2; ++} ++ ++#ifndef OPENSSL_NO_DSA ++ ++extern int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, ++ const EVP_MD *evpmd, ++ const unsigned char *seed_in, size_t seed_len, ++ unsigned char *seed_out, int *counter_ret, ++ unsigned long *h_ret, BN_GENCB *cb); ++ ++extern int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, ++ const EVP_MD *evpmd, ++ const unsigned char *seed_in, ++ size_t seed_len, int idx, ++ unsigned char *seed_out, int *counter_ret, ++ unsigned long *h_ret, BN_GENCB *cb); ++ ++static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb) ++{ ++ DSA *ret; ++ int rv = 0; ++ int prime_len = dctx->prime_len; ++ int subprime_len = dctx->subprime_len; ++ const EVP_MD *md = dctx->md; ++ if (dctx->use_dsa > 2) ++ return NULL; ++ ret = DSA_new(); ++ if (!ret) ++ return NULL; ++ if (subprime_len == -1) { ++ if (prime_len >= 2048) ++ subprime_len = 256; ++ else ++ subprime_len = 160; ++ } ++ if (md == NULL) { ++ if (prime_len >= 2048) ++ md = EVP_sha256(); ++ else ++ md = EVP_sha1(); ++ } ++ if (dctx->use_dsa == 1) ++ rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md, ++ NULL, 0, NULL, NULL, NULL, pcb); ++ else if (dctx->use_dsa == 2) ++ rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md, ++ NULL, 0, -1, NULL, NULL, NULL, pcb); ++ if (rv <= 0) { ++ DSA_free(ret); ++ return NULL; ++ } ++ return ret; ++} ++ ++#endif ++ ++static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ++{ ++ DH *dh = NULL; ++ DH_PKEY_CTX *dctx = ctx->data; ++ BN_GENCB *pcb, cb; ++ int ret; ++ if (dctx->rfc5114_param) { ++ switch (dctx->rfc5114_param) { ++ case 1: ++ dh = DH_get_1024_160(); ++ break; ++ ++ case 2: ++ dh = DH_get_2048_224(); ++ break; ++ ++ case 3: ++ dh = DH_get_2048_256(); ++ break; ++ ++ default: ++ return -2; ++ } ++ EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh); ++ return 1; ++ } ++ ++ if (ctx->pkey_gencb) { ++ pcb = &cb; ++ evp_pkey_set_cb_translate(pcb, ctx); ++ } else ++ pcb = NULL; ++#ifndef OPENSSL_NO_DSA ++ if (dctx->use_dsa) { ++ DSA *dsa_dh; ++ dsa_dh = dsa_dh_generate(dctx, pcb); ++ if (!dsa_dh) ++ return 0; ++ dh = DSA_dup_DH(dsa_dh); ++ DSA_free(dsa_dh); ++ if (!dh) ++ return 0; ++ EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh); ++ return 1; ++ } ++#endif ++ dh = DH_new(); ++ if (!dh) ++ return 0; ++ ret = DH_generate_parameters_ex(dh, ++ dctx->prime_len, dctx->generator, pcb); ++ ++ if (ret) ++ EVP_PKEY_assign_DH(pkey, dh); ++ else ++ DH_free(dh); ++ return ret; ++} ++ ++static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ++{ ++ DH *dh = NULL; ++ if (ctx->pkey == NULL) { ++ DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); ++ return 0; ++ } ++ dh = DH_new(); ++ if (!dh) ++ return 0; ++ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); ++ /* Note: if error return, pkey is freed by parent routine */ ++ if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) ++ return 0; ++ return DH_generate_key(pkey->pkey.dh); ++} ++ ++static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, ++ size_t *keylen) ++{ ++ int ret; ++ DH *dh; ++ DH_PKEY_CTX *dctx = ctx->data; ++ BIGNUM *dhpub; ++ if (!ctx->pkey || !ctx->peerkey) { ++ DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); ++ return 0; ++ } ++ dh = ctx->pkey->pkey.dh; ++ dhpub = ctx->peerkey->pkey.dh->pub_key; ++ if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) { ++ if (key == NULL) { ++ *keylen = DH_size(dh); ++ return 1; ++ } ++ ret = DH_compute_key(key, dhpub, dh); ++ if (ret < 0) ++ return ret; ++ *keylen = ret; ++ return 1; ++ } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { ++#ifdef OPENSSL_NO_CMS ++ return 0; ++#else ++ unsigned char *Z = NULL; ++ size_t Zlen = 0; ++ if (!dctx->kdf_outlen || !dctx->kdf_oid) ++ return 0; ++ if (key == NULL) { ++ *keylen = dctx->kdf_outlen; ++ return 1; ++ } ++ if (*keylen != dctx->kdf_outlen) ++ return 0; ++ ret = 0; ++ Zlen = DH_size(dh); ++ Z = OPENSSL_malloc(Zlen); ++ if (!Z) { ++ goto err; ++ } ++ if (DH_compute_key_padded(Z, dhpub, dh) <= 0) ++ goto err; ++ if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid, ++ dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) ++ goto err; ++ *keylen = dctx->kdf_outlen; ++ ret = 1; ++ err: ++ if (Z) { ++ OPENSSL_cleanse(Z, Zlen); ++ OPENSSL_free(Z); ++ } ++ return ret; ++#endif ++ } ++ return 1; ++} ++ ++const EVP_PKEY_METHOD dh_pkey_meth = { ++ EVP_PKEY_DH, ++ 0, ++ pkey_dh_init, ++ pkey_dh_copy, ++ pkey_dh_cleanup, ++ ++ 0, ++ pkey_dh_paramgen, ++ ++ 0, ++ pkey_dh_keygen, ++ ++ 0, ++ 0, ++ ++ 0, ++ 0, ++ ++ 0, 0, ++ ++ 0, 0, 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ 0, ++ pkey_dh_derive, ++ ++ pkey_dh_ctrl, ++ pkey_dh_ctrl_str ++}; ++ ++const EVP_PKEY_METHOD dhx_pkey_meth = { ++ EVP_PKEY_DHX, ++ 0, ++ pkey_dh_init, ++ pkey_dh_copy, ++ pkey_dh_cleanup, ++ ++ 0, ++ pkey_dh_paramgen, ++ ++ 0, ++ pkey_dh_keygen, ++ ++ 0, ++ 0, ++ ++ 0, ++ 0, ++ ++ 0, 0, ++ ++ 0, 0, 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ 0, ++ pkey_dh_derive, ++ ++ pkey_dh_ctrl, ++ pkey_dh_ctrl_str ++}; +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_prn.c b/Cryptlib/OpenSSL/crypto/dh/dh_prn.c +new file mode 100644 +index 0000000..5d6c3a3 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_prn.c +@@ -0,0 +1,79 @@ ++/* crypto/asn1/t_pkey.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++ ++#ifndef OPENSSL_NO_FP_API ++int DHparams_print_fp(FILE *fp, const DH *x) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = DHparams_print(b, x); ++ BIO_free(b); ++ return (ret); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c b/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c +new file mode 100644 +index 0000000..e96e2aa +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c +@@ -0,0 +1,285 @@ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2011. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++ ++/* DH parameters from RFC5114 */ ++ ++#if BN_BITS2 == 64 ++static const BN_ULONG dh1024_160_p[] = { ++ 0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL, ++ 0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL, ++ 0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL, ++ 0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL, ++ 0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL, ++ 0xB10B8F96A080E01DULL ++}; ++ ++static const BN_ULONG dh1024_160_g[] = { ++ 0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL, ++ 0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL, ++ 0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL, ++ 0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL, ++ 0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL, ++ 0xA4D1CBD5C3FD3412ULL ++}; ++ ++static const BN_ULONG dh1024_160_q[] = { ++ 0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL ++}; ++ ++static const BN_ULONG dh2048_224_p[] = { ++ 0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL, ++ 0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL, ++ 0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL, ++ 0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL, ++ 0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL, ++ 0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL, ++ 0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL, ++ 0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL, ++ 0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL, ++ 0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL, ++ 0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL ++}; ++ ++static const BN_ULONG dh2048_224_g[] = { ++ 0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL, ++ 0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL, ++ 0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL, ++ 0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL, ++ 0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL, ++ 0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL, ++ 0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL, ++ 0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL, ++ 0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL, ++ 0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL, ++ 0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL ++}; ++ ++static const BN_ULONG dh2048_224_q[] = { ++ 0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL, ++ 0x00000000801C0D34ULL ++}; ++ ++static const BN_ULONG dh2048_256_p[] = { ++ 0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL, ++ 0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL, ++ 0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL, ++ 0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL, ++ 0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL, ++ 0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL, ++ 0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL, ++ 0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL, ++ 0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL, ++ 0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL, ++ 0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL ++}; ++ ++static const BN_ULONG dh2048_256_g[] = { ++ 0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL, ++ 0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL, ++ 0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL, ++ 0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL, ++ 0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL, ++ 0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL, ++ 0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL, ++ 0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL, ++ 0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL, ++ 0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL, ++ 0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL ++}; ++ ++static const BN_ULONG dh2048_256_q[] = { ++ 0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL, ++ 0x8CF83642A709A097ULL ++}; ++ ++#elif BN_BITS2 == 32 ++ ++static const BN_ULONG dh1024_160_p[] = { ++ 0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF, ++ 0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA, ++ 0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C, ++ 0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286, ++ 0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E, ++ 0xA080E01D, 0xB10B8F96 ++}; ++ ++static const BN_ULONG dh1024_160_g[] = { ++ 0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59, ++ 0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08, ++ 0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F, ++ 0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E, ++ 0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442, ++ 0xC3FD3412, 0xA4D1CBD5 ++}; ++ ++static const BN_ULONG dh1024_160_q[] = { ++ 0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87 ++}; ++ ++static const BN_ULONG dh2048_224_p[] = { ++ 0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2, ++ 0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E, ++ 0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1, ++ 0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A, ++ 0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714, ++ 0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0, ++ 0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0, ++ 0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152, ++ 0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40, ++ 0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5, ++ 0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E ++}; ++ ++static const BN_ULONG dh2048_224_g[] = { ++ 0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1, ++ 0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE, ++ 0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F, ++ 0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137, ++ 0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3, ++ 0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2, ++ 0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0, ++ 0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001, ++ 0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01, ++ 0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B, ++ 0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF ++}; ++ ++static const BN_ULONG dh2048_224_q[] = { ++ 0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE, ++ 0x801C0D34 ++}; ++ ++static const BN_ULONG dh2048_256_p[] = { ++ 0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227, ++ 0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A, ++ 0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79, ++ 0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5, ++ 0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267, ++ 0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF, ++ 0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF, ++ 0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64, ++ 0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45, ++ 0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608, ++ 0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D ++}; ++ ++static const BN_ULONG dh2048_256_g[] = { ++ 0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148, ++ 0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428, ++ 0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15, ++ 0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73, ++ 0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1, ++ 0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982, ++ 0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5, ++ 0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8, ++ 0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A, ++ 0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F, ++ 0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B ++}; ++ ++static const BN_ULONG dh2048_256_q[] = { ++ 0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976, ++ 0xA709A097, 0x8CF83642 ++}; ++ ++#else ++# error "unsupported BN_BITS2" ++#endif ++ ++/* Macro to make a BIGNUM from static data */ ++ ++#define make_dh_bn(x) static const BIGNUM _bignum_##x = { (BN_ULONG *) x, \ ++ sizeof(x)/sizeof(BN_ULONG),\ ++ sizeof(x)/sizeof(BN_ULONG),\ ++ 0, BN_FLG_STATIC_DATA } ++ ++/* ++ * Macro to make a DH structure from BIGNUM data. NB: although just copying ++ * the BIGNUM static pointers would be more efficient we can't as they get ++ * wiped using BN_clear_free() when DH_free() is called. ++ */ ++ ++#define make_dh(x) \ ++DH * DH_get_##x(void) \ ++ { \ ++ DH *dh; \ ++ make_dh_bn(dh##x##_p); \ ++ make_dh_bn(dh##x##_q); \ ++ make_dh_bn(dh##x##_g); \ ++ dh = DH_new(); \ ++ if (!dh) \ ++ return NULL; \ ++ dh->p = BN_dup(&_bignum_dh##x##_p); \ ++ dh->g = BN_dup(&_bignum_dh##x##_g); \ ++ dh->q = BN_dup(&_bignum_dh##x##_q); \ ++ if (!dh->p || !dh->q || !dh->g) \ ++ { \ ++ DH_free(dh); \ ++ return NULL; \ ++ } \ ++ return dh; \ ++ } ++ ++make_dh(1024_160) ++make_dh(2048_224) ++make_dh(2048_256) +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c +deleted file mode 100644 +index 88f9244..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c ++++ /dev/null +@@ -1,231 +0,0 @@ +-/* dsa_asn1.c */ +-/* +- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project +- * 2000. +- */ +-/* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-/* Override the default new methods */ +-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +-{ +- if (operation == ASN1_OP_NEW_PRE) { +- DSA_SIG *sig; +- sig = OPENSSL_malloc(sizeof(DSA_SIG)); +- sig->r = NULL; +- sig->s = NULL; +- *pval = (ASN1_VALUE *)sig; +- if (sig) +- return 2; +- DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- return 1; +-} +- +-ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { +- ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), +- ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) +-} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) +- +-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) +- +-/* Override the default free and new methods */ +-static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +-{ +- if (operation == ASN1_OP_NEW_PRE) { +- *pval = (ASN1_VALUE *)DSA_new(); +- if (*pval) +- return 2; +- return 0; +- } else if (operation == ASN1_OP_FREE_PRE) { +- DSA_free((DSA *)*pval); +- *pval = NULL; +- return 2; +- } +- return 1; +-} +- +-ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { +- ASN1_SIMPLE(DSA, version, LONG), +- ASN1_SIMPLE(DSA, p, BIGNUM), +- ASN1_SIMPLE(DSA, q, BIGNUM), +- ASN1_SIMPLE(DSA, g, BIGNUM), +- ASN1_SIMPLE(DSA, pub_key, BIGNUM), +- ASN1_SIMPLE(DSA, priv_key, BIGNUM) +-} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) +- +-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) +- +-ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { +- ASN1_SIMPLE(DSA, p, BIGNUM), +- ASN1_SIMPLE(DSA, q, BIGNUM), +- ASN1_SIMPLE(DSA, g, BIGNUM), +-} ASN1_SEQUENCE_END_cb(DSA, DSAparams) +- +-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) +- +-/* +- * DSA public key is a bit trickier... its effectively a CHOICE type decided +- * by a field called write_params which can either write out just the public +- * key as an INTEGER or the parameters and public key in a SEQUENCE +- */ +- +-ASN1_SEQUENCE(dsa_pub_internal) = { +- ASN1_SIMPLE(DSA, pub_key, BIGNUM), +- ASN1_SIMPLE(DSA, p, BIGNUM), +- ASN1_SIMPLE(DSA, q, BIGNUM), +- ASN1_SIMPLE(DSA, g, BIGNUM) +-} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) +- +-ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { +- ASN1_SIMPLE(DSA, pub_key, BIGNUM), +- ASN1_EX_COMBINE(0, 0, dsa_pub_internal) +-} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) +- +-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) +- +-int DSA_sign(int type, const unsigned char *dgst, int dlen, +- unsigned char *sig, unsigned int *siglen, DSA *dsa) +-{ +- DSA_SIG *s; +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { +- DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } +-#endif +- RAND_seed(dgst, dlen); +- s = DSA_do_sign(dgst, dlen, dsa); +- if (s == NULL) { +- *siglen = 0; +- return (0); +- } +- *siglen = i2d_DSA_SIG(s, &sig); +- DSA_SIG_free(s); +- return (1); +-} +- +-int DSA_size(const DSA *r) +-{ +- int ret, i; +- ASN1_INTEGER bs; +- unsigned char buf[4]; /* 4 bytes looks really small. However, +- * i2d_ASN1_INTEGER() will not look beyond +- * the first byte, as long as the second +- * parameter is NULL. */ +- +- i = BN_num_bits(r->q); +- bs.length = (i + 7) / 8; +- bs.data = buf; +- bs.type = V_ASN1_INTEGER; +- /* If the top bit is set the asn1 encoding is 1 larger. */ +- buf[0] = 0xff; +- +- i = i2d_ASN1_INTEGER(&bs, NULL); +- i += i; /* r and s */ +- ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); +- return (ret); +-} +- +-/*- +- * data has already been hashed (probably with SHA or SHA-1). */ +-/* +- * returns 1: correct signature 0: incorrect signature -1: error +- */ +-int DSA_verify(int type, const unsigned char *dgst, int dgst_len, +- const unsigned char *sigbuf, int siglen, DSA *dsa) +-{ +- DSA_SIG *s; +- const unsigned char *p = sigbuf; +- unsigned char *der = NULL; +- int derlen = -1; +- int ret = -1; +- +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { +- DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } +-#endif +- +- s = DSA_SIG_new(); +- if (s == NULL) +- return (ret); +- if (d2i_DSA_SIG(&s, &p, siglen) == NULL) +- goto err; +- /* Ensure signature uses DER and doesn't have trailing garbage */ +- derlen = i2d_DSA_SIG(s, &der); +- if (derlen != siglen || memcmp(sigbuf, der, derlen)) +- goto err; +- ret = DSA_do_verify(dgst, dgst_len, s, dsa); +- err: +- if (derlen > 0) { +- OPENSSL_cleanse(der, derlen); +- OPENSSL_free(der); +- } +- DSA_SIG_free(s); +- return (ret); +-} +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c +deleted file mode 100644 +index 54f88bc..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c ++++ /dev/null +@@ -1,113 +0,0 @@ +-/* crypto/dsa/dsa_depr.c */ +-/* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* +- * This file contains deprecated function(s) that are now wrappers to the new +- * version(s). +- */ +- +-#undef GENUINE_DSA +- +-#ifdef GENUINE_DSA +-/* +- * Parameter generation follows the original release of FIPS PUB 186, +- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) +- */ +-# define HASH EVP_sha() +-#else +-/* +- * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, +- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB +- * 180-1) +- */ +-# define HASH EVP_sha1() +-#endif +- +-static void *dummy = &dummy; +- +-#ifndef OPENSSL_NO_SHA +- +-# include +-# include +-# include "cryptlib.h" +-# include +-# include +-# include +-# include +-# include +- +-# ifndef OPENSSL_NO_DEPRECATED +-DSA *DSA_generate_parameters(int bits, +- unsigned char *seed_in, int seed_len, +- int *counter_ret, unsigned long *h_ret, +- void (*callback) (int, int, void *), +- void *cb_arg) +-{ +- BN_GENCB cb; +- DSA *ret; +- +- if ((ret = DSA_new()) == NULL) +- return NULL; +- +- BN_GENCB_set_old(&cb, callback, cb_arg); +- +- if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, +- counter_ret, h_ret, &cb)) +- return ret; +- DSA_free(ret); +- return NULL; +-} +-# endif +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c +deleted file mode 100644 +index 57f06fe..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c ++++ /dev/null +@@ -1,119 +0,0 @@ +-/* crypto/dsa/dsa_err.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* +- * NOTE: this file was auto generated by the mkerr.pl script: any changes +- * made to it will be overwritten when the script next updates this file, +- * only reason strings will be preserved. +- */ +- +-#include +-#include +-#include +- +-/* BEGIN ERROR CODES */ +-#ifndef OPENSSL_NO_ERR +- +-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0) +-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason) +- +-static ERR_STRING_DATA DSA_str_functs[] = { +- {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, +- {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, +- {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, +- {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, +- {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, +- {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, +- {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, +- {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"}, +- {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, +- {ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, +- {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, +- {ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"}, +- {ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"}, +- {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, +- {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, +- {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, +- {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, +- {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, +- {ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, +- {0, NULL} +-}; +- +-static ERR_STRING_DATA DSA_str_reasons[] = { +- {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"}, +- {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), +- "data too large for key size"}, +- {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, +- {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, +- {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, +- {ERR_REASON(DSA_R_NON_FIPS_METHOD), "non fips method"}, +- {ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), +- "operation not allowed in fips mode"}, +- {0, NULL} +-}; +- +-#endif +- +-void ERR_load_DSA_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- +- if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) { +- ERR_load_strings(0, DSA_str_functs); +- ERR_load_strings(0, DSA_str_reasons); +- } +-#endif +-} +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c +deleted file mode 100644 +index cb2e0bb..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c ++++ /dev/null +@@ -1,352 +0,0 @@ +-/* crypto/dsa/dsa_gen.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#undef GENUINE_DSA +- +-#ifdef GENUINE_DSA +-/* +- * Parameter generation follows the original release of FIPS PUB 186, +- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) +- */ +-# define HASH EVP_sha() +-#else +-/* +- * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, +- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB +- * 180-1) +- */ +-# define HASH EVP_sha1() +-#endif +- +-#include /* To see if OPENSSL_NO_SHA is defined */ +- +-#ifndef OPENSSL_NO_SHA +- +-# include +-# include +-# include "cryptlib.h" +-# include +-# include +-# include +-# include +-# include +- +-# ifndef OPENSSL_FIPS +- +-static int dsa_builtin_paramgen(DSA *ret, int bits, +- unsigned char *seed_in, int seed_len, +- int *counter_ret, unsigned long *h_ret, +- BN_GENCB *cb); +- +-int DSA_generate_parameters_ex(DSA *ret, int bits, +- unsigned char *seed_in, int seed_len, +- int *counter_ret, unsigned long *h_ret, +- BN_GENCB *cb) +-{ +- if (ret->meth->dsa_paramgen) +- return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, +- counter_ret, h_ret, cb); +- return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, +- counter_ret, h_ret, cb); +-} +- +-static int dsa_builtin_paramgen(DSA *ret, int bits, +- unsigned char *seed_in, int seed_len, +- int *counter_ret, unsigned long *h_ret, +- BN_GENCB *cb) +-{ +- int ok = 0; +- unsigned char seed[SHA_DIGEST_LENGTH]; +- unsigned char md[SHA_DIGEST_LENGTH]; +- unsigned char buf[SHA_DIGEST_LENGTH], buf2[SHA_DIGEST_LENGTH]; +- BIGNUM *r0, *W, *X, *c, *test; +- BIGNUM *g = NULL, *q = NULL, *p = NULL; +- BN_MONT_CTX *mont = NULL; +- int k, n = 0, i, m = 0; +- int counter = 0; +- int r = 0; +- BN_CTX *ctx = NULL; +- unsigned int h = 2; +- +- if (bits < 512) +- bits = 512; +- bits = (bits + 63) / 64 * 64; +- +- /* +- * NB: seed_len == 0 is special case: copy generated seed to seed_in if +- * it is not NULL. +- */ +- if (seed_len && (seed_len < 20)) +- seed_in = NULL; /* seed buffer too small -- ignore */ +- if (seed_len > 20) +- seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger +- * SEED, but our internal buffers are +- * restricted to 160 bits */ +- if ((seed_in != NULL) && (seed_len == 20)) { +- memcpy(seed, seed_in, seed_len); +- /* set seed_in to NULL to avoid it being copied back */ +- seed_in = NULL; +- } +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- +- if ((mont = BN_MONT_CTX_new()) == NULL) +- goto err; +- +- BN_CTX_start(ctx); +- r0 = BN_CTX_get(ctx); +- g = BN_CTX_get(ctx); +- W = BN_CTX_get(ctx); +- q = BN_CTX_get(ctx); +- X = BN_CTX_get(ctx); +- c = BN_CTX_get(ctx); +- p = BN_CTX_get(ctx); +- test = BN_CTX_get(ctx); +- +- if (!BN_lshift(test, BN_value_one(), bits - 1)) +- goto err; +- +- for (;;) { +- for (;;) { /* find q */ +- int seed_is_random; +- +- /* step 1 */ +- if (!BN_GENCB_call(cb, 0, m++)) +- goto err; +- +- if (!seed_len) { +- RAND_pseudo_bytes(seed, SHA_DIGEST_LENGTH); +- seed_is_random = 1; +- } else { +- seed_is_random = 0; +- seed_len = 0; /* use random seed if 'seed_in' turns out to +- * be bad */ +- } +- memcpy(buf, seed, SHA_DIGEST_LENGTH); +- memcpy(buf2, seed, SHA_DIGEST_LENGTH); +- /* precompute "SEED + 1" for step 7: */ +- for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) { +- buf[i]++; +- if (buf[i] != 0) +- break; +- } +- +- /* step 2 */ +- EVP_Digest(seed, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL); +- EVP_Digest(buf, SHA_DIGEST_LENGTH, buf2, NULL, HASH, NULL); +- for (i = 0; i < SHA_DIGEST_LENGTH; i++) +- md[i] ^= buf2[i]; +- +- /* step 3 */ +- md[0] |= 0x80; +- md[SHA_DIGEST_LENGTH - 1] |= 0x01; +- if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, q)) +- goto err; +- +- /* step 4 */ +- r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, +- seed_is_random, cb); +- if (r > 0) +- break; +- if (r != 0) +- goto err; +- +- /* do a callback call */ +- /* step 5 */ +- } +- +- if (!BN_GENCB_call(cb, 2, 0)) +- goto err; +- if (!BN_GENCB_call(cb, 3, 0)) +- goto err; +- +- /* step 6 */ +- counter = 0; +- /* "offset = 2" */ +- +- n = (bits - 1) / 160; +- +- for (;;) { +- if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) +- goto err; +- +- /* step 7 */ +- BN_zero(W); +- /* now 'buf' contains "SEED + offset - 1" */ +- for (k = 0; k <= n; k++) { +- /* +- * obtain "SEED + offset + k" by incrementing: +- */ +- for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) { +- buf[i]++; +- if (buf[i] != 0) +- break; +- } +- +- EVP_Digest(buf, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL); +- +- /* step 8 */ +- if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, r0)) +- goto err; +- if (!BN_lshift(r0, r0, 160 * k)) +- goto err; +- if (!BN_add(W, W, r0)) +- goto err; +- } +- +- /* more of step 8 */ +- if (!BN_mask_bits(W, bits - 1)) +- goto err; +- if (!BN_copy(X, W)) +- goto err; +- if (!BN_add(X, X, test)) +- goto err; +- +- /* step 9 */ +- if (!BN_lshift1(r0, q)) +- goto err; +- if (!BN_mod(c, X, r0, ctx)) +- goto err; +- if (!BN_sub(r0, c, BN_value_one())) +- goto err; +- if (!BN_sub(p, X, r0)) +- goto err; +- +- /* step 10 */ +- if (BN_cmp(p, test) >= 0) { +- /* step 11 */ +- r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); +- if (r > 0) +- goto end; /* found it */ +- if (r != 0) +- goto err; +- } +- +- /* step 13 */ +- counter++; +- /* "offset = offset + n + 1" */ +- +- /* step 14 */ +- if (counter >= 4096) +- break; +- } +- } +- end: +- if (!BN_GENCB_call(cb, 2, 1)) +- goto err; +- +- /* We now need to generate g */ +- /* Set r0=(p-1)/q */ +- if (!BN_sub(test, p, BN_value_one())) +- goto err; +- if (!BN_div(r0, NULL, test, q, ctx)) +- goto err; +- +- if (!BN_set_word(test, h)) +- goto err; +- if (!BN_MONT_CTX_set(mont, p, ctx)) +- goto err; +- +- for (;;) { +- /* g=test^r0%p */ +- if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) +- goto err; +- if (!BN_is_one(g)) +- break; +- if (!BN_add(test, test, BN_value_one())) +- goto err; +- h++; +- } +- +- if (!BN_GENCB_call(cb, 3, 1)) +- goto err; +- +- ok = 1; +- err: +- if (ok) { +- if (ret->p) +- BN_free(ret->p); +- if (ret->q) +- BN_free(ret->q); +- if (ret->g) +- BN_free(ret->g); +- ret->p = BN_dup(p); +- ret->q = BN_dup(q); +- ret->g = BN_dup(g); +- if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { +- ok = 0; +- goto err; +- } +- if (seed_in != NULL) +- memcpy(seed_in, seed, 20); +- if (counter_ret != NULL) +- *counter_ret = counter; +- if (h_ret != NULL) +- *h_ret = h; +- } +- if (ctx) { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- if (mont != NULL) +- BN_MONT_CTX_free(mont); +- return ok; +-} +-# endif +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c +deleted file mode 100644 +index 8da6016..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c ++++ /dev/null +@@ -1,134 +0,0 @@ +-/* crypto/dsa/dsa_key.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include "cryptlib.h" +-#ifndef OPENSSL_NO_SHA +-# include +-# include +-# include +- +-# ifndef OPENSSL_FIPS +- +-static int dsa_builtin_keygen(DSA *dsa); +- +-int DSA_generate_key(DSA *dsa) +-{ +- if (dsa->meth->dsa_keygen) +- return dsa->meth->dsa_keygen(dsa); +- return dsa_builtin_keygen(dsa); +-} +- +-static int dsa_builtin_keygen(DSA *dsa) +-{ +- int ok = 0; +- BN_CTX *ctx = NULL; +- BIGNUM *pub_key = NULL, *priv_key = NULL; +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- +- if (dsa->priv_key == NULL) { +- if ((priv_key = BN_new()) == NULL) +- goto err; +- } else +- priv_key = dsa->priv_key; +- +- do +- if (!BN_rand_range(priv_key, dsa->q)) +- goto err; +- while (BN_is_zero(priv_key)) ; +- +- if (dsa->pub_key == NULL) { +- if ((pub_key = BN_new()) == NULL) +- goto err; +- } else +- pub_key = dsa->pub_key; +- +- { +- BIGNUM local_prk; +- BIGNUM *prk; +- +- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { +- BN_init(&local_prk); +- prk = &local_prk; +- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); +- } else +- prk = priv_key; +- +- if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) +- goto err; +- } +- +- dsa->priv_key = priv_key; +- dsa->pub_key = pub_key; +- ok = 1; +- +- err: +- if ((pub_key != NULL) && (dsa->pub_key == NULL)) +- BN_free(pub_key); +- if ((priv_key != NULL) && (dsa->priv_key == NULL)) +- BN_free(priv_key); +- if (ctx != NULL) +- BN_CTX_free(ctx); +- return (ok); +-} +-# endif +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c +deleted file mode 100644 +index 45116c5..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c ++++ /dev/null +@@ -1,316 +0,0 @@ +-/* crypto/dsa/dsa_lib.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-/* Original version from Steven Schoch */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +-#ifndef OPENSSL_NO_DH +-# include +-#endif +- +-const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT; +- +-static const DSA_METHOD *default_DSA_method = NULL; +- +-void DSA_set_default_method(const DSA_METHOD *meth) +-{ +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) { +- DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD); +- return; +- } +-#endif +- +- default_DSA_method = meth; +-} +- +-const DSA_METHOD *DSA_get_default_method(void) +-{ +- if (!default_DSA_method) +- default_DSA_method = DSA_OpenSSL(); +- return default_DSA_method; +-} +- +-DSA *DSA_new(void) +-{ +- return DSA_new_method(NULL); +-} +- +-int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) +-{ +- /* +- * NB: The caller is specifically setting a method, so it's not up to us +- * to deal with which ENGINE it comes from. +- */ +- const DSA_METHOD *mtmp; +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) { +- DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD); +- return 0; +- } +-#endif +- mtmp = dsa->meth; +- if (mtmp->finish) +- mtmp->finish(dsa); +-#ifndef OPENSSL_NO_ENGINE +- if (dsa->engine) { +- ENGINE_finish(dsa->engine); +- dsa->engine = NULL; +- } +-#endif +- dsa->meth = meth; +- if (meth->init) +- meth->init(dsa); +- return 1; +-} +- +-DSA *DSA_new_method(ENGINE *engine) +-{ +- DSA *ret; +- +- ret = (DSA *)OPENSSL_malloc(sizeof(DSA)); +- if (ret == NULL) { +- DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- return (NULL); +- } +- ret->meth = DSA_get_default_method(); +-#ifndef OPENSSL_NO_ENGINE +- if (engine) { +- if (!ENGINE_init(engine)) { +- DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); +- OPENSSL_free(ret); +- return NULL; +- } +- ret->engine = engine; +- } else +- ret->engine = ENGINE_get_default_DSA(); +- if (ret->engine) { +- ret->meth = ENGINE_get_DSA(ret->engine); +- if (!ret->meth) { +- DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); +- ENGINE_finish(ret->engine); +- OPENSSL_free(ret); +- return NULL; +- } +- } +-#endif +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) { +- DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD); +-# ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); +-# endif +- OPENSSL_free(ret); +- return NULL; +- } +-#endif +- +- ret->pad = 0; +- ret->version = 0; +- ret->write_params = 1; +- ret->p = NULL; +- ret->q = NULL; +- ret->g = NULL; +- +- ret->pub_key = NULL; +- ret->priv_key = NULL; +- +- ret->kinv = NULL; +- ret->r = NULL; +- ret->method_mont_p = NULL; +- +- ret->references = 1; +- ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +-#ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); +-#endif +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); +- OPENSSL_free(ret); +- ret = NULL; +- } +- +- return (ret); +-} +- +-void DSA_free(DSA *r) +-{ +- int i; +- +- if (r == NULL) +- return; +- +- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA); +-#ifdef REF_PRINT +- REF_PRINT("DSA", r); +-#endif +- if (i > 0) +- return; +-#ifdef REF_CHECK +- if (i < 0) { +- fprintf(stderr, "DSA_free, bad reference count\n"); +- abort(); +- } +-#endif +- +- if (r->meth->finish) +- r->meth->finish(r); +-#ifndef OPENSSL_NO_ENGINE +- if (r->engine) +- ENGINE_finish(r->engine); +-#endif +- +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); +- +- if (r->p != NULL) +- BN_clear_free(r->p); +- if (r->q != NULL) +- BN_clear_free(r->q); +- if (r->g != NULL) +- BN_clear_free(r->g); +- if (r->pub_key != NULL) +- BN_clear_free(r->pub_key); +- if (r->priv_key != NULL) +- BN_clear_free(r->priv_key); +- if (r->kinv != NULL) +- BN_clear_free(r->kinv); +- if (r->r != NULL) +- BN_clear_free(r->r); +- OPENSSL_free(r); +-} +- +-int DSA_up_ref(DSA *r) +-{ +- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); +-#ifdef REF_PRINT +- REF_PRINT("DSA", r); +-#endif +-#ifdef REF_CHECK +- if (i < 2) { +- fprintf(stderr, "DSA_up_ref, bad reference count\n"); +- abort(); +- } +-#endif +- return ((i > 1) ? 1 : 0); +-} +- +-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +-{ +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, +- new_func, dup_func, free_func); +-} +- +-int DSA_set_ex_data(DSA *d, int idx, void *arg) +-{ +- return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); +-} +- +-void *DSA_get_ex_data(DSA *d, int idx) +-{ +- return (CRYPTO_get_ex_data(&d->ex_data, idx)); +-} +- +-#ifndef OPENSSL_NO_DH +-DH *DSA_dup_DH(const DSA *r) +-{ +- /* +- * DSA has p, q, g, optional pub_key, optional priv_key. DH has p, +- * optional length, g, optional pub_key, optional priv_key. +- */ +- +- DH *ret = NULL; +- +- if (r == NULL) +- goto err; +- ret = DH_new(); +- if (ret == NULL) +- goto err; +- if (r->p != NULL) +- if ((ret->p = BN_dup(r->p)) == NULL) +- goto err; +- if (r->q != NULL) +- ret->length = BN_num_bits(r->q); +- if (r->g != NULL) +- if ((ret->g = BN_dup(r->g)) == NULL) +- goto err; +- if (r->pub_key != NULL) +- if ((ret->pub_key = BN_dup(r->pub_key)) == NULL) +- goto err; +- if (r->priv_key != NULL) +- if ((ret->priv_key = BN_dup(r->priv_key)) == NULL) +- goto err; +- +- return ret; +- +- err: +- if (ret != NULL) +- DH_free(ret); +- return NULL; +-} +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c +deleted file mode 100644 +index f993844..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c ++++ /dev/null +@@ -1,412 +0,0 @@ +-/* crypto/dsa/dsa_ossl.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-/* Original version from Steven Schoch */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +- +-#ifndef OPENSSL_FIPS +- +-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp); +-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, +- DSA_SIG *sig, DSA *dsa); +-static int dsa_init(DSA *dsa); +-static int dsa_finish(DSA *dsa); +- +-static DSA_METHOD openssl_dsa_meth = { +- "OpenSSL DSA method", +- dsa_do_sign, +- dsa_sign_setup, +- dsa_do_verify, +- NULL, /* dsa_mod_exp, */ +- NULL, /* dsa_bn_mod_exp, */ +- dsa_init, +- dsa_finish, +- 0, +- NULL, +- NULL, +- NULL +-}; +- +-/*- +- * These macro wrappers replace attempts to use the dsa_mod_exp() and +- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of +- * having a the macro work as an expression by bundling an "err_instr". So; +- * +- * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, +- * dsa->method_mont_p)) goto err; +- * +- * can be replaced by; +- * +- * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx, +- * dsa->method_mont_p); +- */ +- +-# define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ +- do { \ +- int _tmp_res53; \ +- if((dsa)->meth->dsa_mod_exp) \ +- _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ +- (a2), (p2), (m), (ctx), (in_mont)); \ +- else \ +- _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ +- (m), (ctx), (in_mont)); \ +- if(!_tmp_res53) err_instr; \ +- } while(0) +-# define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ +- do { \ +- int _tmp_res53; \ +- if((dsa)->meth->bn_mod_exp) \ +- _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ +- (m), (ctx), (m_ctx)); \ +- else \ +- _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ +- if(!_tmp_res53) err_instr; \ +- } while(0) +- +-const DSA_METHOD *DSA_OpenSSL(void) +-{ +- return &openssl_dsa_meth; +-} +- +-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +-{ +- BIGNUM *kinv = NULL, *r = NULL, *s = NULL; +- BIGNUM m; +- BIGNUM xr; +- BN_CTX *ctx = NULL; +- int i, reason = ERR_R_BN_LIB; +- DSA_SIG *ret = NULL; +- +- BN_init(&m); +- BN_init(&xr); +- +- if (!dsa->p || !dsa->q || !dsa->g) { +- reason = DSA_R_MISSING_PARAMETERS; +- goto err; +- } +- +- s = BN_new(); +- if (s == NULL) +- goto err; +- +- i = BN_num_bytes(dsa->q); /* should be 20 */ +- if ((dlen > i) || (dlen > 50)) { +- reason = DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; +- goto err; +- } +- +- ctx = BN_CTX_new(); +- if (ctx == NULL) +- goto err; +- +- if ((dsa->kinv == NULL) || (dsa->r == NULL)) { +- if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) +- goto err; +- } else { +- kinv = dsa->kinv; +- dsa->kinv = NULL; +- r = dsa->r; +- dsa->r = NULL; +- } +- +- if (BN_bin2bn(dgst, dlen, &m) == NULL) +- goto err; +- +- /* Compute s = inv(k) (m + xr) mod q */ +- if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) +- goto err; /* s = xr */ +- if (!BN_add(s, &xr, &m)) +- goto err; /* s = m + xr */ +- if (BN_cmp(s, dsa->q) > 0) +- if (!BN_sub(s, s, dsa->q)) +- goto err; +- if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) +- goto err; +- +- ret = DSA_SIG_new(); +- if (ret == NULL) +- goto err; +- ret->r = r; +- ret->s = s; +- +- err: +- if (!ret) { +- DSAerr(DSA_F_DSA_DO_SIGN, reason); +- BN_free(r); +- BN_free(s); +- } +- if (ctx != NULL) +- BN_CTX_free(ctx); +- BN_clear_free(&m); +- BN_clear_free(&xr); +- if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ +- BN_clear_free(kinv); +- return (ret); +-} +- +-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp) +-{ +- BN_CTX *ctx; +- BIGNUM k, kq, *K, *kinv = NULL, *r = NULL; +- int ret = 0; +- +- if (!dsa->p || !dsa->q || !dsa->g) { +- DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); +- return 0; +- } +- +- BN_init(&k); +- BN_init(&kq); +- +- if (ctx_in == NULL) { +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- } else +- ctx = ctx_in; +- +- if ((r = BN_new()) == NULL) +- goto err; +- +- /* Get random k */ +- do +- if (!BN_rand_range(&k, dsa->q)) +- goto err; +- while (BN_is_zero(&k)) ; +- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { +- BN_set_flags(&k, BN_FLG_CONSTTIME); +- } +- +- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { +- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, +- CRYPTO_LOCK_DSA, dsa->p, ctx)) +- goto err; +- } +- +- /* Compute r = (g^k mod p) mod q */ +- +- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { +- if (!BN_copy(&kq, &k)) +- goto err; +- +- /* +- * We do not want timing information to leak the length of k, so we +- * compute g^k using an equivalent exponent of fixed length. (This +- * is a kludge that we need because the BN_mod_exp_mont() does not +- * let us specify the desired timing behaviour.) +- */ +- +- if (!BN_add(&kq, &kq, dsa->q)) +- goto err; +- if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) { +- if (!BN_add(&kq, &kq, dsa->q)) +- goto err; +- } +- +- K = &kq; +- } else { +- K = &k; +- } +- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, +- dsa->method_mont_p); +- if (!BN_mod(r, r, dsa->q, ctx)) +- goto err; +- +- /* Compute part of 's = inv(k) (m + xr) mod q' */ +- if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL) +- goto err; +- +- if (*kinvp != NULL) +- BN_clear_free(*kinvp); +- *kinvp = kinv; +- kinv = NULL; +- if (*rp != NULL) +- BN_clear_free(*rp); +- *rp = r; +- ret = 1; +- err: +- if (!ret) { +- DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB); +- if (kinv != NULL) +- BN_clear_free(kinv); +- if (r != NULL) +- BN_clear_free(r); +- } +- if (ctx_in == NULL) +- BN_CTX_free(ctx); +- if (kinv != NULL) +- BN_clear_free(kinv); +- BN_clear_free(&k); +- BN_clear_free(&kq); +- return (ret); +-} +- +-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, +- DSA_SIG *sig, DSA *dsa) +-{ +- BN_CTX *ctx; +- BIGNUM u1, u2, t1; +- BN_MONT_CTX *mont = NULL; +- int ret = -1; +- if (!dsa->p || !dsa->q || !dsa->g) { +- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS); +- return -1; +- } +- +- if (BN_num_bits(dsa->q) != 160) { +- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); +- return -1; +- } +- +- if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { +- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); +- return -1; +- } +- +- BN_init(&u1); +- BN_init(&u2); +- BN_init(&t1); +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- +- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || +- BN_ucmp(sig->r, dsa->q) >= 0) { +- ret = 0; +- goto err; +- } +- if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || +- BN_ucmp(sig->s, dsa->q) >= 0) { +- ret = 0; +- goto err; +- } +- +- /* +- * Calculate W = inv(S) mod Q save W in u2 +- */ +- if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL) +- goto err; +- +- /* save M in u1 */ +- if (BN_bin2bn(dgst, dgst_len, &u1) == NULL) +- goto err; +- +- /* u1 = M * w mod q */ +- if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) +- goto err; +- +- /* u2 = r * w mod q */ +- if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) +- goto err; +- +- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { +- mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, +- CRYPTO_LOCK_DSA, dsa->p, ctx); +- if (!mont) +- goto err; +- } +- +- DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, +- ctx, mont); +- /* BN_copy(&u1,&t1); */ +- /* let u1 = u1 mod q */ +- if (!BN_mod(&u1, &t1, dsa->q, ctx)) +- goto err; +- +- /* +- * V is now in u1. If the signature is correct, it will be equal to R. +- */ +- ret = (BN_ucmp(&u1, sig->r) == 0); +- +- err: +- /* +- * XXX: surely this is wrong - if ret is 0, it just didn't verify; there +- * is no error in BN. Test should be ret == -1 (Ben) +- */ +- if (ret != 1) +- DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); +- if (ctx != NULL) +- BN_CTX_free(ctx); +- BN_free(&u1); +- BN_free(&u2); +- BN_free(&t1); +- return (ret); +-} +- +-static int dsa_init(DSA *dsa) +-{ +- dsa->flags |= DSA_FLAG_CACHE_MONT_P; +- return (1); +-} +- +-static int dsa_finish(DSA *dsa) +-{ +- if (dsa->method_mont_p) +- BN_MONT_CTX_free(dsa->method_mont_p); +- return (1); +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c +deleted file mode 100644 +index 0b32261..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c ++++ /dev/null +@@ -1,92 +0,0 @@ +-/* crypto/dsa/dsa_sign.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-/* Original version from Steven Schoch */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +-{ +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { +- DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return NULL; +- } +-#endif +- return dsa->meth->dsa_do_sign(dgst, dlen, dsa); +-} +- +-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +-{ +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { +- DSAerr(DSA_F_DSA_SIGN_SETUP, +- DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } +-#endif +- return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); +-} +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c +deleted file mode 100644 +index 6cc4479..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c ++++ /dev/null +@@ -1,93 +0,0 @@ +-/* crypto/dsa/dsa_lib.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-/* Original version from Steven Schoch */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +-#ifndef OPENSSL_NO_DH +-# include +-#endif +- +-DSA_SIG *DSA_SIG_new(void) +-{ +- DSA_SIG *sig; +- sig = OPENSSL_malloc(sizeof(DSA_SIG)); +- if (!sig) +- return NULL; +- sig->r = NULL; +- sig->s = NULL; +- return sig; +-} +- +-void DSA_SIG_free(DSA_SIG *sig) +-{ +- if (sig) { +- if (sig->r) +- BN_free(sig->r); +- if (sig->s) +- BN_free(sig->s); +- OPENSSL_free(sig); +- } +-} +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c +deleted file mode 100644 +index 5a5d9e1..0000000 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c ++++ /dev/null +@@ -1,83 +0,0 @@ +-/* crypto/dsa/dsa_vrf.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-/* Original version from Steven Schoch */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-#include +- +-int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, +- DSA *dsa) +-{ +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { +- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } +-#endif +- return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); +-} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_beos.c b/Cryptlib/OpenSSL/crypto/dso/dso_beos.c +new file mode 100644 +index 0000000..68ebcd8 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_beos.c +@@ -0,0 +1,253 @@ ++/* dso_beos.c */ ++/* ++ * Written by Marcin Konicki (ahwayakchih@neoni.net) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++#include "cryptlib.h" ++#include ++ ++#if !defined(OPENSSL_SYS_BEOS) ++DSO_METHOD *DSO_METHOD_beos(void) ++{ ++ return NULL; ++} ++#else ++ ++# include ++ ++static int beos_load(DSO *dso); ++static int beos_unload(DSO *dso); ++static void *beos_bind_var(DSO *dso, const char *symname); ++static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname); ++# if 0 ++static int beos_unbind_var(DSO *dso, char *symname, void *symptr); ++static int beos_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); ++static int beos_init(DSO *dso); ++static int beos_finish(DSO *dso); ++static long beos_ctrl(DSO *dso, int cmd, long larg, void *parg); ++# endif ++static char *beos_name_converter(DSO *dso, const char *filename); ++ ++static DSO_METHOD dso_meth_beos = { ++ "OpenSSL 'beos' shared library method", ++ beos_load, ++ beos_unload, ++ beos_bind_var, ++ beos_bind_func, ++/* For now, "unbind" doesn't exist */ ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif ++ NULL, /* ctrl */ ++ beos_name_converter, ++ NULL, /* init */ ++ NULL /* finish */ ++}; ++ ++DSO_METHOD *DSO_METHOD_beos(void) ++{ ++ return (&dso_meth_beos); ++} ++ ++/* ++ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to ++ * the handle (image_id) returned from load_add_on(). ++ */ ++ ++static int beos_load(DSO *dso) ++{ ++ image_id id; ++ /* See applicable comments from dso_dl.c */ ++ char *filename = DSO_convert_filename(dso, NULL); ++ ++ if (filename == NULL) { ++ DSOerr(DSO_F_BEOS_LOAD, DSO_R_NO_FILENAME); ++ goto err; ++ } ++ id = load_add_on(filename); ++ if (id < 1) { ++ DSOerr(DSO_F_BEOS_LOAD, DSO_R_LOAD_FAILED); ++ ERR_add_error_data(3, "filename(", filename, ")"); ++ goto err; ++ } ++ if (!sk_push(dso->meth_data, (char *)id)) { ++ DSOerr(DSO_F_BEOS_LOAD, DSO_R_STACK_ERROR); ++ goto err; ++ } ++ /* Success */ ++ dso->loaded_filename = filename; ++ return (1); ++ err: ++ /* Cleanup ! */ ++ if (filename != NULL) ++ OPENSSL_free(filename); ++ if (id > 0) ++ unload_add_on(id); ++ return (0); ++} ++ ++static int beos_unload(DSO *dso) ++{ ++ image_id id; ++ if (dso == NULL) { ++ DSOerr(DSO_F_BEOS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ if (sk_num(dso->meth_data) < 1) ++ return (1); ++ id = (image_id) sk_pop(dso->meth_data); ++ if (id < 1) { ++ DSOerr(DSO_F_BEOS_UNLOAD, DSO_R_NULL_HANDLE); ++ return (0); ++ } ++ if (unload_add_on(id) != B_OK) { ++ DSOerr(DSO_F_BEOS_UNLOAD, DSO_R_UNLOAD_FAILED); ++ /* ++ * We should push the value back onto the stack in case of a retry. ++ */ ++ sk_push(dso->meth_data, (char *)id); ++ return (0); ++ } ++ return (1); ++} ++ ++static void *beos_bind_var(DSO *dso, const char *symname) ++{ ++ image_id id; ++ void *sym; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_BEOS_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ id = (image_id) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (id < 1) { ++ DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ if (get_image_symbol(id, symname, B_SYMBOL_TYPE_DATA, &sym) != B_OK) { ++ DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(3, "symname(", symname, ")"); ++ return (NULL); ++ } ++ return (sym); ++} ++ ++static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname) ++{ ++ image_id id; ++ void *sym; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_BEOS_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ id = (image_id) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (id < 1) { ++ DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ if (get_image_symbol(id, symname, B_SYMBOL_TYPE_TEXT, &sym) != B_OK) { ++ DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(3, "symname(", symname, ")"); ++ return (NULL); ++ } ++ return ((DSO_FUNC_TYPE)sym); ++} ++ ++/* This one is the same as the one in dlfcn */ ++static char *beos_name_converter(DSO *dso, const char *filename) ++{ ++ char *translated; ++ int len, rsize, transform; ++ ++ len = strlen(filename); ++ rsize = len + 1; ++ transform = (strstr(filename, "/") == NULL); ++ if (transform) { ++ /* We will convert this to "%s.so" or "lib%s.so" */ ++ rsize += 3; /* The length of ".so" */ ++ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) ++ rsize += 3; /* The length of "lib" */ ++ } ++ translated = OPENSSL_malloc(rsize); ++ if (translated == NULL) { ++ DSOerr(DSO_F_BEOS_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); ++ return (NULL); ++ } ++ if (transform) { ++ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) ++ sprintf(translated, "lib%s.so", filename); ++ else ++ sprintf(translated, "%s.so", filename); ++ } else ++ sprintf(translated, "%s", filename); ++ return (translated); ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c +index 25c9c13..0087ac5 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c +@@ -87,6 +87,8 @@ static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); + static char *dl_name_converter(DSO *dso, const char *filename); + static char *dl_merger(DSO *dso, const char *filespec1, + const char *filespec2); ++static int dl_pathbyaddr(void *addr, char *path, int sz); ++static void *dl_globallookup(const char *name); + + static DSO_METHOD dso_meth_dl = { + "OpenSSL 'dl' shared library method", +@@ -103,7 +105,9 @@ static DSO_METHOD dso_meth_dl = { + dl_name_converter, + dl_merger, + NULL, /* init */ +- NULL /* finish */ ++ NULL, /* finish */ ++ dl_pathbyaddr, ++ dl_globallookup + }; + + DSO_METHOD *DSO_METHOD_dl(void) +@@ -334,4 +338,43 @@ static char *dl_name_converter(DSO *dso, const char *filename) + return (translated); + } + ++static int dl_pathbyaddr(void *addr, char *path, int sz) ++{ ++ struct shl_descriptor inf; ++ int i, len; ++ ++ if (addr == NULL) { ++ union { ++ int (*f) (void *, char *, int); ++ void *p; ++ } t = { ++ dl_pathbyaddr ++ }; ++ addr = t.p; ++ } ++ ++ for (i = -1; shl_get_r(i, &inf) == 0; i++) { ++ if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) || ++ ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) { ++ len = (int)strlen(inf.filename); ++ if (sz <= 0) ++ return len + 1; ++ if (len >= sz) ++ len = sz - 1; ++ memcpy(path, inf.filename, len); ++ path[len++] = 0; ++ return len; ++ } ++ } ++ ++ return -1; ++} ++ ++static void *dl_globallookup(const char *name) ++{ ++ void *ret; ++ shl_t h = NULL; ++ ++ return shl_findsym(&h, name, TYPE_UNDEFINED, &ret) ? NULL : ret; ++} + #endif /* DSO_DL */ +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c +index f01255a..f629f03 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c +@@ -57,6 +57,15 @@ + * + */ + ++/* ++ * We need to do this early, because stdio.h includes the header files that ++ * handle _GNU_SOURCE and other similar macros. Defining it later is simply ++ * too late, because those headers are protected from re- inclusion. ++ */ ++#ifndef _GNU_SOURCE ++# define _GNU_SOURCE /* make sure dladdr is declared */ ++#endif ++ + #include + #include "cryptlib.h" + #include +@@ -69,7 +78,18 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) + #else + + # ifdef HAVE_DLFCN_H ++# ifdef __osf__ ++# define __EXTENSIONS__ ++# endif + # include ++# define HAVE_DLINFO 1 ++# if defined(_AIX) || defined(__CYGWIN__) || \ ++ defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ ++ (defined(__osf__) && !defined(RTLD_NEXT)) || \ ++ (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \ ++ defined(__ANDROID__) ++# undef HAVE_DLINFO ++# endif + # endif + + /* Part of the hack in "dlfcn_load" ... */ +@@ -88,6 +108,8 @@ static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); + static char *dlfcn_name_converter(DSO *dso, const char *filename); + static char *dlfcn_merger(DSO *dso, const char *filespec1, + const char *filespec2); ++static int dlfcn_pathbyaddr(void *addr, char *path, int sz); ++static void *dlfcn_globallookup(const char *name); + + static DSO_METHOD dso_meth_dlfcn = { + "OpenSSL 'dlfcn' shared library method", +@@ -104,7 +126,9 @@ static DSO_METHOD dso_meth_dlfcn = { + dlfcn_name_converter, + dlfcn_merger, + NULL, /* init */ +- NULL /* finish */ ++ NULL, /* finish */ ++ dlfcn_pathbyaddr, ++ dlfcn_globallookup + }; + + DSO_METHOD *DSO_METHOD_dlfcn(void) +@@ -164,7 +188,7 @@ static int dlfcn_load(DSO *dso) + ERR_add_error_data(4, "filename(", filename, "): ", dlerror()); + goto err; + } +- if (!sk_push(dso->meth_data, (char *)ptr)) { ++ if (!sk_void_push(dso->meth_data, (char *)ptr)) { + DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR); + goto err; + } +@@ -187,15 +211,15 @@ static int dlfcn_unload(DSO *dso) + DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } +- if (sk_num(dso->meth_data) < 1) ++ if (sk_void_num(dso->meth_data) < 1) + return (1); +- ptr = (void *)sk_pop(dso->meth_data); ++ ptr = sk_void_pop(dso->meth_data); + if (ptr == NULL) { + DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE); + /* + * Should push the value back onto the stack in case of a retry. + */ +- sk_push(dso->meth_data, (char *)ptr); ++ sk_void_push(dso->meth_data, ptr); + return (0); + } + /* For now I'm not aware of any errors associated with dlclose() */ +@@ -211,11 +235,11 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname) + DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } +- if (sk_num(dso->meth_data) < 1) { ++ if (sk_void_num(dso->meth_data) < 1) { + DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR); + return (NULL); + } +- ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); + if (ptr == NULL) { + DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE); + return (NULL); +@@ -241,11 +265,11 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) + DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } +- if (sk_num(dso->meth_data) < 1) { ++ if (sk_void_num(dso->meth_data) < 1) { + DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR); + return (NULL); + } +- ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); + if (ptr == NULL) { + DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE); + return (NULL); +@@ -272,7 +296,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, + * If the first file specification is a rooted path, it rules. same goes + * if the second file specification is missing. + */ +- if (!filespec2 || filespec1[0] == '/') { ++ if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) { + merged = OPENSSL_malloc(strlen(filespec1) + 1); + if (!merged) { + DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); +@@ -290,7 +314,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, + return (NULL); + } + strcpy(merged, filespec2); +- } else ++ } else { + /* + * This part isn't as trivial as it looks. It assumes that the + * second file specification really is a directory, and makes no +@@ -298,13 +322,12 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, + * concatenation of filespec2 followed by a slash followed by + * filespec1. + */ +- { + int spec2len, len; + +- spec2len = (filespec2 ? strlen(filespec2) : 0); +- len = spec2len + (filespec1 ? strlen(filespec1) : 0); ++ spec2len = strlen(filespec2); ++ len = spec2len + strlen(filespec1); + +- if (filespec2 && filespec2[spec2len - 1] == '/') { ++ if (spec2len && filespec2[spec2len - 1] == '/') { + spec2len--; + len--; + } +@@ -357,4 +380,86 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) + return (translated); + } + ++# ifdef __sgi ++/*- ++This is a quote from IRIX manual for dladdr(3c): ++ ++ does not contain a prototype for dladdr or definition of ++ Dl_info. The #include in the SYNOPSIS line is traditional, ++ but contains no dladdr prototype and no IRIX library contains an ++ implementation. Write your own declaration based on the code below. ++ ++ The following code is dependent on internal interfaces that are not ++ part of the IRIX compatibility guarantee; however, there is no future ++ intention to change this interface, so on a practical level, the code ++ below is safe to use on IRIX. ++*/ ++# include ++# ifndef _RLD_INTERFACE_DLFCN_H_DLADDR ++# define _RLD_INTERFACE_DLFCN_H_DLADDR ++typedef struct Dl_info { ++ const char *dli_fname; ++ void *dli_fbase; ++ const char *dli_sname; ++ void *dli_saddr; ++ int dli_version; ++ int dli_reserved1; ++ long dli_reserved[4]; ++} Dl_info; ++# else ++typedef struct Dl_info Dl_info; ++# endif ++# define _RLD_DLADDR 14 ++ ++static int dladdr(void *address, Dl_info *dl) ++{ ++ void *v; ++ v = _rld_new_interface(_RLD_DLADDR, address, dl); ++ return (int)v; ++} ++# endif /* __sgi */ ++ ++static int dlfcn_pathbyaddr(void *addr, char *path, int sz) ++{ ++# ifdef HAVE_DLINFO ++ Dl_info dli; ++ int len; ++ ++ if (addr == NULL) { ++ union { ++ int (*f) (void *, char *, int); ++ void *p; ++ } t = { ++ dlfcn_pathbyaddr ++ }; ++ addr = t.p; ++ } ++ ++ if (dladdr(addr, &dli)) { ++ len = (int)strlen(dli.dli_fname); ++ if (sz <= 0) ++ return len + 1; ++ if (len >= sz) ++ len = sz - 1; ++ memcpy(path, dli.dli_fname, len); ++ path[len++] = 0; ++ return len; ++ } ++ ++ ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror()); ++# endif ++ return -1; ++} ++ ++static void *dlfcn_globallookup(const char *name) ++{ ++ void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY); ++ ++ if (handle) { ++ ret = dlsym(handle, name); ++ dlclose(handle); ++ } ++ ++ return ret; ++} + #endif /* DSO_DLFCN */ +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c +index 7a1927e..e143cc0 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_err.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_err.c +@@ -1,6 +1,6 @@ + /* crypto/dso/dso_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -70,6 +70,11 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) + + static ERR_STRING_DATA DSO_str_functs[] = { ++ {ERR_FUNC(DSO_F_BEOS_BIND_FUNC), "BEOS_BIND_FUNC"}, ++ {ERR_FUNC(DSO_F_BEOS_BIND_VAR), "BEOS_BIND_VAR"}, ++ {ERR_FUNC(DSO_F_BEOS_LOAD), "BEOS_LOAD"}, ++ {ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER), "BEOS_NAME_CONVERTER"}, ++ {ERR_FUNC(DSO_F_BEOS_UNLOAD), "BEOS_UNLOAD"}, + {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, + {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, + {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, +@@ -89,22 +94,29 @@ static ERR_STRING_DATA DSO_str_functs[] = { + {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, + {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, + {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, ++ {ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP), "DSO_global_lookup"}, + {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, + {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, + {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, ++ {ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"}, + {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, + {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, + {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, ++ {ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC), "GLOBAL_LOOKUP_FUNC"}, ++ {ERR_FUNC(DSO_F_PATHBYADDR), "PATHBYADDR"}, + {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, + {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, + {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, + {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, + {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, + {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, ++ {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "WIN32_GLOBALLOOKUP"}, ++ {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC), "WIN32_GLOBALLOOKUP_FUNC"}, + {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, + {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, + {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, + {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, ++ {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "WIN32_PATHBYADDR"}, + {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, + {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, + {0, NULL} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c +index f158466..09b8eaf 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c +@@ -109,7 +109,7 @@ DSO *DSO_new_method(DSO_METHOD *meth) + return (NULL); + } + memset(ret, 0, sizeof(DSO)); +- ret->meth_data = sk_new_null(); ++ ret->meth_data = sk_void_new_null(); + if (ret->meth_data == NULL) { + /* sk_new doesn't generate any errors so we do */ + DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); +@@ -160,7 +160,7 @@ int DSO_free(DSO *dso) + return (0); + } + +- sk_free(dso->meth_data); ++ sk_void_free(dso->meth_data); + if (dso->filename != NULL) + OPENSSL_free(dso->filename); + if (dso->loaded_filename != NULL) +@@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) + * honest. For one thing, I think I have to return a negative value for any + * error because possible DSO_ctrl() commands may return values such as + * "size"s that can legitimately be zero (making the standard +- * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd ++ * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd + * times. I'd prefer "output" values to be passed by reference and the return + * value as success/failure like usual ... but we conform when we must... :-) + */ +@@ -373,12 +373,6 @@ char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) + DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } +- if (filespec1 == NULL) +- filespec1 = dso->filename; +- if (filespec1 == NULL) { +- DSOerr(DSO_F_DSO_MERGE, DSO_R_NO_FILE_SPECIFICATION); +- return (NULL); +- } + if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { + if (dso->merger != NULL) + result = dso->merger(dso, filespec1, filespec2); +@@ -427,3 +421,27 @@ const char *DSO_get_loaded_filename(DSO *dso) + } + return (dso->loaded_filename); + } ++ ++int DSO_pathbyaddr(void *addr, char *path, int sz) ++{ ++ DSO_METHOD *meth = default_DSO_meth; ++ if (meth == NULL) ++ meth = DSO_METHOD_openssl(); ++ if (meth->pathbyaddr == NULL) { ++ DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED); ++ return -1; ++ } ++ return (*meth->pathbyaddr) (addr, path, sz); ++} ++ ++void *DSO_global_lookup(const char *name) ++{ ++ DSO_METHOD *meth = default_DSO_meth; ++ if (meth == NULL) ++ meth = DSO_METHOD_openssl(); ++ if (meth->globallookup == NULL) { ++ DSOerr(DSO_F_DSO_GLOBAL_LOOKUP, DSO_R_UNSUPPORTED); ++ return NULL; ++ } ++ return (*meth->globallookup) (name); ++} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c +index 3d11272..20122d1 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_null.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_null.c +@@ -81,7 +81,9 @@ static DSO_METHOD dso_meth_null = { + NULL, /* dso_name_converter */ + NULL, /* dso_merger */ + NULL, /* init */ +- NULL /* finish */ ++ NULL, /* finish */ ++ NULL, /* pathbyaddr */ ++ NULL /* globallookup */ + }; + + DSO_METHOD *DSO_METHOD_null(void) +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c +index 27b7d55..087e989 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c +@@ -75,6 +75,8 @@ DSO_METHOD *DSO_METHOD_openssl(void) + return (DSO_METHOD_win32()); + #elif defined(DSO_VMS) + return (DSO_METHOD_vms()); ++#elif defined(DSO_BEOS) ++ return (DSO_METHOD_beos()); + #else + return (DSO_METHOD_null()); + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c +index 12e1db3..d0794b8 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c +@@ -62,14 +62,6 @@ + #include + #include "cryptlib.h" + #include +-#ifdef OPENSSL_SYS_VMS +-# pragma message disable DOLLARID +-# include +-# include +-# include +-# include +-# include +-#endif + + #ifndef OPENSSL_SYS_VMS + DSO_METHOD *DSO_METHOD_vms(void) +@@ -77,6 +69,26 @@ DSO_METHOD *DSO_METHOD_vms(void) + return NULL; + } + #else ++ ++# pragma message disable DOLLARID ++# include ++# include ++# include ++# include ++# include ++# include "vms_rms.h" ++ ++/* Some compiler options may mask the declaration of "_malloc32". */ ++# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE ++# if __INITIAL_POINTER_SIZE == 64 ++# pragma pointer_size save ++# pragma pointer_size 32 ++void *_malloc32(__size_t); ++# pragma pointer_size restore ++# endif /* __INITIAL_POINTER_SIZE == 64 */ ++# endif /* __INITIAL_POINTER_SIZE && defined ++ * _ANSI_C_SOURCE */ ++ + # pragma message disable DOLLARID + + static int vms_load(DSO *dso); +@@ -124,13 +136,13 @@ typedef struct dso_internal_st { + * but a name. + */ + struct dsc$descriptor_s filename_dsc; +- char filename[FILENAME_MAX + 1]; ++ char filename[NAMX_MAXRSS + 1]; + /* + * This contains whatever is not in filename, if needed. Normally not + * defined. + */ + struct dsc$descriptor_s imagename_dsc; +- char imagename[FILENAME_MAX + 1]; ++ char imagename[NAMX_MAXRSS + 1]; + } DSO_VMS_INTERNAL; + + DSO_METHOD *DSO_METHOD_vms(void) +@@ -143,8 +155,24 @@ static int vms_load(DSO *dso) + void *ptr = NULL; + /* See applicable comments in dso_dl.c */ + char *filename = DSO_convert_filename(dso, NULL); +- DSO_VMS_INTERNAL *p; ++ ++/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */ ++# if __INITIAL_POINTER_SIZE == 64 ++# define DSO_MALLOC _malloc32 ++# pragma pointer_size save ++# pragma pointer_size 32 ++# else /* __INITIAL_POINTER_SIZE == 64 */ ++# define DSO_MALLOC OPENSSL_malloc ++# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ ++ ++ DSO_VMS_INTERNAL *p = NULL; ++ ++# if __INITIAL_POINTER_SIZE == 64 ++# pragma pointer_size restore ++# endif /* __INITIAL_POINTER_SIZE == 64 */ ++ + const char *sp1, *sp2; /* Search result */ ++ const char *ext = NULL; /* possible extension to add */ + + if (filename == NULL) { + DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME); +@@ -187,11 +215,19 @@ static int vms_load(DSO *dso) + /* Now, let's see if there's a type, and save the position in sp2 */ + sp2 = strchr(sp1, '.'); + /* ++ * If there is a period and the next character is a semi-colon, ++ * we need to add an extension ++ */ ++ if (sp2 != NULL && sp2[1] == ';') ++ ext = ".EXE"; ++ /* + * If we found it, that's where we'll cut. Otherwise, look for a version + * number and save the position in sp2 + */ +- if (sp2 == NULL) ++ if (sp2 == NULL) { + sp2 = strchr(sp1, ';'); ++ ext = ".EXE"; ++ } + /* + * If there was still nothing to find, set sp2 to point at the end of the + * string +@@ -206,7 +242,7 @@ static int vms_load(DSO *dso) + goto err; + } + +- p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL)); ++ p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL)); + if (p == NULL) { + DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE); + goto err; +@@ -217,6 +253,11 @@ static int vms_load(DSO *dso) + + strncpy(p->imagename, filename, sp1 - filename); + p->imagename[sp1 - filename] = '\0'; ++ if (ext) { ++ strcat(p->imagename, ext); ++ if (*sp2 == '.') ++ sp2++; ++ } + strcat(p->imagename, sp2); + + p->filename_dsc.dsc$w_length = strlen(p->filename); +@@ -228,7 +269,7 @@ static int vms_load(DSO *dso) + p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; + p->imagename_dsc.dsc$a_pointer = p->imagename; + +- if (!sk_push(dso->meth_data, (char *)p)) { ++ if (!sk_void_push(dso->meth_data, (char *)p)) { + DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR); + goto err; + } +@@ -257,9 +298,9 @@ static int vms_unload(DSO *dso) + DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } +- if (sk_num(dso->meth_data) < 1) ++ if (sk_void_num(dso->meth_data) < 1) + return (1); +- p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data); ++ p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data); + if (p == NULL) { + DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE); + return (0); +@@ -304,23 +345,42 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) + int flags = 0; + # endif + struct dsc$descriptor_s symname_dsc; +- *sym = NULL; + +- symname_dsc.dsc$w_length = strlen(symname); +- symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; +- symname_dsc.dsc$b_class = DSC$K_CLASS_S; +- symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ ++/* Arrange 32-bit pointer to (copied) string storage, if needed. */ ++# if __INITIAL_POINTER_SIZE == 64 ++# define SYMNAME symname_32p ++# pragma pointer_size save ++# pragma pointer_size 32 ++ char *symname_32p; ++# pragma pointer_size restore ++ char symname_32[NAMX_MAXRSS + 1]; ++# else /* __INITIAL_POINTER_SIZE == 64 */ ++# define SYMNAME ((char *) symname) ++# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ ++ ++ *sym = NULL; + + if ((dso == NULL) || (symname == NULL)) { + DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER); + return; + } +- if (sk_num(dso->meth_data) < 1) { ++# if __INITIAL_POINTER_SIZE == 64 ++ /* Copy the symbol name to storage with a 32-bit pointer. */ ++ symname_32p = symname_32; ++ strcpy(symname_32p, symname); ++# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ ++ ++ symname_dsc.dsc$w_length = strlen(SYMNAME); ++ symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; ++ symname_dsc.dsc$b_class = DSC$K_CLASS_S; ++ symname_dsc.dsc$a_pointer = SYMNAME; ++ ++ if (sk_void_num(dso->meth_data) < 1) { + DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR); + return; + } +- ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, +- sk_num(dso->meth_data) - 1); ++ ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data, ++ sk_void_num(dso->meth_data) - 1); + if (ptr == NULL) { + DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE); + return; +@@ -387,15 +447,26 @@ static char *vms_merger(DSO *dso, const char *filespec1, + int status; + int filespec1len, filespec2len; + struct FAB fab; +-# ifdef NAML$C_MAXRSS +- struct NAML nam; +- char esa[NAML$C_MAXRSS]; +-# else +- struct NAM nam; +- char esa[NAM$C_MAXRSS]; +-# endif ++ struct NAMX_STRUCT nam; ++ char esa[NAMX_MAXRSS + 1]; + char *merged; + ++/* Arrange 32-bit pointer to (copied) string storage, if needed. */ ++# if __INITIAL_POINTER_SIZE == 64 ++# define FILESPEC1 filespec1_32p; ++# define FILESPEC2 filespec2_32p; ++# pragma pointer_size save ++# pragma pointer_size 32 ++ char *filespec1_32p; ++ char *filespec2_32p; ++# pragma pointer_size restore ++ char filespec1_32[NAMX_MAXRSS + 1]; ++ char filespec2_32[NAMX_MAXRSS + 1]; ++# else /* __INITIAL_POINTER_SIZE == 64 */ ++# define FILESPEC1 ((char *) filespec1) ++# define FILESPEC2 ((char *) filespec2) ++# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ ++ + if (!filespec1) + filespec1 = ""; + if (!filespec2) +@@ -403,43 +474,29 @@ static char *vms_merger(DSO *dso, const char *filespec1, + filespec1len = strlen(filespec1); + filespec2len = strlen(filespec2); + ++# if __INITIAL_POINTER_SIZE == 64 ++ /* Copy the file names to storage with a 32-bit pointer. */ ++ filespec1_32p = filespec1_32; ++ filespec2_32p = filespec2_32; ++ strcpy(filespec1_32p, filespec1); ++ strcpy(filespec2_32p, filespec2); ++# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ ++ + fab = cc$rms_fab; +-# ifdef NAML$C_MAXRSS +- nam = cc$rms_naml; +-# else +- nam = cc$rms_nam; +-# endif ++ nam = CC_RMS_NAMX; + +- fab.fab$l_fna = (char *)filespec1; +- fab.fab$b_fns = filespec1len; +- fab.fab$l_dna = (char *)filespec2; +- fab.fab$b_dns = filespec2len; +-# ifdef NAML$C_MAXRSS +- if (filespec1len > NAM$C_MAXRSS) { +- fab.fab$l_fna = 0; +- fab.fab$b_fns = 0; +- nam.naml$l_long_filename = (char *)filespec1; +- nam.naml$l_long_filename_size = filespec1len; +- } +- if (filespec2len > NAM$C_MAXRSS) { +- fab.fab$l_dna = 0; +- fab.fab$b_dns = 0; +- nam.naml$l_long_defname = (char *)filespec2; +- nam.naml$l_long_defname_size = filespec2len; +- } +- nam.naml$l_esa = esa; +- nam.naml$b_ess = NAM$C_MAXRSS; +- nam.naml$l_long_expand = esa; +- nam.naml$l_long_expand_alloc = sizeof(esa); +- nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD; +- nam.naml$v_no_short_upcase = 1; +- fab.fab$l_naml = &nam; +-# else +- nam.nam$l_esa = esa; +- nam.nam$b_ess = NAM$C_MAXRSS; +- nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD; +- fab.fab$l_nam = &nam; +-# endif ++ FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1; ++ FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len; ++ FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2; ++ FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len; ++ NAMX_DNA_FNA_SET(fab) ++ ++ nam.NAMX_ESA = esa; ++ nam.NAMX_ESS = NAMX_MAXRSS; ++ nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD; ++ SET_NAMX_NO_SHORT_UPCASE(nam); ++ ++ fab.FAB_NAMX = &nam; + + status = sys$parse(&fab, 0, 0); + +@@ -467,27 +524,12 @@ static char *vms_merger(DSO *dso, const char *filespec1, + } + return (NULL); + } +-# ifdef NAML$C_MAXRSS +- if (nam.naml$l_long_expand_size) { +- merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1); +- if (!merged) +- goto malloc_err; +- strncpy(merged, nam.naml$l_long_expand, nam.naml$l_long_expand_size); +- merged[nam.naml$l_long_expand_size] = '\0'; +- } else { +- merged = OPENSSL_malloc(nam.naml$b_esl + 1); +- if (!merged) +- goto malloc_err; +- strncpy(merged, nam.naml$l_esa, nam.naml$b_esl); +- merged[nam.naml$b_esl] = '\0'; +- } +-# else +- merged = OPENSSL_malloc(nam.nam$b_esl + 1); ++ ++ merged = OPENSSL_malloc(nam.NAMX_ESL + 1); + if (!merged) + goto malloc_err; +- strncpy(merged, nam.nam$l_esa, nam.nam$b_esl); +- merged[nam.nam$b_esl] = '\0'; +-# endif ++ strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL); ++ merged[nam.NAMX_ESL] = '\0'; + return (merged); + malloc_err: + DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE); +@@ -497,7 +539,8 @@ static char *vms_name_converter(DSO *dso, const char *filename) + { + int len = strlen(filename); + char *not_translated = OPENSSL_malloc(len + 1); +- strcpy(not_translated, filename); ++ if (not_translated) ++ strcpy(not_translated, filename); + return (not_translated); + } + +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c +index 973e7eb..c65234e 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c +@@ -98,9 +98,10 @@ static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) + # else + fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR)); + # endif +- if (fnamw == NULL) ++ if (fnamw == NULL) { ++ SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return NULL; +- ++ } + # if defined(_WIN32_WCE) && _WIN32_WCE>=101 + if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0)) + # endif +@@ -128,6 +129,8 @@ static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); + static char *win32_name_converter(DSO *dso, const char *filename); + static char *win32_merger(DSO *dso, const char *filespec1, + const char *filespec2); ++static int win32_pathbyaddr(void *addr, char *path, int sz); ++static void *win32_globallookup(const char *name); + + static const char *openssl_strnchr(const char *string, int c, size_t len); + +@@ -146,7 +149,9 @@ static DSO_METHOD dso_meth_win32 = { + win32_name_converter, + win32_merger, + NULL, /* init */ +- NULL /* finish */ ++ NULL, /* finish */ ++ win32_pathbyaddr, ++ win32_globallookup + }; + + DSO_METHOD *DSO_METHOD_win32(void) +@@ -181,7 +186,7 @@ static int win32_load(DSO *dso) + goto err; + } + *p = h; +- if (!sk_push(dso->meth_data, (char *)p)) { ++ if (!sk_void_push(dso->meth_data, p)) { + DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR); + goto err; + } +@@ -206,9 +211,9 @@ static int win32_unload(DSO *dso) + DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } +- if (sk_num(dso->meth_data) < 1) ++ if (sk_void_num(dso->meth_data) < 1) + return (1); +- p = (HINSTANCE *) sk_pop(dso->meth_data); ++ p = sk_void_pop(dso->meth_data); + if (p == NULL) { + DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE); + return (0); +@@ -218,7 +223,7 @@ static int win32_unload(DSO *dso) + /* + * We should push the value back onto the stack in case of a retry. + */ +- sk_push(dso->meth_data, (char *)p); ++ sk_void_push(dso->meth_data, p); + return (0); + } + /* Cleanup */ +@@ -239,11 +244,11 @@ static void *win32_bind_var(DSO *dso, const char *symname) + DSOerr(DSO_F_WIN32_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } +- if (sk_num(dso->meth_data) < 1) { ++ if (sk_void_num(dso->meth_data) < 1) { + DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_STACK_ERROR); + return (NULL); + } +- ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); + if (ptr == NULL) { + DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_NULL_HANDLE); + return (NULL); +@@ -266,11 +271,11 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) + DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } +- if (sk_num(dso->meth_data) < 1) { ++ if (sk_void_num(dso->meth_data) < 1) { + DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR); + return (NULL); + } +- ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); + if (ptr == NULL) { + DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE); + return (NULL); +@@ -343,7 +348,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, + return (NULL); + } + result->device = start; +- result->devicelen = filename - start; ++ result->devicelen = (int)(filename - start); + position = IN_FILE; + start = ++filename; + result->dir = start; +@@ -351,7 +356,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, + case '\\': + case '/': + if (position == IN_NODE) { +- result->nodelen = filename - start; ++ result->nodelen = (int)(filename - start); + position = IN_FILE; + start = ++filename; + result->dir = start; +@@ -359,17 +364,17 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, + position = IN_FILE; + filename++; + result->dir = start; +- result->dirlen = filename - start; ++ result->dirlen = (int)(filename - start); + start = filename; + } else { + filename++; +- result->dirlen += filename - start; ++ result->dirlen += (int)(filename - start); + start = filename; + } + break; + case '\0': + if (position == IN_NODE) { +- result->nodelen = filename - start; ++ result->nodelen = (int)(filename - start); + } else { + if (filename - start > 0) { + if (assume_last_is_dir) { +@@ -377,10 +382,10 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, + result->dir = start; + result->dirlen = 0; + } +- result->dirlen += filename - start; ++ result->dirlen += (int)(filename - start); + } else { + result->file = start; +- result->filelen = filename - start; ++ result->filelen = (int)(filename - start); + } + } + } +@@ -466,7 +471,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) + end = start + + file_split->predirlen - (start - file_split->predir); + strncpy(&result[offset], start, end - start); +- offset += end - start; ++ offset += (int)(end - start); + result[offset] = '\\'; + offset++; + start = end + 1; +@@ -486,7 +491,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) + if (!end) + end = start + file_split->dirlen - (start - file_split->dir); + strncpy(&result[offset], start, end - start); +- offset += end - start; ++ offset += (int)(end - start); + result[offset] = '\\'; + offset++; + start = end + 1; +@@ -606,4 +611,178 @@ static const char *openssl_strnchr(const char *string, int c, size_t len) + return NULL; + } + +-#endif /* OPENSSL_SYS_WIN32 */ ++# include ++# ifdef _WIN32_WCE ++# define DLLNAME "TOOLHELP.DLL" ++# else ++# ifdef MODULEENTRY32 ++# undef MODULEENTRY32 /* unmask the ASCII version! */ ++# endif ++# define DLLNAME "KERNEL32.DLL" ++# endif ++ ++typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); ++typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); ++typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *); ++ ++static int win32_pathbyaddr(void *addr, char *path, int sz) ++{ ++ HMODULE dll; ++ HANDLE hModuleSnap = INVALID_HANDLE_VALUE; ++ MODULEENTRY32 me32; ++ CREATETOOLHELP32SNAPSHOT create_snap; ++ CLOSETOOLHELP32SNAPSHOT close_snap; ++ MODULE32 module_first, module_next; ++ ++ if (addr == NULL) { ++ union { ++ int (*f) (void *, char *, int); ++ void *p; ++ } t = { ++ win32_pathbyaddr ++ }; ++ addr = t.p; ++ } ++ ++ dll = LoadLibrary(TEXT(DLLNAME)); ++ if (dll == NULL) { ++ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); ++ return -1; ++ } ++ ++ create_snap = (CREATETOOLHELP32SNAPSHOT) ++ GetProcAddress(dll, "CreateToolhelp32Snapshot"); ++ if (create_snap == NULL) { ++ FreeLibrary(dll); ++ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); ++ return -1; ++ } ++ /* We take the rest for granted... */ ++# ifdef _WIN32_WCE ++ close_snap = (CLOSETOOLHELP32SNAPSHOT) ++ GetProcAddress(dll, "CloseToolhelp32Snapshot"); ++# else ++ close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle; ++# endif ++ module_first = (MODULE32) GetProcAddress(dll, "Module32First"); ++ module_next = (MODULE32) GetProcAddress(dll, "Module32Next"); ++ ++ hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0); ++ if (hModuleSnap == INVALID_HANDLE_VALUE) { ++ FreeLibrary(dll); ++ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); ++ return -1; ++ } ++ ++ me32.dwSize = sizeof(me32); ++ ++ if (!(*module_first) (hModuleSnap, &me32)) { ++ (*close_snap) (hModuleSnap); ++ FreeLibrary(dll); ++ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_FAILURE); ++ return -1; ++ } ++ ++ do { ++ if ((BYTE *) addr >= me32.modBaseAddr && ++ (BYTE *) addr < me32.modBaseAddr + me32.modBaseSize) { ++ (*close_snap) (hModuleSnap); ++ FreeLibrary(dll); ++# ifdef _WIN32_WCE ++# if _WIN32_WCE >= 101 ++ return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1, ++ path, sz, NULL, NULL); ++# else ++ { ++ int i, len = (int)wcslen(me32.szExePath); ++ if (sz <= 0) ++ return len + 1; ++ if (len >= sz) ++ len = sz - 1; ++ for (i = 0; i < len; i++) ++ path[i] = (char)me32.szExePath[i]; ++ path[len++] = 0; ++ return len; ++ } ++# endif ++# else ++ { ++ int len = (int)strlen(me32.szExePath); ++ if (sz <= 0) ++ return len + 1; ++ if (len >= sz) ++ len = sz - 1; ++ memcpy(path, me32.szExePath, len); ++ path[len++] = 0; ++ return len; ++ } ++# endif ++ } ++ } while ((*module_next) (hModuleSnap, &me32)); ++ ++ (*close_snap) (hModuleSnap); ++ FreeLibrary(dll); ++ return 0; ++} ++ ++static void *win32_globallookup(const char *name) ++{ ++ HMODULE dll; ++ HANDLE hModuleSnap = INVALID_HANDLE_VALUE; ++ MODULEENTRY32 me32; ++ CREATETOOLHELP32SNAPSHOT create_snap; ++ CLOSETOOLHELP32SNAPSHOT close_snap; ++ MODULE32 module_first, module_next; ++ FARPROC ret = NULL; ++ ++ dll = LoadLibrary(TEXT(DLLNAME)); ++ if (dll == NULL) { ++ DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED); ++ return NULL; ++ } ++ ++ create_snap = (CREATETOOLHELP32SNAPSHOT) ++ GetProcAddress(dll, "CreateToolhelp32Snapshot"); ++ if (create_snap == NULL) { ++ FreeLibrary(dll); ++ DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED); ++ return NULL; ++ } ++ /* We take the rest for granted... */ ++# ifdef _WIN32_WCE ++ close_snap = (CLOSETOOLHELP32SNAPSHOT) ++ GetProcAddress(dll, "CloseToolhelp32Snapshot"); ++# else ++ close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle; ++# endif ++ module_first = (MODULE32) GetProcAddress(dll, "Module32First"); ++ module_next = (MODULE32) GetProcAddress(dll, "Module32Next"); ++ ++ hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0); ++ if (hModuleSnap == INVALID_HANDLE_VALUE) { ++ FreeLibrary(dll); ++ DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED); ++ return NULL; ++ } ++ ++ me32.dwSize = sizeof(me32); ++ ++ if (!(*module_first) (hModuleSnap, &me32)) { ++ (*close_snap) (hModuleSnap); ++ FreeLibrary(dll); ++ return NULL; ++ } ++ ++ do { ++ if ((ret = GetProcAddress(me32.hModule, name))) { ++ (*close_snap) (hModuleSnap); ++ FreeLibrary(dll); ++ return ret; ++ } ++ } while ((*module_next) (hModuleSnap, &me32)); ++ ++ (*close_snap) (hModuleSnap); ++ FreeLibrary(dll); ++ return NULL; ++} ++#endif /* DSO_WIN32 */ +diff --git a/Cryptlib/OpenSSL/crypto/dyn_lck.c b/Cryptlib/OpenSSL/crypto/dyn_lck.c +deleted file mode 100644 +index e91b9b7..0000000 +--- a/Cryptlib/OpenSSL/crypto/dyn_lck.c ++++ /dev/null +@@ -1,422 +0,0 @@ +-/* crypto/cryptlib.c */ +-/* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by +- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. +- */ +- +-#include "cryptlib.h" +-#include +- +-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +-static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ +-#endif +- +-DECLARE_STACK_OF(CRYPTO_dynlock) +-IMPLEMENT_STACK_OF(CRYPTO_dynlock) +- +-/* real #defines in crypto.h, keep these upto date */ +-static const char *const lock_names[CRYPTO_NUM_LOCKS] = { +- "<>", +- "err", +- "ex_data", +- "x509", +- "x509_info", +- "x509_pkey", +- "x509_crl", +- "x509_req", +- "dsa", +- "rsa", +- "evp_pkey", +- "x509_store", +- "ssl_ctx", +- "ssl_cert", +- "ssl_session", +- "ssl_sess_cert", +- "ssl", +- "ssl_method", +- "rand", +- "rand2", +- "debug_malloc", +- "BIO", +- "gethostbyname", +- "getservbyname", +- "readdir", +- "RSA_blinding", +- "dh", +- "debug_malloc2", +- "dso", +- "dynlock", +- "engine", +- "ui", +- "ecdsa", +- "ec", +- "ecdh", +- "bn", +- "ec_pre_comp", +- "store", +- "comp", +-#ifndef OPENSSL_FIPS +-# if CRYPTO_NUM_LOCKS != 39 +-# error "Inconsistency between crypto.h and cryptlib.c" +-# endif +-#else +- "fips", +- "fips2", +-# if CRYPTO_NUM_LOCKS != 41 +-# error "Inconsistency between crypto.h and cryptlib.c" +-# endif +-#endif +-}; +- +-/* +- * This is for applications to allocate new type names in the non-dynamic +- * array of lock names. These are numbered with positive numbers. +- */ +-static STACK *app_locks = NULL; +- +-/* +- * For applications that want a more dynamic way of handling threads, the +- * following stack is used. These are externally numbered with negative +- * numbers. +- */ +-static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL; +- +-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) +- (const char *file, int line) = NULL; +-static void (MS_FAR *dynlock_lock_callback) (int mode, +- struct CRYPTO_dynlock_value *l, +- const char *file, int line) = +- NULL; +-static void (MS_FAR *dynlock_destroy_callback) (struct CRYPTO_dynlock_value +- *l, const char *file, +- int line) = NULL; +- +-int CRYPTO_get_new_lockid(char *name) +-{ +- char *str; +- int i; +- +-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +- /* +- * A hack to make Visual C++ 5.0 work correctly when linking as a DLL +- * using /MT. Without this, the application cannot use and floating point +- * printf's. It also seems to be needed for Visual C 1.5 (win16) +- */ +- SSLeay_MSVC5_hack = (double)name[0] * (double)name[1]; +-#endif +- +- if ((app_locks == NULL) && ((app_locks = sk_new_null()) == NULL)) { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); +- return (0); +- } +- if ((str = BUF_strdup(name)) == NULL) { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); +- return (0); +- } +- i = sk_push(app_locks, str); +- if (!i) +- OPENSSL_free(str); +- else +- i += CRYPTO_NUM_LOCKS; /* gap of one :-) */ +- return (i); +-} +- +-int CRYPTO_get_new_dynlockid(void) +-{ +- int i = 0; +- CRYPTO_dynlock *pointer = NULL; +- +- if (dynlock_create_callback == NULL) { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, +- CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); +- return (0); +- } +- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); +- if ((dyn_locks == NULL) +- && ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) { +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); +- return (0); +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- +- pointer = (CRYPTO_dynlock *) OPENSSL_malloc(sizeof(CRYPTO_dynlock)); +- if (pointer == NULL) { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); +- return (0); +- } +- pointer->references = 1; +- pointer->data = dynlock_create_callback(__FILE__, __LINE__); +- if (pointer->data == NULL) { +- OPENSSL_free(pointer); +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); +- return (0); +- } +- +- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); +- /* First, try to find an existing empty slot */ +- i = sk_CRYPTO_dynlock_find(dyn_locks, NULL); +- /* If there was none, push, thereby creating a new one */ +- if (i == -1) +- /* +- * Since sk_push() returns the number of items on the stack, not the +- * location of the pushed item, we need to transform the returned +- * number into a position, by decreasing it. +- */ +- i = sk_CRYPTO_dynlock_push(dyn_locks, pointer) - 1; +- else +- /* +- * If we found a place with a NULL pointer, put our pointer in it. +- */ +- (void)sk_CRYPTO_dynlock_set(dyn_locks, i, pointer); +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- +- if (i == -1) { +- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); +- OPENSSL_free(pointer); +- } else +- i += 1; /* to avoid 0 */ +- return -i; +-} +- +-void CRYPTO_destroy_dynlockid(int i) +-{ +- CRYPTO_dynlock *pointer = NULL; +- if (i) +- i = -i - 1; +- if (dynlock_destroy_callback == NULL) +- return; +- +- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); +- +- if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) { +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- return; +- } +- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); +- if (pointer != NULL) { +- --pointer->references; +-#ifdef REF_CHECK +- if (pointer->references < 0) { +- fprintf(stderr, +- "CRYPTO_destroy_dynlockid, bad reference count\n"); +- abort(); +- } else +-#endif +- if (pointer->references <= 0) { +- (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); +- } else +- pointer = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- +- if (pointer) { +- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); +- OPENSSL_free(pointer); +- } +-} +- +-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) +-{ +- CRYPTO_dynlock *pointer = NULL; +- if (i) +- i = -i - 1; +- +- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); +- +- if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) +- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); +- if (pointer) +- pointer->references++; +- +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- +- if (pointer) +- return pointer->data; +- return NULL; +-} +- +-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) +- (const char *file, int line) { +- return (dynlock_create_callback); +-} +- +-void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, +- struct CRYPTO_dynlock_value +- *l, const char *file, +- int line) { +- return (dynlock_lock_callback); +-} +- +-void (*CRYPTO_get_dynlock_destroy_callback(void)) +- (struct CRYPTO_dynlock_value *l, const char *file, int line) { +- return (dynlock_destroy_callback); +-} +- +-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) +- (const char *file, int line)) +-{ +- dynlock_create_callback = func; +-} +- +-static void do_dynlock(int mode, int type, const char *file, int line) +-{ +- if (dynlock_lock_callback != NULL) { +- struct CRYPTO_dynlock_value *pointer = CRYPTO_get_dynlock_value(type); +- +- OPENSSL_assert(pointer != NULL); +- +- dynlock_lock_callback(mode, pointer, file, line); +- +- CRYPTO_destroy_dynlockid(type); +- } +-} +- +-void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode, +- struct +- CRYPTO_dynlock_value *l, +- const char *file, +- int line)) +-{ +- /* +- * Set callback so CRYPTO_lock() can now handle dynamic locks. This is OK +- * because at this point and application shouldn't be using OpenSSL from +- * multiple threads because it is setting up the locking callbacks. +- */ +- static int done = 0; +- if (!done) { +- int_CRYPTO_set_do_dynlock_callback(do_dynlock); +- done = 1; +- } +- +- dynlock_lock_callback = func; +-} +- +-void CRYPTO_set_dynlock_destroy_callback(void (*func) +- (struct CRYPTO_dynlock_value *l, +- const char *file, int line)) +-{ +- dynlock_destroy_callback = func; +-} +- +-const char *CRYPTO_get_lock_name(int type) +-{ +- if (type < 0) +- return ("dynamic"); +- else if (type < CRYPTO_NUM_LOCKS) +- return (lock_names[type]); +- else if (type - CRYPTO_NUM_LOCKS > sk_num(app_locks)) +- return ("ERROR"); +- else +- return (sk_value(app_locks, type - CRYPTO_NUM_LOCKS)); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c +index 4b7652c..fd6df92 100644 +--- a/Cryptlib/OpenSSL/crypto/ebcdic.c ++++ b/Cryptlib/OpenSSL/crypto/ebcdic.c +@@ -3,7 +3,7 @@ + #ifndef CHARSET_EBCDIC + + # include +-# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) ++# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) || defined(__clang__) + static void *dummy = &dummy; + # endif + +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +deleted file mode 100644 +index d3ba5d7..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c ++++ /dev/null +@@ -1,463 +0,0 @@ +-/* crypto/ec/ec2_mult.c */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * +- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included +- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed +- * to the OpenSSL project. +- * +- * The ECC Code is licensed pursuant to the OpenSSL open source +- * license provided below. +- * +- * The software is originally written by Sheueling Chang Shantz and +- * Douglas Stebila of Sun Microsystems Laboratories. +- * +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +- +-#include "ec_lcl.h" +- +-/*- +- * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective +- * coordinates. +- * Uses algorithm Mdouble in appendix of +- * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over +- * GF(2^m) without precomputation". +- * modified to not require precomputation of c=b^{2^{m-1}}. +- */ +-static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, +- BN_CTX *ctx) +-{ +- BIGNUM *t1; +- int ret = 0; +- +- /* Since Mdouble is static we can guarantee that ctx != NULL. */ +- BN_CTX_start(ctx); +- t1 = BN_CTX_get(ctx); +- if (t1 == NULL) +- goto err; +- +- if (!group->meth->field_sqr(group, x, x, ctx)) +- goto err; +- if (!group->meth->field_sqr(group, t1, z, ctx)) +- goto err; +- if (!group->meth->field_mul(group, z, x, t1, ctx)) +- goto err; +- if (!group->meth->field_sqr(group, x, x, ctx)) +- goto err; +- if (!group->meth->field_sqr(group, t1, t1, ctx)) +- goto err; +- if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) +- goto err; +- if (!BN_GF2m_add(x, x, t1)) +- goto err; +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- return ret; +-} +- +-/*- +- * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery +- * projective coordinates. +- * Uses algorithm Madd in appendix of +- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over +- * GF(2^m) without precomputation". +- */ +-static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, +- BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2, +- BN_CTX *ctx) +-{ +- BIGNUM *t1, *t2; +- int ret = 0; +- +- /* Since Madd is static we can guarantee that ctx != NULL. */ +- BN_CTX_start(ctx); +- t1 = BN_CTX_get(ctx); +- t2 = BN_CTX_get(ctx); +- if (t2 == NULL) +- goto err; +- +- if (!BN_copy(t1, x)) +- goto err; +- if (!group->meth->field_mul(group, x1, x1, z2, ctx)) +- goto err; +- if (!group->meth->field_mul(group, z1, z1, x2, ctx)) +- goto err; +- if (!group->meth->field_mul(group, t2, x1, z1, ctx)) +- goto err; +- if (!BN_GF2m_add(z1, z1, x1)) +- goto err; +- if (!group->meth->field_sqr(group, z1, z1, ctx)) +- goto err; +- if (!group->meth->field_mul(group, x1, z1, t1, ctx)) +- goto err; +- if (!BN_GF2m_add(x1, x1, t2)) +- goto err; +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- return ret; +-} +- +-/*- +- * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) +- * using Montgomery point multiplication algorithm Mxy() in appendix of +- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over +- * GF(2^m) without precomputation". +- * Returns: +- * 0 on error +- * 1 if return value should be the point at infinity +- * 2 otherwise +- */ +-static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, +- BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, +- BN_CTX *ctx) +-{ +- BIGNUM *t3, *t4, *t5; +- int ret = 0; +- +- if (BN_is_zero(z1)) { +- BN_zero(x2); +- BN_zero(z2); +- return 1; +- } +- +- if (BN_is_zero(z2)) { +- if (!BN_copy(x2, x)) +- return 0; +- if (!BN_GF2m_add(z2, x, y)) +- return 0; +- return 2; +- } +- +- /* Since Mxy is static we can guarantee that ctx != NULL. */ +- BN_CTX_start(ctx); +- t3 = BN_CTX_get(ctx); +- t4 = BN_CTX_get(ctx); +- t5 = BN_CTX_get(ctx); +- if (t5 == NULL) +- goto err; +- +- if (!BN_one(t5)) +- goto err; +- +- if (!group->meth->field_mul(group, t3, z1, z2, ctx)) +- goto err; +- +- if (!group->meth->field_mul(group, z1, z1, x, ctx)) +- goto err; +- if (!BN_GF2m_add(z1, z1, x1)) +- goto err; +- if (!group->meth->field_mul(group, z2, z2, x, ctx)) +- goto err; +- if (!group->meth->field_mul(group, x1, z2, x1, ctx)) +- goto err; +- if (!BN_GF2m_add(z2, z2, x2)) +- goto err; +- +- if (!group->meth->field_mul(group, z2, z2, z1, ctx)) +- goto err; +- if (!group->meth->field_sqr(group, t4, x, ctx)) +- goto err; +- if (!BN_GF2m_add(t4, t4, y)) +- goto err; +- if (!group->meth->field_mul(group, t4, t4, t3, ctx)) +- goto err; +- if (!BN_GF2m_add(t4, t4, z2)) +- goto err; +- +- if (!group->meth->field_mul(group, t3, t3, x, ctx)) +- goto err; +- if (!group->meth->field_div(group, t3, t5, t3, ctx)) +- goto err; +- if (!group->meth->field_mul(group, t4, t3, t4, ctx)) +- goto err; +- if (!group->meth->field_mul(group, x2, x1, t3, ctx)) +- goto err; +- if (!BN_GF2m_add(z2, x2, x)) +- goto err; +- +- if (!group->meth->field_mul(group, z2, z2, t4, ctx)) +- goto err; +- if (!BN_GF2m_add(z2, z2, y)) +- goto err; +- +- ret = 2; +- +- err: +- BN_CTX_end(ctx); +- return ret; +-} +- +-/*- +- * Computes scalar*point and stores the result in r. +- * point can not equal r. +- * Uses a modified algorithm 2P of +- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over +- * GF(2^m) without precomputation". +- * +- * To protect against side-channel attack the function uses constant time +- * swap avoiding conditional branches. +- */ +-static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, +- EC_POINT *r, +- const BIGNUM *scalar, +- const EC_POINT *point, +- BN_CTX *ctx) +-{ +- BIGNUM *x1, *x2, *z1, *z2; +- int ret = 0, i, j; +- BN_ULONG mask; +- +- if (r == point) { +- ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); +- return 0; +- } +- +- /* if result should be point at infinity */ +- if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || +- EC_POINT_is_at_infinity(group, point)) { +- return EC_POINT_set_to_infinity(group, r); +- } +- +- /* only support affine coordinates */ +- if (!point->Z_is_one) +- return 0; +- +- /* +- * Since point_multiply is static we can guarantee that ctx != NULL. +- */ +- BN_CTX_start(ctx); +- x1 = BN_CTX_get(ctx); +- z1 = BN_CTX_get(ctx); +- if (z1 == NULL) +- goto err; +- +- x2 = &r->X; +- z2 = &r->Y; +- +- bn_wexpand(x1, group->field.top); +- bn_wexpand(z1, group->field.top); +- bn_wexpand(x2, group->field.top); +- bn_wexpand(z2, group->field.top); +- +- if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) +- goto err; /* x1 = x */ +- if (!BN_one(z1)) +- goto err; /* z1 = 1 */ +- if (!group->meth->field_sqr(group, z2, x1, ctx)) +- goto err; /* z2 = x1^2 = x^2 */ +- if (!group->meth->field_sqr(group, x2, z2, ctx)) +- goto err; +- if (!BN_GF2m_add(x2, x2, &group->b)) +- goto err; /* x2 = x^4 + b */ +- +- /* find top most bit and go one past it */ +- i = scalar->top - 1; +- j = BN_BITS2 - 1; +- mask = BN_TBIT; +- while (!(scalar->d[i] & mask)) { +- mask >>= 1; +- j--; +- } +- mask >>= 1; +- j--; +- /* if top most bit was at word break, go to next word */ +- if (!mask) { +- i--; +- j = BN_BITS2 - 1; +- mask = BN_TBIT; +- } +- +- for (; i >= 0; i--) { +- for (; j >= 0; j--) { +- BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); +- BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); +- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) +- goto err; +- if (!gf2m_Mdouble(group, x1, z1, ctx)) +- goto err; +- BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); +- BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); +- mask >>= 1; +- } +- j = BN_BITS2 - 1; +- mask = BN_TBIT; +- } +- +- /* convert out of "projective" coordinates */ +- i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx); +- if (i == 0) +- goto err; +- else if (i == 1) { +- if (!EC_POINT_set_to_infinity(group, r)) +- goto err; +- } else { +- if (!BN_one(&r->Z)) +- goto err; +- r->Z_is_one = 1; +- } +- +- /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ +- BN_set_negative(&r->X, 0); +- BN_set_negative(&r->Y, 0); +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- return ret; +-} +- +-/*- +- * Computes the sum +- * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] +- * gracefully ignoring NULL scalar values. +- */ +-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, +- const BIGNUM *scalar, size_t num, +- const EC_POINT *points[], const BIGNUM *scalars[], +- BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- int ret = 0; +- size_t i; +- EC_POINT *p = NULL; +- EC_POINT *acc = NULL; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- /* +- * This implementation is more efficient than the wNAF implementation for +- * 2 or fewer points. Use the ec_wNAF_mul implementation for 3 or more +- * points, or if we can perform a fast multiplication based on +- * precomputation. +- */ +- if ((scalar && (num > 1)) || (num > 2) +- || (num == 0 && EC_GROUP_have_precompute_mult(group))) { +- ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); +- goto err; +- } +- +- if ((p = EC_POINT_new(group)) == NULL) +- goto err; +- if ((acc = EC_POINT_new(group)) == NULL) +- goto err; +- +- if (!EC_POINT_set_to_infinity(group, acc)) +- goto err; +- +- if (scalar) { +- if (!ec_GF2m_montgomery_point_multiply +- (group, p, scalar, group->generator, ctx)) +- goto err; +- if (BN_is_negative(scalar)) +- if (!group->meth->invert(group, p, ctx)) +- goto err; +- if (!group->meth->add(group, acc, acc, p, ctx)) +- goto err; +- } +- +- for (i = 0; i < num; i++) { +- if (!ec_GF2m_montgomery_point_multiply +- (group, p, scalars[i], points[i], ctx)) +- goto err; +- if (BN_is_negative(scalars[i])) +- if (!group->meth->invert(group, p, ctx)) +- goto err; +- if (!group->meth->add(group, acc, acc, p, ctx)) +- goto err; +- } +- +- if (!EC_POINT_copy(r, acc)) +- goto err; +- +- ret = 1; +- +- err: +- if (p) +- EC_POINT_free(p); +- if (acc) +- EC_POINT_free(acc); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-/* +- * Precomputation for point multiplication: fall back to wNAF methods because +- * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate +- */ +- +-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +-{ +- return ec_wNAF_precompute_mult(group, ctx); +-} +- +-int ec_GF2m_have_precompute_mult(const EC_GROUP *group) +-{ +- return ec_wNAF_have_precompute_mult(group); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c +deleted file mode 100644 +index 5df41e2..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c ++++ /dev/null +@@ -1,1035 +0,0 @@ +-/* crypto/ec/ec2_smpl.c */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * +- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included +- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed +- * to the OpenSSL project. +- * +- * The ECC Code is licensed pursuant to the OpenSSL open source +- * license provided below. +- * +- * The software is originally written by Sheueling Chang Shantz and +- * Douglas Stebila of Sun Microsystems Laboratories. +- * +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +- +-#include "ec_lcl.h" +- +-const EC_METHOD *EC_GF2m_simple_method(void) +-{ +- static const EC_METHOD ret = { +- NID_X9_62_characteristic_two_field, +- ec_GF2m_simple_group_init, +- ec_GF2m_simple_group_finish, +- ec_GF2m_simple_group_clear_finish, +- ec_GF2m_simple_group_copy, +- ec_GF2m_simple_group_set_curve, +- ec_GF2m_simple_group_get_curve, +- ec_GF2m_simple_group_get_degree, +- ec_GF2m_simple_group_check_discriminant, +- ec_GF2m_simple_point_init, +- ec_GF2m_simple_point_finish, +- ec_GF2m_simple_point_clear_finish, +- ec_GF2m_simple_point_copy, +- ec_GF2m_simple_point_set_to_infinity, +- 0 /* set_Jprojective_coordinates_GFp */ , +- 0 /* get_Jprojective_coordinates_GFp */ , +- ec_GF2m_simple_point_set_affine_coordinates, +- ec_GF2m_simple_point_get_affine_coordinates, +- ec_GF2m_simple_set_compressed_coordinates, +- ec_GF2m_simple_point2oct, +- ec_GF2m_simple_oct2point, +- ec_GF2m_simple_add, +- ec_GF2m_simple_dbl, +- ec_GF2m_simple_invert, +- ec_GF2m_simple_is_at_infinity, +- ec_GF2m_simple_is_on_curve, +- ec_GF2m_simple_cmp, +- ec_GF2m_simple_make_affine, +- ec_GF2m_simple_points_make_affine, +- +- /* +- * the following three method functions are defined in ec2_mult.c +- */ +- ec_GF2m_simple_mul, +- ec_GF2m_precompute_mult, +- ec_GF2m_have_precompute_mult, +- +- ec_GF2m_simple_field_mul, +- ec_GF2m_simple_field_sqr, +- ec_GF2m_simple_field_div, +- 0 /* field_encode */ , +- 0 /* field_decode */ , +- 0 /* field_set_to_one */ +- }; +- +- return &ret; +-} +- +-/* +- * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members +- * are handled by EC_GROUP_new. +- */ +-int ec_GF2m_simple_group_init(EC_GROUP *group) +-{ +- BN_init(&group->field); +- BN_init(&group->a); +- BN_init(&group->b); +- return 1; +-} +- +-/* +- * Free a GF(2^m)-based EC_GROUP structure. Note that all other members are +- * handled by EC_GROUP_free. +- */ +-void ec_GF2m_simple_group_finish(EC_GROUP *group) +-{ +- BN_free(&group->field); +- BN_free(&group->a); +- BN_free(&group->b); +-} +- +-/* +- * Clear and free a GF(2^m)-based EC_GROUP structure. Note that all other +- * members are handled by EC_GROUP_clear_free. +- */ +-void ec_GF2m_simple_group_clear_finish(EC_GROUP *group) +-{ +- BN_clear_free(&group->field); +- BN_clear_free(&group->a); +- BN_clear_free(&group->b); +- group->poly[0] = 0; +- group->poly[1] = 0; +- group->poly[2] = 0; +- group->poly[3] = 0; +- group->poly[4] = 0; +-} +- +-/* +- * Copy a GF(2^m)-based EC_GROUP structure. Note that all other members are +- * handled by EC_GROUP_copy. +- */ +-int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) +-{ +- int i; +- if (!BN_copy(&dest->field, &src->field)) +- return 0; +- if (!BN_copy(&dest->a, &src->a)) +- return 0; +- if (!BN_copy(&dest->b, &src->b)) +- return 0; +- dest->poly[0] = src->poly[0]; +- dest->poly[1] = src->poly[1]; +- dest->poly[2] = src->poly[2]; +- dest->poly[3] = src->poly[3]; +- dest->poly[4] = src->poly[4]; +- if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) +- == NULL) +- return 0; +- if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) +- == NULL) +- return 0; +- for (i = dest->a.top; i < dest->a.dmax; i++) +- dest->a.d[i] = 0; +- for (i = dest->b.top; i < dest->b.dmax; i++) +- dest->b.d[i] = 0; +- return 1; +-} +- +-/* Set the curve parameters of an EC_GROUP structure. */ +-int ec_GF2m_simple_group_set_curve(EC_GROUP *group, +- const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +-{ +- int ret = 0, i; +- +- /* group->field */ +- if (!BN_copy(&group->field, p)) +- goto err; +- i = BN_GF2m_poly2arr(&group->field, group->poly, 5); +- if ((i != 5) && (i != 3)) { +- ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); +- goto err; +- } +- +- /* group->a */ +- if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) +- goto err; +- if (bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) +- == NULL) +- goto err; +- for (i = group->a.top; i < group->a.dmax; i++) +- group->a.d[i] = 0; +- +- /* group->b */ +- if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) +- goto err; +- if (bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) +- == NULL) +- goto err; +- for (i = group->b.top; i < group->b.dmax; i++) +- group->b.d[i] = 0; +- +- ret = 1; +- err: +- return ret; +-} +- +-/* +- * Get the curve parameters of an EC_GROUP structure. If p, a, or b are NULL +- * then there values will not be set but the method will return with success. +- */ +-int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, +- BIGNUM *a, BIGNUM *b, BN_CTX *ctx) +-{ +- int ret = 0; +- +- if (p != NULL) { +- if (!BN_copy(p, &group->field)) +- return 0; +- } +- +- if (a != NULL) { +- if (!BN_copy(a, &group->a)) +- goto err; +- } +- +- if (b != NULL) { +- if (!BN_copy(b, &group->b)) +- goto err; +- } +- +- ret = 1; +- +- err: +- return ret; +-} +- +-/* +- * Gets the degree of the field. For a curve over GF(2^m) this is the value +- * m. +- */ +-int ec_GF2m_simple_group_get_degree(const EC_GROUP *group) +-{ +- return BN_num_bits(&group->field) - 1; +-} +- +-/* +- * Checks the discriminant of the curve. y^2 + x*y = x^3 + a*x^2 + b is an +- * elliptic curve <=> b != 0 (mod p) +- */ +-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, +- BN_CTX *ctx) +-{ +- int ret = 0; +- BIGNUM *b; +- BN_CTX *new_ctx = NULL; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) { +- ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- BN_CTX_start(ctx); +- b = BN_CTX_get(ctx); +- if (b == NULL) +- goto err; +- +- if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) +- goto err; +- +- /* +- * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic +- * curve <=> b != 0 (mod p) +- */ +- if (BN_is_zero(b)) +- goto err; +- +- ret = 1; +- +- err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-/* Initializes an EC_POINT. */ +-int ec_GF2m_simple_point_init(EC_POINT *point) +-{ +- BN_init(&point->X); +- BN_init(&point->Y); +- BN_init(&point->Z); +- return 1; +-} +- +-/* Frees an EC_POINT. */ +-void ec_GF2m_simple_point_finish(EC_POINT *point) +-{ +- BN_free(&point->X); +- BN_free(&point->Y); +- BN_free(&point->Z); +-} +- +-/* Clears and frees an EC_POINT. */ +-void ec_GF2m_simple_point_clear_finish(EC_POINT *point) +-{ +- BN_clear_free(&point->X); +- BN_clear_free(&point->Y); +- BN_clear_free(&point->Z); +- point->Z_is_one = 0; +-} +- +-/* +- * Copy the contents of one EC_POINT into another. Assumes dest is +- * initialized. +- */ +-int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) +-{ +- if (!BN_copy(&dest->X, &src->X)) +- return 0; +- if (!BN_copy(&dest->Y, &src->Y)) +- return 0; +- if (!BN_copy(&dest->Z, &src->Z)) +- return 0; +- dest->Z_is_one = src->Z_is_one; +- +- return 1; +-} +- +-/* +- * Set an EC_POINT to the point at infinity. A point at infinity is +- * represented by having Z=0. +- */ +-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, +- EC_POINT *point) +-{ +- point->Z_is_one = 0; +- BN_zero(&point->Z); +- return 1; +-} +- +-/* +- * Set the coordinates of an EC_POINT using affine coordinates. Note that +- * the simple implementation only uses affine coordinates. +- */ +-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, +- EC_POINT *point, +- const BIGNUM *x, +- const BIGNUM *y, BN_CTX *ctx) +-{ +- int ret = 0; +- if (x == NULL || y == NULL) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- if (!BN_copy(&point->X, x)) +- goto err; +- BN_set_negative(&point->X, 0); +- if (!BN_copy(&point->Y, y)) +- goto err; +- BN_set_negative(&point->Y, 0); +- if (!BN_copy(&point->Z, BN_value_one())) +- goto err; +- BN_set_negative(&point->Z, 0); +- point->Z_is_one = 1; +- ret = 1; +- +- err: +- return ret; +-} +- +-/* +- * Gets the affine coordinates of an EC_POINT. Note that the simple +- * implementation only uses affine coordinates. +- */ +-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, +- const EC_POINT *point, +- BIGNUM *x, BIGNUM *y, +- BN_CTX *ctx) +-{ +- int ret = 0; +- +- if (EC_POINT_is_at_infinity(group, point)) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, +- EC_R_POINT_AT_INFINITY); +- return 0; +- } +- +- if (BN_cmp(&point->Z, BN_value_one())) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (x != NULL) { +- if (!BN_copy(x, &point->X)) +- goto err; +- BN_set_negative(x, 0); +- } +- if (y != NULL) { +- if (!BN_copy(y, &point->Y)) +- goto err; +- BN_set_negative(y, 0); +- } +- ret = 1; +- +- err: +- return ret; +-} +- +-/* Include patented algorithms. */ +-#include "ec2_smpt.c" +- +-/* +- * Converts an EC_POINT to an octet string. If buf is NULL, the encoded +- * length will be returned. If the length len of buf is smaller than required +- * an error will be returned. The point compression section of this function +- * is patented by Certicom Corp. under US Patent 6,141,420. Point +- * compression is disabled by default and can be enabled by defining the +- * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time. +- */ +-size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, +- point_conversion_form_t form, +- unsigned char *buf, size_t len, BN_CTX *ctx) +-{ +- size_t ret; +- BN_CTX *new_ctx = NULL; +- int used_ctx = 0; +- BIGNUM *x, *y, *yxi; +- size_t field_len, i, skip; +- +-#ifndef OPENSSL_EC_BIN_PT_COMP +- if ((form == POINT_CONVERSION_COMPRESSED) +- || (form == POINT_CONVERSION_HYBRID)) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED); +- goto err; +- } +-#endif +- +- if ((form != POINT_CONVERSION_COMPRESSED) +- && (form != POINT_CONVERSION_UNCOMPRESSED) +- && (form != POINT_CONVERSION_HYBRID)) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); +- goto err; +- } +- +- if (EC_POINT_is_at_infinity(group, point)) { +- /* encodes to a single 0 octet */ +- if (buf != NULL) { +- if (len < 1) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); +- return 0; +- } +- buf[0] = 0; +- } +- return 1; +- } +- +- /* ret := required output buffer length */ +- field_len = (EC_GROUP_get_degree(group) + 7) / 8; +- ret = +- (form == +- POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; +- +- /* if 'buf' is NULL, just return required length */ +- if (buf != NULL) { +- if (len < ret) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); +- goto err; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- used_ctx = 1; +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- yxi = BN_CTX_get(ctx); +- if (yxi == NULL) +- goto err; +- +- if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) +- goto err; +- +- buf[0] = form; +-#ifdef OPENSSL_EC_BIN_PT_COMP +- if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) { +- if (!group->meth->field_div(group, yxi, y, x, ctx)) +- goto err; +- if (BN_is_odd(yxi)) +- buf[0]++; +- } +-#endif +- +- i = 1; +- +- skip = field_len - BN_num_bytes(x); +- if (skip > field_len) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- while (skip > 0) { +- buf[i++] = 0; +- skip--; +- } +- skip = BN_bn2bin(x, buf + i); +- i += skip; +- if (i != 1 + field_len) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (form == POINT_CONVERSION_UNCOMPRESSED +- || form == POINT_CONVERSION_HYBRID) { +- skip = field_len - BN_num_bytes(y); +- if (skip > field_len) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- while (skip > 0) { +- buf[i++] = 0; +- skip--; +- } +- skip = BN_bn2bin(y, buf + i); +- i += skip; +- } +- +- if (i != ret) { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (used_ctx) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- +- err: +- if (used_ctx) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return 0; +-} +- +-/* +- * Converts an octet string representation to an EC_POINT. Note that the +- * simple implementation only uses affine coordinates. +- */ +-int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, +- const unsigned char *buf, size_t len, +- BN_CTX *ctx) +-{ +- point_conversion_form_t form; +- int y_bit; +- BN_CTX *new_ctx = NULL; +- BIGNUM *x, *y, *yxi; +- size_t field_len, enc_len; +- int ret = 0; +- +- if (len == 0) { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); +- return 0; +- } +- form = buf[0]; +- y_bit = form & 1; +- form = form & ~1U; +- if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) +- && (form != POINT_CONVERSION_UNCOMPRESSED) +- && (form != POINT_CONVERSION_HYBRID)) { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- if (form == 0) { +- if (len != 1) { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- return EC_POINT_set_to_infinity(group, point); +- } +- +- field_len = (EC_GROUP_get_degree(group) + 7) / 8; +- enc_len = +- (form == +- POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; +- +- if (len != enc_len) { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- yxi = BN_CTX_get(ctx); +- if (yxi == NULL) +- goto err; +- +- if (!BN_bin2bn(buf + 1, field_len, x)) +- goto err; +- if (BN_ucmp(x, &group->field) >= 0) { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- +- if (form == POINT_CONVERSION_COMPRESSED) { +- if (!EC_POINT_set_compressed_coordinates_GF2m +- (group, point, x, y_bit, ctx)) +- goto err; +- } else { +- if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) +- goto err; +- if (BN_ucmp(y, &group->field) >= 0) { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- if (form == POINT_CONVERSION_HYBRID) { +- if (!group->meth->field_div(group, yxi, y, x, ctx)) +- goto err; +- if (y_bit != BN_is_odd(yxi)) { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- } +- +- if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) +- goto err; +- } +- +- /* test required by X9.62 */ +- if (!EC_POINT_is_on_curve(group, point, ctx)) { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); +- goto err; +- } +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-/* +- * Computes a + b and stores the result in r. r could be a or b, a could be +- * b. Uses algorithm A.10.2 of IEEE P1363. +- */ +-int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +- const EC_POINT *b, BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; +- int ret = 0; +- +- if (EC_POINT_is_at_infinity(group, a)) { +- if (!EC_POINT_copy(r, b)) +- return 0; +- return 1; +- } +- +- if (EC_POINT_is_at_infinity(group, b)) { +- if (!EC_POINT_copy(r, a)) +- return 0; +- return 1; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x0 = BN_CTX_get(ctx); +- y0 = BN_CTX_get(ctx); +- x1 = BN_CTX_get(ctx); +- y1 = BN_CTX_get(ctx); +- x2 = BN_CTX_get(ctx); +- y2 = BN_CTX_get(ctx); +- s = BN_CTX_get(ctx); +- t = BN_CTX_get(ctx); +- if (t == NULL) +- goto err; +- +- if (a->Z_is_one) { +- if (!BN_copy(x0, &a->X)) +- goto err; +- if (!BN_copy(y0, &a->Y)) +- goto err; +- } else { +- if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) +- goto err; +- } +- if (b->Z_is_one) { +- if (!BN_copy(x1, &b->X)) +- goto err; +- if (!BN_copy(y1, &b->Y)) +- goto err; +- } else { +- if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) +- goto err; +- } +- +- if (BN_GF2m_cmp(x0, x1)) { +- if (!BN_GF2m_add(t, x0, x1)) +- goto err; +- if (!BN_GF2m_add(s, y0, y1)) +- goto err; +- if (!group->meth->field_div(group, s, s, t, ctx)) +- goto err; +- if (!group->meth->field_sqr(group, x2, s, ctx)) +- goto err; +- if (!BN_GF2m_add(x2, x2, &group->a)) +- goto err; +- if (!BN_GF2m_add(x2, x2, s)) +- goto err; +- if (!BN_GF2m_add(x2, x2, t)) +- goto err; +- } else { +- if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) { +- if (!EC_POINT_set_to_infinity(group, r)) +- goto err; +- ret = 1; +- goto err; +- } +- if (!group->meth->field_div(group, s, y1, x1, ctx)) +- goto err; +- if (!BN_GF2m_add(s, s, x1)) +- goto err; +- +- if (!group->meth->field_sqr(group, x2, s, ctx)) +- goto err; +- if (!BN_GF2m_add(x2, x2, s)) +- goto err; +- if (!BN_GF2m_add(x2, x2, &group->a)) +- goto err; +- } +- +- if (!BN_GF2m_add(y2, x1, x2)) +- goto err; +- if (!group->meth->field_mul(group, y2, y2, s, ctx)) +- goto err; +- if (!BN_GF2m_add(y2, y2, x2)) +- goto err; +- if (!BN_GF2m_add(y2, y2, y1)) +- goto err; +- +- if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) +- goto err; +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-/* +- * Computes 2 * a and stores the result in r. r could be a. Uses algorithm +- * A.10.2 of IEEE P1363. +- */ +-int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +- BN_CTX *ctx) +-{ +- return ec_GF2m_simple_add(group, r, a, a, ctx); +-} +- +-int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +-{ +- if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) +- /* point is its own inverse */ +- return 1; +- +- if (!EC_POINT_make_affine(group, point, ctx)) +- return 0; +- return BN_GF2m_add(&point->Y, &point->X, &point->Y); +-} +- +-/* Indicates whether the given point is the point at infinity. */ +-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, +- const EC_POINT *point) +-{ +- return BN_is_zero(&point->Z); +-} +- +-/*- +- * Determines whether the given EC_POINT is an actual point on the curve defined +- * in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation: +- * y^2 + x*y = x^3 + a*x^2 + b. +- */ +-int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, +- BN_CTX *ctx) +-{ +- int ret = -1; +- BN_CTX *new_ctx = NULL; +- BIGNUM *lh, *y2; +- int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, +- const BIGNUM *, BN_CTX *); +- int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- +- if (EC_POINT_is_at_infinity(group, point)) +- return 1; +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- +- /* only support affine coordinates */ +- if (!point->Z_is_one) +- return -1; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return -1; +- } +- +- BN_CTX_start(ctx); +- y2 = BN_CTX_get(ctx); +- lh = BN_CTX_get(ctx); +- if (lh == NULL) +- goto err; +- +- /*- +- * We have a curve defined by a Weierstrass equation +- * y^2 + x*y = x^3 + a*x^2 + b. +- * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 +- * <=> ((x + a) * x + y ) * x + b + y^2 = 0 +- */ +- if (!BN_GF2m_add(lh, &point->X, &group->a)) +- goto err; +- if (!field_mul(group, lh, lh, &point->X, ctx)) +- goto err; +- if (!BN_GF2m_add(lh, lh, &point->Y)) +- goto err; +- if (!field_mul(group, lh, lh, &point->X, ctx)) +- goto err; +- if (!BN_GF2m_add(lh, lh, &group->b)) +- goto err; +- if (!field_sqr(group, y2, &point->Y, ctx)) +- goto err; +- if (!BN_GF2m_add(lh, lh, y2)) +- goto err; +- ret = BN_is_zero(lh); +- err: +- if (ctx) +- BN_CTX_end(ctx); +- if (new_ctx) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-/*- +- * Indicates whether two points are equal. +- * Return values: +- * -1 error +- * 0 equal (in affine coordinates) +- * 1 not equal +- */ +-int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, +- const EC_POINT *b, BN_CTX *ctx) +-{ +- BIGNUM *aX, *aY, *bX, *bY; +- BN_CTX *new_ctx = NULL; +- int ret = -1; +- +- if (EC_POINT_is_at_infinity(group, a)) { +- return EC_POINT_is_at_infinity(group, b) ? 0 : 1; +- } +- +- if (EC_POINT_is_at_infinity(group, b)) +- return 1; +- +- if (a->Z_is_one && b->Z_is_one) { +- return ((BN_cmp(&a->X, &b->X) == 0) +- && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return -1; +- } +- +- BN_CTX_start(ctx); +- aX = BN_CTX_get(ctx); +- aY = BN_CTX_get(ctx); +- bX = BN_CTX_get(ctx); +- bY = BN_CTX_get(ctx); +- if (bY == NULL) +- goto err; +- +- if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) +- goto err; +- if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) +- goto err; +- ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; +- +- err: +- if (ctx) +- BN_CTX_end(ctx); +- if (new_ctx) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-/* Forces the given EC_POINT to internally use affine coordinates. */ +-int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, +- BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- BIGNUM *x, *y; +- int ret = 0; +- +- if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) +- return 1; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) +- goto err; +- +- if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) +- goto err; +- if (!BN_copy(&point->X, x)) +- goto err; +- if (!BN_copy(&point->Y, y)) +- goto err; +- if (!BN_one(&point->Z)) +- goto err; +- +- ret = 1; +- +- err: +- if (ctx) +- BN_CTX_end(ctx); +- if (new_ctx) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-/* +- * Forces each of the EC_POINTs in the given array to use affine coordinates. +- */ +-int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, +- EC_POINT *points[], BN_CTX *ctx) +-{ +- size_t i; +- +- for (i = 0; i < num; i++) { +- if (!group->meth->make_affine(group, points[i], ctx)) +- return 0; +- } +- +- return 1; +-} +- +-/* Wrapper to simple binary polynomial field multiplication implementation. */ +-int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, +- const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +-{ +- return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); +-} +- +-/* Wrapper to simple binary polynomial field squaring implementation. */ +-int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, +- const BIGNUM *a, BN_CTX *ctx) +-{ +- return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); +-} +- +-/* Wrapper to simple binary polynomial field division implementation. */ +-int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, +- const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +-{ +- return BN_GF2m_mod_div(r, a, b, &group->field, ctx); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpt.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpt.c +deleted file mode 100644 +index 72a8d57..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec2_smpt.c ++++ /dev/null +@@ -1,141 +0,0 @@ +-/* crypto/ec/ec2_smpt.c */ +-/* This code was originally written by Douglas Stebila +- * for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +- +-/* Calaculates and sets the affine coordinates of an EC_POINT from the given +- * compressed coordinates. Uses algorithm 2.3.4 of SEC 1. +- * Note that the simple implementation only uses affine coordinates. +- * +- * This algorithm is patented by Certicom Corp. under US Patent 6,141,420 +- * (for licensing information, contact licensing@certicom.com). +- * This function is disabled by default and can be enabled by defining the +- * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time. +- */ +-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x_, int y_bit, BN_CTX *ctx) +- { +-#ifndef OPENSSL_EC_BIN_PT_COMP +- ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_DISABLED); +- return 0; +-#else +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp, *x, *y, *z; +- int ret = 0, z0; +- +- /* clear error queue */ +- ERR_clear_error(); +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- y_bit = (y_bit != 0) ? 1 : 0; +- +- BN_CTX_start(ctx); +- tmp = BN_CTX_get(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- z = BN_CTX_get(ctx); +- if (z == NULL) goto err; +- +- if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err; +- if (BN_is_zero(x)) +- { +- if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err; +- } +- else +- { +- if (!group->meth->field_sqr(group, tmp, x, ctx)) goto err; +- if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err; +- if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err; +- if (!BN_GF2m_add(tmp, x, tmp)) goto err; +- if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) +- { +- unsigned long err = ERR_peek_last_error(); +- +- if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) +- { +- ERR_clear_error(); +- ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); +- } +- else +- ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); +- goto err; +- } +- z0 = (BN_is_odd(z)) ? 1 : 0; +- if (!group->meth->field_mul(group, y, x, z, ctx)) goto err; +- if (z0 != y_bit) +- { +- if (!BN_GF2m_add(y, y, x)) goto err; +- } +- } +- +- if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-#endif +- } +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c +deleted file mode 100644 +index 4ca2545..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c ++++ /dev/null +@@ -1,1276 +0,0 @@ +-/* crypto/ec/ec_asn1.c */ +-/* +- * Written by Nils Larsch for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include "ec_lcl.h" +-#include +-#include +-#include +- +-int EC_GROUP_get_basis_type(const EC_GROUP *group) +-{ +- int i = 0; +- +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != +- NID_X9_62_characteristic_two_field) +- /* everything else is currently not supported */ +- return 0; +- +- while (group->poly[i] != 0) +- i++; +- +- if (i == 4) +- return NID_X9_62_ppBasis; +- else if (i == 2) +- return NID_X9_62_tpBasis; +- else +- /* everything else is currently not supported */ +- return 0; +-} +- +-int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) +-{ +- if (group == NULL) +- return 0; +- +- if (EC_GROUP_method_of(group)->group_set_curve != +- ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0) +- && (group->poly[1] != 0) +- && (group->poly[2] == 0))) { +- ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- +- if (k) +- *k = group->poly[1]; +- +- return 1; +-} +- +-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, +- unsigned int *k2, unsigned int *k3) +-{ +- if (group == NULL) +- return 0; +- +- if (EC_GROUP_method_of(group)->group_set_curve != +- ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0) +- && (group->poly[1] != 0) +- && (group->poly[2] != 0) +- && (group->poly[3] != 0) +- && (group->poly[4] == 0))) { +- ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- +- if (k1) +- *k1 = group->poly[3]; +- if (k2) +- *k2 = group->poly[2]; +- if (k3) +- *k3 = group->poly[1]; +- +- return 1; +-} +- +-/* some structures needed for the asn1 encoding */ +-typedef struct x9_62_pentanomial_st { +- long k1; +- long k2; +- long k3; +-} X9_62_PENTANOMIAL; +- +-typedef struct x9_62_characteristic_two_st { +- long m; +- ASN1_OBJECT *type; +- union { +- char *ptr; +- /* NID_X9_62_onBasis */ +- ASN1_NULL *onBasis; +- /* NID_X9_62_tpBasis */ +- ASN1_INTEGER *tpBasis; +- /* NID_X9_62_ppBasis */ +- X9_62_PENTANOMIAL *ppBasis; +- /* anything else */ +- ASN1_TYPE *other; +- } p; +-} X9_62_CHARACTERISTIC_TWO; +- +-typedef struct x9_62_fieldid_st { +- ASN1_OBJECT *fieldType; +- union { +- char *ptr; +- /* NID_X9_62_prime_field */ +- ASN1_INTEGER *prime; +- /* NID_X9_62_characteristic_two_field */ +- X9_62_CHARACTERISTIC_TWO *char_two; +- /* anything else */ +- ASN1_TYPE *other; +- } p; +-} X9_62_FIELDID; +- +-typedef struct x9_62_curve_st { +- ASN1_OCTET_STRING *a; +- ASN1_OCTET_STRING *b; +- ASN1_BIT_STRING *seed; +-} X9_62_CURVE; +- +-typedef struct ec_parameters_st { +- long version; +- X9_62_FIELDID *fieldID; +- X9_62_CURVE *curve; +- ASN1_OCTET_STRING *base; +- ASN1_INTEGER *order; +- ASN1_INTEGER *cofactor; +-} ECPARAMETERS; +- +-struct ecpk_parameters_st { +- int type; +- union { +- ASN1_OBJECT *named_curve; +- ECPARAMETERS *parameters; +- ASN1_NULL *implicitlyCA; +- } value; +-} /* ECPKPARAMETERS */ ; +- +-/* SEC1 ECPrivateKey */ +-typedef struct ec_privatekey_st { +- long version; +- ASN1_OCTET_STRING *privateKey; +- ECPKPARAMETERS *parameters; +- ASN1_BIT_STRING *publicKey; +-} EC_PRIVATEKEY; +- +-/* the OpenSSL ASN.1 definitions */ +-ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { +- ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), +- ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), +- ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) +-} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) +- +-DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) +-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) +- +-ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); +- +-ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { +- ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), +- ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), +- ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) +-} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); +- +-ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { +- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), +- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), +- ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) +-} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) +- +-DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) +-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) +- +-ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); +- +-ASN1_ADB(X9_62_FIELDID) = { +- ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), +- ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) +-} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); +- +-ASN1_SEQUENCE(X9_62_FIELDID) = { +- ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), +- ASN1_ADB_OBJECT(X9_62_FIELDID) +-} ASN1_SEQUENCE_END(X9_62_FIELDID) +- +-ASN1_SEQUENCE(X9_62_CURVE) = { +- ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), +- ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), +- ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) +-} ASN1_SEQUENCE_END(X9_62_CURVE) +- +-ASN1_SEQUENCE(ECPARAMETERS) = { +- ASN1_SIMPLE(ECPARAMETERS, version, LONG), +- ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), +- ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), +- ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), +- ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), +- ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) +-} ASN1_SEQUENCE_END(ECPARAMETERS) +- +-DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) +-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) +- +-ASN1_CHOICE(ECPKPARAMETERS) = { +- ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), +- ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), +- ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) +-} ASN1_CHOICE_END(ECPKPARAMETERS) +- +-DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS) +-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS) +-IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS) +- +-ASN1_SEQUENCE(EC_PRIVATEKEY) = { +- ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), +- ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), +- ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), +- ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) +-} ASN1_SEQUENCE_END(EC_PRIVATEKEY) +- +-DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) +-DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY) +-IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) +- +-/* some declarations of internal function */ +- +-/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ +-static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); +-/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ +-static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); +-/* +- * ec_asn1_parameters2group() creates a EC_GROUP object from a ECPARAMETERS +- * object +- */ +-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); +-/* +- * ec_asn1_group2parameters() creates a ECPARAMETERS object from a EC_GROUP +- * object +- */ +-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, +- ECPARAMETERS *); +-/* +- * ec_asn1_pkparameters2group() creates a EC_GROUP object from a +- * ECPKPARAMETERS object +- */ +-static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); +-/* +- * ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a +- * EC_GROUP object +- */ +-static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, +- ECPKPARAMETERS *); +- +-/* the function definitions */ +- +-static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) +-{ +- int ok = 0, nid; +- BIGNUM *tmp = NULL; +- +- if (group == NULL || field == NULL) +- return 0; +- +- /* clear the old values (if necessary) */ +- if (field->fieldType != NULL) +- ASN1_OBJECT_free(field->fieldType); +- if (field->p.other != NULL) +- ASN1_TYPE_free(field->p.other); +- +- nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); +- /* set OID for the field */ +- if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); +- goto err; +- } +- +- if (nid == NID_X9_62_prime_field) { +- if ((tmp = BN_new()) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- /* the parameters are specified by the prime number p */ +- if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); +- goto err; +- } +- /* set the prime number */ +- field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); +- if (field->p.prime == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); +- goto err; +- } +- } else { /* nid == NID_X9_62_characteristic_two_field */ +- +- int field_type; +- X9_62_CHARACTERISTIC_TWO *char_two; +- +- field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); +- char_two = field->p.char_two; +- +- if (char_two == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- char_two->m = (long)EC_GROUP_get_degree(group); +- +- field_type = EC_GROUP_get_basis_type(group); +- +- if (field_type == 0) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); +- goto err; +- } +- /* set base type OID */ +- if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); +- goto err; +- } +- +- if (field_type == NID_X9_62_tpBasis) { +- unsigned int k; +- +- if (!EC_GROUP_get_trinomial_basis(group, &k)) +- goto err; +- +- char_two->p.tpBasis = ASN1_INTEGER_new(); +- if (!char_two->p.tpBasis) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); +- goto err; +- } +- } else if (field_type == NID_X9_62_ppBasis) { +- unsigned int k1, k2, k3; +- +- if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) +- goto err; +- +- char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); +- if (!char_two->p.ppBasis) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* set k? values */ +- char_two->p.ppBasis->k1 = (long)k1; +- char_two->p.ppBasis->k2 = (long)k2; +- char_two->p.ppBasis->k3 = (long)k3; +- } else { /* field_type == NID_X9_62_onBasis */ +- +- /* for ONB the parameters are (asn1) NULL */ +- char_two->p.onBasis = ASN1_NULL_new(); +- if (!char_two->p.onBasis) { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- } +- +- ok = 1; +- +- err:if (tmp) +- BN_free(tmp); +- return (ok); +-} +- +-static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) +-{ +- int ok = 0, nid; +- BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; +- unsigned char *buffer_1 = NULL, *buffer_2 = NULL, +- *a_buf = NULL, *b_buf = NULL; +- size_t len_1, len_2; +- unsigned char char_zero = 0; +- +- if (!group || !curve || !curve->a || !curve->b) +- return 0; +- +- if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); +- +- /* get a and b */ +- if (nid == NID_X9_62_prime_field) { +- if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); +- goto err; +- } +- } else { /* nid == NID_X9_62_characteristic_two_field */ +- +- if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- len_1 = (size_t)BN_num_bytes(tmp_1); +- len_2 = (size_t)BN_num_bytes(tmp_2); +- +- if (len_1 == 0) { +- /* len_1 == 0 => a == 0 */ +- a_buf = &char_zero; +- len_1 = 1; +- } else { +- if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); +- goto err; +- } +- a_buf = buffer_1; +- } +- +- if (len_2 == 0) { +- /* len_2 == 0 => b == 0 */ +- b_buf = &char_zero; +- len_2 = 1; +- } else { +- if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); +- goto err; +- } +- b_buf = buffer_2; +- } +- +- /* set a and b */ +- if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || +- !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); +- goto err; +- } +- +- /* set the seed (optional) */ +- if (group->seed) { +- if (!curve->seed) +- if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); +- curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; +- if (!ASN1_BIT_STRING_set(curve->seed, group->seed, +- (int)group->seed_len)) { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); +- goto err; +- } +- } else { +- if (curve->seed) { +- ASN1_BIT_STRING_free(curve->seed); +- curve->seed = NULL; +- } +- } +- +- ok = 1; +- +- err:if (buffer_1) +- OPENSSL_free(buffer_1); +- if (buffer_2) +- OPENSSL_free(buffer_2); +- if (tmp_1) +- BN_free(tmp_1); +- if (tmp_2) +- BN_free(tmp_2); +- return (ok); +-} +- +-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, +- ECPARAMETERS *param) +-{ +- int ok = 0; +- size_t len = 0; +- ECPARAMETERS *ret = NULL; +- BIGNUM *tmp = NULL; +- unsigned char *buffer = NULL; +- const EC_POINT *point = NULL; +- point_conversion_form_t form; +- +- if ((tmp = BN_new()) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (param == NULL) { +- if ((ret = ECPARAMETERS_new()) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } else +- ret = param; +- +- /* set the version (always one) */ +- ret->version = (long)0x1; +- +- /* set the fieldID */ +- if (!ec_asn1_group2fieldid(group, ret->fieldID)) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- +- /* set the curve */ +- if (!ec_asn1_group2curve(group, ret->curve)) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- +- /* set the base point */ +- if ((point = EC_GROUP_get0_generator(group)) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); +- goto err; +- } +- +- form = EC_GROUP_get_point_conversion_form(group); +- +- len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); +- if (len == 0) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- if ((buffer = OPENSSL_malloc(len)) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); +- goto err; +- } +- +- /* set the order */ +- if (!EC_GROUP_get_order(group, tmp, NULL)) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); +- if (ret->order == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); +- goto err; +- } +- +- /* set the cofactor (optional) */ +- if (EC_GROUP_get_cofactor(group, tmp, NULL)) { +- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); +- if (ret->cofactor == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); +- goto err; +- } +- } +- +- ok = 1; +- +- err:if (!ok) { +- if (ret && !param) +- ECPARAMETERS_free(ret); +- ret = NULL; +- } +- if (tmp) +- BN_free(tmp); +- if (buffer) +- OPENSSL_free(buffer); +- return (ret); +-} +- +-ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, +- ECPKPARAMETERS *params) +-{ +- int ok = 1, tmp; +- ECPKPARAMETERS *ret = params; +- +- if (ret == NULL) { +- if ((ret = ECPKPARAMETERS_new()) == NULL) { +- ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- } else { +- if (ret->type == 0 && ret->value.named_curve) +- ASN1_OBJECT_free(ret->value.named_curve); +- else if (ret->type == 1 && ret->value.parameters) +- ECPARAMETERS_free(ret->value.parameters); +- } +- +- if (EC_GROUP_get_asn1_flag(group)) { +- /* +- * use the asn1 OID to describe the the elliptic curve parameters +- */ +- tmp = EC_GROUP_get_curve_name(group); +- if (tmp) { +- ret->type = 0; +- if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) +- ok = 0; +- } else +- /* we don't kmow the nid => ERROR */ +- ok = 0; +- } else { +- /* use the ECPARAMETERS structure */ +- ret->type = 1; +- if ((ret->value.parameters = +- ec_asn1_group2parameters(group, NULL)) == NULL) +- ok = 0; +- } +- +- if (!ok) { +- ECPKPARAMETERS_free(ret); +- return NULL; +- } +- return ret; +-} +- +-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) +-{ +- int ok = 0, tmp; +- EC_GROUP *ret = NULL; +- BIGNUM *p = NULL, *a = NULL, *b = NULL; +- EC_POINT *point = NULL; +- long field_bits; +- +- if (!params->fieldID || !params->fieldID->fieldType || +- !params->fieldID->p.ptr) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- /* now extract the curve parameters a and b */ +- if (!params->curve || !params->curve->a || +- !params->curve->a->data || !params->curve->b || +- !params->curve->b->data) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); +- if (a == NULL) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); +- goto err; +- } +- b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); +- if (b == NULL) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); +- goto err; +- } +- +- /* get the field parameters */ +- tmp = OBJ_obj2nid(params->fieldID->fieldType); +- +- if (tmp == NID_X9_62_characteristic_two_field) { +- X9_62_CHARACTERISTIC_TWO *char_two; +- +- char_two = params->fieldID->p.char_two; +- +- field_bits = char_two->m; +- if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); +- goto err; +- } +- +- if ((p = BN_new()) == NULL) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* get the base type */ +- tmp = OBJ_obj2nid(char_two->type); +- +- if (tmp == NID_X9_62_tpBasis) { +- long tmp_long; +- +- if (!char_two->p.tpBasis) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); +- +- if (!(char_two->m > tmp_long && tmp_long > 0)) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, +- EC_R_INVALID_TRINOMIAL_BASIS); +- goto err; +- } +- +- /* create the polynomial */ +- if (!BN_set_bit(p, (int)char_two->m)) +- goto err; +- if (!BN_set_bit(p, (int)tmp_long)) +- goto err; +- if (!BN_set_bit(p, 0)) +- goto err; +- } else if (tmp == NID_X9_62_ppBasis) { +- X9_62_PENTANOMIAL *penta; +- +- penta = char_two->p.ppBasis; +- if (!penta) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- if (! +- (char_two->m > penta->k3 && penta->k3 > penta->k2 +- && penta->k2 > penta->k1 && penta->k1 > 0)) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, +- EC_R_INVALID_PENTANOMIAL_BASIS); +- goto err; +- } +- +- /* create the polynomial */ +- if (!BN_set_bit(p, (int)char_two->m)) +- goto err; +- if (!BN_set_bit(p, (int)penta->k1)) +- goto err; +- if (!BN_set_bit(p, (int)penta->k2)) +- goto err; +- if (!BN_set_bit(p, (int)penta->k3)) +- goto err; +- if (!BN_set_bit(p, 0)) +- goto err; +- } else if (tmp == NID_X9_62_onBasis) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); +- goto err; +- } else { /* error */ +- +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- /* create the EC_GROUP structure */ +- ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); +- } else if (tmp == NID_X9_62_prime_field) { +- /* we have a curve over a prime field */ +- /* extract the prime number */ +- if (!params->fieldID->p.prime) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); +- if (p == NULL) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); +- goto err; +- } +- +- if (BN_is_negative(p) || BN_is_zero(p)) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); +- goto err; +- } +- +- field_bits = BN_num_bits(p); +- if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); +- goto err; +- } +- +- /* create the EC_GROUP structure */ +- ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); +- } else { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); +- goto err; +- } +- +- if (ret == NULL) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); +- goto err; +- } +- +- /* extract seed (optional) */ +- if (params->curve->seed != NULL) { +- if (ret->seed != NULL) +- OPENSSL_free(ret->seed); +- if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- memcpy(ret->seed, params->curve->seed->data, +- params->curve->seed->length); +- ret->seed_len = params->curve->seed->length; +- } +- +- if (!params->order || !params->base || !params->base->data) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- if ((point = EC_POINT_new(ret)) == NULL) +- goto err; +- +- /* set the point conversion form */ +- EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) +- (params->base->data[0] & ~0x01)); +- +- /* extract the ec point */ +- if (!EC_POINT_oct2point(ret, point, params->base->data, +- params->base->length, NULL)) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); +- goto err; +- } +- +- /* extract the order */ +- if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); +- goto err; +- } +- if (BN_is_negative(a) || BN_is_zero(a)) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); +- goto err; +- } +- if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */ +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); +- goto err; +- } +- +- /* extract the cofactor (optional) */ +- if (params->cofactor == NULL) { +- if (b) { +- BN_free(b); +- b = NULL; +- } +- } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); +- goto err; +- } +- /* set the generator, order and cofactor (if present) */ +- if (!EC_GROUP_set_generator(ret, point, a, b)) { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); +- goto err; +- } +- +- ok = 1; +- +- err:if (!ok) { +- if (ret) +- EC_GROUP_clear_free(ret); +- ret = NULL; +- } +- +- if (p) +- BN_free(p); +- if (a) +- BN_free(a); +- if (b) +- BN_free(b); +- if (point) +- EC_POINT_free(point); +- return (ret); +-} +- +-EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) +-{ +- EC_GROUP *ret = NULL; +- int tmp = 0; +- +- if (params == NULL) { +- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_MISSING_PARAMETERS); +- return NULL; +- } +- +- if (params->type == 0) { /* the curve is given by an OID */ +- tmp = OBJ_obj2nid(params->value.named_curve); +- if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { +- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, +- EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); +- return NULL; +- } +- EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); +- } else if (params->type == 1) { /* the parameters are given by a +- * ECPARAMETERS structure */ +- ret = ec_asn1_parameters2group(params->value.parameters); +- if (!ret) { +- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); +- return NULL; +- } +- EC_GROUP_set_asn1_flag(ret, 0x0); +- } else if (params->type == 2) { /* implicitlyCA */ +- return NULL; +- } else { +- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); +- return NULL; +- } +- +- return ret; +-} +- +-/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ +- +-EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) +-{ +- EC_GROUP *group = NULL; +- ECPKPARAMETERS *params = NULL; +- +- if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { +- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); +- ECPKPARAMETERS_free(params); +- return NULL; +- } +- +- if ((group = ec_asn1_pkparameters2group(params)) == NULL) { +- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); +- return NULL; +- } +- +- if (a && *a) +- EC_GROUP_clear_free(*a); +- if (a) +- *a = group; +- +- ECPKPARAMETERS_free(params); +- return (group); +-} +- +-int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) +-{ +- int ret = 0; +- ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); +- if (tmp == NULL) { +- ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); +- return 0; +- } +- if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { +- ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); +- ECPKPARAMETERS_free(tmp); +- return 0; +- } +- ECPKPARAMETERS_free(tmp); +- return (ret); +-} +- +-/* some EC_KEY functions */ +- +-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) +-{ +- int ok = 0; +- EC_KEY *ret = NULL; +- EC_PRIVATEKEY *priv_key = NULL; +- +- if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); +- EC_PRIVATEKEY_free(priv_key); +- return NULL; +- } +- +- if (a == NULL || *a == NULL) { +- if ((ret = EC_KEY_new()) == NULL) { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } else +- ret = *a; +- +- if (priv_key->parameters) { +- if (ret->group) +- EC_GROUP_clear_free(ret->group); +- ret->group = ec_asn1_pkparameters2group(priv_key->parameters); +- } +- +- if (ret->group == NULL) { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- +- ret->version = priv_key->version; +- +- if (priv_key->privateKey) { +- ret->priv_key = BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey), +- M_ASN1_STRING_length(priv_key->privateKey), +- ret->priv_key); +- if (ret->priv_key == NULL) { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_BN_LIB); +- goto err; +- } +- } else { +- ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY); +- goto err; +- } +- +- if (priv_key->publicKey) { +- const unsigned char *pub_oct; +- size_t pub_oct_len; +- +- if (ret->pub_key) +- EC_POINT_clear_free(ret->pub_key); +- ret->pub_key = EC_POINT_new(ret->group); +- if (ret->pub_key == NULL) { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- pub_oct = M_ASN1_STRING_data(priv_key->publicKey); +- pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); +- /* save the point conversion form */ +- ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); +- if (!EC_POINT_oct2point(ret->group, ret->pub_key, +- pub_oct, pub_oct_len, NULL)) { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- if (a) +- *a = ret; +- ok = 1; +- err: +- if (!ok) { +- if (ret && (a == NULL || *a != ret)) +- EC_KEY_free(ret); +- ret = NULL; +- } +- +- if (priv_key) +- EC_PRIVATEKEY_free(priv_key); +- +- return (ret); +-} +- +-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) +-{ +- int ret = 0, ok = 0; +- unsigned char *buffer = NULL; +- size_t buf_len = 0, tmp_len; +- EC_PRIVATEKEY *priv_key = NULL; +- +- if (a == NULL || a->group == NULL || a->priv_key == NULL) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); +- goto err; +- } +- +- if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- priv_key->version = a->version; +- +- buf_len = (size_t)BN_num_bytes(a->priv_key); +- buffer = OPENSSL_malloc(buf_len); +- if (buffer == NULL) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!BN_bn2bin(a->priv_key, buffer)) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); +- goto err; +- } +- +- if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); +- goto err; +- } +- +- if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { +- if ((priv_key->parameters = +- ec_asn1_group2pkparameters(a->group, +- priv_key->parameters)) == NULL) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) { +- priv_key->publicKey = M_ASN1_BIT_STRING_new(); +- if (priv_key->publicKey == NULL) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- tmp_len = EC_POINT_point2oct(a->group, a->pub_key, +- a->conv_form, NULL, 0, NULL); +- +- if (tmp_len > buf_len) { +- unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len); +- if (!tmp_buffer) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- buffer = tmp_buffer; +- buf_len = tmp_len; +- } +- +- if (!EC_POINT_point2oct(a->group, a->pub_key, +- a->conv_form, buffer, buf_len, NULL)) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- +- priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); +- priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; +- if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); +- goto err; +- } +- } +- +- if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- ok = 1; +- err: +- if (buffer) +- OPENSSL_free(buffer); +- if (priv_key) +- EC_PRIVATEKEY_free(priv_key); +- return (ok ? ret : 0); +-} +- +-int i2d_ECParameters(EC_KEY *a, unsigned char **out) +-{ +- if (a == NULL) { +- ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- return i2d_ECPKParameters(a->group, out); +-} +- +-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) +-{ +- EC_KEY *ret; +- +- if (in == NULL || *in == NULL) { +- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- +- if (a == NULL || *a == NULL) { +- if ((ret = EC_KEY_new()) == NULL) { +- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- } else +- ret = *a; +- +- if (!d2i_ECPKParameters(&ret->group, in, len)) { +- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); +- if (a == NULL || *a != ret) +- EC_KEY_free(ret); +- return NULL; +- } +- +- if (a) +- *a = ret; +- +- return ret; +-} +- +-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) +-{ +- EC_KEY *ret = NULL; +- +- if (a == NULL || (*a) == NULL || (*a)->group == NULL) { +- /* +- * sorry, but a EC_GROUP-structur is necessary to set the public key +- */ +- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- ret = *a; +- if (ret->pub_key == NULL && +- (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { +- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { +- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); +- return 0; +- } +- /* save the point conversion form */ +- ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01); +- *in += len; +- return ret; +-} +- +-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) +-{ +- size_t buf_len = 0; +- int new_buffer = 0; +- +- if (a == NULL) { +- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- buf_len = EC_POINT_point2oct(a->group, a->pub_key, +- a->conv_form, NULL, 0, NULL); +- +- if (out == NULL || buf_len == 0) +- /* out == NULL => just return the length of the octet string */ +- return buf_len; +- +- if (*out == NULL) { +- if ((*out = OPENSSL_malloc(buf_len)) == NULL) { +- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- new_buffer = 1; +- } +- if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, +- *out, buf_len, NULL)) { +- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); +- OPENSSL_free(*out); +- *out = NULL; +- return 0; +- } +- if (!new_buffer) +- *out += buf_len; +- return buf_len; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_check.c b/Cryptlib/OpenSSL/crypto/ec/ec_check.c +deleted file mode 100644 +index d3f5349..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_check.c ++++ /dev/null +@@ -1,120 +0,0 @@ +-/* crypto/ec/ec_check.c */ +-/* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "ec_lcl.h" +-#include +- +-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) +-{ +- int ret = 0; +- BIGNUM *order; +- BN_CTX *new_ctx = NULL; +- EC_POINT *point = NULL; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) { +- ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- BN_CTX_start(ctx); +- if ((order = BN_CTX_get(ctx)) == NULL) +- goto err; +- +- /* check the discriminant */ +- if (!EC_GROUP_check_discriminant(group, ctx)) { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); +- goto err; +- } +- +- /* check the generator */ +- if (group->generator == NULL) { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); +- goto err; +- } +- if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); +- goto err; +- } +- +- /* check the order of the generator */ +- if ((point = EC_POINT_new(group)) == NULL) +- goto err; +- if (!EC_GROUP_get_order(group, order, ctx)) +- goto err; +- if (BN_is_zero(order)) { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); +- goto err; +- } +- +- if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) +- goto err; +- if (!EC_POINT_is_at_infinity(group, point)) { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); +- goto err; +- } +- +- ret = 1; +- +- err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (point) +- EC_POINT_free(point); +- return ret; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c +deleted file mode 100644 +index b435620..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c ++++ /dev/null +@@ -1,1335 +0,0 @@ +-/* crypto/ec/ec_curve.c */ +-/* +- * Written by Nils Larsch for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * +- * Portions of the attached software ("Contribution") are developed by +- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. +- * +- * The Contribution is licensed pursuant to the OpenSSL open source +- * license provided above. +- * +- * The elliptic curve binary polynomial software is originally written by +- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. +- * +- */ +- +-#include "ec_lcl.h" +-#include +-#include +- +-typedef struct ec_curve_data_st { +- int field_type; /* either NID_X9_62_prime_field or +- * NID_X9_62_characteristic_two_field */ +- const char *p; /* either a prime number or a polynomial */ +- const char *a; +- const char *b; +- const char *x; /* the x coordinate of the generator */ +- const char *y; /* the y coordinate of the generator */ +- const char *order; /* the order of the group generated by the +- * generator */ +- const BN_ULONG cofactor; /* the cofactor */ +- const unsigned char *seed; /* the seed (optional) */ +- size_t seed_len; +- const char *comment; /* a short description of the curve */ +-} EC_CURVE_DATA; +- +-/* the nist prime curves */ +-static const unsigned char _EC_NIST_PRIME_192_SEED[] = { +- 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, +- 0x95, 0x28, 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5 +-}; +- +-static const EC_CURVE_DATA _EC_NIST_PRIME_192 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", +- "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", +- "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", +- "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", +- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 1, +- _EC_NIST_PRIME_192_SEED, 20, +- "NIST/X9.62/SECG curve over a 192 bit prime field" +-}; +- +-static const unsigned char _EC_NIST_PRIME_224_SEED[] = { +- 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, +- 0xB5, 0x9F, 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5 +-}; +- +-static const EC_CURVE_DATA _EC_NIST_PRIME_224 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", +- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", +- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", +- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, +- _EC_NIST_PRIME_224_SEED, 20, +- "NIST/SECG curve over a 224 bit prime field" +-}; +- +-static const unsigned char _EC_NIST_PRIME_384_SEED[] = { +- 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, +- 0x89, 0x6A, 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73 +-}; +- +-static const EC_CURVE_DATA _EC_NIST_PRIME_384 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" +- "FFF0000000000000000FFFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" +- "FFF0000000000000000FFFFFFFC", +- "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563" +- "98D8A2ED19D2A85C8EDD3EC2AEF", +- "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F" +- "25DBF55296C3A545E3872760AB7", +- "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b" +- "1ce1d7e819d7a431d7c90ea0e5f", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0" +- "DB248B0A77AECEC196ACCC52973", 1, +- _EC_NIST_PRIME_384_SEED, 20, +- "NIST/SECG curve over a 384 bit prime field" +-}; +- +-static const unsigned char _EC_NIST_PRIME_521_SEED[] = { +- 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, +- 0x67, 0x17, 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA +-}; +- +-static const EC_CURVE_DATA _EC_NIST_PRIME_521 = { +- NID_X9_62_prime_field, +- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", +- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", +- "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156" +- "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", +- "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14" +- "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", +- "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9" +- "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", +- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51" +- "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 1, +- _EC_NIST_PRIME_521_SEED, 20, +- "NIST/SECG curve over a 521 bit prime field" +-}; +- +-/* the x9.62 prime curves (minus the nist prime curves) */ +-static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = { +- 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, +- 0x11, 0x3E, 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6 +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", +- "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", +- "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", +- "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", +- "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", 1, +- _EC_X9_62_PRIME_192V2_SEED, 20, +- "X9.62 curve over a 192 bit prime field" +-}; +- +-static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = { +- 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, +- 0x5C, 0xA9, 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", +- "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", +- "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", +- "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", +- "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", 1, +- _EC_X9_62_PRIME_192V3_SEED, 20, +- "X9.62 curve over a 192 bit prime field" +-}; +- +-static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = { +- 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, +- 0x75, 0x79, 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = { +- NID_X9_62_prime_field, +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", +- "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", +- "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", +- "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", 1, +- _EC_X9_62_PRIME_239V1_SEED, 20, +- "X9.62 curve over a 239 bit prime field" +-}; +- +-static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = { +- 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, +- 0x80, 0x99, 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16 +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = { +- NID_X9_62_prime_field, +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", +- "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", +- "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", +- "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", +- "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", 1, +- _EC_X9_62_PRIME_239V2_SEED, 20, +- "X9.62 curve over a 239 bit prime field" +-}; +- +-static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = { +- 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, +- 0x85, 0x76, 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = { +- NID_X9_62_prime_field, +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", +- "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", +- "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", +- "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", 1, +- _EC_X9_62_PRIME_239V3_SEED, 20, +- "X9.62 curve over a 239 bit prime field" +-}; +- +-static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = { +- 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, +- 0x78, 0xE1, 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90 +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = { +- NID_X9_62_prime_field, +- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", +- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", +- "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", +- "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", +- "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", +- "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 1, +- _EC_X9_62_PRIME_256V1_SEED, 20, +- "X9.62/SECG curve over a 256 bit prime field" +-}; +- +-/* the secg prime curves (minus the nist and x9.62 prime curves) */ +-static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = { +- 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, +- 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = { +- NID_X9_62_prime_field, +- "DB7C2ABF62E35E668076BEAD208B", +- "DB7C2ABF62E35E668076BEAD2088", +- "659EF8BA043916EEDE8911702B22", +- "09487239995A5EE76B55F9C2F098", +- "a89ce5af8724c0a23e0e0ff77500", +- "DB7C2ABF62E35E7628DFAC6561C5", 1, +- _EC_SECG_PRIME_112R1_SEED, 20, +- "SECG/WTLS curve over a 112 bit prime field" +-}; +- +-static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = { +- 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, +- 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = { +- NID_X9_62_prime_field, +- "DB7C2ABF62E35E668076BEAD208B", +- "6127C24C05F38A0AAAF65C0EF02C", +- "51DEF1815DB5ED74FCC34C85D709", +- "4BA30AB5E892B4E1649DD0928643", +- "adcd46f5882e3747def36e956e97", +- "36DF0AAFD8B8D7597CA10520D04B", 4, +- _EC_SECG_PRIME_112R2_SEED, 20, +- "SECG curve over a 112 bit prime field" +-}; +- +-static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = { +- 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, +- 0x51, 0x75, 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = { +- NID_X9_62_prime_field, +- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", +- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", +- "E87579C11079F43DD824993C2CEE5ED3", +- "161FF7528B899B2D0C28607CA52C5B86", +- "cf5ac8395bafeb13c02da292dded7a83", +- "FFFFFFFE0000000075A30D1B9038A115", 1, +- _EC_SECG_PRIME_128R1_SEED, 20, +- "SECG curve over a 128 bit prime field" +-}; +- +-static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = { +- 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, +- 0x12, 0xD8, 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = { +- NID_X9_62_prime_field, +- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", +- "D6031998D1B3BBFEBF59CC9BBFF9AEE1", +- "5EEEFCA380D02919DC2C6558BB6D8A5D", +- "7B6AA5D85E572983E6FB32A7CDEBC140", +- "27b6916a894d3aee7106fe805fc34b44", +- "3FFFFFFF7FFFFFFFBE0024720613B5A3", 4, +- _EC_SECG_PRIME_128R2_SEED, 20, +- "SECG curve over a 128 bit prime field" +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", +- "0", +- "7", +- "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", +- "938cf935318fdced6bc28286531733c3f03c4fee", +- "0100000000000000000001B8FA16DFAB9ACA16B6B3", 1, +- NULL, 0, +- "SECG curve over a 160 bit prime field" +-}; +- +-static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = { +- 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, +- 0x87, 0x56, 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", +- "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", +- "4A96B5688EF573284664698968C38BB913CBFC82", +- "23a628553168947d59dcc912042351377ac5fb32", +- "0100000000000000000001F4C8F927AED3CA752257", 1, +- _EC_SECG_PRIME_160R1_SEED, 20, +- "SECG curve over a 160 bit prime field" +-}; +- +-static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = { +- 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, +- 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", +- "B4E134D3FB59EB8BAB57274904664D5AF50388BA", +- "52DCB034293A117E1F4FF11B30F7199D3144CE6D", +- "feaffef2e331f296e071fa0df9982cfea7d43f2e", +- "0100000000000000000000351EE786A818F3A1A16B", 1, +- _EC_SECG_PRIME_160R2_SEED, 20, +- "SECG/WTLS curve over a 160 bit prime field" +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", +- "0", +- "3", +- "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", +- "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d", +- "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 1, +- NULL, 20, +- "SECG curve over a 192 bit prime field" +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", +- "0", +- "5", +- "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", +- "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5", +- "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 1, +- NULL, 20, +- "SECG curve over a 224 bit prime field" +-}; +- +-static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", +- "0", +- "7", +- "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", +- "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 1, +- NULL, 20, +- "SECG curve over a 256 bit prime field" +-}; +- +-/* some wap/wtls curves */ +-static const EC_CURVE_DATA _EC_WTLS_8 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFDE7", +- "0", +- "3", +- "1", +- "2", +- "0100000000000001ECEA551AD837E9", 1, +- NULL, 20, +- "WTLS curve over a 112 bit prime field" +-}; +- +-static const EC_CURVE_DATA _EC_WTLS_9 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F", +- "0", +- "3", +- "1", +- "2", +- "0100000000000000000001CDC98AE0E2DE574ABF33", 1, +- NULL, 20, +- "WTLS curve over a 160 bit prime field" +-}; +- +-static const EC_CURVE_DATA _EC_WTLS_12 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", +- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", +- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", +- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, +- NULL, 0, +- "WTLS curvs over a 224 bit prime field" +-}; +- +-/* characteristic two curves */ +-static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = { +- 0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, +- 0x56, 0x15, 0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000201", +- "003088250CA6E7C7FE649CE85820F7", +- "00E8BEE4D3E2260744188BE0E9C723", +- "009D73616F35F4AB1407D73562C10F", +- "00A52830277958EE84D1315ED31886", +- "0100000000000000D9CCEC8A39E56F", 2, +- _EC_SECG_CHAR2_113R1_SEED, 20, +- "SECG curve over a 113 bit binary field" +-}; +- +-static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = { +- 0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, +- 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D +-}; +- +-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000201", +- "00689918DBEC7E5A0DD6DFC0AA55C7", +- "0095E9A9EC9B297BD4BF36E059184F", +- "01A57A6A7B26CA5EF52FCDB8164797", +- "00B3ADC94ED1FE674C06E695BABA1D", +- "010000000000000108789B2496AF93", 2, +- _EC_SECG_CHAR2_113R2_SEED, 20, +- "SECG curve over a 113 bit binary field" +-}; +- +-static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = { +- 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98, +- 0x5B, 0xD3, 0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000010D", +- "07A11B09A76B562144418FF3FF8C2570B8", +- "0217C05610884B63B9C6C7291678F9D341", +- "0081BAF91FDF9833C40F9C181343638399", +- "078C6E7EA38C001F73C8134B1B4EF9E150", +- "0400000000000000023123953A9464B54D", 2, +- _EC_SECG_CHAR2_131R1_SEED, 20, +- "SECG/WTLS curve over a 131 bit binary field" +-}; +- +-static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = { +- 0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76, +- 0x87, 0x56, 0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000010D", +- "03E5A88919D7CAFCBF415F07C2176573B2", +- "04B8266A46C55657AC734CE38F018F2192", +- "0356DCD8F2F95031AD652D23951BB366A8", +- "0648F06D867940A5366D9E265DE9EB240F", +- "0400000000000000016954A233049BA98F", 2, +- _EC_SECG_CHAR2_131R2_SEED, 20, +- "SECG curve over a 131 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = { +- NID_X9_62_characteristic_two_field, +- "0800000000000000000000000000000000000000C9", +- "1", +- "1", +- "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", +- "0289070FB05D38FF58321F2E800536D538CCDAA3D9", +- "04000000000000000000020108A2E0CC0D99F8A5EF", 2, +- NULL, 0, +- "NIST/SECG/WTLS curve over a 163 bit binary field" +-}; +- +-static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = { +- 0x24, 0xB7, 0xB1, 0x37, 0xC8, 0xA1, 0x4D, 0x69, 0x6E, 0x67, +- 0x68, 0x75, 0x61, 0x51, 0x75, 0x6F, 0xD0, 0xDA, 0x2E, 0x5C +-}; +- +-static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = { +- NID_X9_62_characteristic_two_field, +- "0800000000000000000000000000000000000000C9", +- "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", +- "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", +- "0369979697AB43897789566789567F787A7876A654", +- "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", +- "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2, +- /* +- * The algorithm used to derive the curve parameters from the seed used +- * here is slightly different than the algorithm described in X9.62 . +- */ +-#if 0 +- _EC_SECG_CHAR2_163R1_SEED, 20, +-#else +- NULL, 0, +-#endif +- "SECG curve over a 163 bit binary field" +-}; +- +-static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = { +- 0x85, 0xE2, 0x5B, 0xFE, 0x5C, 0x86, 0x22, 0x6C, 0xDB, 0x12, +- 0x01, 0x6F, 0x75, 0x53, 0xF9, 0xD0, 0xE6, 0x93, 0xA2, 0x68 +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_163B = { +- NID_X9_62_characteristic_two_field, +- "0800000000000000000000000000000000000000C9", +- "1", +- "020A601907B8C953CA1481EB10512F78744A3205FD", +- "03F0EBA16286A2D57EA0991168D4994637E8343E36", +- "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", +- "040000000000000000000292FE77E70C12A4234C33", 2, +- /* +- * The seed here was used to created the curve parameters in normal basis +- * representation (and not the polynomial representation used here) +- */ +-#if 0 +- _EC_NIST_CHAR2_163B_SEED, 20, +-#else +- NULL, 0, +-#endif +- "NIST/SECG curve over a 163 bit binary field" +-}; +- +-static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = { +- 0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, +- 0x61, 0x51, 0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = { +- NID_X9_62_characteristic_two_field, +- "02000000000000000000000000000000000000000000008001", +- "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", +- "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", +- "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", +- "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", +- "01000000000000000000000000C7F34A778F443ACC920EBA49", 2, +- _EC_SECG_CHAR2_193R1_SEED, 20, +- "SECG curve over a 193 bit binary field" +-}; +- +-static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = { +- 0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, +- 0x17, 0x51, 0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11 +-}; +- +-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = { +- NID_X9_62_characteristic_two_field, +- "02000000000000000000000000000000000000000000008001", +- "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", +- "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", +- "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", +- "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", +- "010000000000000000000000015AAB561B005413CCD4EE99D5", 2, +- _EC_SECG_CHAR2_193R2_SEED, 20, +- "SECG curve over a 193 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000000000000004000000000000000001", +- "0", +- "1", +- "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", +- "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", +- "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4, +- NULL, 0, +- "NIST/SECG/WTLS curve over a 233 bit binary field" +-}; +- +-static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = { +- 0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1, +- 0x4B, 0x34, 0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3 +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000000000000004000000000000000001", +- "000000000000000000000000000000000000000000000000000000000001", +- "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", +- "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", +- "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", +- "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2, +- _EC_NIST_CHAR2_233B_SEED, 20, +- "NIST/SECG/WTLS curve over a 233 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000004000000000000000000000000000000000000001", +- "0", +- "1", +- "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", +- "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", +- "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4, +- NULL, 0, +- "SECG curve over a 239 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000000000000000000000000000000001" +- "0A1", +- "0", +- "1", +- "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492" +- "836", +- "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2" +- "259", +- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163" +- "C61", 4, +- NULL, 20, +- "NIST/SECG curve over a 283 bit binary field" +-}; +- +-static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = { +- 0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, +- 0xD5, 0xB6, 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000000000000000000000000000000001" +- "0A1", +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "001", +- "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A" +- "2F5", +- "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12" +- "053", +- "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811" +- "2F4", +- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB" +- "307", 2, +- _EC_NIST_CHAR2_283B_SEED, 20, +- "NIST/SECG curve over a 283 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000000000000000000000000000000000000000000" +- "00000000000008000000000000000000001", +- "0", +- "1", +- "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601" +- "89EB5AAAA62EE222EB1B35540CFE9023746", +- "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6" +- "C42E9C55215AA9CA27A5863EC48D8E0286B", +- "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400" +- "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4, +- NULL, 0, +- "NIST/SECG curve over a 409 bit binary field" +-}; +- +-static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = { +- 0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21, +- 0x3D, 0x09, 0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000000000000000000000000000000000000000000" +- "00000000000008000000000000000000001", +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "00000000000000000000000000000000001", +- "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19" +- "7B272822F6CD57A55AA4F50AE317B13545F", +- "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255" +- "A868A1180515603AEAB60794E54BB7996A7", +- "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514" +- "F1FDF4B4F40D2181B3681C364BA0273C706", +- "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330" +- "7BE5FA47C3C9E052F838164CD37D9A21173", 2, +- _EC_NIST_CHAR2_409B_SEED, 20, +- "NIST/SECG curve over a 409 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000000000000000000000000" +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "00425", +- "0", +- "1", +- "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709" +- "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0" +- "1C8972", +- "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497" +- "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E" +- "F1C7A3", +- "020000000000000000000000000000000000000000000000000000000000000000000" +- "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63" +- "7C1001", 4, +- NULL, 0, +- "NIST/SECG curve over a 571 bit binary field" +-}; +- +-static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = { +- 0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B, +- 0x0F, 0x61, 0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10 +-}; +- +-static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000000000000000000000000" +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "00425", +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "000001", +- "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA" +- "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29" +- "55727A", +- "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53" +- "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E" +- "EC2D19", +- "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423" +- "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B" +- "8AC15B", +- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +- "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F" +- "E84E47", 2, +- _EC_NIST_CHAR2_571B_SEED, 20, +- "NIST/SECG curve over a 571 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = { +- 0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, +- 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54 +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000107", +- "072546B5435234A422E0789675F432C89435DE5242", +- "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", +- "07AF69989546103D79329FCC3D74880F33BBE803CB", +- "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", +- "0400000000000000000001E60FC8821CC74DAEAFC1", 2, +- _EC_X9_62_CHAR2_163V1_SEED, 20, +- "X9.62 curve over a 163 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = { +- 0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76, +- 0x87, 0x56, 0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000107", +- "0108B39E77C4B108BED981ED0E890E117C511CF072", +- "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", +- "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", +- "079F684DDF6684C5CD258B3890021B2386DFD19FC5", +- "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, +- _EC_X9_62_CHAR2_163V2_SEED, 20, +- "X9.62 curve over a 163 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = { +- 0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67, +- 0x68, 0x75, 0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8 +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000107", +- "07A526C63D3E25A256A007699F5447E32AE456B50E", +- "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", +- "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", +- "05B935590C155E17EA48EB3FF3718B893DF59A05D0", +- "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, +- _EC_X9_62_CHAR2_163V3_SEED, 20, +- "X9.62 curve over a 163 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { +- NID_X9_62_characteristic_two_field, +- "0100000000000000000000000000000000080000000007", +- "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", +- "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", +- "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", +- "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", +- "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, +- NULL, 0, +- "X9.62 curve over a 176 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = { +- 0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76, +- 0x87, 0x56, 0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84 +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000201", +- "2866537B676752636A68F56554E12640276B649EF7526267", +- "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", +- "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", +- "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", +- "40000000000000000000000004A20E90C39067C893BBB9A5", 2, +- _EC_X9_62_CHAR2_191V1_SEED, 20, +- "X9.62 curve over a 191 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = { +- 0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76, +- 0x87, 0x56, 0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15 +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000201", +- "401028774D7777C7B7666D1366EA432071274F89FF01E718", +- "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", +- "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", +- "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", +- "20000000000000000000000050508CB89F652824E06B8173", 4, +- _EC_X9_62_CHAR2_191V2_SEED, 20, +- "X9.62 curve over a 191 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = { +- 0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76, +- 0x87, 0x56, 0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000201", +- "6C01074756099122221056911C77D77E77A777E7E7E77FCB", +- "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", +- "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", +- "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", +- "155555555555555555555555610C0B196812BFB6288A3EA3", 6, +- _EC_X9_62_CHAR2_191V3_SEED, 20, +- "X9.62 curve over a 191 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { +- NID_X9_62_characteristic_two_field, +- "010000000000000000000000000000000800000000000000000007", +- "0000000000000000000000000000000000000000000000000000", +- "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", +- "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", +- "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", +- "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, +- NULL, 0, +- "X9.62 curve over a 208 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = { +- 0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, +- 0x51, 0x75, 0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000001000000001", +- "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", +- "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", +- "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", +- "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", +- "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, +- _EC_X9_62_CHAR2_239V1_SEED, 20, +- "X9.62 curve over a 239 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = { +- 0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76, +- 0x87, 0x56, 0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000001000000001", +- "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", +- "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", +- "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", +- "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", +- "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, +- _EC_X9_62_CHAR2_239V2_SEED, 20, +- "X9.62 curve over a 239 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = { +- 0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, +- 0x51, 0x75, 0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41 +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000001000000001", +- "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", +- "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", +- "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", +- "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", +- "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, +- _EC_X9_62_CHAR2_239V3_SEED, 20, +- "X9.62 curve over a 239 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { +- NID_X9_62_characteristic_two_field, +- "010000000000000000000000000000000000000000000000000000010000000000000" +- "B", +- "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", +- "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", +- "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", +- "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", +- "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", +- 0xFF06, +- NULL, 0, +- "X9.62 curve over a 272 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { +- NID_X9_62_characteristic_two_field, +- "010000000000000000000000000000000000000000000000000000000000000000000" +- "000000807", +- "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039" +- "6C8E681", +- "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558" +- "27340BE", +- "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7" +- "40A2614", +- "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1" +- "B92C03B", +- "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" +- "443051D", 0xFE2E, +- NULL, 0, +- "X9.62 curve over a 304 bit binary field" +-}; +- +-static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = { +- 0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76, +- 0x87, 0x56, 0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6 +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000000000000000000000000" +- "000100000000000000001", +- "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05" +- "656FB549016A96656A557", +- "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968" +- "7742B6329E70680231988", +- "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9" +- "8E8E707C07A2239B1B097", +- "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E" +- "4AE2DE211305A407104BD", +- "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" +- "64FE7719E74F490758D3B", 0x4C, +- _EC_X9_62_CHAR2_359V1_SEED, 20, +- "X9.62 curve over a 359 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { +- NID_X9_62_characteristic_two_field, +- "010000000000000000000000000000000000000000000000000000000000000000000" +- "0002000000000000000000007", +- "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62" +- "F0AB7519CCD2A1A906AE30D", +- "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112" +- "D84D164F444F8F74786046A", +- "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78" +- "9E927BE216F02E1FB136A5F", +- "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855" +- "ADAA81E2A0750B80FDA2310", +- "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" +- "9AE40A6F131E9CFCE5BD967", 0xFF70, +- NULL, 0, +- "X9.62 curve over a 368 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000000000000000000000000" +- "000000001000000000000000000000000000001", +- "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E" +- "B9906D0957F6C6FEACD615468DF104DE296CD8F", +- "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6" +- "26D4E50A8DD731B107A9962381FB5D807BF2618", +- "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2" +- "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", +- "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6" +- "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", +- "0340340340340340340340340340340340340340340340340340340323C313FAB5058" +- "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, +- NULL, 0, +- "X9.62 curve over a 431 bit binary field" +-}; +- +-static const EC_CURVE_DATA _EC_WTLS_1 = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000201", +- "1", +- "1", +- "01667979A40BA497E5D5C270780617", +- "00F44B4AF1ECC2630E08785CEBCC15", +- "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2, +- NULL, 0, +- "WTLS curve over a 113 bit binary field" +-}; +- +-/* IPSec curves */ +-/* +- * NOTE: The of curves over a extension field of non prime degree is not +- * recommended (Weil-descent). As the group order is not a prime this curve +- * is not suitable for ECDSA. +- */ +-static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { +- NID_X9_62_characteristic_two_field, +- "0800000000000000000000004000000000000001", +- "0", +- "07338f", +- "7b", +- "1c8", +- "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C", 3, +- NULL, 0, +- "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" +- "\tNot suitable for ECDSA.\n\tQuestionable extension field!" +-}; +- +-/* +- * NOTE: The of curves over a extension field of non prime degree is not +- * recommended (Weil-descent). As the group order is not a prime this curve +- * is not suitable for ECDSA. +- */ +-static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000200000000000000001", +- "0", +- "1ee9", +- "18", +- "0d", +- "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E", 2, +- NULL, 0, +- "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" +- "\tNot suitable for ECDSA.\n\tQuestionable extension field!" +-}; +- +-typedef struct _ec_list_element_st { +- int nid; +- const EC_CURVE_DATA *data; +-} ec_list_element; +- +-static const ec_list_element curve_list[] = { +- /* prime field curves */ +- /* secg curves */ +- {NID_secp112r1, &_EC_SECG_PRIME_112R1}, +- {NID_secp112r2, &_EC_SECG_PRIME_112R2}, +- {NID_secp128r1, &_EC_SECG_PRIME_128R1}, +- {NID_secp128r2, &_EC_SECG_PRIME_128R2}, +- {NID_secp160k1, &_EC_SECG_PRIME_160K1}, +- {NID_secp160r1, &_EC_SECG_PRIME_160R1}, +- {NID_secp160r2, &_EC_SECG_PRIME_160R2}, +- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ +- {NID_secp192k1, &_EC_SECG_PRIME_192K1}, +- {NID_secp224k1, &_EC_SECG_PRIME_224K1}, +- {NID_secp224r1, &_EC_NIST_PRIME_224}, +- {NID_secp256k1, &_EC_SECG_PRIME_256K1}, +- /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ +- {NID_secp384r1, &_EC_NIST_PRIME_384}, +- {NID_secp521r1, &_EC_NIST_PRIME_521}, +- /* X9.62 curves */ +- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, +- {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, +- {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, +- {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, +- {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2}, +- {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3}, +- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1}, +- /* characteristic two field curves */ +- /* NIST/SECG curves */ +- {NID_sect113r1, &_EC_SECG_CHAR2_113R1}, +- {NID_sect113r2, &_EC_SECG_CHAR2_113R2}, +- {NID_sect131r1, &_EC_SECG_CHAR2_131R1}, +- {NID_sect131r2, &_EC_SECG_CHAR2_131R2}, +- {NID_sect163k1, &_EC_NIST_CHAR2_163K}, +- {NID_sect163r1, &_EC_SECG_CHAR2_163R1}, +- {NID_sect163r2, &_EC_NIST_CHAR2_163B}, +- {NID_sect193r1, &_EC_SECG_CHAR2_193R1}, +- {NID_sect193r2, &_EC_SECG_CHAR2_193R2}, +- {NID_sect233k1, &_EC_NIST_CHAR2_233K}, +- {NID_sect233r1, &_EC_NIST_CHAR2_233B}, +- {NID_sect239k1, &_EC_SECG_CHAR2_239K1}, +- {NID_sect283k1, &_EC_NIST_CHAR2_283K}, +- {NID_sect283r1, &_EC_NIST_CHAR2_283B}, +- {NID_sect409k1, &_EC_NIST_CHAR2_409K}, +- {NID_sect409r1, &_EC_NIST_CHAR2_409B}, +- {NID_sect571k1, &_EC_NIST_CHAR2_571K}, +- {NID_sect571r1, &_EC_NIST_CHAR2_571B}, +- /* X9.62 curves */ +- {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1}, +- {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2}, +- {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3}, +- {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1}, +- {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1}, +- {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2}, +- {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3}, +- {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1}, +- {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1}, +- {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2}, +- {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3}, +- {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1}, +- {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1}, +- {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1}, +- {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1}, +- {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, +- /* +- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves +- * from X9.62] +- */ +- {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, +- {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, +- {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, +- {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1}, +- {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1}, +- {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2}, +- {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8}, +- {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9}, +- {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K}, +- {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B}, +- {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, +- /* IPSec curves */ +- {NID_ipsec3, &_EC_IPSEC_155_ID3}, +- {NID_ipsec4, &_EC_IPSEC_185_ID4}, +-}; +- +-static size_t curve_list_length = +- sizeof(curve_list) / sizeof(ec_list_element); +- +-static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA * data) +-{ +- EC_GROUP *group = NULL; +- EC_POINT *P = NULL; +- BN_CTX *ctx = NULL; +- BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = +- NULL; +- int ok = 0; +- +- if ((ctx = BN_CTX_new()) == NULL) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || +- (b = BN_new()) == NULL || (x = BN_new()) == NULL || +- (y = BN_new()) == NULL || (order = BN_new()) == NULL) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a) +- || !BN_hex2bn(&b, data->b)) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); +- goto err; +- } +- +- if (data->field_type == NID_X9_62_prime_field) { +- if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- } else { /* field_type == +- * NID_X9_62_characteristic_two_field */ +- if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- if ((P = EC_POINT_new(group)) == NULL) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- +- if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); +- goto err; +- } +- if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); +- goto err; +- } +- if (!EC_GROUP_set_generator(group, P, order, x)) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- if (data->seed) { +- if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- } +- ok = 1; +- err: +- if (!ok) { +- EC_GROUP_free(group); +- group = NULL; +- } +- if (P) +- EC_POINT_free(P); +- if (ctx) +- BN_CTX_free(ctx); +- if (p) +- BN_free(p); +- if (a) +- BN_free(a); +- if (b) +- BN_free(b); +- if (order) +- BN_free(order); +- if (x) +- BN_free(x); +- if (y) +- BN_free(y); +- return group; +-} +- +-EC_GROUP *EC_GROUP_new_by_curve_name(int nid) +-{ +- size_t i; +- EC_GROUP *ret = NULL; +- +- if (nid <= 0) +- return NULL; +- +- for (i = 0; i < curve_list_length; i++) +- if (curve_list[i].nid == nid) { +- ret = ec_group_new_from_data(curve_list[i].data); +- break; +- } +- +- if (ret == NULL) { +- ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP); +- return NULL; +- } +- +- EC_GROUP_set_curve_name(ret, nid); +- +- return ret; +-} +- +-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) +-{ +- size_t i, min; +- +- if (r == NULL || nitems == 0) +- return curve_list_length; +- +- min = nitems < curve_list_length ? nitems : curve_list_length; +- +- for (i = 0; i < min; i++) { +- r[i].nid = curve_list[i].nid; +- r[i].comment = curve_list[i].data->comment; +- } +- +- return curve_list_length; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c +deleted file mode 100644 +index 29b68f6..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c ++++ /dev/null +@@ -1,141 +0,0 @@ +-/* crypto/ec/ec_cvt.c */ +-/* +- * Originally written by Bodo Moeller for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * +- * Portions of the attached software ("Contribution") are developed by +- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. +- * +- * The Contribution is licensed pursuant to the OpenSSL open source +- * license provided above. +- * +- * The elliptic curve binary polynomial software is originally written by +- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. +- * +- */ +- +-#include +-#include "ec_lcl.h" +- +-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +-{ +- const EC_METHOD *meth; +- EC_GROUP *ret; +- +- meth = EC_GFp_nist_method(); +- +- ret = EC_GROUP_new(meth); +- if (ret == NULL) +- return NULL; +- +- if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { +- unsigned long err; +- +- err = ERR_peek_last_error(); +- +- if (!(ERR_GET_LIB(err) == ERR_LIB_EC && +- ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || +- (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) { +- /* real error */ +- +- EC_GROUP_clear_free(ret); +- return NULL; +- } +- +- /* +- * not an actual error, we just cannot use EC_GFp_nist_method +- */ +- +- ERR_clear_error(); +- +- EC_GROUP_clear_free(ret); +- meth = EC_GFp_mont_method(); +- +- ret = EC_GROUP_new(meth); +- if (ret == NULL) +- return NULL; +- +- if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { +- EC_GROUP_clear_free(ret); +- return NULL; +- } +- } +- +- return ret; +-} +- +-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +-{ +- const EC_METHOD *meth; +- EC_GROUP *ret; +- +- meth = EC_GF2m_simple_method(); +- +- ret = EC_GROUP_new(meth); +- if (ret == NULL) +- return NULL; +- +- if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) { +- EC_GROUP_clear_free(ret); +- return NULL; +- } +- +- return ret; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_err.c b/Cryptlib/OpenSSL/crypto/ec/ec_err.c +deleted file mode 100644 +index 185116a..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_err.c ++++ /dev/null +@@ -1,275 +0,0 @@ +-/* crypto/ec/ec_err.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* +- * NOTE: this file was auto generated by the mkerr.pl script: any changes +- * made to it will be overwritten when the script next updates this file, +- * only reason strings will be preserved. +- */ +- +-#include +-#include +-#include +- +-/* BEGIN ERROR CODES */ +-#ifndef OPENSSL_NO_ERR +- +-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) +-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) +- +-static ERR_STRING_DATA EC_str_functs[] = { +- {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"}, +- {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, +- {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, +- {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, +- {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, +- {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, +- {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, +- {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, +- {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"}, +- {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"}, +- {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"}, +- {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"}, +- {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"}, +- {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"}, +- {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"}, +- {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"}, +- {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"}, +- {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"}, +- {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"}, +- {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), +- "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"}, +- {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), +- "ec_GF2m_simple_group_check_discriminant"}, +- {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), +- "ec_GF2m_simple_group_set_curve"}, +- {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"}, +- {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"}, +- {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), +- "ec_GF2m_simple_point_get_affine_coordinates"}, +- {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), +- "ec_GF2m_simple_point_set_affine_coordinates"}, +- {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), +- "ec_GF2m_simple_set_compressed_coordinates"}, +- {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"}, +- {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"}, +- {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"}, +- {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), +- "ec_GFp_mont_field_set_to_one"}, +- {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"}, +- {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), +- "ec_GFp_mont_group_set_curve"}, +- {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), +- "EC_GFP_MONT_GROUP_SET_CURVE_GFP"}, +- {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"}, +- {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"}, +- {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), +- "ec_GFp_nist_group_set_curve"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), +- "ec_GFp_simple_group_check_discriminant"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), +- "ec_GFp_simple_group_set_curve"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), +- "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), +- "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), +- "ec_GFp_simple_points_make_affine"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), +- "ec_GFp_simple_point_get_affine_coordinates"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), +- "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), +- "ec_GFp_simple_point_set_affine_coordinates"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), +- "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), +- "ec_GFp_simple_set_compressed_coordinates"}, +- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), +- "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"}, +- {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"}, +- {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), +- "EC_GROUP_check_discriminant"}, +- {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"}, +- {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"}, +- {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"}, +- {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"}, +- {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"}, +- {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"}, +- {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, +- {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), +- "EC_GROUP_get_pentanomial_basis"}, +- {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), +- "EC_GROUP_get_trinomial_basis"}, +- {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, +- {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, +- {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, +- {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, +- {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, +- {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, +- {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"}, +- {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, +- {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"}, +- {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"}, +- {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"}, +- {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"}, +- {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, +- {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, +- {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, +- {ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"}, +- {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, +- {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, +- {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, +- {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"}, +- {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), +- "EC_POINT_get_affine_coordinates_GF2m"}, +- {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), +- "EC_POINT_get_affine_coordinates_GFp"}, +- {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), +- "EC_POINT_get_Jprojective_coordinates_GFp"}, +- {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"}, +- {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"}, +- {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"}, +- {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"}, +- {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"}, +- {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"}, +- {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"}, +- {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"}, +- {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), +- "EC_POINT_set_affine_coordinates_GF2m"}, +- {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), +- "EC_POINT_set_affine_coordinates_GFp"}, +- {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), +- "EC_POINT_set_compressed_coordinates_GF2m"}, +- {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), +- "EC_POINT_set_compressed_coordinates_GFp"}, +- {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), +- "EC_POINT_set_Jprojective_coordinates_GFp"}, +- {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, +- {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, +- {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"}, +- {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, +- {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, +- {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, +- {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"}, +- {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, +- {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, +- {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, +- {0, NULL} +-}; +- +-static ERR_STRING_DATA EC_str_reasons[] = { +- {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"}, +- {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"}, +- {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"}, +- {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE), +- "d2i ecpkparameters failure"}, +- {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"}, +- {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), +- "ec group new by name failure"}, +- {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"}, +- {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE), +- "group2pkparameters failure"}, +- {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE), +- "i2d ecpkparameters failure"}, +- {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"}, +- {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"}, +- {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"}, +- {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"}, +- {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"}, +- {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"}, +- {ERR_REASON(EC_R_INVALID_FORM), "invalid form"}, +- {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"}, +- {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"}, +- {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"}, +- {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"}, +- {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"}, +- {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"}, +- {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"}, +- {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME), +- "not a supported NIST prime"}, +- {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"}, +- {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"}, +- {ERR_REASON(EC_R_NO_FIELD_MOD), "no field mod"}, +- {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"}, +- {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE), +- "pkparameters2group failure"}, +- {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"}, +- {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"}, +- {ERR_REASON(EC_R_SLOT_FULL), "slot full"}, +- {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"}, +- {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"}, +- {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"}, +- {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"}, +- {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"}, +- {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"}, +- {0, NULL} +-}; +- +-#endif +- +-void ERR_load_EC_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- +- if (ERR_func_error_string(EC_str_functs[0].error) == NULL) { +- ERR_load_strings(0, EC_str_functs); +- ERR_load_strings(0, EC_str_reasons); +- } +-#endif +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c +deleted file mode 100644 +index 7e48015..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c ++++ /dev/null +@@ -1,460 +0,0 @@ +-/* crypto/ec/ec_key.c */ +-/* +- * Written by Nils Larsch for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Portions originally developed by SUN MICROSYSTEMS, INC., and +- * contributed to the OpenSSL project. +- */ +- +-#include +-#include "ec_lcl.h" +-#include +- +-EC_KEY *EC_KEY_new(void) +-{ +- EC_KEY *ret; +- +- ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY)); +- if (ret == NULL) { +- ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); +- return (NULL); +- } +- +- ret->version = 1; +- ret->group = NULL; +- ret->pub_key = NULL; +- ret->priv_key = NULL; +- ret->enc_flag = 0; +- ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; +- ret->references = 1; +- ret->method_data = NULL; +- return (ret); +-} +- +-EC_KEY *EC_KEY_new_by_curve_name(int nid) +-{ +- EC_KEY *ret = EC_KEY_new(); +- if (ret == NULL) +- return NULL; +- ret->group = EC_GROUP_new_by_curve_name(nid); +- if (ret->group == NULL) { +- EC_KEY_free(ret); +- return NULL; +- } +- return ret; +-} +- +-void EC_KEY_free(EC_KEY *r) +-{ +- int i; +- +- if (r == NULL) +- return; +- +- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC); +-#ifdef REF_PRINT +- REF_PRINT("EC_KEY", r); +-#endif +- if (i > 0) +- return; +-#ifdef REF_CHECK +- if (i < 0) { +- fprintf(stderr, "EC_KEY_free, bad reference count\n"); +- abort(); +- } +-#endif +- +- if (r->group != NULL) +- EC_GROUP_free(r->group); +- if (r->pub_key != NULL) +- EC_POINT_free(r->pub_key); +- if (r->priv_key != NULL) +- BN_clear_free(r->priv_key); +- +- EC_EX_DATA_free_all_data(&r->method_data); +- +- OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); +- +- OPENSSL_free(r); +-} +- +-EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) +-{ +- EC_EXTRA_DATA *d; +- +- if (dest == NULL || src == NULL) { +- ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- /* copy the parameters */ +- if (src->group) { +- const EC_METHOD *meth = EC_GROUP_method_of(src->group); +- /* clear the old group */ +- if (dest->group) +- EC_GROUP_free(dest->group); +- dest->group = EC_GROUP_new(meth); +- if (dest->group == NULL) +- return NULL; +- if (!EC_GROUP_copy(dest->group, src->group)) +- return NULL; +- } +- /* copy the public key */ +- if (src->pub_key && src->group) { +- if (dest->pub_key) +- EC_POINT_free(dest->pub_key); +- dest->pub_key = EC_POINT_new(src->group); +- if (dest->pub_key == NULL) +- return NULL; +- if (!EC_POINT_copy(dest->pub_key, src->pub_key)) +- return NULL; +- } +- /* copy the private key */ +- if (src->priv_key) { +- if (dest->priv_key == NULL) { +- dest->priv_key = BN_new(); +- if (dest->priv_key == NULL) +- return NULL; +- } +- if (!BN_copy(dest->priv_key, src->priv_key)) +- return NULL; +- } +- /* copy method/extra data */ +- EC_EX_DATA_free_all_data(&dest->method_data); +- +- for (d = src->method_data; d != NULL; d = d->next) { +- void *t = d->dup_func(d->data); +- +- if (t == NULL) +- return 0; +- if (!EC_EX_DATA_set_data +- (&dest->method_data, t, d->dup_func, d->free_func, +- d->clear_free_func)) +- return 0; +- } +- +- /* copy the rest */ +- dest->enc_flag = src->enc_flag; +- dest->conv_form = src->conv_form; +- dest->version = src->version; +- +- return dest; +-} +- +-EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) +-{ +- EC_KEY *ret = EC_KEY_new(); +- if (ret == NULL) +- return NULL; +- if (EC_KEY_copy(ret, ec_key) == NULL) { +- EC_KEY_free(ret); +- return NULL; +- } +- return ret; +-} +- +-int EC_KEY_up_ref(EC_KEY *r) +-{ +- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); +-#ifdef REF_PRINT +- REF_PRINT("EC_KEY", r); +-#endif +-#ifdef REF_CHECK +- if (i < 2) { +- fprintf(stderr, "EC_KEY_up, bad reference count\n"); +- abort(); +- } +-#endif +- return ((i > 1) ? 1 : 0); +-} +- +-int EC_KEY_generate_key(EC_KEY *eckey) +-{ +- int ok = 0; +- BN_CTX *ctx = NULL; +- BIGNUM *priv_key = NULL, *order = NULL; +- EC_POINT *pub_key = NULL; +- +- if (!eckey || !eckey->group) { +- ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- if ((order = BN_new()) == NULL) +- goto err; +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- +- if (eckey->priv_key == NULL) { +- priv_key = BN_new(); +- if (priv_key == NULL) +- goto err; +- } else +- priv_key = eckey->priv_key; +- +- if (!EC_GROUP_get_order(eckey->group, order, ctx)) +- goto err; +- +- do +- if (!BN_rand_range(priv_key, order)) +- goto err; +- while (BN_is_zero(priv_key)) ; +- +- if (eckey->pub_key == NULL) { +- pub_key = EC_POINT_new(eckey->group); +- if (pub_key == NULL) +- goto err; +- } else +- pub_key = eckey->pub_key; +- +- if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) +- goto err; +- +- eckey->priv_key = priv_key; +- eckey->pub_key = pub_key; +- +- ok = 1; +- +- err: +- if (order) +- BN_free(order); +- if (pub_key != NULL && eckey->pub_key == NULL) +- EC_POINT_free(pub_key); +- if (priv_key != NULL && eckey->priv_key == NULL) +- BN_free(priv_key); +- if (ctx != NULL) +- BN_CTX_free(ctx); +- return (ok); +-} +- +-int EC_KEY_check_key(const EC_KEY *eckey) +-{ +- int ok = 0; +- BN_CTX *ctx = NULL; +- const BIGNUM *order = NULL; +- EC_POINT *point = NULL; +- +- if (!eckey || !eckey->group || !eckey->pub_key) { +- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); +- goto err; +- } +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- if ((point = EC_POINT_new(eckey->group)) == NULL) +- goto err; +- +- /* testing whether the pub_key is on the elliptic curve */ +- if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); +- goto err; +- } +- /* testing whether pub_key * order is the point at infinity */ +- order = &eckey->group->order; +- if (BN_is_zero(order)) { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); +- goto err; +- } +- if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { +- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); +- goto err; +- } +- if (!EC_POINT_is_at_infinity(eckey->group, point)) { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); +- goto err; +- } +- /* +- * in case the priv_key is present : check if generator * priv_key == +- * pub_key +- */ +- if (eckey->priv_key) { +- if (BN_cmp(eckey->priv_key, order) >= 0) { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); +- goto err; +- } +- if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, +- NULL, NULL, ctx)) { +- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); +- goto err; +- } +- if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); +- goto err; +- } +- } +- ok = 1; +- err: +- if (ctx != NULL) +- BN_CTX_free(ctx); +- if (point != NULL) +- EC_POINT_free(point); +- return (ok); +-} +- +-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) +-{ +- return key->group; +-} +- +-int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) +-{ +- if (key->group != NULL) +- EC_GROUP_free(key->group); +- key->group = EC_GROUP_dup(group); +- return (key->group == NULL) ? 0 : 1; +-} +- +-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) +-{ +- return key->priv_key; +-} +- +-int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) +-{ +- if (key->priv_key) +- BN_clear_free(key->priv_key); +- key->priv_key = BN_dup(priv_key); +- return (key->priv_key == NULL) ? 0 : 1; +-} +- +-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) +-{ +- return key->pub_key; +-} +- +-int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) +-{ +- if (key->pub_key != NULL) +- EC_POINT_free(key->pub_key); +- key->pub_key = EC_POINT_dup(pub_key, key->group); +- return (key->pub_key == NULL) ? 0 : 1; +-} +- +-unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) +-{ +- return key->enc_flag; +-} +- +-void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) +-{ +- key->enc_flag = flags; +-} +- +-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) +-{ +- return key->conv_form; +-} +- +-void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) +-{ +- key->conv_form = cform; +- if (key->group != NULL) +- EC_GROUP_set_point_conversion_form(key->group, cform); +-} +- +-void *EC_KEY_get_key_method_data(EC_KEY *key, +- void *(*dup_func) (void *), +- void (*free_func) (void *), +- void (*clear_free_func) (void *)) +-{ +- void *ret; +- +- CRYPTO_r_lock(CRYPTO_LOCK_EC); +- ret = +- EC_EX_DATA_get_data(key->method_data, dup_func, free_func, +- clear_free_func); +- CRYPTO_r_unlock(CRYPTO_LOCK_EC); +- +- return ret; +-} +- +-void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, +- void *(*dup_func) (void *), +- void (*free_func) (void *), +- void (*clear_free_func) (void *)) +-{ +- EC_EXTRA_DATA *ex_data; +- +- CRYPTO_w_lock(CRYPTO_LOCK_EC); +- ex_data = +- EC_EX_DATA_get_data(key->method_data, dup_func, free_func, +- clear_free_func); +- if (ex_data == NULL) +- EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, +- clear_free_func); +- CRYPTO_w_unlock(CRYPTO_LOCK_EC); +- +- return ex_data; +-} +- +-void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) +-{ +- if (key->group != NULL) +- EC_GROUP_set_asn1_flag(key->group, flag); +-} +- +-int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) +-{ +- if (key->group == NULL) +- return 0; +- return EC_GROUP_precompute_mult(key->group, ctx); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lcl.h b/Cryptlib/OpenSSL/crypto/ec/ec_lcl.h +deleted file mode 100644 +index fdd7aa2..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_lcl.h ++++ /dev/null +@@ -1,390 +0,0 @@ +-/* crypto/ec/ec_lcl.h */ +-/* +- * Originally written by Bodo Moeller for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * +- * Portions of the attached software ("Contribution") are developed by +- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. +- * +- * The Contribution is licensed pursuant to the OpenSSL open source +- * license provided above. +- * +- * The elliptic curve binary polynomial software is originally written by +- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. +- * +- */ +- +- +-#include +- +-#include +-#include +-#include +- +-#if defined(__SUNPRO_C) +-# if __SUNPRO_C >= 0x520 +-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +-# endif +-#endif +- +-/* Structure details are not part of the exported interface, +- * so all this may change in future versions. */ +- +-struct ec_method_st { +- /* used by EC_METHOD_get_field_type: */ +- int field_type; /* a NID */ +- +- /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */ +- int (*group_init)(EC_GROUP *); +- void (*group_finish)(EC_GROUP *); +- void (*group_clear_finish)(EC_GROUP *); +- int (*group_copy)(EC_GROUP *, const EC_GROUP *); +- +- /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */ +- /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */ +- int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +- int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +- +- /* used by EC_GROUP_get_degree: */ +- int (*group_get_degree)(const EC_GROUP *); +- +- /* used by EC_GROUP_check: */ +- int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *); +- +- /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */ +- int (*point_init)(EC_POINT *); +- void (*point_finish)(EC_POINT *); +- void (*point_clear_finish)(EC_POINT *); +- int (*point_copy)(EC_POINT *, const EC_POINT *); +- +- /* used by EC_POINT_set_to_infinity, +- * EC_POINT_set_Jprojective_coordinates_GFp, +- * EC_POINT_get_Jprojective_coordinates_GFp, +- * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, +- * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, +- * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: +- */ +- int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *); +- int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); +- int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); +- int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, const BIGNUM *y, BN_CTX *); +- int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BN_CTX *); +- int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, int y_bit, BN_CTX *); +- +- /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ +- size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, +- unsigned char *buf, size_t len, BN_CTX *); +- int (*oct2point)(const EC_GROUP *, EC_POINT *, +- const unsigned char *buf, size_t len, BN_CTX *); +- +- /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */ +- int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +- int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); +- int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *); +- +- /* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */ +- int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *); +- int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *); +- int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +- +- /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */ +- int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); +- int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); +- +- /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult +- * (default implementations are used if the 'mul' pointer is 0): */ +- int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +- int (*precompute_mult)(EC_GROUP *group, BN_CTX *); +- int (*have_precompute_mult)(const EC_GROUP *group); +- +- +- /* internal functions */ +- +- /* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that +- * the same implementations of point operations can be used with different +- * optimized implementations of expensive field operations: */ +- int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +- int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +- int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +- +- int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */ +- int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */ +- int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); +-} /* EC_METHOD */; +- +-typedef struct ec_extra_data_st { +- struct ec_extra_data_st *next; +- void *data; +- void *(*dup_func)(void *); +- void (*free_func)(void *); +- void (*clear_free_func)(void *); +-} EC_EXTRA_DATA; /* used in EC_GROUP */ +- +-struct ec_group_st { +- const EC_METHOD *meth; +- +- EC_POINT *generator; /* optional */ +- BIGNUM order, cofactor; +- +- int curve_name;/* optional NID for named curve */ +- int asn1_flag; /* flag to control the asn1 encoding */ +- point_conversion_form_t asn1_form; +- +- unsigned char *seed; /* optional seed for parameters (appears in ASN1) */ +- size_t seed_len; +- +- EC_EXTRA_DATA *extra_data; /* linked list */ +- +- /* The following members are handled by the method functions, +- * even if they appear generic */ +- +- BIGNUM field; /* Field specification. +- * For curves over GF(p), this is the modulus; +- * for curves over GF(2^m), this is the +- * irreducible polynomial defining the field. +- */ +- +- unsigned int poly[5]; /* Field specification for curves over GF(2^m). +- * The irreducible f(t) is then of the form: +- * t^poly[0] + t^poly[1] + ... + t^poly[k] +- * where m = poly[0] > poly[1] > ... > poly[k] = 0. +- */ +- +- BIGNUM a, b; /* Curve coefficients. +- * (Here the assumption is that BIGNUMs can be used +- * or abused for all kinds of fields, not just GF(p).) +- * For characteristic > 3, the curve is defined +- * by a Weierstrass equation of the form +- * y^2 = x^3 + a*x + b. +- * For characteristic 2, the curve is defined by +- * an equation of the form +- * y^2 + x*y = x^3 + a*x^2 + b. +- */ +- +- int a_is_minus3; /* enable optimized point arithmetics for special case */ +- +- void *field_data1; /* method-specific (e.g., Montgomery structure) */ +- void *field_data2; /* method-specific */ +- int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ +-} /* EC_GROUP */; +- +-struct ec_key_st { +- int version; +- +- EC_GROUP *group; +- +- EC_POINT *pub_key; +- BIGNUM *priv_key; +- +- unsigned int enc_flag; +- point_conversion_form_t conv_form; +- +- int references; +- +- EC_EXTRA_DATA *method_data; +-} /* EC_KEY */; +- +-/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only +- * (with visibility limited to 'package' level for now). +- * We use the function pointers as index for retrieval; this obviates +- * global ex_data-style index tables. +- */ +-int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +-void EC_EX_DATA_free_data(EC_EXTRA_DATA **, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **); +-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **); +- +- +- +-struct ec_point_st { +- const EC_METHOD *meth; +- +- /* All members except 'meth' are handled by the method functions, +- * even if they appear generic */ +- +- BIGNUM X; +- BIGNUM Y; +- BIGNUM Z; /* Jacobian projective coordinates: +- * (X, Y, Z) represents (X/Z^2, Y/Z^3) if Z != 0 */ +- int Z_is_one; /* enable optimized point arithmetics for special case */ +-} /* EC_POINT */; +- +- +- +-/* method functions in ec_mult.c +- * (ec_lib.c uses these as defaults if group->method->mul is 0) */ +-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); +-int ec_wNAF_have_precompute_mult(const EC_GROUP *group); +- +- +-/* method functions in ecp_smpl.c */ +-int ec_GFp_simple_group_init(EC_GROUP *); +-void ec_GFp_simple_group_finish(EC_GROUP *); +-void ec_GFp_simple_group_clear_finish(EC_GROUP *); +-int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); +-int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +-int ec_GFp_simple_group_get_degree(const EC_GROUP *); +-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); +-int ec_GFp_simple_point_init(EC_POINT *); +-void ec_GFp_simple_point_finish(EC_POINT *); +-void ec_GFp_simple_point_clear_finish(EC_POINT *); +-int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); +-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); +-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); +-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); +-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, const BIGNUM *y, BN_CTX *); +-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BN_CTX *); +-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, int y_bit, BN_CTX *); +-size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, +- unsigned char *buf, size_t len, BN_CTX *); +-int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *, +- const unsigned char *buf, size_t len, BN_CTX *); +-int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +-int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); +-int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); +-int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); +-int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); +-int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +-int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); +-int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); +-int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +- +- +-/* method functions in ecp_mont.c */ +-int ec_GFp_mont_group_init(EC_GROUP *); +-int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-void ec_GFp_mont_group_finish(EC_GROUP *); +-void ec_GFp_mont_group_clear_finish(EC_GROUP *); +-int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); +-int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +-int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +-int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +-int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); +- +- +-/* method functions in ecp_nist.c */ +-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); +-int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +- +- +-/* method functions in ec2_smpl.c */ +-int ec_GF2m_simple_group_init(EC_GROUP *); +-void ec_GF2m_simple_group_finish(EC_GROUP *); +-void ec_GF2m_simple_group_clear_finish(EC_GROUP *); +-int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); +-int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +-int ec_GF2m_simple_group_get_degree(const EC_GROUP *); +-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); +-int ec_GF2m_simple_point_init(EC_POINT *); +-void ec_GF2m_simple_point_finish(EC_POINT *); +-void ec_GF2m_simple_point_clear_finish(EC_POINT *); +-int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); +-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); +-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, const BIGNUM *y, BN_CTX *); +-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BN_CTX *); +-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, int y_bit, BN_CTX *); +-size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, +- unsigned char *buf, size_t len, BN_CTX *); +-int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, +- const unsigned char *buf, size_t len, BN_CTX *); +-int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +-int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); +-int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); +-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); +-int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); +-int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +-int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); +-int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); +-int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +-int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +- +- +-/* method functions in ec2_mult.c */ +-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +-int ec_GF2m_have_precompute_mult(const EC_GROUP *group); +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +deleted file mode 100644 +index 8d8b807..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c ++++ /dev/null +@@ -1,1111 +0,0 @@ +-/* crypto/ec/ec_lib.c */ +-/* +- * Originally written by Bodo Moeller for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Binary polynomial ECC support in OpenSSL originally developed by +- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. +- */ +- +-#include +- +-#include +-#include +- +-#include "ec_lcl.h" +- +-static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; +- +-/* functions for EC_GROUP objects */ +- +-EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) +-{ +- EC_GROUP *ret; +- +- if (meth == NULL) { +- ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (meth->group_init == 0) { +- ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return NULL; +- } +- +- ret = OPENSSL_malloc(sizeof *ret); +- if (ret == NULL) { +- ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- ret->meth = meth; +- +- ret->extra_data = NULL; +- +- ret->generator = NULL; +- BN_init(&ret->order); +- BN_init(&ret->cofactor); +- +- ret->curve_name = 0; +- ret->asn1_flag = 0; +- ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; +- +- ret->seed = NULL; +- ret->seed_len = 0; +- +- if (!meth->group_init(ret)) { +- OPENSSL_free(ret); +- return NULL; +- } +- +- return ret; +-} +- +-void EC_GROUP_free(EC_GROUP *group) +-{ +- if (!group) +- return; +- +- if (group->meth->group_finish != 0) +- group->meth->group_finish(group); +- +- EC_EX_DATA_free_all_data(&group->extra_data); +- +- if (group->generator != NULL) +- EC_POINT_free(group->generator); +- BN_free(&group->order); +- BN_free(&group->cofactor); +- +- if (group->seed) +- OPENSSL_free(group->seed); +- +- OPENSSL_free(group); +-} +- +-void EC_GROUP_clear_free(EC_GROUP *group) +-{ +- if (!group) +- return; +- +- if (group->meth->group_clear_finish != 0) +- group->meth->group_clear_finish(group); +- else if (group->meth->group_finish != 0) +- group->meth->group_finish(group); +- +- EC_EX_DATA_clear_free_all_data(&group->extra_data); +- +- if (group->generator != NULL) +- EC_POINT_clear_free(group->generator); +- BN_clear_free(&group->order); +- BN_clear_free(&group->cofactor); +- +- if (group->seed) { +- OPENSSL_cleanse(group->seed, group->seed_len); +- OPENSSL_free(group->seed); +- } +- +- OPENSSL_cleanse(group, sizeof *group); +- OPENSSL_free(group); +-} +- +-int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) +-{ +- EC_EXTRA_DATA *d; +- +- if (dest->meth->group_copy == 0) { +- ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (dest->meth != src->meth) { +- ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- if (dest == src) +- return 1; +- +- EC_EX_DATA_free_all_data(&dest->extra_data); +- +- for (d = src->extra_data; d != NULL; d = d->next) { +- void *t = d->dup_func(d->data); +- +- if (t == NULL) +- return 0; +- if (!EC_EX_DATA_set_data +- (&dest->extra_data, t, d->dup_func, d->free_func, +- d->clear_free_func)) +- return 0; +- } +- +- if (src->generator != NULL) { +- if (dest->generator == NULL) { +- dest->generator = EC_POINT_new(dest); +- if (dest->generator == NULL) +- return 0; +- } +- if (!EC_POINT_copy(dest->generator, src->generator)) +- return 0; +- } else { +- /* src->generator == NULL */ +- if (dest->generator != NULL) { +- EC_POINT_clear_free(dest->generator); +- dest->generator = NULL; +- } +- } +- +- if (!BN_copy(&dest->order, &src->order)) +- return 0; +- if (!BN_copy(&dest->cofactor, &src->cofactor)) +- return 0; +- +- dest->curve_name = src->curve_name; +- dest->asn1_flag = src->asn1_flag; +- dest->asn1_form = src->asn1_form; +- +- if (src->seed) { +- if (dest->seed) +- OPENSSL_free(dest->seed); +- dest->seed = OPENSSL_malloc(src->seed_len); +- if (dest->seed == NULL) +- return 0; +- if (!memcpy(dest->seed, src->seed, src->seed_len)) +- return 0; +- dest->seed_len = src->seed_len; +- } else { +- if (dest->seed) +- OPENSSL_free(dest->seed); +- dest->seed = NULL; +- dest->seed_len = 0; +- } +- +- return dest->meth->group_copy(dest, src); +-} +- +-EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) +-{ +- EC_GROUP *t = NULL; +- int ok = 0; +- +- if (a == NULL) +- return NULL; +- +- if ((t = EC_GROUP_new(a->meth)) == NULL) +- return (NULL); +- if (!EC_GROUP_copy(t, a)) +- goto err; +- +- ok = 1; +- +- err: +- if (!ok) { +- if (t) +- EC_GROUP_free(t); +- return NULL; +- } else +- return t; +-} +- +-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) +-{ +- return group->meth; +-} +- +-int EC_METHOD_get_field_type(const EC_METHOD *meth) +-{ +- return meth->field_type; +-} +- +-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, +- const BIGNUM *order, const BIGNUM *cofactor) +-{ +- if (generator == NULL) { +- ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- if (group->generator == NULL) { +- group->generator = EC_POINT_new(group); +- if (group->generator == NULL) +- return 0; +- } +- if (!EC_POINT_copy(group->generator, generator)) +- return 0; +- +- if (order != NULL) { +- if (!BN_copy(&group->order, order)) +- return 0; +- } else +- BN_zero(&group->order); +- +- if (cofactor != NULL) { +- if (!BN_copy(&group->cofactor, cofactor)) +- return 0; +- } else +- BN_zero(&group->cofactor); +- +- return 1; +-} +- +-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) +-{ +- return group->generator; +-} +- +-int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) +-{ +- if (!BN_copy(order, &group->order)) +- return 0; +- +- return !BN_is_zero(order); +-} +- +-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, +- BN_CTX *ctx) +-{ +- if (!BN_copy(cofactor, &group->cofactor)) +- return 0; +- +- return !BN_is_zero(&group->cofactor); +-} +- +-void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) +-{ +- group->curve_name = nid; +-} +- +-int EC_GROUP_get_curve_name(const EC_GROUP *group) +-{ +- return group->curve_name; +-} +- +-void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) +-{ +- group->asn1_flag = flag; +-} +- +-int EC_GROUP_get_asn1_flag(const EC_GROUP *group) +-{ +- return group->asn1_flag; +-} +- +-void EC_GROUP_set_point_conversion_form(EC_GROUP *group, +- point_conversion_form_t form) +-{ +- group->asn1_form = form; +-} +- +-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP +- *group) +-{ +- return group->asn1_form; +-} +- +-size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) +-{ +- if (group->seed) { +- OPENSSL_free(group->seed); +- group->seed = NULL; +- group->seed_len = 0; +- } +- +- if (!len || !p) +- return 1; +- +- if ((group->seed = OPENSSL_malloc(len)) == NULL) +- return 0; +- memcpy(group->seed, p, len); +- group->seed_len = len; +- +- return len; +-} +- +-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group) +-{ +- return group->seed; +-} +- +-size_t EC_GROUP_get_seed_len(const EC_GROUP *group) +-{ +- return group->seed_len; +-} +- +-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +-{ +- if (group->meth->group_set_curve == 0) { +- ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_set_curve(group, p, a, b, ctx); +-} +- +-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, +- BIGNUM *b, BN_CTX *ctx) +-{ +- if (group->meth->group_get_curve == 0) { +- ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_get_curve(group, p, a, b, ctx); +-} +- +-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +-{ +- if (group->meth->group_set_curve == 0) { +- ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_set_curve(group, p, a, b, ctx); +-} +- +-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, +- BIGNUM *b, BN_CTX *ctx) +-{ +- if (group->meth->group_get_curve == 0) { +- ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_get_curve(group, p, a, b, ctx); +-} +- +-int EC_GROUP_get_degree(const EC_GROUP *group) +-{ +- if (group->meth->group_get_degree == 0) { +- ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_get_degree(group); +-} +- +-int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) +-{ +- if (group->meth->group_check_discriminant == 0) { +- ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_check_discriminant(group, ctx); +-} +- +-int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) +-{ +- int r = 0; +- BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; +- BN_CTX *ctx_new = NULL; +- +- /* compare the field types */ +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != +- EC_METHOD_get_field_type(EC_GROUP_method_of(b))) +- return 1; +- /* compare the curve name (if present in both) */ +- if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && +- EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) +- return 1; +- +- if (!ctx) +- ctx_new = ctx = BN_CTX_new(); +- if (!ctx) +- return -1; +- +- BN_CTX_start(ctx); +- a1 = BN_CTX_get(ctx); +- a2 = BN_CTX_get(ctx); +- a3 = BN_CTX_get(ctx); +- b1 = BN_CTX_get(ctx); +- b2 = BN_CTX_get(ctx); +- b3 = BN_CTX_get(ctx); +- if (!b3) { +- BN_CTX_end(ctx); +- if (ctx_new) +- BN_CTX_free(ctx); +- return -1; +- } +- +- /* +- * XXX This approach assumes that the external representation of curves +- * over the same field type is the same. +- */ +- if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || +- !b->meth->group_get_curve(b, b1, b2, b3, ctx)) +- r = 1; +- +- if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) +- r = 1; +- +- /* XXX EC_POINT_cmp() assumes that the methods are equal */ +- if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), +- EC_GROUP_get0_generator(b), ctx)) +- r = 1; +- +- if (!r) { +- /* compare the order and cofactor */ +- if (!EC_GROUP_get_order(a, a1, ctx) || +- !EC_GROUP_get_order(b, b1, ctx) || +- !EC_GROUP_get_cofactor(a, a2, ctx) || +- !EC_GROUP_get_cofactor(b, b2, ctx)) { +- BN_CTX_end(ctx); +- if (ctx_new) +- BN_CTX_free(ctx); +- return -1; +- } +- if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) +- r = 1; +- } +- +- BN_CTX_end(ctx); +- if (ctx_new) +- BN_CTX_free(ctx); +- +- return r; +-} +- +-/* this has 'package' visibility */ +-int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, +- void *(*dup_func) (void *), +- void (*free_func) (void *), +- void (*clear_free_func) (void *)) +-{ +- EC_EXTRA_DATA *d; +- +- if (ex_data == NULL) +- return 0; +- +- for (d = *ex_data; d != NULL; d = d->next) { +- if (d->dup_func == dup_func && d->free_func == free_func +- && d->clear_free_func == clear_free_func) { +- ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); +- return 0; +- } +- } +- +- if (data == NULL) +- /* no explicit entry needed */ +- return 1; +- +- d = OPENSSL_malloc(sizeof *d); +- if (d == NULL) +- return 0; +- +- d->data = data; +- d->dup_func = dup_func; +- d->free_func = free_func; +- d->clear_free_func = clear_free_func; +- +- d->next = *ex_data; +- *ex_data = d; +- +- return 1; +-} +- +-/* this has 'package' visibility */ +-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, +- void *(*dup_func) (void *), +- void (*free_func) (void *), +- void (*clear_free_func) (void *)) +-{ +- const EC_EXTRA_DATA *d; +- +- for (d = ex_data; d != NULL; d = d->next) { +- if (d->dup_func == dup_func && d->free_func == free_func +- && d->clear_free_func == clear_free_func) +- return d->data; +- } +- +- return NULL; +-} +- +-/* this has 'package' visibility */ +-void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, +- void *(*dup_func) (void *), +- void (*free_func) (void *), +- void (*clear_free_func) (void *)) +-{ +- EC_EXTRA_DATA **p; +- +- if (ex_data == NULL) +- return; +- +- for (p = ex_data; *p != NULL; p = &((*p)->next)) { +- if ((*p)->dup_func == dup_func && (*p)->free_func == free_func +- && (*p)->clear_free_func == clear_free_func) { +- EC_EXTRA_DATA *next = (*p)->next; +- +- (*p)->free_func((*p)->data); +- OPENSSL_free(*p); +- +- *p = next; +- return; +- } +- } +-} +- +-/* this has 'package' visibility */ +-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, +- void *(*dup_func) (void *), +- void (*free_func) (void *), +- void (*clear_free_func) (void *)) +-{ +- EC_EXTRA_DATA **p; +- +- if (ex_data == NULL) +- return; +- +- for (p = ex_data; *p != NULL; p = &((*p)->next)) { +- if ((*p)->dup_func == dup_func && (*p)->free_func == free_func +- && (*p)->clear_free_func == clear_free_func) { +- EC_EXTRA_DATA *next = (*p)->next; +- +- (*p)->clear_free_func((*p)->data); +- OPENSSL_free(*p); +- +- *p = next; +- return; +- } +- } +-} +- +-/* this has 'package' visibility */ +-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data) +-{ +- EC_EXTRA_DATA *d; +- +- if (ex_data == NULL) +- return; +- +- d = *ex_data; +- while (d) { +- EC_EXTRA_DATA *next = d->next; +- +- d->free_func(d->data); +- OPENSSL_free(d); +- +- d = next; +- } +- *ex_data = NULL; +-} +- +-/* this has 'package' visibility */ +-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data) +-{ +- EC_EXTRA_DATA *d; +- +- if (ex_data == NULL) +- return; +- +- d = *ex_data; +- while (d) { +- EC_EXTRA_DATA *next = d->next; +- +- d->clear_free_func(d->data); +- OPENSSL_free(d); +- +- d = next; +- } +- *ex_data = NULL; +-} +- +-/* functions for EC_POINT objects */ +- +-EC_POINT *EC_POINT_new(const EC_GROUP *group) +-{ +- EC_POINT *ret; +- +- if (group == NULL) { +- ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (group->meth->point_init == 0) { +- ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return NULL; +- } +- +- ret = OPENSSL_malloc(sizeof *ret); +- if (ret == NULL) { +- ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- ret->meth = group->meth; +- +- if (!ret->meth->point_init(ret)) { +- OPENSSL_free(ret); +- return NULL; +- } +- +- return ret; +-} +- +-void EC_POINT_free(EC_POINT *point) +-{ +- if (!point) +- return; +- +- if (point->meth->point_finish != 0) +- point->meth->point_finish(point); +- OPENSSL_free(point); +-} +- +-void EC_POINT_clear_free(EC_POINT *point) +-{ +- if (!point) +- return; +- +- if (point->meth->point_clear_finish != 0) +- point->meth->point_clear_finish(point); +- else if (point->meth != NULL && point->meth->point_finish != 0) +- point->meth->point_finish(point); +- OPENSSL_cleanse(point, sizeof *point); +- OPENSSL_free(point); +-} +- +-int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) +-{ +- if (dest->meth->point_copy == 0) { +- ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (dest->meth != src->meth) { +- ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- if (dest == src) +- return 1; +- return dest->meth->point_copy(dest, src); +-} +- +-EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) +-{ +- EC_POINT *t; +- int r; +- +- if (a == NULL) +- return NULL; +- +- t = EC_POINT_new(group); +- if (t == NULL) +- return (NULL); +- r = EC_POINT_copy(t, a); +- if (!r) { +- EC_POINT_free(t); +- return NULL; +- } else +- return t; +-} +- +-const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) +-{ +- return point->meth; +-} +- +-int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) +-{ +- if (group->meth->point_set_to_infinity == 0) { +- ECerr(EC_F_EC_POINT_SET_TO_INFINITY, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_to_infinity(group, point); +-} +- +-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, +- EC_POINT *point, const BIGNUM *x, +- const BIGNUM *y, const BIGNUM *z, +- BN_CTX *ctx) +-{ +- if (group->meth->point_set_Jprojective_coordinates_GFp == 0) { +- ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, +- EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, +- y, z, ctx); +-} +- +-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, +- const EC_POINT *point, BIGNUM *x, +- BIGNUM *y, BIGNUM *z, +- BN_CTX *ctx) +-{ +- if (group->meth->point_get_Jprojective_coordinates_GFp == 0) { +- ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, +- EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, +- y, z, ctx); +-} +- +-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, +- EC_POINT *point, const BIGNUM *x, +- const BIGNUM *y, BN_CTX *ctx) +-{ +- if (group->meth->point_set_affine_coordinates == 0) { +- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, +- EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); +-} +- +-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, +- EC_POINT *point, const BIGNUM *x, +- const BIGNUM *y, BN_CTX *ctx) +-{ +- if (group->meth->point_set_affine_coordinates == 0) { +- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, +- EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); +-} +- +-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, +- const EC_POINT *point, BIGNUM *x, +- BIGNUM *y, BN_CTX *ctx) +-{ +- if (group->meth->point_get_affine_coordinates == 0) { +- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, +- EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); +-} +- +-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, +- const EC_POINT *point, BIGNUM *x, +- BIGNUM *y, BN_CTX *ctx) +-{ +- if (group->meth->point_get_affine_coordinates == 0) { +- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, +- EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); +-} +- +-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, +- EC_POINT *point, const BIGNUM *x, +- int y_bit, BN_CTX *ctx) +-{ +- if (group->meth->point_set_compressed_coordinates == 0) { +- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, +- EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_compressed_coordinates(group, point, x, +- y_bit, ctx); +-} +- +-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, +- EC_POINT *point, const BIGNUM *x, +- int y_bit, BN_CTX *ctx) +-{ +- if (group->meth->point_set_compressed_coordinates == 0) { +- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, +- EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_compressed_coordinates(group, point, x, +- y_bit, ctx); +-} +- +-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, +- point_conversion_form_t form, unsigned char *buf, +- size_t len, BN_CTX *ctx) +-{ +- if (group->meth->point2oct == 0) { +- ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point2oct(group, point, form, buf, len, ctx); +-} +- +-int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, +- const unsigned char *buf, size_t len, BN_CTX *ctx) +-{ +- if (group->meth->oct2point == 0) { +- ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->oct2point(group, point, buf, len, ctx); +-} +- +-int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +- const EC_POINT *b, BN_CTX *ctx) +-{ +- if (group->meth->add == 0) { +- ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if ((group->meth != r->meth) || (r->meth != a->meth) +- || (a->meth != b->meth)) { +- ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->add(group, r, a, b, ctx); +-} +- +-int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +- BN_CTX *ctx) +-{ +- if (group->meth->dbl == 0) { +- ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if ((group->meth != r->meth) || (r->meth != a->meth)) { +- ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->dbl(group, r, a, ctx); +-} +- +-int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) +-{ +- if (group->meth->invert == 0) { +- ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != a->meth) { +- ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->invert(group, a, ctx); +-} +- +-int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) +-{ +- if (group->meth->is_at_infinity == 0) { +- ECerr(EC_F_EC_POINT_IS_AT_INFINITY, +- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->is_at_infinity(group, point); +-} +- +-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, +- BN_CTX *ctx) +-{ +- if (group->meth->is_on_curve == 0) { +- ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->is_on_curve(group, point, ctx); +-} +- +-int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, +- BN_CTX *ctx) +-{ +- if (group->meth->point_cmp == 0) { +- ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return -1; +- } +- if ((group->meth != a->meth) || (a->meth != b->meth)) { +- ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); +- return -1; +- } +- return group->meth->point_cmp(group, a, b, ctx); +-} +- +-int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +-{ +- if (group->meth->make_affine == 0) { +- ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) { +- ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->make_affine(group, point, ctx); +-} +- +-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, +- EC_POINT *points[], BN_CTX *ctx) +-{ +- size_t i; +- +- if (group->meth->points_make_affine == 0) { +- ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- for (i = 0; i < num; i++) { +- if (group->meth != points[i]->meth) { +- ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- } +- return group->meth->points_make_affine(group, num, points, ctx); +-} +- +-/* +- * Functions for point multiplication. If group->meth->mul is 0, we use the +- * wNAF-based implementations in ec_mult.c; otherwise we dispatch through +- * methods. +- */ +- +-int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +- size_t num, const EC_POINT *points[], +- const BIGNUM *scalars[], BN_CTX *ctx) +-{ +- if (group->meth->mul == 0) +- /* use default */ +- return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); +- +- return group->meth->mul(group, r, scalar, num, points, scalars, ctx); +-} +- +-int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, +- const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) +-{ +- /* just a convenient interface to EC_POINTs_mul() */ +- +- const EC_POINT *points[1]; +- const BIGNUM *scalars[1]; +- +- points[0] = point; +- scalars[0] = p_scalar; +- +- return EC_POINTs_mul(group, r, g_scalar, +- (point != NULL +- && p_scalar != NULL), points, scalars, ctx); +-} +- +-int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +-{ +- if (group->meth->mul == 0) +- /* use default */ +- return ec_wNAF_precompute_mult(group, ctx); +- +- if (group->meth->precompute_mult != 0) +- return group->meth->precompute_mult(group, ctx); +- else +- return 1; /* nothing to do, so report success */ +-} +- +-int EC_GROUP_have_precompute_mult(const EC_GROUP *group) +-{ +- if (group->meth->mul == 0) +- /* use default */ +- return ec_wNAF_have_precompute_mult(group); +- +- if (group->meth->have_precompute_mult != 0) +- return group->meth->have_precompute_mult(group); +- else +- return 0; /* cannot tell whether precomputation has +- * been performed */ +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c +deleted file mode 100644 +index 333cbc9..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c ++++ /dev/null +@@ -1,911 +0,0 @@ +-/* crypto/ec/ec_mult.c */ +-/* +- * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Portions of this software developed by SUN MICROSYSTEMS, INC., +- * and contributed to the OpenSSL project. +- */ +- +-#include +- +-#include +- +-#include "ec_lcl.h" +- +-/* +- * This file implements the wNAF-based interleaving multi-exponentation method +- * (); +- * for multiplication with precomputation, we use wNAF splitting +- * (). +- */ +- +-/* structure for precomputed multiples of the generator */ +-typedef struct ec_pre_comp_st { +- const EC_GROUP *group; /* parent EC_GROUP object */ +- size_t blocksize; /* block size for wNAF splitting */ +- size_t numblocks; /* max. number of blocks for which we have +- * precomputation */ +- size_t w; /* window size */ +- EC_POINT **points; /* array with pre-calculated multiples of +- * generator: 'num' pointers to EC_POINT +- * objects followed by a NULL */ +- size_t num; /* numblocks * 2^(w-1) */ +- int references; +-} EC_PRE_COMP; +- +-/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ +-static void *ec_pre_comp_dup(void *); +-static void ec_pre_comp_free(void *); +-static void ec_pre_comp_clear_free(void *); +- +-static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) +-{ +- EC_PRE_COMP *ret = NULL; +- +- if (!group) +- return NULL; +- +- ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); +- if (!ret) { +- ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); +- return ret; +- } +- ret->group = group; +- ret->blocksize = 8; /* default */ +- ret->numblocks = 0; +- ret->w = 4; /* default */ +- ret->points = NULL; +- ret->num = 0; +- ret->references = 1; +- return ret; +-} +- +-static void *ec_pre_comp_dup(void *src_) +-{ +- EC_PRE_COMP *src = src_; +- +- /* no need to actually copy, these objects never change! */ +- +- CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); +- +- return src_; +-} +- +-static void ec_pre_comp_free(void *pre_) +-{ +- int i; +- EC_PRE_COMP *pre = pre_; +- +- if (!pre) +- return; +- +- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); +- if (i > 0) +- return; +- +- if (pre->points) { +- EC_POINT **p; +- +- for (p = pre->points; *p != NULL; p++) +- EC_POINT_free(*p); +- OPENSSL_free(pre->points); +- } +- OPENSSL_free(pre); +-} +- +-static void ec_pre_comp_clear_free(void *pre_) +-{ +- int i; +- EC_PRE_COMP *pre = pre_; +- +- if (!pre) +- return; +- +- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); +- if (i > 0) +- return; +- +- if (pre->points) { +- EC_POINT **p; +- +- for (p = pre->points; *p != NULL; p++) { +- EC_POINT_clear_free(*p); +- OPENSSL_cleanse(p, sizeof *p); +- } +- OPENSSL_free(pre->points); +- } +- OPENSSL_cleanse(pre, sizeof *pre); +- OPENSSL_free(pre); +-} +- +-/*- +- * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. +- * This is an array r[] of values that are either zero or odd with an +- * absolute value less than 2^w satisfying +- * scalar = \sum_j r[j]*2^j +- * where at most one of any w+1 consecutive digits is non-zero +- * with the exception that the most significant digit may be only +- * w-1 zeros away from that next non-zero digit. +- */ +-static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) +-{ +- int window_val; +- int ok = 0; +- signed char *r = NULL; +- int sign = 1; +- int bit, next_bit, mask; +- size_t len = 0, j; +- +- if (BN_is_zero(scalar)) { +- r = OPENSSL_malloc(1); +- if (!r) { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- r[0] = 0; +- *ret_len = 1; +- return r; +- } +- +- if (w <= 0 || w > 7) { /* 'signed char' can represent integers with +- * absolute values less than 2^7 */ +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- bit = 1 << w; /* at most 128 */ +- next_bit = bit << 1; /* at most 256 */ +- mask = next_bit - 1; /* at most 255 */ +- +- if (BN_is_negative(scalar)) { +- sign = -1; +- } +- +- len = BN_num_bits(scalar); +- r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer +- * than binary representation (*ret_len will +- * be set to the actual length, i.e. at most +- * BN_num_bits(scalar) + 1) */ +- if (r == NULL) { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (scalar->d == NULL || scalar->top == 0) { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- window_val = scalar->d[0] & mask; +- j = 0; +- while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len, +- * window_val will not +- * increase */ +- int digit = 0; +- +- /* 0 <= window_val <= 2^(w+1) */ +- +- if (window_val & 1) { +- /* 0 < window_val < 2^(w+1) */ +- +- if (window_val & bit) { +- digit = window_val - next_bit; /* -2^w < digit < 0 */ +- +-#if 1 /* modified wNAF */ +- if (j + w + 1 >= len) { +- /* +- * special case for generating modified wNAFs: no new +- * bits will be added into window_val, so using a +- * positive digit here will decrease the total length of +- * the representation +- */ +- +- digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ +- } +-#endif +- } else { +- digit = window_val; /* 0 < digit < 2^w */ +- } +- +- if (digit <= -bit || digit >= bit || !(digit & 1)) { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- window_val -= digit; +- +- /* +- * now window_val is 0 or 2^(w+1) in standard wNAF generation; +- * for modified window NAFs, it may also be 2^w +- */ +- if (window_val != 0 && window_val != next_bit +- && window_val != bit) { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- r[j++] = sign * digit; +- +- window_val >>= 1; +- window_val += bit * BN_is_bit_set(scalar, j + w); +- +- if (window_val > next_bit) { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (j > len + 1) { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- len = j; +- ok = 1; +- +- err: +- if (!ok) { +- OPENSSL_free(r); +- r = NULL; +- } +- if (ok) +- *ret_len = len; +- return r; +-} +- +-/* +- * TODO: table should be optimised for the wNAF-based implementation, +- * sometimes smaller windows will give better performance (thus the +- * boundaries should be increased) +- */ +-#define EC_window_bits_for_scalar_size(b) \ +- ((size_t) \ +- ((b) >= 2000 ? 6 : \ +- (b) >= 800 ? 5 : \ +- (b) >= 300 ? 4 : \ +- (b) >= 70 ? 3 : \ +- (b) >= 20 ? 2 : \ +- 1)) +- +-/*- +- * Compute +- * \sum scalars[i]*points[i], +- * also including +- * scalar*generator +- * in the addition if scalar != NULL +- */ +-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], +- BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- const EC_POINT *generator = NULL; +- EC_POINT *tmp = NULL; +- size_t totalnum; +- size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ +- size_t pre_points_per_block = 0; +- size_t i, j; +- int k; +- int r_is_inverted = 0; +- int r_is_at_infinity = 1; +- size_t *wsize = NULL; /* individual window sizes */ +- signed char **wNAF = NULL; /* individual wNAFs */ +- size_t *wNAF_len = NULL; +- size_t max_len = 0; +- size_t num_val; +- EC_POINT **val = NULL; /* precomputation */ +- EC_POINT **v; +- EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or +- * 'pre_comp->points' */ +- const EC_PRE_COMP *pre_comp = NULL; +- int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be +- * treated like other scalars, i.e. +- * precomputation is not available */ +- int ret = 0; +- +- if (group->meth != r->meth) { +- ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- +- if ((scalar == NULL) && (num == 0)) { +- return EC_POINT_set_to_infinity(group, r); +- } +- +- for (i = 0; i < num; i++) { +- if (group->meth != points[i]->meth) { +- ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- goto err; +- } +- +- if (scalar != NULL) { +- generator = EC_GROUP_get0_generator(group); +- if (generator == NULL) { +- ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); +- goto err; +- } +- +- /* look if we can use precomputed multiples of generator */ +- +- pre_comp = +- EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, +- ec_pre_comp_free, ec_pre_comp_clear_free); +- +- if (pre_comp && pre_comp->numblocks +- && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == +- 0)) { +- blocksize = pre_comp->blocksize; +- +- /* +- * determine maximum number of blocks that wNAF splitting may +- * yield (NB: maximum wNAF length is bit length plus one) +- */ +- numblocks = (BN_num_bits(scalar) / blocksize) + 1; +- +- /* +- * we cannot use more blocks than we have precomputation for +- */ +- if (numblocks > pre_comp->numblocks) +- numblocks = pre_comp->numblocks; +- +- pre_points_per_block = 1u << (pre_comp->w - 1); +- +- /* check that pre_comp looks sane */ +- if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } else { +- /* can't use precomputation */ +- pre_comp = NULL; +- numblocks = 1; +- num_scalar = 1; /* treat 'scalar' like 'num'-th element of +- * 'scalars' */ +- } +- } +- +- totalnum = num + numblocks; +- +- wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); +- wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); +- wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space +- * for pivot */ +- val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); +- +- if (!wsize || !wNAF_len || !wNAF || !val_sub) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- wNAF[0] = NULL; /* preliminary pivot */ +- +- /* +- * num_val will be the total number of temporarily precomputed points +- */ +- num_val = 0; +- +- for (i = 0; i < num + num_scalar; i++) { +- size_t bits; +- +- bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); +- wsize[i] = EC_window_bits_for_scalar_size(bits); +- num_val += 1u << (wsize[i] - 1); +- wNAF[i + 1] = NULL; /* make sure we always have a pivot */ +- wNAF[i] = +- compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], +- &wNAF_len[i]); +- if (wNAF[i] == NULL) +- goto err; +- if (wNAF_len[i] > max_len) +- max_len = wNAF_len[i]; +- } +- +- if (numblocks) { +- /* we go here iff scalar != NULL */ +- +- if (pre_comp == NULL) { +- if (num_scalar != 1) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- /* we have already generated a wNAF for 'scalar' */ +- } else { +- signed char *tmp_wNAF = NULL; +- size_t tmp_len = 0; +- +- if (num_scalar != 0) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- /* +- * use the window size for which we have precomputation +- */ +- wsize[num] = pre_comp->w; +- tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); +- if (!tmp_wNAF) +- goto err; +- +- if (tmp_len <= max_len) { +- /* +- * One of the other wNAFs is at least as long as the wNAF +- * belonging to the generator, so wNAF splitting will not buy +- * us anything. +- */ +- +- numblocks = 1; +- totalnum = num + 1; /* don't use wNAF splitting */ +- wNAF[num] = tmp_wNAF; +- wNAF[num + 1] = NULL; +- wNAF_len[num] = tmp_len; +- if (tmp_len > max_len) +- max_len = tmp_len; +- /* +- * pre_comp->points starts with the points that we need here: +- */ +- val_sub[num] = pre_comp->points; +- } else { +- /* +- * don't include tmp_wNAF directly into wNAF array - use wNAF +- * splitting and include the blocks +- */ +- +- signed char *pp; +- EC_POINT **tmp_points; +- +- if (tmp_len < numblocks * blocksize) { +- /* +- * possibly we can do with fewer blocks than estimated +- */ +- numblocks = (tmp_len + blocksize - 1) / blocksize; +- if (numblocks > pre_comp->numblocks) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- totalnum = num + numblocks; +- } +- +- /* split wNAF in 'numblocks' parts */ +- pp = tmp_wNAF; +- tmp_points = pre_comp->points; +- +- for (i = num; i < totalnum; i++) { +- if (i < totalnum - 1) { +- wNAF_len[i] = blocksize; +- if (tmp_len < blocksize) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- tmp_len -= blocksize; +- } else +- /* +- * last block gets whatever is left (this could be +- * more or less than 'blocksize'!) +- */ +- wNAF_len[i] = tmp_len; +- +- wNAF[i + 1] = NULL; +- wNAF[i] = OPENSSL_malloc(wNAF_len[i]); +- if (wNAF[i] == NULL) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(tmp_wNAF); +- goto err; +- } +- memcpy(wNAF[i], pp, wNAF_len[i]); +- if (wNAF_len[i] > max_len) +- max_len = wNAF_len[i]; +- +- if (*tmp_points == NULL) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- OPENSSL_free(tmp_wNAF); +- goto err; +- } +- val_sub[i] = tmp_points; +- tmp_points += pre_points_per_block; +- pp += blocksize; +- } +- OPENSSL_free(tmp_wNAF); +- } +- } +- } +- +- /* +- * All points we precompute now go into a single array 'val'. +- * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a +- * subarray of 'pre_comp->points' if we already have precomputation. +- */ +- val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); +- if (val == NULL) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- val[num_val] = NULL; /* pivot element */ +- +- /* allocate points for precomputation */ +- v = val; +- for (i = 0; i < num + num_scalar; i++) { +- val_sub[i] = v; +- for (j = 0; j < (1u << (wsize[i] - 1)); j++) { +- *v = EC_POINT_new(group); +- if (*v == NULL) +- goto err; +- v++; +- } +- } +- if (!(v == val + num_val)) { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (!(tmp = EC_POINT_new(group))) +- goto err; +- +- /*- +- * prepare precomputed values: +- * val_sub[i][0] := points[i] +- * val_sub[i][1] := 3 * points[i] +- * val_sub[i][2] := 5 * points[i] +- * ... +- */ +- for (i = 0; i < num + num_scalar; i++) { +- if (i < num) { +- if (!EC_POINT_copy(val_sub[i][0], points[i])) +- goto err; +- } else { +- if (!EC_POINT_copy(val_sub[i][0], generator)) +- goto err; +- } +- +- if (wsize[i] > 1) { +- if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) +- goto err; +- for (j = 1; j < (1u << (wsize[i] - 1)); j++) { +- if (!EC_POINT_add +- (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) +- goto err; +- } +- } +- } +- +-#if 1 /* optional; EC_window_bits_for_scalar_size +- * assumes we do this step */ +- if (!EC_POINTs_make_affine(group, num_val, val, ctx)) +- goto err; +-#endif +- +- r_is_at_infinity = 1; +- +- for (k = max_len - 1; k >= 0; k--) { +- if (!r_is_at_infinity) { +- if (!EC_POINT_dbl(group, r, r, ctx)) +- goto err; +- } +- +- for (i = 0; i < totalnum; i++) { +- if (wNAF_len[i] > (size_t)k) { +- int digit = wNAF[i][k]; +- int is_neg; +- +- if (digit) { +- is_neg = digit < 0; +- +- if (is_neg) +- digit = -digit; +- +- if (is_neg != r_is_inverted) { +- if (!r_is_at_infinity) { +- if (!EC_POINT_invert(group, r, ctx)) +- goto err; +- } +- r_is_inverted = !r_is_inverted; +- } +- +- /* digit > 0 */ +- +- if (r_is_at_infinity) { +- if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) +- goto err; +- r_is_at_infinity = 0; +- } else { +- if (!EC_POINT_add +- (group, r, r, val_sub[i][digit >> 1], ctx)) +- goto err; +- } +- } +- } +- } +- } +- +- if (r_is_at_infinity) { +- if (!EC_POINT_set_to_infinity(group, r)) +- goto err; +- } else { +- if (r_is_inverted) +- if (!EC_POINT_invert(group, r, ctx)) +- goto err; +- } +- +- ret = 1; +- +- err: +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (tmp != NULL) +- EC_POINT_free(tmp); +- if (wsize != NULL) +- OPENSSL_free(wsize); +- if (wNAF_len != NULL) +- OPENSSL_free(wNAF_len); +- if (wNAF != NULL) { +- signed char **w; +- +- for (w = wNAF; *w != NULL; w++) +- OPENSSL_free(*w); +- +- OPENSSL_free(wNAF); +- } +- if (val != NULL) { +- for (v = val; *v != NULL; v++) +- EC_POINT_clear_free(*v); +- +- OPENSSL_free(val); +- } +- if (val_sub != NULL) { +- OPENSSL_free(val_sub); +- } +- return ret; +-} +- +-/*- +- * ec_wNAF_precompute_mult() +- * creates an EC_PRE_COMP object with preprecomputed multiples of the generator +- * for use with wNAF splitting as implemented in ec_wNAF_mul(). +- * +- * 'pre_comp->points' is an array of multiples of the generator +- * of the following form: +- * points[0] = generator; +- * points[1] = 3 * generator; +- * ... +- * points[2^(w-1)-1] = (2^(w-1)-1) * generator; +- * points[2^(w-1)] = 2^blocksize * generator; +- * points[2^(w-1)+1] = 3 * 2^blocksize * generator; +- * ... +- * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator +- * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator +- * ... +- * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator +- * points[2^(w-1)*numblocks] = NULL +- */ +-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +-{ +- const EC_POINT *generator; +- EC_POINT *tmp_point = NULL, *base = NULL, **var; +- BN_CTX *new_ctx = NULL; +- BIGNUM *order; +- size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; +- EC_POINT **points = NULL; +- EC_PRE_COMP *pre_comp; +- int ret = 0; +- +- /* if there is an old EC_PRE_COMP object, throw it away */ +- EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, +- ec_pre_comp_free, ec_pre_comp_clear_free); +- +- if ((pre_comp = ec_pre_comp_new(group)) == NULL) +- return 0; +- +- generator = EC_GROUP_get0_generator(group); +- if (generator == NULL) { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); +- goto err; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- goto err; +- } +- +- BN_CTX_start(ctx); +- order = BN_CTX_get(ctx); +- if (order == NULL) +- goto err; +- +- if (!EC_GROUP_get_order(group, order, ctx)) +- goto err; +- if (BN_is_zero(order)) { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); +- goto err; +- } +- +- bits = BN_num_bits(order); +- /* +- * The following parameters mean we precompute (approximately) one point +- * per bit. TBD: The combination 8, 4 is perfect for 160 bits; for other +- * bit lengths, other parameter combinations might provide better +- * efficiency. +- */ +- blocksize = 8; +- w = 4; +- if (EC_window_bits_for_scalar_size(bits) > w) { +- /* let's not make the window too small ... */ +- w = EC_window_bits_for_scalar_size(bits); +- } +- +- numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks +- * to use for wNAF +- * splitting */ +- +- pre_points_per_block = 1u << (w - 1); +- num = pre_points_per_block * numblocks; /* number of points to compute +- * and store */ +- +- points = OPENSSL_malloc(sizeof(EC_POINT *) * (num + 1)); +- if (!points) { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- var = points; +- var[num] = NULL; /* pivot */ +- for (i = 0; i < num; i++) { +- if ((var[i] = EC_POINT_new(group)) == NULL) { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!EC_POINT_copy(base, generator)) +- goto err; +- +- /* do the precomputation */ +- for (i = 0; i < numblocks; i++) { +- size_t j; +- +- if (!EC_POINT_dbl(group, tmp_point, base, ctx)) +- goto err; +- +- if (!EC_POINT_copy(*var++, base)) +- goto err; +- +- for (j = 1; j < pre_points_per_block; j++, var++) { +- /* +- * calculate odd multiples of the current base point +- */ +- if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) +- goto err; +- } +- +- if (i < numblocks - 1) { +- /* +- * get the next base (multiply current one by 2^blocksize) +- */ +- size_t k; +- +- if (blocksize <= 2) { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (!EC_POINT_dbl(group, base, tmp_point, ctx)) +- goto err; +- for (k = 2; k < blocksize; k++) { +- if (!EC_POINT_dbl(group, base, base, ctx)) +- goto err; +- } +- } +- } +- +- if (!EC_POINTs_make_affine(group, num, points, ctx)) +- goto err; +- +- pre_comp->group = group; +- pre_comp->blocksize = blocksize; +- pre_comp->numblocks = numblocks; +- pre_comp->w = w; +- pre_comp->points = points; +- points = NULL; +- pre_comp->num = num; +- +- if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp, +- ec_pre_comp_dup, ec_pre_comp_free, +- ec_pre_comp_clear_free)) +- goto err; +- pre_comp = NULL; +- +- ret = 1; +- err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (pre_comp) +- ec_pre_comp_free(pre_comp); +- if (points) { +- EC_POINT **p; +- +- for (p = points; *p != NULL; p++) +- EC_POINT_free(*p); +- OPENSSL_free(points); +- } +- if (tmp_point) +- EC_POINT_free(tmp_point); +- if (base) +- EC_POINT_free(base); +- return ret; +-} +- +-int ec_wNAF_have_precompute_mult(const EC_GROUP *group) +-{ +- if (EC_EX_DATA_get_data +- (group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, +- ec_pre_comp_clear_free) != NULL) +- return 1; +- else +- return 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_print.c b/Cryptlib/OpenSSL/crypto/ec/ec_print.c +deleted file mode 100644 +index 96b294d..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_print.c ++++ /dev/null +@@ -1,179 +0,0 @@ +-/* crypto/ec/ec_print.c */ +-/* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include "ec_lcl.h" +- +-BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, +- const EC_POINT *point, +- point_conversion_form_t form, +- BIGNUM *ret, BN_CTX *ctx) +-{ +- size_t buf_len = 0; +- unsigned char *buf; +- +- buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx); +- if (buf_len == 0) +- return NULL; +- +- if ((buf = OPENSSL_malloc(buf_len)) == NULL) +- return NULL; +- +- if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) { +- OPENSSL_free(buf); +- return NULL; +- } +- +- ret = BN_bin2bn(buf, buf_len, ret); +- +- OPENSSL_free(buf); +- +- return ret; +-} +- +-EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, +- const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx) +-{ +- size_t buf_len = 0; +- unsigned char *buf; +- EC_POINT *ret; +- +- if ((buf_len = BN_num_bytes(bn)) == 0) +- return NULL; +- buf = OPENSSL_malloc(buf_len); +- if (buf == NULL) +- return NULL; +- +- if (!BN_bn2bin(bn, buf)) { +- OPENSSL_free(buf); +- return NULL; +- } +- +- if (point == NULL) { +- if ((ret = EC_POINT_new(group)) == NULL) { +- OPENSSL_free(buf); +- return NULL; +- } +- } else +- ret = point; +- +- if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) { +- if (point == NULL) +- EC_POINT_clear_free(ret); +- OPENSSL_free(buf); +- return NULL; +- } +- +- OPENSSL_free(buf); +- return ret; +-} +- +-static const char *HEX_DIGITS = "0123456789ABCDEF"; +- +-/* the return value must be freed (using OPENSSL_free()) */ +-char *EC_POINT_point2hex(const EC_GROUP *group, +- const EC_POINT *point, +- point_conversion_form_t form, BN_CTX *ctx) +-{ +- char *ret, *p; +- size_t buf_len = 0, i; +- unsigned char *buf, *pbuf; +- +- buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx); +- if (buf_len == 0) +- return NULL; +- +- if ((buf = OPENSSL_malloc(buf_len)) == NULL) +- return NULL; +- +- if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) { +- OPENSSL_free(buf); +- return NULL; +- } +- +- ret = (char *)OPENSSL_malloc(buf_len * 2 + 2); +- if (ret == NULL) { +- OPENSSL_free(buf); +- return NULL; +- } +- p = ret; +- pbuf = buf; +- for (i = buf_len; i > 0; i--) { +- int v = (int)*(pbuf++); +- *(p++) = HEX_DIGITS[v >> 4]; +- *(p++) = HEX_DIGITS[v & 0x0F]; +- } +- *p = '\0'; +- +- OPENSSL_free(buf); +- +- return ret; +-} +- +-EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, +- const char *buf, EC_POINT *point, BN_CTX *ctx) +-{ +- EC_POINT *ret = NULL; +- BIGNUM *tmp_bn = NULL; +- +- if (!BN_hex2bn(&tmp_bn, buf)) +- return NULL; +- +- ret = EC_POINT_bn2point(group, tmp_bn, point, ctx); +- +- BN_clear_free(tmp_bn); +- +- return ret; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c +deleted file mode 100644 +index 1bfae5d..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c ++++ /dev/null +@@ -1,300 +0,0 @@ +-/* crypto/ec/ecp_mont.c */ +-/* +- * Originally written by Bodo Moeller for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Portions of this software developed by SUN MICROSYSTEMS, INC., +- * and contributed to the OpenSSL project. +- */ +- +-#include +- +-#include "ec_lcl.h" +- +-const EC_METHOD *EC_GFp_mont_method(void) +-{ +- static const EC_METHOD ret = { +- NID_X9_62_prime_field, +- ec_GFp_mont_group_init, +- ec_GFp_mont_group_finish, +- ec_GFp_mont_group_clear_finish, +- ec_GFp_mont_group_copy, +- ec_GFp_mont_group_set_curve, +- ec_GFp_simple_group_get_curve, +- ec_GFp_simple_group_get_degree, +- ec_GFp_simple_group_check_discriminant, +- ec_GFp_simple_point_init, +- ec_GFp_simple_point_finish, +- ec_GFp_simple_point_clear_finish, +- ec_GFp_simple_point_copy, +- ec_GFp_simple_point_set_to_infinity, +- ec_GFp_simple_set_Jprojective_coordinates_GFp, +- ec_GFp_simple_get_Jprojective_coordinates_GFp, +- ec_GFp_simple_point_set_affine_coordinates, +- ec_GFp_simple_point_get_affine_coordinates, +- ec_GFp_simple_set_compressed_coordinates, +- ec_GFp_simple_point2oct, +- ec_GFp_simple_oct2point, +- ec_GFp_simple_add, +- ec_GFp_simple_dbl, +- ec_GFp_simple_invert, +- ec_GFp_simple_is_at_infinity, +- ec_GFp_simple_is_on_curve, +- ec_GFp_simple_cmp, +- ec_GFp_simple_make_affine, +- ec_GFp_simple_points_make_affine, +- 0 /* mul */ , +- 0 /* precompute_mult */ , +- 0 /* have_precompute_mult */ , +- ec_GFp_mont_field_mul, +- ec_GFp_mont_field_sqr, +- 0 /* field_div */ , +- ec_GFp_mont_field_encode, +- ec_GFp_mont_field_decode, +- ec_GFp_mont_field_set_to_one +- }; +- +- return &ret; +-} +- +-int ec_GFp_mont_group_init(EC_GROUP *group) +-{ +- int ok; +- +- ok = ec_GFp_simple_group_init(group); +- group->field_data1 = NULL; +- group->field_data2 = NULL; +- return ok; +-} +- +-void ec_GFp_mont_group_finish(EC_GROUP *group) +-{ +- if (group->field_data1 != NULL) { +- BN_MONT_CTX_free(group->field_data1); +- group->field_data1 = NULL; +- } +- if (group->field_data2 != NULL) { +- BN_free(group->field_data2); +- group->field_data2 = NULL; +- } +- ec_GFp_simple_group_finish(group); +-} +- +-void ec_GFp_mont_group_clear_finish(EC_GROUP *group) +-{ +- if (group->field_data1 != NULL) { +- BN_MONT_CTX_free(group->field_data1); +- group->field_data1 = NULL; +- } +- if (group->field_data2 != NULL) { +- BN_clear_free(group->field_data2); +- group->field_data2 = NULL; +- } +- ec_GFp_simple_group_clear_finish(group); +-} +- +-int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) +-{ +- if (dest->field_data1 != NULL) { +- BN_MONT_CTX_free(dest->field_data1); +- dest->field_data1 = NULL; +- } +- if (dest->field_data2 != NULL) { +- BN_clear_free(dest->field_data2); +- dest->field_data2 = NULL; +- } +- +- if (!ec_GFp_simple_group_copy(dest, src)) +- return 0; +- +- if (src->field_data1 != NULL) { +- dest->field_data1 = BN_MONT_CTX_new(); +- if (dest->field_data1 == NULL) +- return 0; +- if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) +- goto err; +- } +- if (src->field_data2 != NULL) { +- dest->field_data2 = BN_dup(src->field_data2); +- if (dest->field_data2 == NULL) +- goto err; +- } +- +- return 1; +- +- err: +- if (dest->field_data1 != NULL) { +- BN_MONT_CTX_free(dest->field_data1); +- dest->field_data1 = NULL; +- } +- return 0; +-} +- +-int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, +- const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- BN_MONT_CTX *mont = NULL; +- BIGNUM *one = NULL; +- int ret = 0; +- +- if (group->field_data1 != NULL) { +- BN_MONT_CTX_free(group->field_data1); +- group->field_data1 = NULL; +- } +- if (group->field_data2 != NULL) { +- BN_free(group->field_data2); +- group->field_data2 = NULL; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- mont = BN_MONT_CTX_new(); +- if (mont == NULL) +- goto err; +- if (!BN_MONT_CTX_set(mont, p, ctx)) { +- ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB); +- goto err; +- } +- one = BN_new(); +- if (one == NULL) +- goto err; +- if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) +- goto err; +- +- group->field_data1 = mont; +- mont = NULL; +- group->field_data2 = one; +- one = NULL; +- +- ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); +- +- if (!ret) { +- BN_MONT_CTX_free(group->field_data1); +- group->field_data1 = NULL; +- BN_free(group->field_data2); +- group->field_data2 = NULL; +- } +- +- err: +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (mont != NULL) +- BN_MONT_CTX_free(mont); +- return ret; +-} +- +-int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +-{ +- if (group->field_data1 == NULL) { +- ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); +-} +- +-int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, +- BN_CTX *ctx) +-{ +- if (group->field_data1 == NULL) { +- ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); +-} +- +-int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, +- const BIGNUM *a, BN_CTX *ctx) +-{ +- if (group->field_data1 == NULL) { +- ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx); +-} +- +-int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, +- const BIGNUM *a, BN_CTX *ctx) +-{ +- if (group->field_data1 == NULL) { +- ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- return BN_from_montgomery(r, a, group->field_data1, ctx); +-} +- +-int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, +- BN_CTX *ctx) +-{ +- if (group->field_data2 == NULL) { +- ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- if (!BN_copy(r, group->field_data2)) +- return 0; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c +deleted file mode 100644 +index dd976d3..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c ++++ /dev/null +@@ -1,235 +0,0 @@ +-/* crypto/ec/ecp_nist.c */ +-/* +- * Written by Nils Larsch for the OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Portions of this software developed by SUN MICROSYSTEMS, INC., +- * and contributed to the OpenSSL project. +- */ +- +-#include +- +-#include +-#include +-#include "ec_lcl.h" +- +-const EC_METHOD *EC_GFp_nist_method(void) +-{ +- static const EC_METHOD ret = { +- NID_X9_62_prime_field, +- ec_GFp_simple_group_init, +- ec_GFp_simple_group_finish, +- ec_GFp_simple_group_clear_finish, +- ec_GFp_nist_group_copy, +- ec_GFp_nist_group_set_curve, +- ec_GFp_simple_group_get_curve, +- ec_GFp_simple_group_get_degree, +- ec_GFp_simple_group_check_discriminant, +- ec_GFp_simple_point_init, +- ec_GFp_simple_point_finish, +- ec_GFp_simple_point_clear_finish, +- ec_GFp_simple_point_copy, +- ec_GFp_simple_point_set_to_infinity, +- ec_GFp_simple_set_Jprojective_coordinates_GFp, +- ec_GFp_simple_get_Jprojective_coordinates_GFp, +- ec_GFp_simple_point_set_affine_coordinates, +- ec_GFp_simple_point_get_affine_coordinates, +- ec_GFp_simple_set_compressed_coordinates, +- ec_GFp_simple_point2oct, +- ec_GFp_simple_oct2point, +- ec_GFp_simple_add, +- ec_GFp_simple_dbl, +- ec_GFp_simple_invert, +- ec_GFp_simple_is_at_infinity, +- ec_GFp_simple_is_on_curve, +- ec_GFp_simple_cmp, +- ec_GFp_simple_make_affine, +- ec_GFp_simple_points_make_affine, +- 0 /* mul */ , +- 0 /* precompute_mult */ , +- 0 /* have_precompute_mult */ , +- ec_GFp_nist_field_mul, +- ec_GFp_nist_field_sqr, +- 0 /* field_div */ , +- 0 /* field_encode */ , +- 0 /* field_decode */ , +- 0 /* field_set_to_one */ +- }; +- +- return &ret; +-} +- +-#if BN_BITS2 == 64 +-# define NO_32_BIT_TYPE +-#endif +- +-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) +-{ +- dest->field_mod_func = src->field_mod_func; +- +- return ec_GFp_simple_group_copy(dest, src); +-} +- +-int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, +- const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +-{ +- int ret = 0; +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp_bn; +- +- if (ctx == NULL) +- if ((ctx = new_ctx = BN_CTX_new()) == NULL) +- return 0; +- +- BN_CTX_start(ctx); +- if ((tmp_bn = BN_CTX_get(ctx)) == NULL) +- goto err; +- +- if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) +- group->field_mod_func = BN_nist_mod_192; +- else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) { +-#ifndef NO_32_BIT_TYPE +- group->field_mod_func = BN_nist_mod_224; +-#else +- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, +- EC_R_NOT_A_SUPPORTED_NIST_PRIME); +- goto err; +-#endif +- } else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) { +-#ifndef NO_32_BIT_TYPE +- group->field_mod_func = BN_nist_mod_256; +-#else +- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, +- EC_R_NOT_A_SUPPORTED_NIST_PRIME); +- goto err; +-#endif +- } else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) { +-#ifndef NO_32_BIT_TYPE +- group->field_mod_func = BN_nist_mod_384; +-#else +- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, +- EC_R_NOT_A_SUPPORTED_NIST_PRIME); +- goto err; +-#endif +- } else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) +- /* this one works in the NO_32_BIT_TYPE case */ +- group->field_mod_func = BN_nist_mod_521; +- else { +- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME); +- goto err; +- } +- +- ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +-{ +- int ret = 0; +- BN_CTX *ctx_new = NULL; +- +- if (!group || !r || !a || !b) { +- ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER); +- goto err; +- } +- if (!ctx) +- if ((ctx_new = ctx = BN_CTX_new()) == NULL) +- goto err; +- +- if (!BN_mul(r, a, b, ctx)) +- goto err; +- if (!group->field_mod_func(r, r, &group->field, ctx)) +- goto err; +- +- ret = 1; +- err: +- if (ctx_new) +- BN_CTX_free(ctx_new); +- return ret; +-} +- +-int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, +- BN_CTX *ctx) +-{ +- int ret = 0; +- BN_CTX *ctx_new = NULL; +- +- if (!group || !r || !a) { +- ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER); +- goto err; +- } +- if (!ctx) +- if ((ctx_new = ctx = BN_CTX_new()) == NULL) +- goto err; +- +- if (!BN_sqr(r, a, ctx)) +- goto err; +- if (!group->field_mod_func(r, r, &group->field, ctx)) +- goto err; +- +- ret = 1; +- err: +- if (ctx_new) +- BN_CTX_free(ctx_new); +- return ret; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c +deleted file mode 100644 +index a0c1540..0000000 +--- a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c ++++ /dev/null +@@ -1,1769 +0,0 @@ +-/* crypto/ec/ecp_smpl.c */ +-/* +- * Includes code written by Lenka Fibikova +- * for the OpenSSL project. Includes code written by Bodo Moeller for the +- * OpenSSL project. +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Portions of this software developed by SUN MICROSYSTEMS, INC., +- * and contributed to the OpenSSL project. +- */ +- +-#include +-#include +- +-#include "ec_lcl.h" +- +-const EC_METHOD *EC_GFp_simple_method(void) +-{ +- static const EC_METHOD ret = { +- NID_X9_62_prime_field, +- ec_GFp_simple_group_init, +- ec_GFp_simple_group_finish, +- ec_GFp_simple_group_clear_finish, +- ec_GFp_simple_group_copy, +- ec_GFp_simple_group_set_curve, +- ec_GFp_simple_group_get_curve, +- ec_GFp_simple_group_get_degree, +- ec_GFp_simple_group_check_discriminant, +- ec_GFp_simple_point_init, +- ec_GFp_simple_point_finish, +- ec_GFp_simple_point_clear_finish, +- ec_GFp_simple_point_copy, +- ec_GFp_simple_point_set_to_infinity, +- ec_GFp_simple_set_Jprojective_coordinates_GFp, +- ec_GFp_simple_get_Jprojective_coordinates_GFp, +- ec_GFp_simple_point_set_affine_coordinates, +- ec_GFp_simple_point_get_affine_coordinates, +- ec_GFp_simple_set_compressed_coordinates, +- ec_GFp_simple_point2oct, +- ec_GFp_simple_oct2point, +- ec_GFp_simple_add, +- ec_GFp_simple_dbl, +- ec_GFp_simple_invert, +- ec_GFp_simple_is_at_infinity, +- ec_GFp_simple_is_on_curve, +- ec_GFp_simple_cmp, +- ec_GFp_simple_make_affine, +- ec_GFp_simple_points_make_affine, +- 0 /* mul */ , +- 0 /* precompute_mult */ , +- 0 /* have_precompute_mult */ , +- ec_GFp_simple_field_mul, +- ec_GFp_simple_field_sqr, +- 0 /* field_div */ , +- 0 /* field_encode */ , +- 0 /* field_decode */ , +- 0 /* field_set_to_one */ +- }; +- +- return &ret; +-} +- +-/* +- * Most method functions in this file are designed to work with +- * non-trivial representations of field elements if necessary +- * (see ecp_mont.c): while standard modular addition and subtraction +- * are used, the field_mul and field_sqr methods will be used for +- * multiplication, and field_encode and field_decode (if defined) +- * will be used for converting between representations. +- * +- * Functions ec_GFp_simple_points_make_affine() and +- * ec_GFp_simple_point_get_affine_coordinates() specifically assume +- * that if a non-trivial representation is used, it is a Montgomery +- * representation (i.e. 'encoding' means multiplying by some factor R). +- */ +- +-int ec_GFp_simple_group_init(EC_GROUP *group) +-{ +- BN_init(&group->field); +- BN_init(&group->a); +- BN_init(&group->b); +- group->a_is_minus3 = 0; +- return 1; +-} +- +-void ec_GFp_simple_group_finish(EC_GROUP *group) +-{ +- BN_free(&group->field); +- BN_free(&group->a); +- BN_free(&group->b); +-} +- +-void ec_GFp_simple_group_clear_finish(EC_GROUP *group) +-{ +- BN_clear_free(&group->field); +- BN_clear_free(&group->a); +- BN_clear_free(&group->b); +-} +- +-int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) +-{ +- if (!BN_copy(&dest->field, &src->field)) +- return 0; +- if (!BN_copy(&dest->a, &src->a)) +- return 0; +- if (!BN_copy(&dest->b, &src->b)) +- return 0; +- +- dest->a_is_minus3 = src->a_is_minus3; +- +- return 1; +-} +- +-int ec_GFp_simple_group_set_curve(EC_GROUP *group, +- const BIGNUM *p, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +-{ +- int ret = 0; +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp_a; +- +- /* p must be a prime > 3 */ +- if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) { +- ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD); +- return 0; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- tmp_a = BN_CTX_get(ctx); +- if (tmp_a == NULL) +- goto err; +- +- /* group->field */ +- if (!BN_copy(&group->field, p)) +- goto err; +- BN_set_negative(&group->field, 0); +- +- /* group->a */ +- if (!BN_nnmod(tmp_a, a, p, ctx)) +- goto err; +- if (group->meth->field_encode) { +- if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) +- goto err; +- } else if (!BN_copy(&group->a, tmp_a)) +- goto err; +- +- /* group->b */ +- if (!BN_nnmod(&group->b, b, p, ctx)) +- goto err; +- if (group->meth->field_encode) +- if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) +- goto err; +- +- /* group->a_is_minus3 */ +- if (!BN_add_word(tmp_a, 3)) +- goto err; +- group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field)); +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, +- BIGNUM *b, BN_CTX *ctx) +-{ +- int ret = 0; +- BN_CTX *new_ctx = NULL; +- +- if (p != NULL) { +- if (!BN_copy(p, &group->field)) +- return 0; +- } +- +- if (a != NULL || b != NULL) { +- if (group->meth->field_decode) { +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- if (a != NULL) { +- if (!group->meth->field_decode(group, a, &group->a, ctx)) +- goto err; +- } +- if (b != NULL) { +- if (!group->meth->field_decode(group, b, &group->b, ctx)) +- goto err; +- } +- } else { +- if (a != NULL) { +- if (!BN_copy(a, &group->a)) +- goto err; +- } +- if (b != NULL) { +- if (!BN_copy(b, &group->b)) +- goto err; +- } +- } +- } +- +- ret = 1; +- +- err: +- if (new_ctx) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_group_get_degree(const EC_GROUP *group) +-{ +- return BN_num_bits(&group->field); +-} +- +-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) +-{ +- int ret = 0; +- BIGNUM *a, *b, *order, *tmp_1, *tmp_2; +- const BIGNUM *p = &group->field; +- BN_CTX *new_ctx = NULL; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) { +- ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- BN_CTX_start(ctx); +- a = BN_CTX_get(ctx); +- b = BN_CTX_get(ctx); +- tmp_1 = BN_CTX_get(ctx); +- tmp_2 = BN_CTX_get(ctx); +- order = BN_CTX_get(ctx); +- if (order == NULL) +- goto err; +- +- if (group->meth->field_decode) { +- if (!group->meth->field_decode(group, a, &group->a, ctx)) +- goto err; +- if (!group->meth->field_decode(group, b, &group->b, ctx)) +- goto err; +- } else { +- if (!BN_copy(a, &group->a)) +- goto err; +- if (!BN_copy(b, &group->b)) +- goto err; +- } +- +- /*- +- * check the discriminant: +- * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) +- * 0 =< a, b < p +- */ +- if (BN_is_zero(a)) { +- if (BN_is_zero(b)) +- goto err; +- } else if (!BN_is_zero(b)) { +- if (!BN_mod_sqr(tmp_1, a, p, ctx)) +- goto err; +- if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) +- goto err; +- if (!BN_lshift(tmp_1, tmp_2, 2)) +- goto err; +- /* tmp_1 = 4*a^3 */ +- +- if (!BN_mod_sqr(tmp_2, b, p, ctx)) +- goto err; +- if (!BN_mul_word(tmp_2, 27)) +- goto err; +- /* tmp_2 = 27*b^2 */ +- +- if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) +- goto err; +- if (BN_is_zero(a)) +- goto err; +- } +- ret = 1; +- +- err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_point_init(EC_POINT *point) +-{ +- BN_init(&point->X); +- BN_init(&point->Y); +- BN_init(&point->Z); +- point->Z_is_one = 0; +- +- return 1; +-} +- +-void ec_GFp_simple_point_finish(EC_POINT *point) +-{ +- BN_free(&point->X); +- BN_free(&point->Y); +- BN_free(&point->Z); +-} +- +-void ec_GFp_simple_point_clear_finish(EC_POINT *point) +-{ +- BN_clear_free(&point->X); +- BN_clear_free(&point->Y); +- BN_clear_free(&point->Z); +- point->Z_is_one = 0; +-} +- +-int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) +-{ +- if (!BN_copy(&dest->X, &src->X)) +- return 0; +- if (!BN_copy(&dest->Y, &src->Y)) +- return 0; +- if (!BN_copy(&dest->Z, &src->Z)) +- return 0; +- dest->Z_is_one = src->Z_is_one; +- +- return 1; +-} +- +-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, +- EC_POINT *point) +-{ +- point->Z_is_one = 0; +- BN_zero(&point->Z); +- return 1; +-} +- +-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, +- EC_POINT *point, +- const BIGNUM *x, +- const BIGNUM *y, +- const BIGNUM *z, +- BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- int ret = 0; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- if (x != NULL) { +- if (!BN_nnmod(&point->X, x, &group->field, ctx)) +- goto err; +- if (group->meth->field_encode) { +- if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) +- goto err; +- } +- } +- +- if (y != NULL) { +- if (!BN_nnmod(&point->Y, y, &group->field, ctx)) +- goto err; +- if (group->meth->field_encode) { +- if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) +- goto err; +- } +- } +- +- if (z != NULL) { +- int Z_is_one; +- +- if (!BN_nnmod(&point->Z, z, &group->field, ctx)) +- goto err; +- Z_is_one = BN_is_one(&point->Z); +- if (group->meth->field_encode) { +- if (Z_is_one && (group->meth->field_set_to_one != 0)) { +- if (!group->meth->field_set_to_one(group, &point->Z, ctx)) +- goto err; +- } else { +- if (!group-> +- meth->field_encode(group, &point->Z, &point->Z, ctx)) +- goto err; +- } +- } +- point->Z_is_one = Z_is_one; +- } +- +- ret = 1; +- +- err: +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, +- const EC_POINT *point, +- BIGNUM *x, BIGNUM *y, +- BIGNUM *z, BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- int ret = 0; +- +- if (group->meth->field_decode != 0) { +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- if (x != NULL) { +- if (!group->meth->field_decode(group, x, &point->X, ctx)) +- goto err; +- } +- if (y != NULL) { +- if (!group->meth->field_decode(group, y, &point->Y, ctx)) +- goto err; +- } +- if (z != NULL) { +- if (!group->meth->field_decode(group, z, &point->Z, ctx)) +- goto err; +- } +- } else { +- if (x != NULL) { +- if (!BN_copy(x, &point->X)) +- goto err; +- } +- if (y != NULL) { +- if (!BN_copy(y, &point->Y)) +- goto err; +- } +- if (z != NULL) { +- if (!BN_copy(z, &point->Z)) +- goto err; +- } +- } +- +- ret = 1; +- +- err: +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, +- EC_POINT *point, +- const BIGNUM *x, +- const BIGNUM *y, BN_CTX *ctx) +-{ +- if (x == NULL || y == NULL) { +- /* +- * unlike for projective coordinates, we do not tolerate this +- */ +- ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, +- BN_value_one(), ctx); +-} +- +-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, +- const EC_POINT *point, +- BIGNUM *x, BIGNUM *y, +- BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- BIGNUM *Z, *Z_1, *Z_2, *Z_3; +- const BIGNUM *Z_; +- int ret = 0; +- +- if (EC_POINT_is_at_infinity(group, point)) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, +- EC_R_POINT_AT_INFINITY); +- return 0; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- Z = BN_CTX_get(ctx); +- Z_1 = BN_CTX_get(ctx); +- Z_2 = BN_CTX_get(ctx); +- Z_3 = BN_CTX_get(ctx); +- if (Z_3 == NULL) +- goto err; +- +- /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */ +- +- if (group->meth->field_decode) { +- if (!group->meth->field_decode(group, Z, &point->Z, ctx)) +- goto err; +- Z_ = Z; +- } else { +- Z_ = &point->Z; +- } +- +- if (BN_is_one(Z_)) { +- if (group->meth->field_decode) { +- if (x != NULL) { +- if (!group->meth->field_decode(group, x, &point->X, ctx)) +- goto err; +- } +- if (y != NULL) { +- if (!group->meth->field_decode(group, y, &point->Y, ctx)) +- goto err; +- } +- } else { +- if (x != NULL) { +- if (!BN_copy(x, &point->X)) +- goto err; +- } +- if (y != NULL) { +- if (!BN_copy(y, &point->Y)) +- goto err; +- } +- } +- } else { +- if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, +- ERR_R_BN_LIB); +- goto err; +- } +- +- if (group->meth->field_encode == 0) { +- /* field_sqr works on standard representation */ +- if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) +- goto err; +- } else { +- if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) +- goto err; +- } +- +- if (x != NULL) { +- /* +- * in the Montgomery case, field_mul will cancel out Montgomery +- * factor in X: +- */ +- if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) +- goto err; +- } +- +- if (y != NULL) { +- if (group->meth->field_encode == 0) { +- /* +- * field_mul works on standard representation +- */ +- if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) +- goto err; +- } else { +- if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) +- goto err; +- } +- +- /* +- * in the Montgomery case, field_mul will cancel out Montgomery +- * factor in Y: +- */ +- if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) +- goto err; +- } +- } +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, +- EC_POINT *point, +- const BIGNUM *x_, int y_bit, +- BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp1, *tmp2, *x, *y; +- int ret = 0; +- +- /* clear error queue */ +- ERR_clear_error(); +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- y_bit = (y_bit != 0); +- +- BN_CTX_start(ctx); +- tmp1 = BN_CTX_get(ctx); +- tmp2 = BN_CTX_get(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) +- goto err; +- +- /*- +- * Recover y. We have a Weierstrass equation +- * y^2 = x^3 + a*x + b, +- * so y is one of the square roots of x^3 + a*x + b. +- */ +- +- /* tmp1 := x^3 */ +- if (!BN_nnmod(x, x_, &group->field, ctx)) +- goto err; +- if (group->meth->field_decode == 0) { +- /* field_{sqr,mul} work on standard representation */ +- if (!group->meth->field_sqr(group, tmp2, x_, ctx)) +- goto err; +- if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) +- goto err; +- } else { +- if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) +- goto err; +- if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) +- goto err; +- } +- +- /* tmp1 := tmp1 + a*x */ +- if (group->a_is_minus3) { +- if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) +- goto err; +- if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) +- goto err; +- if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) +- goto err; +- } else { +- if (group->meth->field_decode) { +- if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) +- goto err; +- if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) +- goto err; +- } else { +- /* field_mul works on standard representation */ +- if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) +- goto err; +- } +- +- if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) +- goto err; +- } +- +- /* tmp1 := tmp1 + b */ +- if (group->meth->field_decode) { +- if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) +- goto err; +- if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) +- goto err; +- } else { +- if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) +- goto err; +- } +- +- if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) { +- unsigned long err = ERR_peek_last_error(); +- +- if (ERR_GET_LIB(err) == ERR_LIB_BN +- && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { +- ERR_clear_error(); +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, +- EC_R_INVALID_COMPRESSED_POINT); +- } else +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, +- ERR_R_BN_LIB); +- goto err; +- } +- +- if (y_bit != BN_is_odd(y)) { +- if (BN_is_zero(y)) { +- int kron; +- +- kron = BN_kronecker(x, &group->field, ctx); +- if (kron == -2) +- goto err; +- +- if (kron == 1) +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, +- EC_R_INVALID_COMPRESSION_BIT); +- else +- /* +- * BN_mod_sqrt() should have cought this error (not a square) +- */ +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, +- EC_R_INVALID_COMPRESSED_POINT); +- goto err; +- } +- if (!BN_usub(y, &group->field, y)) +- goto err; +- } +- if (y_bit != BN_is_odd(y)) { +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, +- ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) +- goto err; +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, +- point_conversion_form_t form, +- unsigned char *buf, size_t len, BN_CTX *ctx) +-{ +- size_t ret; +- BN_CTX *new_ctx = NULL; +- int used_ctx = 0; +- BIGNUM *x, *y; +- size_t field_len, i, skip; +- +- if ((form != POINT_CONVERSION_COMPRESSED) +- && (form != POINT_CONVERSION_UNCOMPRESSED) +- && (form != POINT_CONVERSION_HYBRID)) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); +- goto err; +- } +- +- if (EC_POINT_is_at_infinity(group, point)) { +- /* encodes to a single 0 octet */ +- if (buf != NULL) { +- if (len < 1) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); +- return 0; +- } +- buf[0] = 0; +- } +- return 1; +- } +- +- /* ret := required output buffer length */ +- field_len = BN_num_bytes(&group->field); +- ret = +- (form == +- POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; +- +- /* if 'buf' is NULL, just return required length */ +- if (buf != NULL) { +- if (len < ret) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); +- goto err; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- used_ctx = 1; +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) +- goto err; +- +- if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) +- goto err; +- +- if ((form == POINT_CONVERSION_COMPRESSED +- || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) +- buf[0] = form + 1; +- else +- buf[0] = form; +- +- i = 1; +- +- skip = field_len - BN_num_bytes(x); +- if (skip > field_len) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- while (skip > 0) { +- buf[i++] = 0; +- skip--; +- } +- skip = BN_bn2bin(x, buf + i); +- i += skip; +- if (i != 1 + field_len) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (form == POINT_CONVERSION_UNCOMPRESSED +- || form == POINT_CONVERSION_HYBRID) { +- skip = field_len - BN_num_bytes(y); +- if (skip > field_len) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- while (skip > 0) { +- buf[i++] = 0; +- skip--; +- } +- skip = BN_bn2bin(y, buf + i); +- i += skip; +- } +- +- if (i != ret) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (used_ctx) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- +- err: +- if (used_ctx) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return 0; +-} +- +-int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, +- const unsigned char *buf, size_t len, BN_CTX *ctx) +-{ +- point_conversion_form_t form; +- int y_bit; +- BN_CTX *new_ctx = NULL; +- BIGNUM *x, *y; +- size_t field_len, enc_len; +- int ret = 0; +- +- if (len == 0) { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); +- return 0; +- } +- form = buf[0]; +- y_bit = form & 1; +- form = form & ~1U; +- if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) +- && (form != POINT_CONVERSION_UNCOMPRESSED) +- && (form != POINT_CONVERSION_HYBRID)) { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- if (form == 0) { +- if (len != 1) { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- return EC_POINT_set_to_infinity(group, point); +- } +- +- field_len = BN_num_bytes(&group->field); +- enc_len = +- (form == +- POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; +- +- if (len != enc_len) { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) +- goto err; +- +- if (!BN_bin2bn(buf + 1, field_len, x)) +- goto err; +- if (BN_ucmp(x, &group->field) >= 0) { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- +- if (form == POINT_CONVERSION_COMPRESSED) { +- if (!EC_POINT_set_compressed_coordinates_GFp +- (group, point, x, y_bit, ctx)) +- goto err; +- } else { +- if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) +- goto err; +- if (BN_ucmp(y, &group->field) >= 0) { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- if (form == POINT_CONVERSION_HYBRID) { +- if (y_bit != BN_is_odd(y)) { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- } +- +- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) +- goto err; +- } +- +- /* test required by X9.62 */ +- if (!EC_POINT_is_on_curve(group, point, ctx)) { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); +- goto err; +- } +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +- const EC_POINT *b, BN_CTX *ctx) +-{ +- int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, +- const BIGNUM *, BN_CTX *); +- int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- const BIGNUM *p; +- BN_CTX *new_ctx = NULL; +- BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; +- int ret = 0; +- +- if (a == b) +- return EC_POINT_dbl(group, r, a, ctx); +- if (EC_POINT_is_at_infinity(group, a)) +- return EC_POINT_copy(r, b); +- if (EC_POINT_is_at_infinity(group, b)) +- return EC_POINT_copy(r, a); +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- p = &group->field; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- n0 = BN_CTX_get(ctx); +- n1 = BN_CTX_get(ctx); +- n2 = BN_CTX_get(ctx); +- n3 = BN_CTX_get(ctx); +- n4 = BN_CTX_get(ctx); +- n5 = BN_CTX_get(ctx); +- n6 = BN_CTX_get(ctx); +- if (n6 == NULL) +- goto end; +- +- /* +- * Note that in this function we must not read components of 'a' or 'b' +- * once we have written the corresponding components of 'r'. ('r' might +- * be one of 'a' or 'b'.) +- */ +- +- /* n1, n2 */ +- if (b->Z_is_one) { +- if (!BN_copy(n1, &a->X)) +- goto end; +- if (!BN_copy(n2, &a->Y)) +- goto end; +- /* n1 = X_a */ +- /* n2 = Y_a */ +- } else { +- if (!field_sqr(group, n0, &b->Z, ctx)) +- goto end; +- if (!field_mul(group, n1, &a->X, n0, ctx)) +- goto end; +- /* n1 = X_a * Z_b^2 */ +- +- if (!field_mul(group, n0, n0, &b->Z, ctx)) +- goto end; +- if (!field_mul(group, n2, &a->Y, n0, ctx)) +- goto end; +- /* n2 = Y_a * Z_b^3 */ +- } +- +- /* n3, n4 */ +- if (a->Z_is_one) { +- if (!BN_copy(n3, &b->X)) +- goto end; +- if (!BN_copy(n4, &b->Y)) +- goto end; +- /* n3 = X_b */ +- /* n4 = Y_b */ +- } else { +- if (!field_sqr(group, n0, &a->Z, ctx)) +- goto end; +- if (!field_mul(group, n3, &b->X, n0, ctx)) +- goto end; +- /* n3 = X_b * Z_a^2 */ +- +- if (!field_mul(group, n0, n0, &a->Z, ctx)) +- goto end; +- if (!field_mul(group, n4, &b->Y, n0, ctx)) +- goto end; +- /* n4 = Y_b * Z_a^3 */ +- } +- +- /* n5, n6 */ +- if (!BN_mod_sub_quick(n5, n1, n3, p)) +- goto end; +- if (!BN_mod_sub_quick(n6, n2, n4, p)) +- goto end; +- /* n5 = n1 - n3 */ +- /* n6 = n2 - n4 */ +- +- if (BN_is_zero(n5)) { +- if (BN_is_zero(n6)) { +- /* a is the same point as b */ +- BN_CTX_end(ctx); +- ret = EC_POINT_dbl(group, r, a, ctx); +- ctx = NULL; +- goto end; +- } else { +- /* a is the inverse of b */ +- BN_zero(&r->Z); +- r->Z_is_one = 0; +- ret = 1; +- goto end; +- } +- } +- +- /* 'n7', 'n8' */ +- if (!BN_mod_add_quick(n1, n1, n3, p)) +- goto end; +- if (!BN_mod_add_quick(n2, n2, n4, p)) +- goto end; +- /* 'n7' = n1 + n3 */ +- /* 'n8' = n2 + n4 */ +- +- /* Z_r */ +- if (a->Z_is_one && b->Z_is_one) { +- if (!BN_copy(&r->Z, n5)) +- goto end; +- } else { +- if (a->Z_is_one) { +- if (!BN_copy(n0, &b->Z)) +- goto end; +- } else if (b->Z_is_one) { +- if (!BN_copy(n0, &a->Z)) +- goto end; +- } else { +- if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) +- goto end; +- } +- if (!field_mul(group, &r->Z, n0, n5, ctx)) +- goto end; +- } +- r->Z_is_one = 0; +- /* Z_r = Z_a * Z_b * n5 */ +- +- /* X_r */ +- if (!field_sqr(group, n0, n6, ctx)) +- goto end; +- if (!field_sqr(group, n4, n5, ctx)) +- goto end; +- if (!field_mul(group, n3, n1, n4, ctx)) +- goto end; +- if (!BN_mod_sub_quick(&r->X, n0, n3, p)) +- goto end; +- /* X_r = n6^2 - n5^2 * 'n7' */ +- +- /* 'n9' */ +- if (!BN_mod_lshift1_quick(n0, &r->X, p)) +- goto end; +- if (!BN_mod_sub_quick(n0, n3, n0, p)) +- goto end; +- /* n9 = n5^2 * 'n7' - 2 * X_r */ +- +- /* Y_r */ +- if (!field_mul(group, n0, n0, n6, ctx)) +- goto end; +- if (!field_mul(group, n5, n4, n5, ctx)) +- goto end; /* now n5 is n5^3 */ +- if (!field_mul(group, n1, n2, n5, ctx)) +- goto end; +- if (!BN_mod_sub_quick(n0, n0, n1, p)) +- goto end; +- if (BN_is_odd(n0)) +- if (!BN_add(n0, n0, p)) +- goto end; +- /* now 0 <= n0 < 2*p, and n0 is even */ +- if (!BN_rshift1(&r->Y, n0)) +- goto end; +- /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */ +- +- ret = 1; +- +- end: +- if (ctx) /* otherwise we already called BN_CTX_end */ +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +- BN_CTX *ctx) +-{ +- int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, +- const BIGNUM *, BN_CTX *); +- int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- const BIGNUM *p; +- BN_CTX *new_ctx = NULL; +- BIGNUM *n0, *n1, *n2, *n3; +- int ret = 0; +- +- if (EC_POINT_is_at_infinity(group, a)) { +- BN_zero(&r->Z); +- r->Z_is_one = 0; +- return 1; +- } +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- p = &group->field; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- n0 = BN_CTX_get(ctx); +- n1 = BN_CTX_get(ctx); +- n2 = BN_CTX_get(ctx); +- n3 = BN_CTX_get(ctx); +- if (n3 == NULL) +- goto err; +- +- /* +- * Note that in this function we must not read components of 'a' once we +- * have written the corresponding components of 'r'. ('r' might the same +- * as 'a'.) +- */ +- +- /* n1 */ +- if (a->Z_is_one) { +- if (!field_sqr(group, n0, &a->X, ctx)) +- goto err; +- if (!BN_mod_lshift1_quick(n1, n0, p)) +- goto err; +- if (!BN_mod_add_quick(n0, n0, n1, p)) +- goto err; +- if (!BN_mod_add_quick(n1, n0, &group->a, p)) +- goto err; +- /* n1 = 3 * X_a^2 + a_curve */ +- } else if (group->a_is_minus3) { +- if (!field_sqr(group, n1, &a->Z, ctx)) +- goto err; +- if (!BN_mod_add_quick(n0, &a->X, n1, p)) +- goto err; +- if (!BN_mod_sub_quick(n2, &a->X, n1, p)) +- goto err; +- if (!field_mul(group, n1, n0, n2, ctx)) +- goto err; +- if (!BN_mod_lshift1_quick(n0, n1, p)) +- goto err; +- if (!BN_mod_add_quick(n1, n0, n1, p)) +- goto err; +- /*- +- * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) +- * = 3 * X_a^2 - 3 * Z_a^4 +- */ +- } else { +- if (!field_sqr(group, n0, &a->X, ctx)) +- goto err; +- if (!BN_mod_lshift1_quick(n1, n0, p)) +- goto err; +- if (!BN_mod_add_quick(n0, n0, n1, p)) +- goto err; +- if (!field_sqr(group, n1, &a->Z, ctx)) +- goto err; +- if (!field_sqr(group, n1, n1, ctx)) +- goto err; +- if (!field_mul(group, n1, n1, &group->a, ctx)) +- goto err; +- if (!BN_mod_add_quick(n1, n1, n0, p)) +- goto err; +- /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ +- } +- +- /* Z_r */ +- if (a->Z_is_one) { +- if (!BN_copy(n0, &a->Y)) +- goto err; +- } else { +- if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) +- goto err; +- } +- if (!BN_mod_lshift1_quick(&r->Z, n0, p)) +- goto err; +- r->Z_is_one = 0; +- /* Z_r = 2 * Y_a * Z_a */ +- +- /* n2 */ +- if (!field_sqr(group, n3, &a->Y, ctx)) +- goto err; +- if (!field_mul(group, n2, &a->X, n3, ctx)) +- goto err; +- if (!BN_mod_lshift_quick(n2, n2, 2, p)) +- goto err; +- /* n2 = 4 * X_a * Y_a^2 */ +- +- /* X_r */ +- if (!BN_mod_lshift1_quick(n0, n2, p)) +- goto err; +- if (!field_sqr(group, &r->X, n1, ctx)) +- goto err; +- if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) +- goto err; +- /* X_r = n1^2 - 2 * n2 */ +- +- /* n3 */ +- if (!field_sqr(group, n0, n3, ctx)) +- goto err; +- if (!BN_mod_lshift_quick(n3, n0, 3, p)) +- goto err; +- /* n3 = 8 * Y_a^4 */ +- +- /* Y_r */ +- if (!BN_mod_sub_quick(n0, n2, &r->X, p)) +- goto err; +- if (!field_mul(group, n0, n1, n0, ctx)) +- goto err; +- if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) +- goto err; +- /* Y_r = n1 * (n2 - X_r) - n3 */ +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +-{ +- if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) +- /* point is its own inverse */ +- return 1; +- +- return BN_usub(&point->Y, &group->field, &point->Y); +-} +- +-int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) +-{ +- return BN_is_zero(&point->Z); +-} +- +-int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, +- BN_CTX *ctx) +-{ +- int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, +- const BIGNUM *, BN_CTX *); +- int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- const BIGNUM *p; +- BN_CTX *new_ctx = NULL; +- BIGNUM *rh, *tmp, *Z4, *Z6; +- int ret = -1; +- +- if (EC_POINT_is_at_infinity(group, point)) +- return 1; +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- p = &group->field; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return -1; +- } +- +- BN_CTX_start(ctx); +- rh = BN_CTX_get(ctx); +- tmp = BN_CTX_get(ctx); +- Z4 = BN_CTX_get(ctx); +- Z6 = BN_CTX_get(ctx); +- if (Z6 == NULL) +- goto err; +- +- /*- +- * We have a curve defined by a Weierstrass equation +- * y^2 = x^3 + a*x + b. +- * The point to consider is given in Jacobian projective coordinates +- * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). +- * Substituting this and multiplying by Z^6 transforms the above equation into +- * Y^2 = X^3 + a*X*Z^4 + b*Z^6. +- * To test this, we add up the right-hand side in 'rh'. +- */ +- +- /* rh := X^2 */ +- if (!field_sqr(group, rh, &point->X, ctx)) +- goto err; +- +- if (!point->Z_is_one) { +- if (!field_sqr(group, tmp, &point->Z, ctx)) +- goto err; +- if (!field_sqr(group, Z4, tmp, ctx)) +- goto err; +- if (!field_mul(group, Z6, Z4, tmp, ctx)) +- goto err; +- +- /* rh := (rh + a*Z^4)*X */ +- if (group->a_is_minus3) { +- if (!BN_mod_lshift1_quick(tmp, Z4, p)) +- goto err; +- if (!BN_mod_add_quick(tmp, tmp, Z4, p)) +- goto err; +- if (!BN_mod_sub_quick(rh, rh, tmp, p)) +- goto err; +- if (!field_mul(group, rh, rh, &point->X, ctx)) +- goto err; +- } else { +- if (!field_mul(group, tmp, Z4, &group->a, ctx)) +- goto err; +- if (!BN_mod_add_quick(rh, rh, tmp, p)) +- goto err; +- if (!field_mul(group, rh, rh, &point->X, ctx)) +- goto err; +- } +- +- /* rh := rh + b*Z^6 */ +- if (!field_mul(group, tmp, &group->b, Z6, ctx)) +- goto err; +- if (!BN_mod_add_quick(rh, rh, tmp, p)) +- goto err; +- } else { +- /* point->Z_is_one */ +- +- /* rh := (rh + a)*X */ +- if (!BN_mod_add_quick(rh, rh, &group->a, p)) +- goto err; +- if (!field_mul(group, rh, rh, &point->X, ctx)) +- goto err; +- /* rh := rh + b */ +- if (!BN_mod_add_quick(rh, rh, &group->b, p)) +- goto err; +- } +- +- /* 'lh' := Y^2 */ +- if (!field_sqr(group, tmp, &point->Y, ctx)) +- goto err; +- +- ret = (0 == BN_ucmp(tmp, rh)); +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, +- const EC_POINT *b, BN_CTX *ctx) +-{ +- /*- +- * return values: +- * -1 error +- * 0 equal (in affine coordinates) +- * 1 not equal +- */ +- +- int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, +- const BIGNUM *, BN_CTX *); +- int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp1, *tmp2, *Za23, *Zb23; +- const BIGNUM *tmp1_, *tmp2_; +- int ret = -1; +- +- if (EC_POINT_is_at_infinity(group, a)) { +- return EC_POINT_is_at_infinity(group, b) ? 0 : 1; +- } +- +- if (EC_POINT_is_at_infinity(group, b)) +- return 1; +- +- if (a->Z_is_one && b->Z_is_one) { +- return ((BN_cmp(&a->X, &b->X) == 0) +- && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; +- } +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return -1; +- } +- +- BN_CTX_start(ctx); +- tmp1 = BN_CTX_get(ctx); +- tmp2 = BN_CTX_get(ctx); +- Za23 = BN_CTX_get(ctx); +- Zb23 = BN_CTX_get(ctx); +- if (Zb23 == NULL) +- goto end; +- +- /*- +- * We have to decide whether +- * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), +- * or equivalently, whether +- * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). +- */ +- +- if (!b->Z_is_one) { +- if (!field_sqr(group, Zb23, &b->Z, ctx)) +- goto end; +- if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) +- goto end; +- tmp1_ = tmp1; +- } else +- tmp1_ = &a->X; +- if (!a->Z_is_one) { +- if (!field_sqr(group, Za23, &a->Z, ctx)) +- goto end; +- if (!field_mul(group, tmp2, &b->X, Za23, ctx)) +- goto end; +- tmp2_ = tmp2; +- } else +- tmp2_ = &b->X; +- +- /* compare X_a*Z_b^2 with X_b*Z_a^2 */ +- if (BN_cmp(tmp1_, tmp2_) != 0) { +- ret = 1; /* points differ */ +- goto end; +- } +- +- if (!b->Z_is_one) { +- if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) +- goto end; +- if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) +- goto end; +- /* tmp1_ = tmp1 */ +- } else +- tmp1_ = &a->Y; +- if (!a->Z_is_one) { +- if (!field_mul(group, Za23, Za23, &a->Z, ctx)) +- goto end; +- if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) +- goto end; +- /* tmp2_ = tmp2 */ +- } else +- tmp2_ = &b->Y; +- +- /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ +- if (BN_cmp(tmp1_, tmp2_) != 0) { +- ret = 1; /* points differ */ +- goto end; +- } +- +- /* points are equal */ +- ret = 0; +- +- end: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, +- BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- BIGNUM *x, *y; +- int ret = 0; +- +- if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) +- return 1; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) +- goto err; +- +- if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) +- goto err; +- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) +- goto err; +- if (!point->Z_is_one) { +- ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +-} +- +-int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, +- EC_POINT *points[], BN_CTX *ctx) +-{ +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp, *tmp_Z; +- BIGNUM **prod_Z = NULL; +- size_t i; +- int ret = 0; +- +- if (num == 0) +- return 1; +- +- if (ctx == NULL) { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- tmp = BN_CTX_get(ctx); +- tmp_Z = BN_CTX_get(ctx); +- if (tmp == NULL || tmp_Z == NULL) +- goto err; +- +- prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); +- if (prod_Z == NULL) +- goto err; +- for (i = 0; i < num; i++) { +- prod_Z[i] = BN_new(); +- if (prod_Z[i] == NULL) +- goto err; +- } +- +- /* +- * Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, +- * skipping any zero-valued inputs (pretend that they're 1). +- */ +- +- if (!BN_is_zero(&points[0]->Z)) { +- if (!BN_copy(prod_Z[0], &points[0]->Z)) +- goto err; +- } else { +- if (group->meth->field_set_to_one != 0) { +- if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) +- goto err; +- } else { +- if (!BN_one(prod_Z[0])) +- goto err; +- } +- } +- +- for (i = 1; i < num; i++) { +- if (!BN_is_zero(&points[i]->Z)) { +- if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], +- &points[i]->Z, ctx)) +- goto err; +- } else { +- if (!BN_copy(prod_Z[i], prod_Z[i - 1])) +- goto err; +- } +- } +- +- /* +- * Now use a single explicit inversion to replace every non-zero +- * points[i]->Z by its inverse. +- */ +- +- if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) { +- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); +- goto err; +- } +- if (group->meth->field_encode != 0) { +- /* +- * In the Montgomery case, we just turned R*H (representing H) into +- * 1/(R*H), but we need R*(1/H) (representing 1/H); i.e. we need to +- * multiply by the Montgomery factor twice. +- */ +- if (!group->meth->field_encode(group, tmp, tmp, ctx)) +- goto err; +- if (!group->meth->field_encode(group, tmp, tmp, ctx)) +- goto err; +- } +- +- for (i = num - 1; i > 0; --i) { +- /* +- * Loop invariant: tmp is the product of the inverses of points[0]->Z +- * .. points[i]->Z (zero-valued inputs skipped). +- */ +- if (!BN_is_zero(&points[i]->Z)) { +- /* +- * Set tmp_Z to the inverse of points[i]->Z (as product of Z +- * inverses 0 .. i, Z values 0 .. i - 1). +- */ +- if (!group-> +- meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) +- goto err; +- /* +- * Update tmp to satisfy the loop invariant for i - 1. +- */ +- if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) +- goto err; +- /* Replace points[i]->Z by its inverse. */ +- if (!BN_copy(&points[i]->Z, tmp_Z)) +- goto err; +- } +- } +- +- if (!BN_is_zero(&points[0]->Z)) { +- /* Replace points[0]->Z by its inverse. */ +- if (!BN_copy(&points[0]->Z, tmp)) +- goto err; +- } +- +- /* Finally, fix up the X and Y coordinates for all points. */ +- +- for (i = 0; i < num; i++) { +- EC_POINT *p = points[i]; +- +- if (!BN_is_zero(&p->Z)) { +- /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ +- +- if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) +- goto err; +- if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) +- goto err; +- +- if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) +- goto err; +- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) +- goto err; +- +- if (group->meth->field_set_to_one != 0) { +- if (!group->meth->field_set_to_one(group, &p->Z, ctx)) +- goto err; +- } else { +- if (!BN_one(&p->Z)) +- goto err; +- } +- p->Z_is_one = 1; +- } +- } +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (prod_Z != NULL) { +- for (i = 0; i < num; i++) { +- if (prod_Z[i] == NULL) +- break; +- BN_clear_free(prod_Z[i]); +- } +- OPENSSL_free(prod_Z); +- } +- return ret; +-} +- +-int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +-{ +- return BN_mod_mul(r, a, b, &group->field, ctx); +-} +- +-int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, +- BN_CTX *ctx) +-{ +- return BN_mod_sqr(r, a, &group->field, ctx); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c +deleted file mode 100644 +index f1ec12d..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c ++++ /dev/null +@@ -1,96 +0,0 @@ +-/* crypto/ecdh/ech_err.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* +- * NOTE: this file was auto generated by the mkerr.pl script: any changes +- * made to it will be overwritten when the script next updates this file, +- * only reason strings will be preserved. +- */ +- +-#include +-#include +-#include +- +-/* BEGIN ERROR CODES */ +-#ifndef OPENSSL_NO_ERR +- +-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) +-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason) +- +-static ERR_STRING_DATA ECDH_str_functs[] = { +- {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, +- {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"}, +- {0, NULL} +-}; +- +-static ERR_STRING_DATA ECDH_str_reasons[] = { +- {ERR_REASON(ECDH_R_KDF_FAILED), "KDF failed"}, +- {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE), "no private value"}, +- {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"}, +- {0, NULL} +-}; +- +-#endif +- +-void ERR_load_ECDH_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- +- if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) { +- ERR_load_strings(0, ECDH_str_functs); +- ERR_load_strings(0, ECDH_str_reasons); +- } +-#endif +-} +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c +deleted file mode 100644 +index 4045fb2..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c ++++ /dev/null +@@ -1,84 +0,0 @@ +-/* crypto/ecdh/ecdh_key.c */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * +- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included +- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed +- * to the OpenSSL project. +- * +- * The ECC Code is licensed pursuant to the OpenSSL open source +- * license provided below. +- * +- * The ECDH software is originally written by Douglas Stebila of +- * Sun Microsystems Laboratories. +- * +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "ech_locl.h" +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +- +-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, +- EC_KEY *eckey, +- void *(*KDF) (const void *in, size_t inlen, void *out, +- size_t *outlen)) +-{ +- ECDH_DATA *ecdh = ecdh_check(eckey); +- if (ecdh == NULL) +- return 0; +- return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +deleted file mode 100644 +index 4bba074..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c ++++ /dev/null +@@ -1,242 +0,0 @@ +-/* crypto/ecdh/ech_lib.c */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * +- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included +- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed +- * to the OpenSSL project. +- * +- * The ECC Code is licensed pursuant to the OpenSSL open source +- * license provided below. +- * +- * The ECDH software is originally written by Douglas Stebila of +- * Sun Microsystems Laboratories. +- * +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "ech_locl.h" +-#include +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +-#include +- +-const char ECDH_version[] = "ECDH" OPENSSL_VERSION_PTEXT; +- +-static const ECDH_METHOD *default_ECDH_method = NULL; +- +-static void *ecdh_data_new(void); +-static void *ecdh_data_dup(void *); +-static void ecdh_data_free(void *); +- +-void ECDH_set_default_method(const ECDH_METHOD *meth) +-{ +- default_ECDH_method = meth; +-} +- +-const ECDH_METHOD *ECDH_get_default_method(void) +-{ +- if (!default_ECDH_method) +- default_ECDH_method = ECDH_OpenSSL(); +- return default_ECDH_method; +-} +- +-int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) +-{ +- ECDH_DATA *ecdh; +- +- ecdh = ecdh_check(eckey); +- +- if (ecdh == NULL) +- return 0; +- +-#ifndef OPENSSL_NO_ENGINE +- if (ecdh->engine) { +- ENGINE_finish(ecdh->engine); +- ecdh->engine = NULL; +- } +-#endif +- ecdh->meth = meth; +-#if 0 +- if (meth->init) +- meth->init(eckey); +-#endif +- return 1; +-} +- +-static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) +-{ +- ECDH_DATA *ret; +- +- ret = (ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); +- if (ret == NULL) { +- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- return (NULL); +- } +- +- ret->init = NULL; +- +- ret->meth = ECDH_get_default_method(); +- ret->engine = engine; +-#ifndef OPENSSL_NO_ENGINE +- if (!ret->engine) +- ret->engine = ENGINE_get_default_ECDH(); +- if (ret->engine) { +- ret->meth = ENGINE_get_ECDH(ret->engine); +- if (!ret->meth) { +- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); +- ENGINE_finish(ret->engine); +- OPENSSL_free(ret); +- return NULL; +- } +- } +-#endif +- +- ret->flags = ret->meth->flags; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); +-#if 0 +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); +- OPENSSL_free(ret); +- ret = NULL; +- } +-#endif +- return (ret); +-} +- +-static void *ecdh_data_new(void) +-{ +- return (void *)ECDH_DATA_new_method(NULL); +-} +- +-static void *ecdh_data_dup(void *data) +-{ +- ECDH_DATA *r = (ECDH_DATA *)data; +- +- /* XXX: dummy operation */ +- if (r == NULL) +- return NULL; +- +- return (void *)ecdh_data_new(); +-} +- +-void ecdh_data_free(void *data) +-{ +- ECDH_DATA *r = (ECDH_DATA *)data; +- +-#ifndef OPENSSL_NO_ENGINE +- if (r->engine) +- ENGINE_finish(r->engine); +-#endif +- +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); +- +- OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); +- +- OPENSSL_free(r); +-} +- +-ECDH_DATA *ecdh_check(EC_KEY *key) +-{ +- ECDH_DATA *ecdh_data; +- +- void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, +- ecdh_data_free, ecdh_data_free); +- if (data == NULL) { +- ecdh_data = (ECDH_DATA *)ecdh_data_new(); +- if (ecdh_data == NULL) +- return NULL; +- data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, +- ecdh_data_dup, ecdh_data_free, +- ecdh_data_free); +- if (data != NULL) { +- /* +- * Another thread raced us to install the key_method data and +- * won. +- */ +- ecdh_data_free(ecdh_data); +- ecdh_data = (ECDH_DATA *)data; +- } +- } else +- ecdh_data = (ECDH_DATA *)data; +- +- return ecdh_data; +-} +- +-int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +-{ +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, +- new_func, dup_func, free_func); +-} +- +-int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) +-{ +- ECDH_DATA *ecdh; +- ecdh = ecdh_check(d); +- if (ecdh == NULL) +- return 0; +- return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg)); +-} +- +-void *ECDH_get_ex_data(EC_KEY *d, int idx) +-{ +- ECDH_DATA *ecdh; +- ecdh = ecdh_check(d); +- if (ecdh == NULL) +- return NULL; +- return (CRYPTO_get_ex_data(&ecdh->ex_data, idx)); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_locl.h b/Cryptlib/OpenSSL/crypto/ecdh/ech_locl.h +deleted file mode 100644 +index f658526..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_locl.h ++++ /dev/null +@@ -1,94 +0,0 @@ +-/* crypto/ecdh/ech_locl.h */ +-/* ==================================================================== +- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#ifndef HEADER_ECH_LOCL_H +-#define HEADER_ECH_LOCL_H +- +-#include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-struct ecdh_method +- { +- const char *name; +- int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, +- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); +-#if 0 +- int (*init)(EC_KEY *eckey); +- int (*finish)(EC_KEY *eckey); +-#endif +- int flags; +- char *app_data; +- }; +- +-typedef struct ecdh_data_st { +- /* EC_KEY_METH_DATA part */ +- int (*init)(EC_KEY *); +- /* method specific part */ +- ENGINE *engine; +- int flags; +- const ECDH_METHOD *meth; +- CRYPTO_EX_DATA ex_data; +-} ECDH_DATA; +- +-ECDH_DATA *ecdh_check(EC_KEY *); +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif /* HEADER_ECH_LOCL_H */ +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c +deleted file mode 100644 +index 6a8243d..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c ++++ /dev/null +@@ -1,205 +0,0 @@ +-/* crypto/ecdh/ech_ossl.c */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * +- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included +- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed +- * to the OpenSSL project. +- * +- * The ECC Code is licensed pursuant to the OpenSSL open source +- * license provided below. +- * +- * The ECDH software is originally written by Douglas Stebila of +- * Sun Microsystems Laboratories. +- * +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include +- +-#include "cryptlib.h" +- +-#include "ech_locl.h" +-#include +-#include +-#include +-#include +- +-static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, +- EC_KEY *ecdh, +- void *(*KDF) (const void *in, size_t inlen, +- void *out, size_t *outlen)); +- +-static ECDH_METHOD openssl_ecdh_meth = { +- "OpenSSL ECDH method", +- ecdh_compute_key, +-#if 0 +- NULL, /* init */ +- NULL, /* finish */ +-#endif +- 0, /* flags */ +- NULL /* app_data */ +-}; +- +-const ECDH_METHOD *ECDH_OpenSSL(void) +-{ +- return &openssl_ecdh_meth; +-} +- +-/*- +- * This implementation is based on the following primitives in the IEEE 1363 standard: +- * - ECKAS-DH1 +- * - ECSVDP-DH +- * Finally an optional KDF is applied. +- */ +-static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, +- EC_KEY *ecdh, +- void *(*KDF) (const void *in, size_t inlen, +- void *out, size_t *outlen)) +-{ +- BN_CTX *ctx; +- EC_POINT *tmp = NULL; +- BIGNUM *x = NULL, *y = NULL; +- const BIGNUM *priv_key; +- const EC_GROUP *group; +- int ret = -1; +- size_t buflen, len; +- unsigned char *buf = NULL; +- +- if (outlen > INT_MAX) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of, +- * anyway */ +- return -1; +- } +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- +- priv_key = EC_KEY_get0_private_key(ecdh); +- if (priv_key == NULL) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE); +- goto err; +- } +- +- group = EC_KEY_get0_group(ecdh); +- if ((tmp = EC_POINT_new(group)) == NULL) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); +- goto err; +- } +- +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == +- NID_X9_62_prime_field) { +- if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); +- goto err; +- } +- } else { +- if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); +- goto err; +- } +- } +- +- buflen = (EC_GROUP_get_degree(group) + 7) / 8; +- len = BN_num_bytes(x); +- if (len > buflen) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- if ((buf = OPENSSL_malloc(buflen)) == NULL) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- memset(buf, 0, buflen - len); +- if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); +- goto err; +- } +- +- if (KDF != 0) { +- if (KDF(buf, buflen, out, &outlen) == NULL) { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED); +- goto err; +- } +- ret = outlen; +- } else { +- /* no KDF, just copy as much as we can */ +- if (outlen > buflen) +- outlen = buflen; +- memcpy(out, buf, outlen); +- ret = outlen; +- } +- +- err: +- if (tmp) +- EC_POINT_free(tmp); +- if (ctx) +- BN_CTX_end(ctx); +- if (ctx) +- BN_CTX_free(ctx); +- if (buf) +- OPENSSL_free(buf); +- return (ret); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c +deleted file mode 100644 +index 508b079..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c ++++ /dev/null +@@ -1,67 +0,0 @@ +-/* crypto/ecdsa/ecs_asn1.c */ +-/* ==================================================================== +- * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "ecs_locl.h" +-#include +-#include +- +-ASN1_SEQUENCE(ECDSA_SIG) = { +- ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), +- ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) +-} ASN1_SEQUENCE_END(ECDSA_SIG) +- +-DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG) +-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG) +-IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG) +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c +deleted file mode 100644 +index 80d91af..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c ++++ /dev/null +@@ -1,104 +0,0 @@ +-/* crypto/ecdsa/ecs_err.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* +- * NOTE: this file was auto generated by the mkerr.pl script: any changes +- * made to it will be overwritten when the script next updates this file, +- * only reason strings will be preserved. +- */ +- +-#include +-#include +-#include +- +-/* BEGIN ERROR CODES */ +-#ifndef OPENSSL_NO_ERR +- +-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) +-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) +- +-static ERR_STRING_DATA ECDSA_str_functs[] = { +- {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, +- {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, +- {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, +- {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, +- {0, NULL} +-}; +- +-static ERR_STRING_DATA ECDSA_str_reasons[] = { +- {ERR_REASON(ECDSA_R_BAD_SIGNATURE), "bad signature"}, +- {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), +- "data too large for key size"}, +- {ERR_REASON(ECDSA_R_ERR_EC_LIB), "err ec lib"}, +- {ERR_REASON(ECDSA_R_MISSING_PARAMETERS), "missing parameters"}, +- {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, +- {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED), +- "random number generation failed"}, +- {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"}, +- {0, NULL} +-}; +- +-#endif +- +-void ERR_load_ECDSA_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- +- if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) { +- ERR_load_strings(0, ECDSA_str_functs); +- ERR_load_strings(0, ECDSA_str_reasons); +- } +-#endif +-} +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +deleted file mode 100644 +index dfcb6db..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c ++++ /dev/null +@@ -1,259 +0,0 @@ +-/* crypto/ecdsa/ecs_lib.c */ +-/* ==================================================================== +- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include "ecs_locl.h" +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +-#include +-#include +- +-const char ECDSA_version[] = "ECDSA" OPENSSL_VERSION_PTEXT; +- +-static const ECDSA_METHOD *default_ECDSA_method = NULL; +- +-static void *ecdsa_data_new(void); +-static void *ecdsa_data_dup(void *); +-static void ecdsa_data_free(void *); +- +-void ECDSA_set_default_method(const ECDSA_METHOD *meth) +-{ +- default_ECDSA_method = meth; +-} +- +-const ECDSA_METHOD *ECDSA_get_default_method(void) +-{ +- if (!default_ECDSA_method) +- default_ECDSA_method = ECDSA_OpenSSL(); +- return default_ECDSA_method; +-} +- +-int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) +-{ +- ECDSA_DATA *ecdsa; +- +- ecdsa = ecdsa_check(eckey); +- +- if (ecdsa == NULL) +- return 0; +- +-#ifndef OPENSSL_NO_ENGINE +- if (ecdsa->engine) { +- ENGINE_finish(ecdsa->engine); +- ecdsa->engine = NULL; +- } +-#endif +- ecdsa->meth = meth; +- +- return 1; +-} +- +-static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) +-{ +- ECDSA_DATA *ret; +- +- ret = (ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); +- if (ret == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- return (NULL); +- } +- +- ret->init = NULL; +- +- ret->meth = ECDSA_get_default_method(); +- ret->engine = engine; +-#ifndef OPENSSL_NO_ENGINE +- if (!ret->engine) +- ret->engine = ENGINE_get_default_ECDSA(); +- if (ret->engine) { +- ret->meth = ENGINE_get_ECDSA(ret->engine); +- if (!ret->meth) { +- ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); +- ENGINE_finish(ret->engine); +- OPENSSL_free(ret); +- return NULL; +- } +- } +-#endif +- +- ret->flags = ret->meth->flags; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); +-#if 0 +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); +- OPENSSL_free(ret); +- ret = NULL; +- } +-#endif +- return (ret); +-} +- +-static void *ecdsa_data_new(void) +-{ +- return (void *)ECDSA_DATA_new_method(NULL); +-} +- +-static void *ecdsa_data_dup(void *data) +-{ +- ECDSA_DATA *r = (ECDSA_DATA *)data; +- +- /* XXX: dummy operation */ +- if (r == NULL) +- return NULL; +- +- return ecdsa_data_new(); +-} +- +-static void ecdsa_data_free(void *data) +-{ +- ECDSA_DATA *r = (ECDSA_DATA *)data; +- +-#ifndef OPENSSL_NO_ENGINE +- if (r->engine) +- ENGINE_finish(r->engine); +-#endif +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); +- +- OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); +- +- OPENSSL_free(r); +-} +- +-ECDSA_DATA *ecdsa_check(EC_KEY *key) +-{ +- ECDSA_DATA *ecdsa_data; +- +- void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, +- ecdsa_data_free, ecdsa_data_free); +- if (data == NULL) { +- ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); +- if (ecdsa_data == NULL) +- return NULL; +- data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, +- ecdsa_data_dup, ecdsa_data_free, +- ecdsa_data_free); +- if (data != NULL) { +- /* +- * Another thread raced us to install the key_method data and +- * won. +- */ +- ecdsa_data_free(ecdsa_data); +- ecdsa_data = (ECDSA_DATA *)data; +- } +- } else +- ecdsa_data = (ECDSA_DATA *)data; +- +- return ecdsa_data; +-} +- +-int ECDSA_size(const EC_KEY *r) +-{ +- int ret, i; +- ASN1_INTEGER bs; +- BIGNUM *order = NULL; +- unsigned char buf[4]; +- const EC_GROUP *group; +- +- if (r == NULL) +- return 0; +- group = EC_KEY_get0_group(r); +- if (group == NULL) +- return 0; +- +- if ((order = BN_new()) == NULL) +- return 0; +- if (!EC_GROUP_get_order(group, order, NULL)) { +- BN_clear_free(order); +- return 0; +- } +- i = BN_num_bits(order); +- bs.length = (i + 7) / 8; +- bs.data = buf; +- bs.type = V_ASN1_INTEGER; +- /* If the top bit is set the asn1 encoding is 1 larger. */ +- buf[0] = 0xff; +- +- i = i2d_ASN1_INTEGER(&bs, NULL); +- i += i; /* r and s */ +- ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); +- BN_clear_free(order); +- return (ret); +-} +- +-int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +-{ +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, +- new_func, dup_func, free_func); +-} +- +-int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) +-{ +- ECDSA_DATA *ecdsa; +- ecdsa = ecdsa_check(d); +- if (ecdsa == NULL) +- return 0; +- return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg)); +-} +- +-void *ECDSA_get_ex_data(EC_KEY *d, int idx) +-{ +- ECDSA_DATA *ecdsa; +- ecdsa = ecdsa_check(d); +- if (ecdsa == NULL) +- return NULL; +- return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx)); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_locl.h b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_locl.h +deleted file mode 100644 +index 3a69a84..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_locl.h ++++ /dev/null +@@ -1,107 +0,0 @@ +-/* crypto/ecdsa/ecs_locl.h */ +-/* +- * Written by Nils Larsch for the OpenSSL project +- */ +-/* ==================================================================== +- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#ifndef HEADER_ECS_LOCL_H +-#define HEADER_ECS_LOCL_H +- +-#include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-struct ecdsa_method +- { +- const char *name; +- ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, +- const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey); +- int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, +- BIGNUM **r); +- int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY *eckey); +-#if 0 +- int (*init)(EC_KEY *eckey); +- int (*finish)(EC_KEY *eckey); +-#endif +- int flags; +- char *app_data; +- }; +- +-typedef struct ecdsa_data_st { +- /* EC_KEY_METH_DATA part */ +- int (*init)(EC_KEY *); +- /* method (ECDSA) specific part */ +- ENGINE *engine; +- int flags; +- const ECDSA_METHOD *meth; +- CRYPTO_EX_DATA ex_data; +-} ECDSA_DATA; +- +-/** ecdsa_check +- * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure +- * and if not it removes the old meth_data and creates a ECDSA_DATA structure. +- * \param eckey pointer to a EC_KEY object +- * \return pointer to a ECDSA_DATA structure +- */ +-ECDSA_DATA *ecdsa_check(EC_KEY *eckey); +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif /* HEADER_ECS_LOCL_H */ +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c +deleted file mode 100644 +index 8b29b24..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c ++++ /dev/null +@@ -1,437 +0,0 @@ +-/* crypto/ecdsa/ecs_ossl.c */ +-/* +- * Written by Nils Larsch for the OpenSSL project +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "ecs_locl.h" +-#include +-#include +-#include +- +-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, +- const BIGNUM *, const BIGNUM *, +- EC_KEY *eckey); +-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp); +-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY *eckey); +- +-static ECDSA_METHOD openssl_ecdsa_meth = { +- "OpenSSL ECDSA method", +- ecdsa_do_sign, +- ecdsa_sign_setup, +- ecdsa_do_verify, +-#if 0 +- NULL, /* init */ +- NULL, /* finish */ +-#endif +- 0, /* flags */ +- NULL /* app_data */ +-}; +- +-const ECDSA_METHOD *ECDSA_OpenSSL(void) +-{ +- return &openssl_ecdsa_meth; +-} +- +-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp) +-{ +- BN_CTX *ctx = NULL; +- BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; +- EC_POINT *tmp_point = NULL; +- const EC_GROUP *group; +- int ret = 0; +- +- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- if (ctx_in == NULL) { +- if ((ctx = BN_CTX_new()) == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } else +- ctx = ctx_in; +- +- k = BN_new(); /* this value is later returned in *kinvp */ +- r = BN_new(); /* this value is later returned in *rp */ +- order = BN_new(); +- X = BN_new(); +- if (!k || !r || !order || !X) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if ((tmp_point = EC_POINT_new(group)) == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); +- goto err; +- } +- if (!EC_GROUP_get_order(group, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); +- goto err; +- } +- +- do { +- /* get random k */ +- do +- if (!BN_rand_range(k, order)) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, +- ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); +- goto err; +- } +- while (BN_is_zero(k)) ; +- +- /* +- * We do not want timing information to leak the length of k, so we +- * compute G*k using an equivalent scalar of fixed bit-length. +- */ +- +- if (!BN_add(k, k, order)) +- goto err; +- if (BN_num_bits(k) <= BN_num_bits(order)) +- if (!BN_add(k, k, order)) +- goto err; +- +- /* compute r the x-coordinate of generator * k */ +- if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); +- goto err; +- } +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == +- NID_X9_62_prime_field) { +- if (!EC_POINT_get_affine_coordinates_GFp +- (group, tmp_point, X, NULL, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); +- goto err; +- } +- } else { /* NID_X9_62_characteristic_two_field */ +- +- if (!EC_POINT_get_affine_coordinates_GF2m(group, +- tmp_point, X, NULL, +- ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); +- goto err; +- } +- } +- if (!BN_nnmod(r, X, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); +- goto err; +- } +- } +- while (BN_is_zero(r)); +- +- /* compute the inverse of k */ +- if (!BN_mod_inverse(k, k, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); +- goto err; +- } +- /* clear old values if necessary */ +- if (*rp != NULL) +- BN_clear_free(*rp); +- if (*kinvp != NULL) +- BN_clear_free(*kinvp); +- /* save the pre-computed values */ +- *rp = r; +- *kinvp = k; +- ret = 1; +- err: +- if (!ret) { +- if (k != NULL) +- BN_clear_free(k); +- if (r != NULL) +- BN_clear_free(r); +- } +- if (ctx_in == NULL) +- BN_CTX_free(ctx); +- if (order != NULL) +- BN_free(order); +- if (tmp_point != NULL) +- EC_POINT_free(tmp_point); +- if (X) +- BN_clear_free(X); +- return (ret); +-} +- +-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, +- const BIGNUM *in_kinv, const BIGNUM *in_r, +- EC_KEY *eckey) +-{ +- int ok = 0, i; +- BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL; +- const BIGNUM *ckinv; +- BN_CTX *ctx = NULL; +- const EC_GROUP *group; +- ECDSA_SIG *ret; +- ECDSA_DATA *ecdsa; +- const BIGNUM *priv_key; +- +- ecdsa = ecdsa_check(eckey); +- group = EC_KEY_get0_group(eckey); +- priv_key = EC_KEY_get0_private_key(eckey); +- +- if (group == NULL || priv_key == NULL || ecdsa == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- +- ret = ECDSA_SIG_new(); +- if (!ret) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- s = ret->s; +- +- if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || +- (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!EC_GROUP_get_order(group, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); +- goto err; +- } +- i = BN_num_bits(order); +- /* +- * Need to truncate digest if it is too long: first truncate whole bytes. +- */ +- if (8 * dgst_len > i) +- dgst_len = (i + 7) / 8; +- if (!BN_bin2bn(dgst, dgst_len, m)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- /* If still too long truncate remaining bits with a shift */ +- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- do { +- if (in_kinv == NULL || in_r == NULL) { +- if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_ECDSA_LIB); +- goto err; +- } +- ckinv = kinv; +- } else { +- ckinv = in_kinv; +- if (BN_copy(ret->r, in_r) == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- if (!BN_mod_add_quick(s, tmp, m, order)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- if (!BN_mod_mul(s, s, ckinv, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- if (BN_is_zero(s)) { +- /* +- * if kinv and r have been supplied by the caller don't to +- * generate new kinv and r values +- */ +- if (in_kinv != NULL && in_r != NULL) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, +- ECDSA_R_NEED_NEW_SETUP_VALUES); +- goto err; +- } +- } else +- /* s != 0 => we have a valid signature */ +- break; +- } +- while (1); +- +- ok = 1; +- err: +- if (!ok) { +- ECDSA_SIG_free(ret); +- ret = NULL; +- } +- if (ctx) +- BN_CTX_free(ctx); +- if (m) +- BN_clear_free(m); +- if (tmp) +- BN_clear_free(tmp); +- if (order) +- BN_free(order); +- if (kinv) +- BN_clear_free(kinv); +- return ret; +-} +- +-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY *eckey) +-{ +- int ret = -1, i; +- BN_CTX *ctx; +- BIGNUM *order, *u1, *u2, *m, *X; +- EC_POINT *point = NULL; +- const EC_GROUP *group; +- const EC_POINT *pub_key; +- +- /* check input values */ +- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || +- (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); +- return -1; +- } +- +- ctx = BN_CTX_new(); +- if (!ctx) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); +- return -1; +- } +- BN_CTX_start(ctx); +- order = BN_CTX_get(ctx); +- u1 = BN_CTX_get(ctx); +- u2 = BN_CTX_get(ctx); +- m = BN_CTX_get(ctx); +- X = BN_CTX_get(ctx); +- if (!X) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- +- if (!EC_GROUP_get_order(group, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); +- goto err; +- } +- +- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || +- BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || +- BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); +- ret = 0; /* signature is invalid */ +- goto err; +- } +- /* calculate tmp1 = inv(S) mod order */ +- if (!BN_mod_inverse(u2, sig->s, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* digest -> m */ +- i = BN_num_bits(order); +- /* +- * Need to truncate digest if it is too long: first truncate whole bytes. +- */ +- if (8 * dgst_len > i) +- dgst_len = (i + 7) / 8; +- if (!BN_bin2bn(dgst, dgst_len, m)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* If still too long truncate remaining bits with a shift */ +- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* u1 = m * tmp mod order */ +- if (!BN_mod_mul(u1, m, u2, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* u2 = r * w mod q */ +- if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- +- if ((point = EC_POINT_new(group)) == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); +- goto err; +- } +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == +- NID_X9_62_prime_field) { +- if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); +- goto err; +- } +- } else { /* NID_X9_62_characteristic_two_field */ +- +- if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- if (!BN_nnmod(u1, X, order, ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* if the signature is correct u1 is equal to sig->r */ +- ret = (BN_ucmp(u1, sig->r) == 0); +- err: +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- if (point) +- EC_POINT_free(point); +- return ret; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c +deleted file mode 100644 +index 28652d4..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c ++++ /dev/null +@@ -1,106 +0,0 @@ +-/* crypto/ecdsa/ecdsa_sign.c */ +-/* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "ecs_locl.h" +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +-#include +- +-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) +-{ +- return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); +-} +- +-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, +- const BIGNUM *kinv, const BIGNUM *rp, +- EC_KEY *eckey) +-{ +- ECDSA_DATA *ecdsa = ecdsa_check(eckey); +- if (ecdsa == NULL) +- return NULL; +- return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); +-} +- +-int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char +- *sig, unsigned int *siglen, EC_KEY *eckey) +-{ +- return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); +-} +- +-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char +- *sig, unsigned int *siglen, const BIGNUM *kinv, +- const BIGNUM *r, EC_KEY *eckey) +-{ +- ECDSA_SIG *s; +- RAND_seed(dgst, dlen); +- s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); +- if (s == NULL) { +- *siglen = 0; +- return 0; +- } +- *siglen = i2d_ECDSA_SIG(s, &sig); +- ECDSA_SIG_free(s); +- return 1; +-} +- +-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp) +-{ +- ECDSA_DATA *ecdsa = ecdsa_check(eckey); +- if (ecdsa == NULL) +- return 0; +- return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c +deleted file mode 100644 +index e909aeb..0000000 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c ++++ /dev/null +@@ -1,112 +0,0 @@ +-/* crypto/ecdsa/ecdsa_vrf.c */ +-/* +- * Written by Nils Larsch for the OpenSSL project +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "ecs_locl.h" +-#include +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +- +-/*- +- * returns +- * 1: correct signature +- * 0: incorrect signature +- * -1: error +- */ +-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY *eckey) +-{ +- ECDSA_DATA *ecdsa = ecdsa_check(eckey); +- if (ecdsa == NULL) +- return 0; +- return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); +-} +- +-/*- +- * returns +- * 1: correct signature +- * 0: incorrect signature +- * -1: error +- */ +-int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, +- const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) +-{ +- ECDSA_SIG *s; +- const unsigned char *p = sigbuf; +- unsigned char *der = NULL; +- int derlen = -1; +- int ret = -1; +- +- s = ECDSA_SIG_new(); +- if (s == NULL) +- return (ret); +- if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) +- goto err; +- /* Ensure signature uses DER and doesn't have trailing garbage */ +- derlen = i2d_ECDSA_SIG(s, &der); +- if (derlen != sig_len || memcmp(sigbuf, der, derlen)) +- goto err; +- ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); +- err: +- if (derlen > 0) { +- OPENSSL_cleanse(der, derlen); +- OPENSSL_free(der); +- } +- ECDSA_SIG_free(s); +- return (ret); +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c +deleted file mode 100644 +index 0683df8..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c ++++ /dev/null +@@ -1,129 +0,0 @@ +-/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */ +-/* +- * Written by Richard Levitte for the OpenSSL project +- * 2000. +- */ +-/* ==================================================================== +- * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "cryptlib.h" +-#include "eng_int.h" +- +-void ENGINE_load_builtin_engines(void) +-{ +- /* +- * There's no longer any need for an "openssl" ENGINE unless, one day, it +- * is the *only* way for standard builtin implementations to be be +- * accessed (ie. it would be possible to statically link binaries with +- * *no* builtin implementations). +- */ +-#if 0 +- ENGINE_load_openssl(); +-#endif +-#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) +- ENGINE_load_padlock(); +-#endif +- ENGINE_load_dynamic(); +-#ifndef OPENSSL_NO_STATIC_ENGINE +-# ifndef OPENSSL_NO_HW +-# ifndef OPENSSL_NO_HW_4758_CCA +- ENGINE_load_4758cca(); +-# endif +-# ifndef OPENSSL_NO_HW_AEP +- ENGINE_load_aep(); +-# endif +-# ifndef OPENSSL_NO_HW_ATALLA +- ENGINE_load_atalla(); +-# endif +-# ifndef OPENSSL_NO_HW_CSWIFT +- ENGINE_load_cswift(); +-# endif +-# ifndef OPENSSL_NO_HW_NCIPHER +- ENGINE_load_chil(); +-# endif +-# ifndef OPENSSL_NO_HW_NURON +- ENGINE_load_nuron(); +-# endif +-# ifndef OPENSSL_NO_HW_SUREWARE +- ENGINE_load_sureware(); +-# endif +-# ifndef OPENSSL_NO_HW_UBSEC +- ENGINE_load_ubsec(); +-# endif +-# endif +-# if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) +- ENGINE_load_gmp(); +-# endif +-# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) +- ENGINE_load_capi(); +-# endif +-#endif +-#ifndef OPENSSL_NO_HW +-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +- ENGINE_load_cryptodev(); +-# endif +-#endif +-} +- +-#if defined(__OpenBSD__) || defined(__FreeBSD__) +-void ENGINE_setup_bsd_cryptodev(void) +-{ +- static int bsd_cryptodev_default_loaded = 0; +- if (!bsd_cryptodev_default_loaded) { +- ENGINE_load_cryptodev(); +- ENGINE_register_all_complete(); +- } +- bsd_cryptodev_default_loaded = 1; +-} +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c +deleted file mode 100644 +index f09bec4..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c ++++ /dev/null +@@ -1,242 +0,0 @@ +-/* eng_cnf.c */ +-/* +- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project +- * 2001. +- */ +-/* ==================================================================== +- * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +-#include +- +-/* #define ENGINE_CONF_DEBUG */ +- +-/* ENGINE config module */ +- +-static char *skip_dot(char *name) +-{ +- char *p; +- p = strchr(name, '.'); +- if (p) +- return p + 1; +- return name; +-} +- +-static STACK_OF(ENGINE) *initialized_engines = NULL; +- +-static int int_engine_init(ENGINE *e) +-{ +- if (!ENGINE_init(e)) +- return 0; +- if (!initialized_engines) +- initialized_engines = sk_ENGINE_new_null(); +- if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) { +- ENGINE_finish(e); +- return 0; +- } +- return 1; +-} +- +-static int int_engine_configure(char *name, char *value, const CONF *cnf) +-{ +- int i; +- int ret = 0; +- long do_init = -1; +- STACK_OF(CONF_VALUE) *ecmds; +- CONF_VALUE *ecmd = NULL; +- char *ctrlname, *ctrlvalue; +- ENGINE *e = NULL; +- int soft = 0; +- +- name = skip_dot(name); +-#ifdef ENGINE_CONF_DEBUG +- fprintf(stderr, "Configuring engine %s\n", name); +-#endif +- /* Value is a section containing ENGINE commands */ +- ecmds = NCONF_get_section(cnf, value); +- +- if (!ecmds) { +- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, +- ENGINE_R_ENGINE_SECTION_ERROR); +- return 0; +- } +- +- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { +- ecmd = sk_CONF_VALUE_value(ecmds, i); +- ctrlname = skip_dot(ecmd->name); +- ctrlvalue = ecmd->value; +-#ifdef ENGINE_CONF_DEBUG +- fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, +- ctrlvalue); +-#endif +- +- /* First handle some special pseudo ctrls */ +- +- /* Override engine name to use */ +- if (!strcmp(ctrlname, "engine_id")) +- name = ctrlvalue; +- else if (!strcmp(ctrlname, "soft_load")) +- soft = 1; +- /* Load a dynamic ENGINE */ +- else if (!strcmp(ctrlname, "dynamic_path")) { +- e = ENGINE_by_id("dynamic"); +- if (!e) +- goto err; +- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0)) +- goto err; +- if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0)) +- goto err; +- if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) +- goto err; +- } +- /* ... add other pseudos here ... */ +- else { +- /* +- * At this point we need an ENGINE structural reference if we +- * don't already have one. +- */ +- if (!e) { +- e = ENGINE_by_id(name); +- if (!e && soft) { +- ERR_clear_error(); +- return 1; +- } +- if (!e) +- goto err; +- } +- /* +- * Allow "EMPTY" to mean no value: this allows a valid "value" to +- * be passed to ctrls of type NO_INPUT +- */ +- if (!strcmp(ctrlvalue, "EMPTY")) +- ctrlvalue = NULL; +- if (!strcmp(ctrlname, "init")) { +- if (!NCONF_get_number_e(cnf, value, "init", &do_init)) +- goto err; +- if (do_init == 1) { +- if (!int_engine_init(e)) +- goto err; +- } else if (do_init != 0) { +- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, +- ENGINE_R_INVALID_INIT_VALUE); +- goto err; +- } +- } else if (!strcmp(ctrlname, "default_algorithms")) { +- if (!ENGINE_set_default_string(e, ctrlvalue)) +- goto err; +- } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) +- goto err; +- } +- +- } +- if (e && (do_init == -1) && !int_engine_init(e)) { +- ecmd = NULL; +- goto err; +- } +- ret = 1; +- err: +- if (ret != 1) { +- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, +- ENGINE_R_ENGINE_CONFIGURATION_ERROR); +- if (ecmd) +- ERR_add_error_data(6, "section=", ecmd->section, +- ", name=", ecmd->name, +- ", value=", ecmd->value); +- } +- if (e) +- ENGINE_free(e); +- return ret; +-} +- +-static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) +-{ +- STACK_OF(CONF_VALUE) *elist; +- CONF_VALUE *cval; +- int i; +-#ifdef ENGINE_CONF_DEBUG +- fprintf(stderr, "Called engine module: name %s, value %s\n", +- CONF_imodule_get_name(md), CONF_imodule_get_value(md)); +-#endif +- /* Value is a section containing ENGINEs to configure */ +- elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); +- +- if (!elist) { +- ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, +- ENGINE_R_ENGINES_SECTION_ERROR); +- return 0; +- } +- +- for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { +- cval = sk_CONF_VALUE_value(elist, i); +- if (!int_engine_configure(cval->name, cval->value, cnf)) +- return 0; +- } +- +- return 1; +-} +- +-static void int_engine_module_finish(CONF_IMODULE *md) +-{ +- ENGINE *e; +- while ((e = sk_ENGINE_pop(initialized_engines))) +- ENGINE_finish(e); +- sk_ENGINE_free(initialized_engines); +- initialized_engines = NULL; +-} +- +-void ENGINE_add_conf_module(void) +-{ +- CONF_module_add("engines", +- int_engine_module_init, int_engine_module_finish); +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c +deleted file mode 100644 +index c94674e..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c ++++ /dev/null +@@ -1,1175 +0,0 @@ +-/* +- * Copyright (c) 2002 Bob Beck +- * Copyright (c) 2002 Theo de Raadt +- * Copyright (c) 2002 Markus Friedl +- * All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY +- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY +- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- * +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ +- (defined(OpenBSD) || defined(__FreeBSD__)) +-# include +-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) +-# define HAVE_CRYPTODEV +-# endif +-# if (OpenBSD >= 200110) +-# define HAVE_SYSLOG_R +-# endif +-#endif +- +-#ifndef HAVE_CRYPTODEV +- +-void ENGINE_load_cryptodev(void) +-{ +- /* This is a NOP on platforms without /dev/crypto */ +- return; +-} +- +-#else +- +-# include +-# include +-# include +-# include +-# include +-# include +-# include +-# include +-# include +-# include +-# include +- +-struct dev_crypto_state { +- struct session_op d_sess; +- int d_fd; +-}; +- +-static u_int32_t cryptodev_asymfeat = 0; +- +-static int get_asym_dev_crypto(void); +-static int open_dev_crypto(void); +-static int get_dev_crypto(void); +-static int cryptodev_max_iv(int cipher); +-static int cryptodev_key_length_valid(int cipher, int len); +-static int cipher_nid_to_cryptodev(int nid); +-static int get_cryptodev_ciphers(const int **cnids); +-/* +- * static int get_cryptodev_digests(const int **cnids); +- */ +-static int cryptodev_usable_ciphers(const int **nids); +-static int cryptodev_usable_digests(const int **nids); +-static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); +-static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); +-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); +-static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid); +-static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid); +-static int bn2crparam(const BIGNUM *a, struct crparam *crp); +-static int crparam2bn(struct crparam *crp, BIGNUM *a); +-static void zapparams(struct crypt_kop *kop); +-static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, +- int slen, BIGNUM *s); +- +-static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); +-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx); +-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx); +-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, +- BN_CTX *ctx, BN_MONT_CTX *m_ctx); +-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, +- BIGNUM *p, BN_CTX *ctx, +- BN_MONT_CTX *mont); +-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, +- DSA *dsa); +-static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, +- DSA_SIG *sig, DSA *dsa); +-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); +-static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, +- DH *dh); +-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ()); +-void ENGINE_load_cryptodev(void); +- +-static const ENGINE_CMD_DEFN cryptodev_defns[] = { +- {0, NULL, NULL, 0} +-}; +- +-static struct { +- int id; +- int nid; +- int ivmax; +- int keylen; +-} ciphers[] = { +- { +- CRYPTO_DES_CBC, NID_des_cbc, 8, 8, +- }, +- { +- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, +- }, +- { +- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, +- }, +- { +- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, +- }, +- { +- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, +- }, +- { +- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, +- }, +- { +- 0, NID_undef, 0, 0, +- }, +-}; +- +-# if 0 +-static struct { +- int id; +- int nid; +-} digests[] = { +- { +- CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, +- }, +- { +- CRYPTO_RIPEMD160_HMAC, NID_ripemd160, +- }, +- { +- CRYPTO_MD5_KPDK, NID_undef, +- }, +- { +- CRYPTO_SHA1_KPDK, NID_undef, +- }, +- { +- CRYPTO_MD5, NID_md5, +- }, +- { +- CRYPTO_SHA1, NID_undef, +- }, +- { +- 0, NID_undef, +- }, +-}; +-# endif +- +-/* +- * Return a fd if /dev/crypto seems usable, 0 otherwise. +- */ +-static int open_dev_crypto(void) +-{ +- static int fd = -1; +- +- if (fd == -1) { +- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) +- return (-1); +- /* close on exec */ +- if (fcntl(fd, F_SETFD, 1) == -1) { +- close(fd); +- fd = -1; +- return (-1); +- } +- } +- return (fd); +-} +- +-static int get_dev_crypto(void) +-{ +- int fd, retfd; +- +- if ((fd = open_dev_crypto()) == -1) +- return (-1); +- if (ioctl(fd, CRIOGET, &retfd) == -1) +- return (-1); +- +- /* close on exec */ +- if (fcntl(retfd, F_SETFD, 1) == -1) { +- close(retfd); +- return (-1); +- } +- return (retfd); +-} +- +-/* Caching version for asym operations */ +-static int get_asym_dev_crypto(void) +-{ +- static int fd = -1; +- +- if (fd == -1) +- fd = get_dev_crypto(); +- return fd; +-} +- +-/* +- * XXXX this needs to be set for each alg - and determined from +- * a running card. +- */ +-static int cryptodev_max_iv(int cipher) +-{ +- int i; +- +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].id == cipher) +- return (ciphers[i].ivmax); +- return (0); +-} +- +-/* +- * XXXX this needs to be set for each alg - and determined from +- * a running card. For now, fake it out - but most of these +- * for real devices should return 1 for the supported key +- * sizes the device can handle. +- */ +-static int cryptodev_key_length_valid(int cipher, int len) +-{ +- int i; +- +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].id == cipher) +- return (ciphers[i].keylen == len); +- return (0); +-} +- +-/* convert libcrypto nids to cryptodev */ +-static int cipher_nid_to_cryptodev(int nid) +-{ +- int i; +- +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].nid == nid) +- return (ciphers[i].id); +- return (0); +-} +- +-/* +- * Find out what ciphers /dev/crypto will let us have a session for. +- * XXX note, that some of these openssl doesn't deal with yet! +- * returning them here is harmless, as long as we return NULL +- * when asked for a handler in the cryptodev_engine_ciphers routine +- */ +-static int get_cryptodev_ciphers(const int **cnids) +-{ +- static int nids[CRYPTO_ALGORITHM_MAX]; +- struct session_op sess; +- int fd, i, count = 0; +- +- if ((fd = get_dev_crypto()) < 0) { +- *cnids = NULL; +- return (0); +- } +- memset(&sess, 0, sizeof(sess)); +- sess.key = (caddr_t) "123456781234567812345678"; +- +- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { +- if (ciphers[i].nid == NID_undef) +- continue; +- sess.cipher = ciphers[i].id; +- sess.keylen = ciphers[i].keylen; +- sess.mac = 0; +- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && +- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +- nids[count++] = ciphers[i].nid; +- } +- close(fd); +- +- if (count > 0) +- *cnids = nids; +- else +- *cnids = NULL; +- return (count); +-} +- +-# if 0 /* unused */ +-/* +- * Find out what digests /dev/crypto will let us have a session for. +- * XXX note, that some of these openssl doesn't deal with yet! +- * returning them here is harmless, as long as we return NULL +- * when asked for a handler in the cryptodev_engine_digests routine +- */ +-static int get_cryptodev_digests(const int **cnids) +-{ +- static int nids[CRYPTO_ALGORITHM_MAX]; +- struct session_op sess; +- int fd, i, count = 0; +- +- if ((fd = get_dev_crypto()) < 0) { +- *cnids = NULL; +- return (0); +- } +- memset(&sess, 0, sizeof(sess)); +- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { +- if (digests[i].nid == NID_undef) +- continue; +- sess.mac = digests[i].id; +- sess.cipher = 0; +- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && +- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +- nids[count++] = digests[i].nid; +- } +- close(fd); +- +- if (count > 0) +- *cnids = nids; +- else +- *cnids = NULL; +- return (count); +-} +- +-# endif +- +-/* +- * Find the useable ciphers|digests from dev/crypto - this is the first +- * thing called by the engine init crud which determines what it +- * can use for ciphers from this engine. We want to return +- * only what we can do, anythine else is handled by software. +- * +- * If we can't initialize the device to do anything useful for +- * any reason, we want to return a NULL array, and 0 length, +- * which forces everything to be done is software. By putting +- * the initalization of the device in here, we ensure we can +- * use this engine as the default, and if for whatever reason +- * /dev/crypto won't do what we want it will just be done in +- * software +- * +- * This can (should) be greatly expanded to perhaps take into +- * account speed of the device, and what we want to do. +- * (although the disabling of particular alg's could be controlled +- * by the device driver with sysctl's.) - this is where we +- * want most of the decisions made about what we actually want +- * to use from /dev/crypto. +- */ +-static int cryptodev_usable_ciphers(const int **nids) +-{ +- return (get_cryptodev_ciphers(nids)); +-} +- +-static int cryptodev_usable_digests(const int **nids) +-{ +- /* +- * XXXX just disable all digests for now, because it sucks. +- * we need a better way to decide this - i.e. I may not +- * want digests on slow cards like hifn on fast machines, +- * but might want them on slow or loaded machines, etc. +- * will also want them when using crypto cards that don't +- * suck moose gonads - would be nice to be able to decide something +- * as reasonable default without having hackery that's card dependent. +- * of course, the default should probably be just do everything, +- * with perhaps a sysctl to turn algoritms off (or have them off +- * by default) on cards that generally suck like the hifn. +- */ +- *nids = NULL; +- return (0); +-} +- +-static int +-cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +-{ +- struct crypt_op cryp; +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- const void *iiv; +- unsigned char save_iv[EVP_MAX_IV_LENGTH]; +- +- if (state->d_fd < 0) +- return (0); +- if (!inl) +- return (1); +- if ((inl % ctx->cipher->block_size) != 0) +- return (0); +- +- memset(&cryp, 0, sizeof(cryp)); +- +- cryp.ses = sess->ses; +- cryp.flags = 0; +- cryp.len = inl; +- cryp.src = (caddr_t) in; +- cryp.dst = (caddr_t) out; +- cryp.mac = 0; +- +- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; +- +- if (ctx->cipher->iv_len) { +- cryp.iv = (caddr_t) ctx->iv; +- if (!ctx->encrypt) { +- iiv = in + inl - ctx->cipher->iv_len; +- memcpy(save_iv, iiv, ctx->cipher->iv_len); +- } +- } else +- cryp.iv = NULL; +- +- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { +- /* +- * XXX need better errror handling this can fail for a number of +- * different reasons. +- */ +- return (0); +- } +- +- if (ctx->cipher->iv_len) { +- if (ctx->encrypt) +- iiv = out + inl - ctx->cipher->iv_len; +- else +- iiv = save_iv; +- memcpy(ctx->iv, iiv, ctx->cipher->iv_len); +- } +- return (1); +-} +- +-static int +-cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +-{ +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- int cipher; +- +- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) +- return (0); +- +- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) +- return (0); +- +- if (!cryptodev_key_length_valid(cipher, ctx->key_len)) +- return (0); +- +- memset(sess, 0, sizeof(struct session_op)); +- +- if ((state->d_fd = get_dev_crypto()) < 0) +- return (0); +- +- sess->key = (char *)key; +- sess->keylen = ctx->key_len; +- sess->cipher = cipher; +- +- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { +- close(state->d_fd); +- state->d_fd = -1; +- return (0); +- } +- return (1); +-} +- +-/* +- * free anything we allocated earlier when initting a +- * session, and close the session. +- */ +-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) +-{ +- int ret = 0; +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- +- if (state->d_fd < 0) +- return (0); +- +- /* +- * XXX if this ioctl fails, someting's wrong. the invoker may have called +- * us with a bogus ctx, or we could have a device that for whatever +- * reason just doesn't want to play ball - it's not clear what's right +- * here - should this be an error? should it just increase a counter, +- * hmm. For right now, we return 0 - I don't believe that to be "right". +- * we could call the gorpy openssl lib error handlers that print messages +- * to users of the library. hmm.. +- */ +- +- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { +- ret = 0; +- } else { +- ret = 1; +- } +- close(state->d_fd); +- state->d_fd = -1; +- +- return (ret); +-} +- +-/* +- * libcrypto EVP stuff - this is how we get wired to EVP so the engine +- * gets called when libcrypto requests a cipher NID. +- */ +- +-/* DES CBC EVP */ +-const EVP_CIPHER cryptodev_des_cbc = { +- NID_des_cbc, +- 8, 8, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL +-}; +- +-/* 3DES CBC EVP */ +-const EVP_CIPHER cryptodev_3des_cbc = { +- NID_des_ede3_cbc, +- 8, 24, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL +-}; +- +-const EVP_CIPHER cryptodev_bf_cbc = { +- NID_bf_cbc, +- 8, 16, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL +-}; +- +-const EVP_CIPHER cryptodev_cast_cbc = { +- NID_cast5_cbc, +- 8, 16, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL +-}; +- +-const EVP_CIPHER cryptodev_aes_cbc = { +- NID_aes_128_cbc, +- 16, 16, 16, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL +-}; +- +-/* +- * Registered by the ENGINE when used to find out how to deal with +- * a particular NID in the ENGINE. this says what we'll do at the +- * top level - note, that list is restricted by what we answer with +- */ +-static int +-cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid) +-{ +- if (!cipher) +- return (cryptodev_usable_ciphers(nids)); +- +- switch (nid) { +- case NID_des_ede3_cbc: +- *cipher = &cryptodev_3des_cbc; +- break; +- case NID_des_cbc: +- *cipher = &cryptodev_des_cbc; +- break; +- case NID_bf_cbc: +- *cipher = &cryptodev_bf_cbc; +- break; +- case NID_cast5_cbc: +- *cipher = &cryptodev_cast_cbc; +- break; +- case NID_aes_128_cbc: +- *cipher = &cryptodev_aes_cbc; +- break; +- default: +- *cipher = NULL; +- break; +- } +- return (*cipher != NULL); +-} +- +-static int +-cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid) +-{ +- if (!digest) +- return (cryptodev_usable_digests(nids)); +- +- switch (nid) { +- case NID_md5: +- *digest = NULL; /* need to make a clean md5 critter */ +- break; +- default: +- *digest = NULL; +- break; +- } +- return (*digest != NULL); +-} +- +-/* +- * Convert a BIGNUM to the representation that /dev/crypto needs. +- * Upon completion of use, the caller is responsible for freeing +- * crp->crp_p. +- */ +-static int bn2crparam(const BIGNUM *a, struct crparam *crp) +-{ +- int i, j, k; +- ssize_t bytes, bits; +- u_char *b; +- +- crp->crp_p = NULL; +- crp->crp_nbits = 0; +- +- bits = BN_num_bits(a); +- bytes = (bits + 7) / 8; +- +- b = malloc(bytes); +- if (b == NULL) +- return (1); +- +- crp->crp_p = (char *)b; +- crp->crp_nbits = bits; +- +- for (i = 0, j = 0; i < a->top; i++) { +- for (k = 0; k < BN_BITS2 / 8; k++) { +- if ((j + k) >= bytes) +- return (0); +- b[j + k] = a->d[i] >> (k * 8); +- } +- j += BN_BITS2 / 8; +- } +- return (0); +-} +- +-/* Convert a /dev/crypto parameter to a BIGNUM */ +-static int crparam2bn(struct crparam *crp, BIGNUM *a) +-{ +- u_int8_t *pd; +- int i, bytes; +- +- bytes = (crp->crp_nbits + 7) / 8; +- +- if (bytes == 0) +- return (-1); +- +- if ((pd = (u_int8_t *) malloc(bytes)) == NULL) +- return (-1); +- +- for (i = 0; i < bytes; i++) +- pd[i] = crp->crp_p[bytes - i - 1]; +- +- BN_bin2bn(pd, bytes, a); +- free(pd); +- +- return (0); +-} +- +-static void zapparams(struct crypt_kop *kop) +-{ +- int i; +- +- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { +- if (kop->crk_param[i].crp_p) +- free(kop->crk_param[i].crp_p); +- kop->crk_param[i].crp_p = NULL; +- kop->crk_param[i].crp_nbits = 0; +- } +-} +- +-static int +-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, +- BIGNUM *s) +-{ +- int fd, ret = -1; +- +- if ((fd = get_asym_dev_crypto()) < 0) +- return (ret); +- +- if (r) { +- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); +- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; +- kop->crk_oparams++; +- } +- if (s) { +- kop->crk_param[kop->crk_iparams + 1].crp_p = +- calloc(slen, sizeof(char)); +- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; +- kop->crk_oparams++; +- } +- +- if (ioctl(fd, CIOCKEY, kop) == 0) { +- if (r) +- crparam2bn(&kop->crk_param[kop->crk_iparams], r); +- if (s) +- crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s); +- ret = 0; +- } +- +- return (ret); +-} +- +-static int +-cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +-{ +- struct crypt_kop kop; +- int ret = 1; +- +- /* +- * Currently, we know we can do mod exp iff we can do any asymmetric +- * operations at all. +- */ +- if (cryptodev_asymfeat == 0) { +- ret = BN_mod_exp(r, a, p, m, ctx); +- return (ret); +- } +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_MOD_EXP; +- +- /* inputs: a^p % m */ +- if (bn2crparam(a, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(m, &kop.crk_param[2])) +- goto err; +- kop.crk_iparams = 3; +- +- if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF asym process failed, Running in software\n"); +- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); +- +- } else if (ECANCELED == kop.crk_status) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF hardware operation cancelled. Running in Software\n"); +- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); +- } +- /* else cryptodev operation worked ok ==> ret = 1 */ +- +- err: +- zapparams(&kop); +- return (ret); +-} +- +-static int +-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx) +-{ +- int r; +- +- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); +- return (r); +-} +- +-static int +-cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) +-{ +- struct crypt_kop kop; +- int ret = 1; +- +- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { +- /* XXX 0 means failure?? */ +- return (0); +- } +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_MOD_EXP_CRT; +- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ +- if (bn2crparam(rsa->p, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(rsa->q, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(I, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) +- goto err; +- if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) +- goto err; +- kop.crk_iparams = 6; +- +- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF asym process failed, running in Software\n"); +- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); +- +- } else if (ECANCELED == kop.crk_status) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF hardware operation cancelled. Running in Software\n"); +- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); +- } +- /* else cryptodev operation worked ok ==> ret = 1 */ +- +- err: +- zapparams(&kop); +- return (ret); +-} +- +-static RSA_METHOD cryptodev_rsa = { +- "cryptodev RSA method", +- NULL, /* rsa_pub_enc */ +- NULL, /* rsa_pub_dec */ +- NULL, /* rsa_priv_enc */ +- NULL, /* rsa_priv_dec */ +- NULL, +- NULL, +- NULL, /* init */ +- NULL, /* finish */ +- 0, /* flags */ +- NULL, /* app_data */ +- NULL, /* rsa_sign */ +- NULL /* rsa_verify */ +-}; +- +-static int +-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +-{ +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); +-} +- +-static int +-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, +- BN_CTX *ctx, BN_MONT_CTX *mont) +-{ +- BIGNUM t2; +- int ret = 0; +- +- BN_init(&t2); +- +- /* v = ( g^u1 * y^u2 mod p ) mod q */ +- /* let t1 = g ^ u1 mod p */ +- ret = 0; +- +- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont)) +- goto err; +- +- /* let t2 = y ^ u2 mod p */ +- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont)) +- goto err; +- /* let u1 = t1 * t2 mod p */ +- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx)) +- goto err; +- +- BN_copy(t1, u1); +- +- ret = 1; +- err: +- BN_free(&t2); +- return (ret); +-} +- +-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, +- DSA *dsa) +-{ +- struct crypt_kop kop; +- BIGNUM *r = NULL, *s = NULL; +- DSA_SIG *dsaret = NULL; +- +- if ((r = BN_new()) == NULL) +- goto err; +- if ((s = BN_new()) == NULL) { +- BN_free(r); +- goto err; +- } +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DSA_SIGN; +- +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ +- kop.crk_param[0].crp_p = (caddr_t) dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) +- goto err; +- kop.crk_iparams = 5; +- +- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, +- BN_num_bytes(dsa->q), s) == 0) { +- dsaret = DSA_SIG_new(); +- dsaret->r = r; +- dsaret->s = s; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- BN_free(r); +- BN_free(s); +- dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); +- } +- err: +- kop.crk_param[0].crp_p = NULL; +- zapparams(&kop); +- return (dsaret); +-} +- +-static int +-cryptodev_dsa_verify(const unsigned char *dgst, int dlen, +- DSA_SIG *sig, DSA *dsa) +-{ +- struct crypt_kop kop; +- int dsaret = 1; +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DSA_VERIFY; +- +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ +- kop.crk_param[0].crp_p = (caddr_t) dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) +- goto err; +- if (bn2crparam(sig->r, &kop.crk_param[5])) +- goto err; +- if (bn2crparam(sig->s, &kop.crk_param[6])) +- goto err; +- kop.crk_iparams = 7; +- +- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { +- /* +- * OCF success value is 0, if not zero, change dsaret to fail +- */ +- if (0 != kop.crk_status) +- dsaret = 0; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- +- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); +- } +- err: +- kop.crk_param[0].crp_p = NULL; +- zapparams(&kop); +- return (dsaret); +-} +- +-static DSA_METHOD cryptodev_dsa = { +- "cryptodev DSA method", +- NULL, +- NULL, /* dsa_sign_setup */ +- NULL, +- NULL, /* dsa_mod_exp */ +- NULL, +- NULL, /* init */ +- NULL, /* finish */ +- 0, /* flags */ +- NULL /* app_data */ +-}; +- +-static int +-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx) +-{ +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); +-} +- +-static int +-cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) +-{ +- struct crypt_kop kop; +- int dhret = 1; +- int fd, keylen; +- +- if ((fd = get_asym_dev_crypto()) < 0) { +- const DH_METHOD *meth = DH_OpenSSL(); +- +- return ((meth->compute_key) (key, pub_key, dh)); +- } +- +- keylen = BN_num_bits(dh->p); +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DH_COMPUTE_KEY; +- +- /* inputs: dh->priv_key pub_key dh->p key */ +- if (bn2crparam(dh->priv_key, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(pub_key, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dh->p, &kop.crk_param[2])) +- goto err; +- kop.crk_iparams = 3; +- +- kop.crk_param[3].crp_p = (char *)key; +- kop.crk_param[3].crp_nbits = keylen * 8; +- kop.crk_oparams = 1; +- +- if (ioctl(fd, CIOCKEY, &kop) == -1) { +- const DH_METHOD *meth = DH_OpenSSL(); +- +- dhret = (meth->compute_key) (key, pub_key, dh); +- } +- err: +- kop.crk_param[3].crp_p = NULL; +- zapparams(&kop); +- return (dhret); +-} +- +-static DH_METHOD cryptodev_dh = { +- "cryptodev DH method", +- NULL, /* cryptodev_dh_generate_key */ +- NULL, +- NULL, +- NULL, +- NULL, +- 0, /* flags */ +- NULL /* app_data */ +-}; +- +-/* +- * ctrl right now is just a wrapper that doesn't do much +- * but I expect we'll want some options soon. +- */ +-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ()) +-{ +-# ifdef HAVE_SYSLOG_R +- struct syslog_data sd = SYSLOG_DATA_INIT; +-# endif +- +- switch (cmd) { +- default: +-# ifdef HAVE_SYSLOG_R +- syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); +-# else +- syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); +-# endif +- break; +- } +- return (1); +-} +- +-void ENGINE_load_cryptodev(void) +-{ +- ENGINE *engine = ENGINE_new(); +- int fd; +- +- if (engine == NULL) +- return; +- if ((fd = get_dev_crypto()) < 0) { +- ENGINE_free(engine); +- return; +- } +- +- /* +- * find out what asymmetric crypto algorithms we support +- */ +- if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { +- close(fd); +- ENGINE_free(engine); +- return; +- } +- close(fd); +- +- if (!ENGINE_set_id(engine, "cryptodev") || +- !ENGINE_set_name(engine, "BSD cryptodev engine") || +- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || +- !ENGINE_set_digests(engine, cryptodev_engine_digests) || +- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || +- !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { +- ENGINE_free(engine); +- return; +- } +- +- if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { +- const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); +- +- cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; +- cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; +- cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; +- cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; +- cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; +- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) +- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp; +- else +- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp; +- } +- } +- +- if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- +- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); +- if (cryptodev_asymfeat & CRF_DSA_SIGN) +- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; +- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; +- } +- if (cryptodev_asymfeat & CRF_DSA_VERIFY) +- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; +- } +- +- if (ENGINE_set_DH(engine, &cryptodev_dh)) { +- const DH_METHOD *dh_meth = DH_OpenSSL(); +- +- cryptodev_dh.generate_key = dh_meth->generate_key; +- cryptodev_dh.compute_key = dh_meth->compute_key; +- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; +- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) +- cryptodev_dh.compute_key = cryptodev_dh_compute_key; +- } +- } +- +- ENGINE_add(engine); +- ENGINE_free(engine); +- ERR_clear_error(); +-} +- +-#endif /* HAVE_CRYPTODEV */ +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c +deleted file mode 100644 +index e6c0dfb..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c ++++ /dev/null +@@ -1,385 +0,0 @@ +-/* crypto/engine/eng_ctrl.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * When querying a ENGINE-specific control command's 'description', this +- * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. +- */ +-static const char *int_no_description = ""; +- +-/* +- * These internal functions handle 'CMD'-related control commands when the +- * ENGINE in question has asked us to take care of it (ie. the ENGINE did not +- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. +- */ +- +-static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) +-{ +- if ((defn->cmd_num == 0) || (defn->cmd_name == NULL)) +- return 1; +- return 0; +-} +- +-static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) +-{ +- int idx = 0; +- while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) { +- idx++; +- defn++; +- } +- if (int_ctrl_cmd_is_null(defn)) +- /* The given name wasn't found */ +- return -1; +- return idx; +-} +- +-static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) +-{ +- int idx = 0; +- /* +- * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So +- * our searches don't need to take any longer than necessary. +- */ +- while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) { +- idx++; +- defn++; +- } +- if (defn->cmd_num == num) +- return idx; +- /* The given cmd_num wasn't found */ +- return -1; +-} +- +-static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, +- void (*f) (void)) +-{ +- int idx; +- char *s = (char *)p; +- /* Take care of the easy one first (eg. it requires no searches) */ +- if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) { +- if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) +- return 0; +- return e->cmd_defns->cmd_num; +- } +- /* One or two commands require that "p" be a valid string buffer */ +- if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || +- (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || +- (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) { +- if (s == NULL) { +- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ERR_R_PASSED_NULL_PARAMETER); +- return -1; +- } +- } +- /* Now handle cmd_name -> cmd_num conversion */ +- if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) { +- if ((e->cmd_defns == NULL) +- || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) { +- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NAME); +- return -1; +- } +- return e->cmd_defns[idx].cmd_num; +- } +- /* +- * For the rest of the commands, the 'long' argument must specify a valie +- * command number - so we need to conduct a search. +- */ +- if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, +- (unsigned int) +- i)) < 0)) { +- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER); +- return -1; +- } +- /* Now the logic splits depending on command type */ +- switch (cmd) { +- case ENGINE_CTRL_GET_NEXT_CMD_TYPE: +- idx++; +- if (int_ctrl_cmd_is_null(e->cmd_defns + idx)) +- /* end-of-list */ +- return 0; +- else +- return e->cmd_defns[idx].cmd_num; +- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: +- return strlen(e->cmd_defns[idx].cmd_name); +- case ENGINE_CTRL_GET_NAME_FROM_CMD: +- return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1, +- "%s", e->cmd_defns[idx].cmd_name); +- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: +- if (e->cmd_defns[idx].cmd_desc) +- return strlen(e->cmd_defns[idx].cmd_desc); +- return strlen(int_no_description); +- case ENGINE_CTRL_GET_DESC_FROM_CMD: +- if (e->cmd_defns[idx].cmd_desc) +- return BIO_snprintf(s, +- strlen(e->cmd_defns[idx].cmd_desc) + 1, +- "%s", e->cmd_defns[idx].cmd_desc); +- return BIO_snprintf(s, strlen(int_no_description) + 1, "%s", +- int_no_description); +- case ENGINE_CTRL_GET_CMD_FLAGS: +- return e->cmd_defns[idx].cmd_flags; +- } +- /* Shouldn't really be here ... */ +- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR); +- return -1; +-} +- +-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +-{ +- int ctrl_exists, ref_exists; +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ref_exists = ((e->struct_ref > 0) ? 1 : 0); +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); +- if (!ref_exists) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE); +- return 0; +- } +- /* +- * Intercept any "root-level" commands before trying to hand them on to +- * ctrl() handlers. +- */ +- switch (cmd) { +- case ENGINE_CTRL_HAS_CTRL_FUNCTION: +- return ctrl_exists; +- case ENGINE_CTRL_GET_FIRST_CMD_TYPE: +- case ENGINE_CTRL_GET_NEXT_CMD_TYPE: +- case ENGINE_CTRL_GET_CMD_FROM_NAME: +- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: +- case ENGINE_CTRL_GET_NAME_FROM_CMD: +- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: +- case ENGINE_CTRL_GET_DESC_FROM_CMD: +- case ENGINE_CTRL_GET_CMD_FLAGS: +- if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) +- return int_ctrl_helper(e, cmd, i, p, f); +- if (!ctrl_exists) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); +- /* +- * For these cmd-related functions, failure is indicated by a -1 +- * return value (because 0 is used as a valid return in some +- * places). +- */ +- return -1; +- } +- default: +- break; +- } +- /* Anything else requires a ctrl() handler to exist. */ +- if (!ctrl_exists) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); +- return 0; +- } +- return e->ctrl(e, cmd, i, p, f); +-} +- +-int ENGINE_cmd_is_executable(ENGINE *e, int cmd) +-{ +- int flags; +- if ((flags = +- ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) { +- ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, +- ENGINE_R_INVALID_CMD_NUMBER); +- return 0; +- } +- if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) && +- !(flags & ENGINE_CMD_FLAG_NUMERIC) && +- !(flags & ENGINE_CMD_FLAG_STRING)) +- return 0; +- return 1; +-} +- +-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +- long i, void *p, void (*f) (void), int cmd_optional) +-{ +- int num; +- +- if ((e == NULL) || (cmd_name == NULL)) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, +- ENGINE_CTRL_GET_CMD_FROM_NAME, +- 0, (void *)cmd_name, +- NULL)) <= 0)) { +- /* +- * If the command didn't *have* to be supported, we fake success. +- * This allows certain settings to be specified for multiple ENGINEs +- * and only require a change of ENGINE id (without having to +- * selectively apply settings). Eg. changing from a hardware device +- * back to the regular software ENGINE without editing the config +- * file, etc. +- */ +- if (cmd_optional) { +- ERR_clear_error(); +- return 1; +- } +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME); +- return 0; +- } +- /* +- * Force the result of the control command to 0 or 1, for the reasons +- * mentioned before. +- */ +- if (ENGINE_ctrl(e, num, i, p, f) > 0) +- return 1; +- return 0; +-} +- +-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +- int cmd_optional) +-{ +- int num, flags; +- long l; +- char *ptr; +- if ((e == NULL) || (cmd_name == NULL)) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, +- ENGINE_CTRL_GET_CMD_FROM_NAME, +- 0, (void *)cmd_name, +- NULL)) <= 0)) { +- /* +- * If the command didn't *have* to be supported, we fake success. +- * This allows certain settings to be specified for multiple ENGINEs +- * and only require a change of ENGINE id (without having to +- * selectively apply settings). Eg. changing from a hardware device +- * back to the regular software ENGINE without editing the config +- * file, etc. +- */ +- if (cmd_optional) { +- ERR_clear_error(); +- return 1; +- } +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ENGINE_R_INVALID_CMD_NAME); +- return 0; +- } +- if (!ENGINE_cmd_is_executable(e, num)) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_CMD_NOT_EXECUTABLE); +- return 0; +- } +- if ((flags = +- ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) { +- /* +- * Shouldn't happen, given that ENGINE_cmd_is_executable() returned +- * success. +- */ +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_INTERNAL_LIST_ERROR); +- return 0; +- } +- /* +- * If the command takes no input, there must be no input. And vice versa. +- */ +- if (flags & ENGINE_CMD_FLAG_NO_INPUT) { +- if (arg != NULL) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_COMMAND_TAKES_NO_INPUT); +- return 0; +- } +- /* +- * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather +- * than returning it as "return data". This is to ensure usage of +- * these commands is consistent across applications and that certain +- * applications don't understand it one way, and others another. +- */ +- if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) +- return 1; +- return 0; +- } +- /* So, we require input */ +- if (arg == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_COMMAND_TAKES_INPUT); +- return 0; +- } +- /* If it takes string input, that's easy */ +- if (flags & ENGINE_CMD_FLAG_STRING) { +- /* Same explanation as above */ +- if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) +- return 1; +- return 0; +- } +- /* +- * If it doesn't take numeric either, then it is unsupported for use in a +- * config-setting situation, which is what this function is for. This +- * should never happen though, because ENGINE_cmd_is_executable() was +- * used. +- */ +- if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_INTERNAL_LIST_ERROR); +- return 0; +- } +- l = strtol(arg, &ptr, 10); +- if ((arg == ptr) || (*ptr != '\0')) { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); +- return 0; +- } +- /* +- * Force the result of the control command to 0 or 1, for the reasons +- * mentioned before. +- */ +- if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0) +- return 1; +- return 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c +deleted file mode 100644 +index ac9d7eb..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c ++++ /dev/null +@@ -1,572 +0,0 @@ +-/* crypto/engine/eng_dyn.c */ +-/* +- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project +- * 2001. +- */ +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +-#include +- +-/* +- * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE +- * loader should implement the hook-up functions with the following +- * prototypes. +- */ +- +-/* Our ENGINE handlers */ +-static int dynamic_init(ENGINE *e); +-static int dynamic_finish(ENGINE *e); +-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, +- void (*f) (void)); +-/* Predeclare our context type */ +-typedef struct st_dynamic_data_ctx dynamic_data_ctx; +-/* The implementation for the important control command */ +-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); +- +-#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE +-#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) +-#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) +-#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) +-#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) +-#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) +-#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) +- +-/* The constants used when creating the ENGINE */ +-static const char *engine_dynamic_id = "dynamic"; +-static const char *engine_dynamic_name = "Dynamic engine loading support"; +-static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { +- {DYNAMIC_CMD_SO_PATH, +- "SO_PATH", +- "Specifies the path to the new ENGINE shared library", +- ENGINE_CMD_FLAG_STRING}, +- {DYNAMIC_CMD_NO_VCHECK, +- "NO_VCHECK", +- "Specifies to continue even if version checking fails (boolean)", +- ENGINE_CMD_FLAG_NUMERIC}, +- {DYNAMIC_CMD_ID, +- "ID", +- "Specifies an ENGINE id name for loading", +- ENGINE_CMD_FLAG_STRING}, +- {DYNAMIC_CMD_LIST_ADD, +- "LIST_ADD", +- "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", +- ENGINE_CMD_FLAG_NUMERIC}, +- {DYNAMIC_CMD_DIR_LOAD, +- "DIR_LOAD", +- "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", +- ENGINE_CMD_FLAG_NUMERIC}, +- {DYNAMIC_CMD_DIR_ADD, +- "DIR_ADD", +- "Adds a directory from which ENGINEs can be loaded", +- ENGINE_CMD_FLAG_STRING}, +- {DYNAMIC_CMD_LOAD, +- "LOAD", +- "Load up the ENGINE specified by other settings", +- ENGINE_CMD_FLAG_NO_INPUT}, +- {0, NULL, NULL, 0} +-}; +- +-static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = { +- {0, NULL, NULL, 0} +-}; +- +-/* +- * Loading code stores state inside the ENGINE structure via the "ex_data" +- * element. We load all our state into a single structure and use that as a +- * single context in the "ex_data" stack. +- */ +-struct st_dynamic_data_ctx { +- /* The DSO object we load that supplies the ENGINE code */ +- DSO *dynamic_dso; +- /* +- * The function pointer to the version checking shared library function +- */ +- dynamic_v_check_fn v_check; +- /* +- * The function pointer to the engine-binding shared library function +- */ +- dynamic_bind_engine bind_engine; +- /* The default name/path for loading the shared library */ +- const char *DYNAMIC_LIBNAME; +- /* Whether to continue loading on a version check failure */ +- int no_vcheck; +- /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ +- const char *engine_id; +- /* +- * If non-zero, a successfully loaded ENGINE should be added to the +- * internal ENGINE list. If 2, the add must succeed or the entire load +- * should fail. +- */ +- int list_add_value; +- /* The symbol name for the version checking function */ +- const char *DYNAMIC_F1; +- /* The symbol name for the "initialise ENGINE structure" function */ +- const char *DYNAMIC_F2; +- /* +- * Whether to never use 'dirs', use 'dirs' as a fallback, or only use +- * 'dirs' for loading. Default is to use 'dirs' as a fallback. +- */ +- int dir_load; +- /* A stack of directories from which ENGINEs could be loaded */ +- STACK *dirs; +-}; +- +-/* +- * This is the "ex_data" index we obtain and reserve for use with our context +- * structure. +- */ +-static int dynamic_ex_data_idx = -1; +- +-static void int_free_str(void *s) +-{ +- OPENSSL_free(s); +-} +- +-/* +- * Because our ex_data element may or may not get allocated depending on +- * whether a "first-use" occurs before the ENGINE is freed, we have a memory +- * leak problem to solve. We can't declare a "new" handler for the ex_data as +- * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types +- * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare +- * a "free" handler and that will get called if an ENGINE is being destroyed +- * and there was an ex_data element corresponding to our context type. +- */ +-static void dynamic_data_ctx_free_func(void *parent, void *ptr, +- CRYPTO_EX_DATA *ad, int idx, long argl, +- void *argp) +-{ +- if (ptr) { +- dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; +- if (ctx->dynamic_dso) +- DSO_free(ctx->dynamic_dso); +- if (ctx->DYNAMIC_LIBNAME) +- OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME); +- if (ctx->engine_id) +- OPENSSL_free((void *)ctx->engine_id); +- if (ctx->dirs) +- sk_pop_free(ctx->dirs, int_free_str); +- OPENSSL_free(ctx); +- } +-} +- +-/* +- * Construct the per-ENGINE context. We create it blindly and then use a lock +- * to check for a race - if so, all but one of the threads "racing" will have +- * wasted their time. The alternative involves creating everything inside the +- * lock which is far worse. +- */ +-static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) +-{ +- dynamic_data_ctx *c; +- c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); +- if (!c) { +- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- memset(c, 0, sizeof(dynamic_data_ctx)); +- c->dynamic_dso = NULL; +- c->v_check = NULL; +- c->bind_engine = NULL; +- c->DYNAMIC_LIBNAME = NULL; +- c->no_vcheck = 0; +- c->engine_id = NULL; +- c->list_add_value = 0; +- c->DYNAMIC_F1 = "v_check"; +- c->DYNAMIC_F2 = "bind_engine"; +- c->dir_load = 1; +- c->dirs = sk_new_null(); +- if (!c->dirs) { +- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(c); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, +- dynamic_ex_data_idx)) +- == NULL) { +- /* Good, we're the first */ +- ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); +- *ctx = c; +- c = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* +- * If we lost the race to set the context, c is non-NULL and *ctx is the +- * context of the thread that won. +- */ +- if (c) +- OPENSSL_free(c); +- return 1; +-} +- +-/* +- * This function retrieves the context structure from an ENGINE's "ex_data", +- * or if it doesn't exist yet, sets it up. +- */ +-static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) +-{ +- dynamic_data_ctx *ctx; +- if (dynamic_ex_data_idx < 0) { +- /* +- * Create and register the ENGINE ex_data, and associate our "free" +- * function with it to ensure any allocated contexts get freed when +- * an ENGINE goes underground. +- */ +- int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, +- dynamic_data_ctx_free_func); +- if (new_idx == -1) { +- ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX); +- return NULL; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- /* Avoid a race by checking again inside this lock */ +- if (dynamic_ex_data_idx < 0) { +- /* Good, someone didn't beat us to it */ +- dynamic_ex_data_idx = new_idx; +- new_idx = -1; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* +- * In theory we could "give back" the index here if (new_idx>-1), but +- * it's not possible and wouldn't gain us much if it were. +- */ +- } +- ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); +- /* Check if the context needs to be created */ +- if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) +- /* "set_data" will set errors if necessary */ +- return NULL; +- return ctx; +-} +- +-static ENGINE *engine_dynamic(void) +-{ +- ENGINE *ret = ENGINE_new(); +- if (!ret) +- return NULL; +- if (!ENGINE_set_id(ret, engine_dynamic_id) || +- !ENGINE_set_name(ret, engine_dynamic_name) || +- !ENGINE_set_init_function(ret, dynamic_init) || +- !ENGINE_set_finish_function(ret, dynamic_finish) || +- !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || +- !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || +- !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) { +- ENGINE_free(ret); +- return NULL; +- } +- return ret; +-} +- +-void ENGINE_load_dynamic(void) +-{ +- ENGINE *toadd = engine_dynamic(); +- if (!toadd) +- return; +- ENGINE_add(toadd); +- /* +- * If the "add" worked, it gets a structural reference. So either way, we +- * release our just-created reference. +- */ +- ENGINE_free(toadd); +- /* +- * If the "add" didn't work, it was probably a conflict because it was +- * already added (eg. someone calling ENGINE_load_blah then calling +- * ENGINE_load_builtin_engines() perhaps). +- */ +- ERR_clear_error(); +-} +- +-static int dynamic_init(ENGINE *e) +-{ +- /* +- * We always return failure - the "dyanamic" engine itself can't be used +- * for anything. +- */ +- return 0; +-} +- +-static int dynamic_finish(ENGINE *e) +-{ +- /* +- * This should never be called on account of "dynamic_init" always +- * failing. +- */ +- return 0; +-} +- +-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +-{ +- dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); +- int initialised; +- +- if (!ctx) { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED); +- return 0; +- } +- initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); +- /* All our control commands require the ENGINE to be uninitialised */ +- if (initialised) { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED); +- return 0; +- } +- switch (cmd) { +- case DYNAMIC_CMD_SO_PATH: +- /* a NULL 'p' or a string of zero-length is the same thing */ +- if (p && (strlen((const char *)p) < 1)) +- p = NULL; +- if (ctx->DYNAMIC_LIBNAME) +- OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME); +- if (p) +- ctx->DYNAMIC_LIBNAME = BUF_strdup(p); +- else +- ctx->DYNAMIC_LIBNAME = NULL; +- return (ctx->DYNAMIC_LIBNAME ? 1 : 0); +- case DYNAMIC_CMD_NO_VCHECK: +- ctx->no_vcheck = ((i == 0) ? 0 : 1); +- return 1; +- case DYNAMIC_CMD_ID: +- /* a NULL 'p' or a string of zero-length is the same thing */ +- if (p && (strlen((const char *)p) < 1)) +- p = NULL; +- if (ctx->engine_id) +- OPENSSL_free((void *)ctx->engine_id); +- if (p) +- ctx->engine_id = BUF_strdup(p); +- else +- ctx->engine_id = NULL; +- return (ctx->engine_id ? 1 : 0); +- case DYNAMIC_CMD_LIST_ADD: +- if ((i < 0) || (i > 2)) { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT); +- return 0; +- } +- ctx->list_add_value = (int)i; +- return 1; +- case DYNAMIC_CMD_LOAD: +- return dynamic_load(e, ctx); +- case DYNAMIC_CMD_DIR_LOAD: +- if ((i < 0) || (i > 2)) { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT); +- return 0; +- } +- ctx->dir_load = (int)i; +- return 1; +- case DYNAMIC_CMD_DIR_ADD: +- /* a NULL 'p' or a string of zero-length is the same thing */ +- if (!p || (strlen((const char *)p) < 1)) { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT); +- return 0; +- } +- { +- char *tmp_str = BUF_strdup(p); +- if (!tmp_str) { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- sk_insert(ctx->dirs, tmp_str, -1); +- } +- return 1; +- default: +- break; +- } +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); +- return 0; +-} +- +-static int int_load(dynamic_data_ctx *ctx) +-{ +- int num, loop; +- /* Unless told not to, try a direct load */ +- if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, +- ctx->DYNAMIC_LIBNAME, NULL, +- 0)) != NULL) +- return 1; +- /* If we're not allowed to use 'dirs' or we have none, fail */ +- if (!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1)) +- return 0; +- for (loop = 0; loop < num; loop++) { +- const char *s = sk_value(ctx->dirs, loop); +- char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); +- if (!merge) +- return 0; +- if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) { +- /* Found what we're looking for */ +- OPENSSL_free(merge); +- return 1; +- } +- OPENSSL_free(merge); +- } +- return 0; +-} +- +-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) +-{ +- ENGINE cpy; +- dynamic_fns fns; +- +- if (!ctx->dynamic_dso) +- ctx->dynamic_dso = DSO_new(); +- if (!ctx->DYNAMIC_LIBNAME) { +- if (!ctx->engine_id) +- return 0; +- ctx->DYNAMIC_LIBNAME = +- DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); +- } +- if (!int_load(ctx)) { +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND); +- DSO_free(ctx->dynamic_dso); +- ctx->dynamic_dso = NULL; +- return 0; +- } +- /* We have to find a bind function otherwise it'll always end badly */ +- if (! +- (ctx->bind_engine = +- (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso, +- ctx->DYNAMIC_F2))) { +- ctx->bind_engine = NULL; +- DSO_free(ctx->dynamic_dso); +- ctx->dynamic_dso = NULL; +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE); +- return 0; +- } +- /* Do we perform version checking? */ +- if (!ctx->no_vcheck) { +- unsigned long vcheck_res = 0; +- /* +- * Now we try to find a version checking function and decide how to +- * cope with failure if/when it fails. +- */ +- ctx->v_check = +- (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso, +- ctx->DYNAMIC_F1); +- if (ctx->v_check) +- vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); +- /* +- * We fail if the version checker veto'd the load *or* if it is +- * deferring to us (by returning its version) and we think it is too +- * old. +- */ +- if (vcheck_res < OSSL_DYNAMIC_OLDEST) { +- /* Fail */ +- ctx->bind_engine = NULL; +- ctx->v_check = NULL; +- DSO_free(ctx->dynamic_dso); +- ctx->dynamic_dso = NULL; +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, +- ENGINE_R_VERSION_INCOMPATIBILITY); +- return 0; +- } +- } +- /* +- * First binary copy the ENGINE structure so that we can roll back if the +- * hand-over fails +- */ +- memcpy(&cpy, e, sizeof(ENGINE)); +- /* +- * Provide the ERR, "ex_data", memory, and locking callbacks so the +- * loaded library uses our state rather than its own. FIXME: As noted in +- * engine.h, much of this would be simplified if each area of code +- * provided its own "summary" structure of all related callbacks. It +- * would also increase opaqueness. +- */ +- fns.static_state = ENGINE_get_static_state(); +- fns.err_fns = ERR_get_implementation(); +- fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); +- CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, +- &fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb); +- fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); +- fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback(); +- fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); +- fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); +- fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); +- /* +- * Now that we've loaded the dynamic engine, make sure no "dynamic" +- * ENGINE elements will show through. +- */ +- engine_set_all_null(e); +- +- /* Try to bind the ENGINE onto our own ENGINE structure */ +- if (!ctx->bind_engine(e, ctx->engine_id, &fns)) { +- ctx->bind_engine = NULL; +- ctx->v_check = NULL; +- DSO_free(ctx->dynamic_dso); +- ctx->dynamic_dso = NULL; +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED); +- /* Copy the original ENGINE structure back */ +- memcpy(e, &cpy, sizeof(ENGINE)); +- return 0; +- } +- /* Do we try to add this ENGINE to the internal list too? */ +- if (ctx->list_add_value > 0) { +- if (!ENGINE_add(e)) { +- /* Do we tolerate this or fail? */ +- if (ctx->list_add_value > 1) { +- /* +- * Fail - NB: By this time, it's too late to rollback, and +- * trying to do so allows the bind_engine() code to have +- * created leaks. We just have to fail where we are, after +- * the ENGINE has changed. +- */ +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, +- ENGINE_R_CONFLICTING_ENGINE_ID); +- return 0; +- } +- /* Tolerate */ +- ERR_clear_error(); +- } +- } +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_err.c b/Cryptlib/OpenSSL/crypto/engine/eng_err.c +deleted file mode 100644 +index 20f1ad2..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_err.c ++++ /dev/null +@@ -1,176 +0,0 @@ +-/* crypto/engine/eng_err.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* +- * NOTE: this file was auto generated by the mkerr.pl script: any changes +- * made to it will be overwritten when the script next updates this file, +- * only reason strings will be preserved. +- */ +- +-#include +-#include +-#include +- +-/* BEGIN ERROR CODES */ +-#ifndef OPENSSL_NO_ERR +- +-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0) +-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason) +- +-static ERR_STRING_DATA ENGINE_str_functs[] = { +- {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"}, +- {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"}, +- {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"}, +- {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"}, +- {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, +- {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, +- {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, +- {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"}, +- {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"}, +- {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"}, +- {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"}, +- {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"}, +- {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"}, +- {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, +- {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, +- {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"}, +- {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, +- {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, +- {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"}, +- {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, +- {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, +- {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, +- {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), +- "ENGINE_load_ssl_client_cert"}, +- {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, +- {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, +- {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), +- "ENGINE_set_default_string"}, +- {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"}, +- {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"}, +- {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, +- {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"}, +- {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"}, +- {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"}, +- {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, +- {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"}, +- {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"}, +- {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"}, +- {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"}, +- {0, NULL} +-}; +- +-static ERR_STRING_DATA ENGINE_str_reasons[] = { +- {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"}, +- {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), +- "argument is not a number"}, +- {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"}, +- {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"}, +- {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"}, +- {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"}, +- {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), +- "ctrl command not implemented"}, +- {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED), "dh not implemented"}, +- {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"}, +- {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"}, +- {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"}, +- {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"}, +- {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR), +- "engine configuration error"}, +- {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"}, +- {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"}, +- {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY), +- "failed loading private key"}, +- {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY), +- "failed loading public key"}, +- {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"}, +- {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED), +- "could not obtain hardware handle"}, +- {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"}, +- {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"}, +- {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"}, +- {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"}, +- {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"}, +- {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"}, +- {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"}, +- {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"}, +- {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"}, +- {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"}, +- {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"}, +- {ERR_REASON(ENGINE_R_NO_INDEX), "no index"}, +- {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"}, +- {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"}, +- {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"}, +- {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION), "no unload function"}, +- {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS), "provide parameters"}, +- {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"}, +- {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"}, +- {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"}, +- {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"}, +- {0, NULL} +-}; +- +-#endif +- +-void ERR_load_ENGINE_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- +- if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) { +- ERR_load_strings(0, ENGINE_str_functs); +- ERR_load_strings(0, ENGINE_str_reasons); +- } +-#endif +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c +deleted file mode 100644 +index 7fa0754..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c ++++ /dev/null +@@ -1,165 +0,0 @@ +-/* crypto/engine/eng_fat.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by +- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. +- */ +- +-#include "eng_int.h" +-#include +- +-int ENGINE_set_default(ENGINE *e, unsigned int flags) +-{ +- if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) +- return 0; +- if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) +- return 0; +-#ifndef OPENSSL_NO_RSA +- if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) +- return 0; +-#endif +-#ifndef OPENSSL_NO_DSA +- if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) +- return 0; +-#endif +-#ifndef OPENSSL_NO_DH +- if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) +- return 0; +-#endif +-#ifndef OPENSSL_NO_ECDH +- if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) +- return 0; +-#endif +-#ifndef OPENSSL_NO_ECDSA +- if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) +- return 0; +-#endif +- if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) +- return 0; +- return 1; +-} +- +-/* Set default algorithms using a string */ +- +-static int int_def_cb(const char *alg, int len, void *arg) +-{ +- unsigned int *pflags = arg; +- if (!strncmp(alg, "ALL", len)) +- *pflags |= ENGINE_METHOD_ALL; +- else if (!strncmp(alg, "RSA", len)) +- *pflags |= ENGINE_METHOD_RSA; +- else if (!strncmp(alg, "DSA", len)) +- *pflags |= ENGINE_METHOD_DSA; +- else if (!strncmp(alg, "ECDH", len)) +- *pflags |= ENGINE_METHOD_ECDH; +- else if (!strncmp(alg, "ECDSA", len)) +- *pflags |= ENGINE_METHOD_ECDSA; +- else if (!strncmp(alg, "DH", len)) +- *pflags |= ENGINE_METHOD_DH; +- else if (!strncmp(alg, "RAND", len)) +- *pflags |= ENGINE_METHOD_RAND; +- else if (!strncmp(alg, "CIPHERS", len)) +- *pflags |= ENGINE_METHOD_CIPHERS; +- else if (!strncmp(alg, "DIGESTS", len)) +- *pflags |= ENGINE_METHOD_DIGESTS; +- else +- return 0; +- return 1; +-} +- +-int ENGINE_set_default_string(ENGINE *e, const char *def_list) +-{ +- unsigned int flags = 0; +- if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) { +- ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, +- ENGINE_R_INVALID_STRING); +- ERR_add_error_data(2, "str=", def_list); +- return 0; +- } +- return ENGINE_set_default(e, flags); +-} +- +-int ENGINE_register_complete(ENGINE *e) +-{ +- ENGINE_register_ciphers(e); +- ENGINE_register_digests(e); +-#ifndef OPENSSL_NO_RSA +- ENGINE_register_RSA(e); +-#endif +-#ifndef OPENSSL_NO_DSA +- ENGINE_register_DSA(e); +-#endif +-#ifndef OPENSSL_NO_DH +- ENGINE_register_DH(e); +-#endif +-#ifndef OPENSSL_NO_ECDH +- ENGINE_register_ECDH(e); +-#endif +-#ifndef OPENSSL_NO_ECDSA +- ENGINE_register_ECDSA(e); +-#endif +- ENGINE_register_RAND(e); +- return 1; +-} +- +-int ENGINE_register_all_complete(void) +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_complete(e); +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_init.c b/Cryptlib/OpenSSL/crypto/engine/eng_init.c +deleted file mode 100644 +index 4ea7fe6..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_init.c ++++ /dev/null +@@ -1,157 +0,0 @@ +-/* crypto/engine/eng_init.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * Initialise a engine type for use (or up its functional reference count if +- * it's already in use). This version is only used internally. +- */ +-int engine_unlocked_init(ENGINE *e) +-{ +- int to_return = 1; +- +- if ((e->funct_ref == 0) && e->init) +- /* +- * This is the first functional reference and the engine requires +- * initialisation so we do it now. +- */ +- to_return = e->init(e); +- if (to_return) { +- /* +- * OK, we return a functional reference which is also a structural +- * reference. +- */ +- e->struct_ref++; +- e->funct_ref++; +- engine_ref_debug(e, 0, 1) +- engine_ref_debug(e, 1, 1) +- } +- return to_return; +-} +- +-/* +- * Free a functional reference to a engine type. This version is only used +- * internally. +- */ +-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) +-{ +- int to_return = 1; +- +- /* +- * Reduce the functional reference count here so if it's the terminating +- * case, we can release the lock safely and call the finish() handler +- * without risk of a race. We get a race if we leave the count until +- * after and something else is calling "finish" at the same time - +- * there's a chance that both threads will together take the count from 2 +- * to 0 without either calling finish(). +- */ +- e->funct_ref--; +- engine_ref_debug(e, 1, -1); +- if ((e->funct_ref == 0) && e->finish) { +- if (unlock_for_handlers) +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- to_return = e->finish(e); +- if (unlock_for_handlers) +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if (!to_return) +- return 0; +- } +-#ifdef REF_CHECK +- if (e->funct_ref < 0) { +- fprintf(stderr, "ENGINE_finish, bad functional reference count\n"); +- abort(); +- } +-#endif +- /* Release the structural reference too */ +- if (!engine_free_util(e, 0)) { +- ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED); +- return 0; +- } +- return to_return; +-} +- +-/* The API (locked) version of "init" */ +-int ENGINE_init(ENGINE *e) +-{ +- int ret; +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = engine_unlocked_init(e); +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return ret; +-} +- +-/* The API (locked) version of "finish" */ +-int ENGINE_finish(ENGINE *e) +-{ +- int to_return = 1; +- +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- to_return = engine_unlocked_finish(e, 1); +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- if (!to_return) { +- ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED); +- return 0; +- } +- return to_return; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_int.h b/Cryptlib/OpenSSL/crypto/engine/eng_int.h +deleted file mode 100644 +index a66f107..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_int.h ++++ /dev/null +@@ -1,196 +0,0 @@ +-/* crypto/engine/eng_int.h */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. +- */ +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by +- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. +- */ +- +-#ifndef HEADER_ENGINE_INT_H +-#define HEADER_ENGINE_INT_H +- +-#include "cryptlib.h" +-/* Take public definitions from engine.h */ +-#include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* If we compile with this symbol defined, then both reference counts in the +- * ENGINE structure will be monitored with a line of output on stderr for each +- * change. This prints the engine's pointer address (truncated to unsigned int), +- * "struct" or "funct" to indicate the reference type, the before and after +- * reference count, and the file:line-number pair. The "engine_ref_debug" +- * statements must come *after* the change. */ +-#ifdef ENGINE_REF_COUNT_DEBUG +- +-#define engine_ref_debug(e, isfunct, diff) \ +- fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \ +- (unsigned int)(e), (isfunct ? "funct" : "struct"), \ +- ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \ +- ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \ +- (__FILE__), (__LINE__)); +- +-#else +- +-#define engine_ref_debug(e, isfunct, diff) +- +-#endif +- +-/* Any code that will need cleanup operations should use these functions to +- * register callbacks. ENGINE_cleanup() will call all registered callbacks in +- * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be +- * held (in "write" mode). */ +-typedef void (ENGINE_CLEANUP_CB)(void); +-typedef struct st_engine_cleanup_item +- { +- ENGINE_CLEANUP_CB *cb; +- } ENGINE_CLEANUP_ITEM; +-DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM) +-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb); +-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb); +- +-/* We need stacks of ENGINEs for use in eng_table.c */ +-DECLARE_STACK_OF(ENGINE) +- +-/* If this symbol is defined then engine_table_select(), the function that is +- * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and +- * functional references (etc), will display debugging summaries to stderr. */ +-/* #define ENGINE_TABLE_DEBUG */ +- +-/* This represents an implementation table. Dependent code should instantiate it +- * as a (ENGINE_TABLE *) pointer value set initially to NULL. */ +-typedef struct st_engine_table ENGINE_TABLE; +-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, +- ENGINE *e, const int *nids, int num_nids, int setdefault); +-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e); +-void engine_table_cleanup(ENGINE_TABLE **table); +-#ifndef ENGINE_TABLE_DEBUG +-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid); +-#else +-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l); +-#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__) +-#endif +- +-/* Internal versions of API functions that have control over locking. These are +- * used between C files when functionality needs to be shared but the caller may +- * already be controlling of the CRYPTO_LOCK_ENGINE lock. */ +-int engine_unlocked_init(ENGINE *e); +-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers); +-int engine_free_util(ENGINE *e, int locked); +- +-/* This function will reset all "set"able values in an ENGINE to NULL. This +- * won't touch reference counts or ex_data, but is equivalent to calling all the +- * ENGINE_set_***() functions with a NULL value. */ +-void engine_set_all_null(ENGINE *e); +- +-/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed +- * in engine.h. */ +- +-/* This is a structure for storing implementations of various crypto +- * algorithms and functions. */ +-struct engine_st +- { +- const char *id; +- const char *name; +- const RSA_METHOD *rsa_meth; +- const DSA_METHOD *dsa_meth; +- const DH_METHOD *dh_meth; +- const ECDH_METHOD *ecdh_meth; +- const ECDSA_METHOD *ecdsa_meth; +- const RAND_METHOD *rand_meth; +- const STORE_METHOD *store_meth; +- /* Cipher handling is via this callback */ +- ENGINE_CIPHERS_PTR ciphers; +- /* Digest handling is via this callback */ +- ENGINE_DIGESTS_PTR digests; +- +- +- ENGINE_GEN_INT_FUNC_PTR destroy; +- +- ENGINE_GEN_INT_FUNC_PTR init; +- ENGINE_GEN_INT_FUNC_PTR finish; +- ENGINE_CTRL_FUNC_PTR ctrl; +- ENGINE_LOAD_KEY_PTR load_privkey; +- ENGINE_LOAD_KEY_PTR load_pubkey; +- +- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; +- +- const ENGINE_CMD_DEFN *cmd_defns; +- int flags; +- /* reference count on the structure itself */ +- int struct_ref; +- /* reference count on usability of the engine type. NB: This +- * controls the loading and initialisation of any functionlity +- * required by this engine, whereas the previous count is +- * simply to cope with (de)allocation of this structure. Hence, +- * running_ref <= struct_ref at all times. */ +- int funct_ref; +- /* A place to store per-ENGINE data */ +- CRYPTO_EX_DATA ex_data; +- /* Used to maintain the linked-list of engines. */ +- struct engine_st *prev; +- struct engine_st *next; +- }; +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif /* HEADER_ENGINE_INT_H */ +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c +deleted file mode 100644 +index 6238f9d..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c ++++ /dev/null +@@ -1,344 +0,0 @@ +-/* crypto/engine/eng_lib.c */ +-/* +- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project +- * 2000. +- */ +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +-#include +- +-/* The "new"/"free" stuff first */ +- +-ENGINE *ENGINE_new(void) +-{ +- ENGINE *ret; +- +- ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); +- if (ret == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- memset(ret, 0, sizeof(ENGINE)); +- ret->struct_ref = 1; +- engine_ref_debug(ret, 0, 1) +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); +- return ret; +-} +- +-/* +- * Placed here (close proximity to ENGINE_new) so that modifications to the +- * elements of the ENGINE structure are more likely to be caught and changed +- * here. +- */ +-void engine_set_all_null(ENGINE *e) +-{ +- e->id = NULL; +- e->name = NULL; +- e->rsa_meth = NULL; +- e->dsa_meth = NULL; +- e->dh_meth = NULL; +- e->rand_meth = NULL; +- e->store_meth = NULL; +- e->ciphers = NULL; +- e->digests = NULL; +- e->destroy = NULL; +- e->init = NULL; +- e->finish = NULL; +- e->ctrl = NULL; +- e->load_privkey = NULL; +- e->load_pubkey = NULL; +- e->cmd_defns = NULL; +- e->flags = 0; +-} +- +-int engine_free_util(ENGINE *e, int locked) +-{ +- int i; +- +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (locked) +- i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE); +- else +- i = --e->struct_ref; +- engine_ref_debug(e, 0, -1) +- if (i > 0) +- return 1; +-#ifdef REF_CHECK +- if (i < 0) { +- fprintf(stderr, "ENGINE_free, bad structural reference count\n"); +- abort(); +- } +-#endif +- /* +- * Give the ENGINE a chance to do any structural cleanup corresponding to +- * allocation it did in its constructor (eg. unload error strings) +- */ +- if (e->destroy) +- e->destroy(e); +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); +- OPENSSL_free(e); +- return 1; +-} +- +-int ENGINE_free(ENGINE *e) +-{ +- return engine_free_util(e, 1); +-} +- +-/* Cleanup stuff */ +- +-/* +- * ENGINE_cleanup() is coded such that anything that does work that will need +- * cleanup can register a "cleanup" callback here. That way we don't get +- * linker bloat by referring to all *possible* cleanups, but any linker bloat +- * into code "X" will cause X's cleanup function to end up here. +- */ +-static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL; +-static int int_cleanup_check(int create) +-{ +- if (cleanup_stack) +- return 1; +- if (!create) +- return 0; +- cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null(); +- return (cleanup_stack ? 1 : 0); +-} +- +-static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) +-{ +- ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(ENGINE_CLEANUP_ITEM)); +- if (!item) +- return NULL; +- item->cb = cb; +- return item; +-} +- +-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) +-{ +- ENGINE_CLEANUP_ITEM *item; +- if (!int_cleanup_check(1)) +- return; +- item = int_cleanup_item(cb); +- if (item) +- sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0); +-} +- +-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) +-{ +- ENGINE_CLEANUP_ITEM *item; +- if (!int_cleanup_check(1)) +- return; +- item = int_cleanup_item(cb); +- if (item) +- sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); +-} +- +-/* The API function that performs all cleanup */ +-static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item) +-{ +- (*(item->cb)) (); +- OPENSSL_free(item); +-} +- +-void ENGINE_cleanup(void) +-{ +- if (int_cleanup_check(0)) { +- sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, +- engine_cleanup_cb_free); +- cleanup_stack = NULL; +- } +- /* +- * FIXME: This should be handled (somehow) through RAND, eg. by it +- * registering a cleanup callback. +- */ +- RAND_set_rand_method(NULL); +-} +- +-/* Now the "ex_data" support */ +- +-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, +- CRYPTO_EX_free *free_func) +-{ +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, +- new_func, dup_func, free_func); +-} +- +-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) +-{ +- return (CRYPTO_set_ex_data(&e->ex_data, idx, arg)); +-} +- +-void *ENGINE_get_ex_data(const ENGINE *e, int idx) +-{ +- return (CRYPTO_get_ex_data(&e->ex_data, idx)); +-} +- +-/* +- * Functions to get/set an ENGINE's elements - mainly to avoid exposing the +- * ENGINE structure itself. +- */ +- +-int ENGINE_set_id(ENGINE *e, const char *id) +-{ +- if (id == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- e->id = id; +- return 1; +-} +- +-int ENGINE_set_name(ENGINE *e, const char *name) +-{ +- if (name == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_SET_NAME, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- e->name = name; +- return 1; +-} +- +-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) +-{ +- e->destroy = destroy_f; +- return 1; +-} +- +-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) +-{ +- e->init = init_f; +- return 1; +-} +- +-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) +-{ +- e->finish = finish_f; +- return 1; +-} +- +-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) +-{ +- e->ctrl = ctrl_f; +- return 1; +-} +- +-int ENGINE_set_flags(ENGINE *e, int flags) +-{ +- e->flags = flags; +- return 1; +-} +- +-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) +-{ +- e->cmd_defns = defns; +- return 1; +-} +- +-const char *ENGINE_get_id(const ENGINE *e) +-{ +- return e->id; +-} +- +-const char *ENGINE_get_name(const ENGINE *e) +-{ +- return e->name; +-} +- +-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) +-{ +- return e->destroy; +-} +- +-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) +-{ +- return e->init; +-} +- +-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) +-{ +- return e->finish; +-} +- +-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) +-{ +- return e->ctrl; +-} +- +-int ENGINE_get_flags(const ENGINE *e) +-{ +- return e->flags; +-} +- +-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) +-{ +- return e->cmd_defns; +-} +- +-/* +- * eng_lib.o is pretty much linked into anything that touches ENGINE already, +- * so put the "static_state" hack here. +- */ +- +-static int internal_static_hack = 0; +- +-void *ENGINE_get_static_state(void) +-{ +- return &internal_static_hack; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_list.c b/Cryptlib/OpenSSL/crypto/engine/eng_list.c +deleted file mode 100644 +index 45029c4..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_list.c ++++ /dev/null +@@ -1,402 +0,0 @@ +-/* crypto/engine/eng_list.c */ +-/* +- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project +- * 2000. +- */ +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by +- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. +- */ +- +-#include "eng_int.h" +- +-/* +- * The linked-list of pointers to engine types. engine_list_head incorporates +- * an implicit structural reference but engine_list_tail does not - the +- * latter is a computational niceity and only points to something that is +- * already pointed to by its predecessor in the list (or engine_list_head +- * itself). In the same way, the use of the "prev" pointer in each ENGINE is +- * to save excessive list iteration, it doesn't correspond to an extra +- * structural reference. Hence, engine_list_head, and each non-null "next" +- * pointer account for the list itself assuming exactly 1 structural +- * reference on each list member. +- */ +-static ENGINE *engine_list_head = NULL; +-static ENGINE *engine_list_tail = NULL; +- +-/* +- * This cleanup function is only needed internally. If it should be called, +- * we register it with the "ENGINE_cleanup()" stack to be called during +- * cleanup. +- */ +- +-static void engine_list_cleanup(void) +-{ +- ENGINE *iterator = engine_list_head; +- +- while (iterator != NULL) { +- ENGINE_remove(iterator); +- iterator = engine_list_head; +- } +- return; +-} +- +-/* +- * These static functions starting with a lower case "engine_" always take +- * place when CRYPTO_LOCK_ENGINE has been locked up. +- */ +-static int engine_list_add(ENGINE *e) +-{ +- int conflict = 0; +- ENGINE *iterator = NULL; +- +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- iterator = engine_list_head; +- while (iterator && !conflict) { +- conflict = (strcmp(iterator->id, e->id) == 0); +- iterator = iterator->next; +- } +- if (conflict) { +- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_CONFLICTING_ENGINE_ID); +- return 0; +- } +- if (engine_list_head == NULL) { +- /* We are adding to an empty list. */ +- if (engine_list_tail) { +- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR); +- return 0; +- } +- engine_list_head = e; +- e->prev = NULL; +- /* +- * The first time the list allocates, we should register the cleanup. +- */ +- engine_cleanup_add_last(engine_list_cleanup); +- } else { +- /* We are adding to the tail of an existing list. */ +- if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) { +- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR); +- return 0; +- } +- engine_list_tail->next = e; +- e->prev = engine_list_tail; +- } +- /* +- * Having the engine in the list assumes a structural reference. +- */ +- e->struct_ref++; +- engine_ref_debug(e, 0, 1) +- /* However it came to be, e is the last item in the list. */ +- engine_list_tail = e; +- e->next = NULL; +- return 1; +-} +- +-static int engine_list_remove(ENGINE *e) +-{ +- ENGINE *iterator; +- +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- /* We need to check that e is in our linked list! */ +- iterator = engine_list_head; +- while (iterator && (iterator != e)) +- iterator = iterator->next; +- if (iterator == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, +- ENGINE_R_ENGINE_IS_NOT_IN_LIST); +- return 0; +- } +- /* un-link e from the chain. */ +- if (e->next) +- e->next->prev = e->prev; +- if (e->prev) +- e->prev->next = e->next; +- /* Correct our head/tail if necessary. */ +- if (engine_list_head == e) +- engine_list_head = e->next; +- if (engine_list_tail == e) +- engine_list_tail = e->prev; +- engine_free_util(e, 0); +- return 1; +-} +- +-/* Get the first/last "ENGINE" type available. */ +-ENGINE *ENGINE_get_first(void) +-{ +- ENGINE *ret; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = engine_list_head; +- if (ret) { +- ret->struct_ref++; +- engine_ref_debug(ret, 0, 1) +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return ret; +-} +- +-ENGINE *ENGINE_get_last(void) +-{ +- ENGINE *ret; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = engine_list_tail; +- if (ret) { +- ret->struct_ref++; +- engine_ref_debug(ret, 0, 1) +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return ret; +-} +- +-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +-ENGINE *ENGINE_get_next(ENGINE *e) +-{ +- ENGINE *ret = NULL; +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = e->next; +- if (ret) { +- /* Return a valid structural refernce to the next ENGINE */ +- ret->struct_ref++; +- engine_ref_debug(ret, 0, 1) +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* Release the structural reference to the previous ENGINE */ +- ENGINE_free(e); +- return ret; +-} +- +-ENGINE *ENGINE_get_prev(ENGINE *e) +-{ +- ENGINE *ret = NULL; +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = e->prev; +- if (ret) { +- /* Return a valid structural reference to the next ENGINE */ +- ret->struct_ref++; +- engine_ref_debug(ret, 0, 1) +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* Release the structural reference to the previous ENGINE */ +- ENGINE_free(e); +- return ret; +-} +- +-/* Add another "ENGINE" type into the list. */ +-int ENGINE_add(ENGINE *e) +-{ +- int to_return = 1; +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if ((e->id == NULL) || (e->name == NULL)) { +- ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING); +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if (!engine_list_add(e)) { +- ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR); +- to_return = 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return to_return; +-} +- +-/* Remove an existing "ENGINE" type from the array. */ +-int ENGINE_remove(ENGINE *e) +-{ +- int to_return = 1; +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if (!engine_list_remove(e)) { +- ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR); +- to_return = 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return to_return; +-} +- +-static void engine_cpy(ENGINE *dest, const ENGINE *src) +-{ +- dest->id = src->id; +- dest->name = src->name; +-#ifndef OPENSSL_NO_RSA +- dest->rsa_meth = src->rsa_meth; +-#endif +-#ifndef OPENSSL_NO_DSA +- dest->dsa_meth = src->dsa_meth; +-#endif +-#ifndef OPENSSL_NO_DH +- dest->dh_meth = src->dh_meth; +-#endif +-#ifndef OPENSSL_NO_ECDH +- dest->ecdh_meth = src->ecdh_meth; +-#endif +-#ifndef OPENSSL_NO_ECDSA +- dest->ecdsa_meth = src->ecdsa_meth; +-#endif +- dest->rand_meth = src->rand_meth; +- dest->store_meth = src->store_meth; +- dest->ciphers = src->ciphers; +- dest->digests = src->digests; +- dest->destroy = src->destroy; +- dest->init = src->init; +- dest->finish = src->finish; +- dest->ctrl = src->ctrl; +- dest->load_privkey = src->load_privkey; +- dest->load_pubkey = src->load_pubkey; +- dest->cmd_defns = src->cmd_defns; +- dest->flags = src->flags; +-} +- +-ENGINE *ENGINE_by_id(const char *id) +-{ +- ENGINE *iterator; +- char *load_dir = NULL; +- if (id == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- iterator = engine_list_head; +- while (iterator && (strcmp(id, iterator->id) != 0)) +- iterator = iterator->next; +- if (iterator) { +- /* +- * We need to return a structural reference. If this is an ENGINE +- * type that returns copies, make a duplicate - otherwise increment +- * the existing ENGINE's reference count. +- */ +- if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { +- ENGINE *cp = ENGINE_new(); +- if (!cp) +- iterator = NULL; +- else { +- engine_cpy(cp, iterator); +- iterator = cp; +- } +- } else { +- iterator->struct_ref++; +- engine_ref_debug(iterator, 0, 1) +- } +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +-#if 0 +- if (iterator == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE); +- ERR_add_error_data(2, "id=", id); +- } +- return iterator; +-#else +- /* EEK! Experimental code starts */ +- if (iterator) +- return iterator; +- /* +- * Prevent infinite recusrion if we're looking for the dynamic engine. +- */ +- if (strcmp(id, "dynamic")) { +-# ifdef OPENSSL_SYS_VMS +- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) +- load_dir = "SSLROOT:[ENGINES]"; +-# else +- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) +- load_dir = ENGINESDIR; +-# endif +- iterator = ENGINE_by_id("dynamic"); +- if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || +- !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || +- !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", +- load_dir, 0) || +- !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) +- goto notfound; +- return iterator; +- } +- notfound: +- ENGINE_free(iterator); +- ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE); +- ERR_add_error_data(2, "id=", id); +- return NULL; +- /* EEK! Experimental code ends */ +-#endif +-} +- +-int ENGINE_up_ref(ENGINE *e) +-{ +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE); +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c +deleted file mode 100644 +index c3aca14..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c ++++ /dev/null +@@ -1,402 +0,0 @@ +-/* crypto/engine/eng_openssl.c */ +-/* +- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project +- * 2000. +- */ +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by +- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. +- */ +- +-#include +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#include +-#ifndef OPENSSL_NO_RSA +-# include +-#endif +-#ifndef OPENSSL_NO_DSA +-# include +-#endif +-#ifndef OPENSSL_NO_DH +-# include +-#endif +- +-/* +- * This testing gunk is implemented (and explained) lower down. It also +- * assumes the application explicitly calls "ENGINE_load_openssl()" because +- * this is no longer automatic in ENGINE_load_builtin_engines(). +- */ +-#define TEST_ENG_OPENSSL_RC4 +-#define TEST_ENG_OPENSSL_PKEY +-/* #define TEST_ENG_OPENSSL_RC4_OTHERS */ +-#define TEST_ENG_OPENSSL_RC4_P_INIT +-/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ +-#define TEST_ENG_OPENSSL_SHA +-/* #define TEST_ENG_OPENSSL_SHA_OTHERS */ +-/* #define TEST_ENG_OPENSSL_SHA_P_INIT */ +-/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */ +-/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */ +- +-/* Now check what of those algorithms are actually enabled */ +-#ifdef OPENSSL_NO_RC4 +-# undef TEST_ENG_OPENSSL_RC4 +-# undef TEST_ENG_OPENSSL_RC4_OTHERS +-# undef TEST_ENG_OPENSSL_RC4_P_INIT +-# undef TEST_ENG_OPENSSL_RC4_P_CIPHER +-#endif +-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) +-# undef TEST_ENG_OPENSSL_SHA +-# undef TEST_ENG_OPENSSL_SHA_OTHERS +-# undef TEST_ENG_OPENSSL_SHA_P_INIT +-# undef TEST_ENG_OPENSSL_SHA_P_UPDATE +-# undef TEST_ENG_OPENSSL_SHA_P_FINAL +-#endif +- +-#ifdef TEST_ENG_OPENSSL_RC4 +-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid); +-#endif +-#ifdef TEST_ENG_OPENSSL_SHA +-static int openssl_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid); +-#endif +- +-#ifdef TEST_ENG_OPENSSL_PKEY +-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, +- UI_METHOD *ui_method, +- void *callback_data); +-#endif +- +-/* The constants used when creating the ENGINE */ +-static const char *engine_openssl_id = "openssl"; +-static const char *engine_openssl_name = "Software engine support"; +- +-/* +- * This internal function is used by ENGINE_openssl() and possibly by the +- * "dynamic" ENGINE support too +- */ +-static int bind_helper(ENGINE *e) +-{ +- if (!ENGINE_set_id(e, engine_openssl_id) +- || !ENGINE_set_name(e, engine_openssl_name) +-#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS +-# ifndef OPENSSL_NO_RSA +- || !ENGINE_set_RSA(e, RSA_get_default_method()) +-# endif +-# ifndef OPENSSL_NO_DSA +- || !ENGINE_set_DSA(e, DSA_get_default_method()) +-# endif +-# ifndef OPENSSL_NO_ECDH +- || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) +-# endif +-# ifndef OPENSSL_NO_ECDSA +- || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) +-# endif +-# ifndef OPENSSL_NO_DH +- || !ENGINE_set_DH(e, DH_get_default_method()) +-# endif +- || !ENGINE_set_RAND(e, RAND_SSLeay()) +-# ifdef TEST_ENG_OPENSSL_RC4 +- || !ENGINE_set_ciphers(e, openssl_ciphers) +-# endif +-# ifdef TEST_ENG_OPENSSL_SHA +- || !ENGINE_set_digests(e, openssl_digests) +-# endif +-#endif +-#ifdef TEST_ENG_OPENSSL_PKEY +- || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) +-#endif +- ) +- return 0; +- /* +- * If we add errors to this ENGINE, ensure the error handling is setup +- * here +- */ +- /* openssl_load_error_strings(); */ +- return 1; +-} +- +-static ENGINE *engine_openssl(void) +-{ +- ENGINE *ret = ENGINE_new(); +- if (!ret) +- return NULL; +- if (!bind_helper(ret)) { +- ENGINE_free(ret); +- return NULL; +- } +- return ret; +-} +- +-void ENGINE_load_openssl(void) +-{ +- ENGINE *toadd = engine_openssl(); +- if (!toadd) +- return; +- ENGINE_add(toadd); +- /* +- * If the "add" worked, it gets a structural reference. So either way, we +- * release our just-created reference. +- */ +- ENGINE_free(toadd); +- ERR_clear_error(); +-} +- +-/* +- * This stuff is needed if this ENGINE is being compiled into a +- * self-contained shared-library. +- */ +-#ifdef ENGINE_DYNAMIC_SUPPORT +-static int bind_fn(ENGINE *e, const char *id) +-{ +- if (id && (strcmp(id, engine_openssl_id) != 0)) +- return 0; +- if (!bind_helper(e)) +- return 0; +- return 1; +-} +- +-IMPLEMENT_DYNAMIC_CHECK_FN() +- IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +-#endif /* ENGINE_DYNAMIC_SUPPORT */ +-#ifdef TEST_ENG_OPENSSL_RC4 +-/*- +- * This section of code compiles an "alternative implementation" of two modes of +- * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4" +- * should under normal circumstances go via this support rather than the default +- * EVP support. There are other symbols to tweak the testing; +- * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time +- * we're asked for a cipher we don't support (should not happen). +- * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time +- * the "init_key" handler is called. +- * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. +- */ +-# include +-# define TEST_RC4_KEY_SIZE 16 +-static int test_cipher_nids[] = { NID_rc4, NID_rc4_40 }; +- +-static int test_cipher_nids_number = 2; +-typedef struct { +- unsigned char key[TEST_RC4_KEY_SIZE]; +- RC4_KEY ks; +-} TEST_RC4_KEY; +-# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data) +-static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +-{ +-# ifdef TEST_ENG_OPENSSL_RC4_P_INIT +- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); +-# endif +- memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx)); +- RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), +- test(ctx)->key); +- return 1; +-} +- +-static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +-{ +-# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER +- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); +-# endif +- RC4(&test(ctx)->ks, inl, in, out); +- return 1; +-} +- +-static const EVP_CIPHER test_r4_cipher = { +- NID_rc4, +- 1, TEST_RC4_KEY_SIZE, 0, +- EVP_CIPH_VARIABLE_LENGTH, +- test_rc4_init_key, +- test_rc4_cipher, +- NULL, +- sizeof(TEST_RC4_KEY), +- NULL, +- NULL, +- NULL, +- NULL +-}; +- +-static const EVP_CIPHER test_r4_40_cipher = { +- NID_rc4_40, +- 1, 5 /* 40 bit */ , 0, +- EVP_CIPH_VARIABLE_LENGTH, +- test_rc4_init_key, +- test_rc4_cipher, +- NULL, +- sizeof(TEST_RC4_KEY), +- NULL, +- NULL, +- NULL, +- NULL +-}; +- +-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid) +-{ +- if (!cipher) { +- /* We are returning a list of supported nids */ +- *nids = test_cipher_nids; +- return test_cipher_nids_number; +- } +- /* We are being asked for a specific cipher */ +- if (nid == NID_rc4) +- *cipher = &test_r4_cipher; +- else if (nid == NID_rc4_40) +- *cipher = &test_r4_40_cipher; +- else { +-# ifdef TEST_ENG_OPENSSL_RC4_OTHERS +- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " +- "nid %d\n", nid); +-# endif +- *cipher = NULL; +- return 0; +- } +- return 1; +-} +-#endif +- +-#ifdef TEST_ENG_OPENSSL_SHA +-/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ +-# include +-static int test_digest_nids[] = { NID_sha1 }; +- +-static int test_digest_nids_number = 1; +-static int test_sha1_init(EVP_MD_CTX *ctx) +-{ +-# ifdef TEST_ENG_OPENSSL_SHA_P_INIT +- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); +-# endif +- return SHA1_Init(ctx->md_data); +-} +- +-static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) +-{ +-# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE +- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); +-# endif +- return SHA1_Update(ctx->md_data, data, count); +-} +- +-static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) +-{ +-# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL +- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); +-# endif +- return SHA1_Final(md, ctx->md_data); +-} +- +-static const EVP_MD test_sha_md = { +- NID_sha1, +- NID_sha1WithRSAEncryption, +- SHA_DIGEST_LENGTH, +- 0, +- test_sha1_init, +- test_sha1_update, +- test_sha1_final, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- SHA_CBLOCK, +- sizeof(EVP_MD *) + sizeof(SHA_CTX), +-}; +- +-static int openssl_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid) +-{ +- if (!digest) { +- /* We are returning a list of supported nids */ +- *nids = test_digest_nids; +- return test_digest_nids_number; +- } +- /* We are being asked for a specific digest */ +- if (nid == NID_sha1) +- *digest = &test_sha_md; +- else { +-# ifdef TEST_ENG_OPENSSL_SHA_OTHERS +- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " +- "nid %d\n", nid); +-# endif +- *digest = NULL; +- return 0; +- } +- return 1; +-} +-#endif +- +-#ifdef TEST_ENG_OPENSSL_PKEY +-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, +- UI_METHOD *ui_method, +- void *callback_data) +-{ +- BIO *in; +- EVP_PKEY *key; +- fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", +- key_id); +- in = BIO_new_file(key_id, "r"); +- if (!in) +- return NULL; +- key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); +- BIO_free(in); +- return key; +-} +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c +deleted file mode 100644 +index f233b16..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c ++++ /dev/null +@@ -1,1241 +0,0 @@ +-/*- +- * Support for VIA PadLock Advanced Cryptography Engine (ACE) +- * Written by Michal Ludvig +- * http://www.logix.cz/michal +- * +- * Big thanks to Andy Polyakov for a help with optimization, +- * assembler fixes, port to MS Windows and a lot of other +- * valuable work on this engine! +- */ +- +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include +- +-#include +-#include +-#include +-#include +-#include +-#ifndef OPENSSL_NO_AES +-# include +-#endif +-#include +-#include +- +-#ifndef OPENSSL_NO_HW +-# ifndef OPENSSL_NO_HW_PADLOCK +- +-/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ +-# if (OPENSSL_VERSION_NUMBER >= 0x00908000L) +-# ifndef OPENSSL_NO_DYNAMIC_ENGINE +-# define DYNAMIC_ENGINE +-# endif +-# elif (OPENSSL_VERSION_NUMBER >= 0x00907000L) +-# ifdef ENGINE_DYNAMIC_SUPPORT +-# define DYNAMIC_ENGINE +-# endif +-# else +-# error "Only OpenSSL >= 0.9.7 is supported" +-# endif +- +-/* +- * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it +- * doesn't exist elsewhere, but it even can't be compiled on other platforms! +- * +- * In addition, because of the heavy use of inline assembler, compiler choice +- * is limited to GCC and Microsoft C. +- */ +-# undef COMPILE_HW_PADLOCK +-# if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) +-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ +- (defined(_MSC_VER) && defined(_M_IX86)) +-# define COMPILE_HW_PADLOCK +-static ENGINE *ENGINE_padlock(void); +-# endif +-# endif +- +-void ENGINE_load_padlock(void) +-{ +-/* On non-x86 CPUs it just returns. */ +-# ifdef COMPILE_HW_PADLOCK +- ENGINE *toadd = ENGINE_padlock(); +- if (!toadd) +- return; +- ENGINE_add(toadd); +- ENGINE_free(toadd); +- ERR_clear_error(); +-# endif +-} +- +-# ifdef COMPILE_HW_PADLOCK +-/* +- * We do these includes here to avoid header problems on platforms that do +- * not have the VIA padlock anyway... +- */ +-# ifdef _MSC_VER +-# include +-# define alloca _alloca +-# elif defined(NETWARE_CLIB) && defined(__GNUC__) +-void *alloca(size_t); +-# define alloca(s) __builtin_alloca(s) +-# else +-# include +-# endif +- +-/* Function for ENGINE detection and control */ +-static int padlock_available(void); +-static int padlock_init(ENGINE *e); +- +-/* RNG Stuff */ +-static RAND_METHOD padlock_rand; +- +-/* Cipher Stuff */ +-# ifndef OPENSSL_NO_AES +-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid); +-# endif +- +-/* Engine names */ +-static const char *padlock_id = "padlock"; +-static char padlock_name[100]; +- +-/* Available features */ +-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ +-static int padlock_use_rng = 0; /* Random Number Generator */ +-# ifndef OPENSSL_NO_AES +-static int padlock_aes_align_required = 1; +-# endif +- +-/* ===== Engine "management" functions ===== */ +- +-/* Prepare the ENGINE structure for registration */ +-static int padlock_bind_helper(ENGINE *e) +-{ +- /* Check available features */ +- padlock_available(); +- +-# if 1 /* disable RNG for now, see commentary in +- * vicinity of RNG code */ +- padlock_use_rng = 0; +-# endif +- +- /* Generate a nice engine name with available features */ +- BIO_snprintf(padlock_name, sizeof(padlock_name), +- "VIA PadLock (%s, %s)", +- padlock_use_rng ? "RNG" : "no-RNG", +- padlock_use_ace ? "ACE" : "no-ACE"); +- +- /* Register everything or return with an error */ +- if (!ENGINE_set_id(e, padlock_id) || +- !ENGINE_set_name(e, padlock_name) || +- !ENGINE_set_init_function(e, padlock_init) || +-# ifndef OPENSSL_NO_AES +- (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) || +-# endif +- (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) { +- return 0; +- } +- +- /* Everything looks good */ +- return 1; +-} +- +-/* Constructor */ +-static ENGINE *ENGINE_padlock(void) +-{ +- ENGINE *eng = ENGINE_new(); +- +- if (!eng) { +- return NULL; +- } +- +- if (!padlock_bind_helper(eng)) { +- ENGINE_free(eng); +- return NULL; +- } +- +- return eng; +-} +- +-/* Check availability of the engine */ +-static int padlock_init(ENGINE *e) +-{ +- return (padlock_use_rng || padlock_use_ace); +-} +- +-/* +- * This stuff is needed if this ENGINE is being compiled into a +- * self-contained shared-library. +- */ +-# ifdef DYNAMIC_ENGINE +-static int padlock_bind_fn(ENGINE *e, const char *id) +-{ +- if (id && (strcmp(id, padlock_id) != 0)) { +- return 0; +- } +- +- if (!padlock_bind_helper(e)) { +- return 0; +- } +- +- return 1; +-} +- +-IMPLEMENT_DYNAMIC_CHECK_FN() +- IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn) +-# endif /* DYNAMIC_ENGINE */ +-/* ===== Here comes the "real" engine ===== */ +-# ifndef OPENSSL_NO_AES +-/* Some AES-related constants */ +-# define AES_BLOCK_SIZE 16 +-# define AES_KEY_SIZE_128 16 +-# define AES_KEY_SIZE_192 24 +-# define AES_KEY_SIZE_256 32 +- /* +- * Here we store the status information relevant to the current context. +- */ +- /* +- * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on +- * the order of items in this structure. Don't blindly modify, reorder, +- * etc! +- */ +-struct padlock_cipher_data { +- unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */ +- union { +- unsigned int pad[4]; +- struct { +- int rounds:4; +- int dgst:1; /* n/a in C3 */ +- int align:1; /* n/a in C3 */ +- int ciphr:1; /* n/a in C3 */ +- unsigned int keygen:1; +- int interm:1; +- unsigned int encdec:1; +- int ksize:2; +- } b; +- } cword; /* Control word */ +- AES_KEY ks; /* Encryption key */ +-}; +- +-/* +- * Essentially this variable belongs in thread local storage. +- * Having this variable global on the other hand can only cause +- * few bogus key reloads [if any at all on single-CPU system], +- * so we accept the penatly... +- */ +-static volatile struct padlock_cipher_data *padlock_saved_context; +-# endif +- +-/*- +- * ======================================================= +- * Inline assembler section(s). +- * ======================================================= +- * Order of arguments is chosen to facilitate Windows port +- * using __fastcall calling convention. If you wish to add +- * more routines, keep in mind that first __fastcall +- * argument is passed in %ecx and second - in %edx. +- * ======================================================= +- */ +-# if defined(__GNUC__) && __GNUC__>=2 +-/* +- * As for excessive "push %ebx"/"pop %ebx" found all over. +- * When generating position-independent code GCC won't let +- * us use "b" in assembler templates nor even respect "ebx" +- * in "clobber description." Therefore the trouble... +- */ +- +-/* +- * Helper function - check if a CPUID instruction is available on this CPU +- */ +-static int padlock_insn_cpuid_available(void) +-{ +- int result = -1; +- +- /* +- * We're checking if the bit #21 of EFLAGS can be toggled. If yes = +- * CPUID is available. +- */ +- asm volatile ("pushf\n" +- "popl %%eax\n" +- "xorl $0x200000, %%eax\n" +- "movl %%eax, %%ecx\n" +- "andl $0x200000, %%ecx\n" +- "pushl %%eax\n" +- "popf\n" +- "pushf\n" +- "popl %%eax\n" +- "andl $0x200000, %%eax\n" +- "xorl %%eax, %%ecx\n" +- "movl %%ecx, %0\n":"=r" (result)::"eax", "ecx"); +- +- return (result == 0); +-} +- +-/* +- * Load supported features of the CPU to see if the PadLock is available. +- */ +-static int padlock_available(void) +-{ +- char vendor_string[16]; +- unsigned int eax, edx; +- +- /* First check if the CPUID instruction is available at all... */ +- if (!padlock_insn_cpuid_available()) +- return 0; +- +- /* Are we running on the Centaur (VIA) CPU? */ +- eax = 0x00000000; +- vendor_string[12] = 0; +- asm volatile ("pushl %%ebx\n" +- "cpuid\n" +- "movl %%ebx,(%%edi)\n" +- "movl %%edx,4(%%edi)\n" +- "movl %%ecx,8(%%edi)\n" +- "popl %%ebx":"+a" (eax):"D"(vendor_string):"ecx", "edx"); +- if (strcmp(vendor_string, "CentaurHauls") != 0) +- return 0; +- +- /* Check for Centaur Extended Feature Flags presence */ +- eax = 0xC0000000; +- asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax)::"ecx", "edx"); +- if (eax < 0xC0000001) +- return 0; +- +- /* Read the Centaur Extended Feature Flags */ +- eax = 0xC0000001; +- asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax), +- "=d"(edx)::"ecx"); +- +- /* Fill up some flags */ +- padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6)); +- padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2)); +- +- return padlock_use_ace + padlock_use_rng; +-} +- +-# ifndef OPENSSL_NO_AES +-/* Our own htonl()/ntohl() */ +-static inline void padlock_bswapl(AES_KEY *ks) +-{ +- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); +- unsigned int *key = ks->rd_key; +- +- while (i--) { +- asm volatile ("bswapl %0":"+r" (*key)); +- key++; +- } +-} +-# endif +- +-/* +- * Force key reload from memory to the CPU microcode. Loading EFLAGS from the +- * stack clears EFLAGS[30] which does the trick. +- */ +-static inline void padlock_reload_key(void) +-{ +- asm volatile ("pushfl; popfl"); +-} +- +-# ifndef OPENSSL_NO_AES +-/* +- * This is heuristic key context tracing. At first one +- * believes that one should use atomic swap instructions, +- * but it's not actually necessary. Point is that if +- * padlock_saved_context was changed by another thread +- * after we've read it and before we compare it with cdata, +- * our key *shall* be reloaded upon thread context switch +- * and we are therefore set in either case... +- */ +-static inline void padlock_verify_context(struct padlock_cipher_data *cdata) +-{ +- asm volatile ("pushfl\n" +- " btl $30,(%%esp)\n" +- " jnc 1f\n" +- " cmpl %2,%1\n" +- " je 1f\n" +- " popfl\n" +- " subl $4,%%esp\n" +- "1: addl $4,%%esp\n" +- " movl %2,%0":"+m" (padlock_saved_context) +- :"r"(padlock_saved_context), "r"(cdata):"cc"); +-} +- +-/* Template for padlock_xcrypt_* modes */ +-/* +- * BIG FAT WARNING: The offsets used with 'leal' instructions describe items +- * of the 'padlock_cipher_data' structure. +- */ +-# define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ +-static inline void *name(size_t cnt, \ +- struct padlock_cipher_data *cdata, \ +- void *out, const void *inp) \ +-{ void *iv; \ +- asm volatile ( "pushl %%ebx\n" \ +- " leal 16(%0),%%edx\n" \ +- " leal 32(%0),%%ebx\n" \ +- rep_xcrypt "\n" \ +- " popl %%ebx" \ +- : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ +- : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ +- : "edx", "cc", "memory"); \ +- return iv; \ +-} +- +-/* Generate all functions with appropriate opcodes */ +-/* rep xcryptecb */ +-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") +-/* rep xcryptcbc */ +- PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") +-/* rep xcryptcfb */ +- PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") +-/* rep xcryptofb */ +- PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") +-# endif +-/* The RNG call itself */ +-static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in) +-{ +- unsigned int eax_out; +- +- asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */ +- :"=a" (eax_out), "=m"(*(unsigned *)addr) +- :"D"(addr), "d"(edx_in) +- ); +- +- return eax_out; +-} +- +-/* +- * Why not inline 'rep movsd'? I failed to find information on what value in +- * Direction Flag one can expect and consequently have to apply +- * "better-safe-than-sorry" approach and assume "undefined." I could +- * explicitly clear it and restore the original value upon return from +- * padlock_aes_cipher, but it's presumably too much trouble for too little +- * gain... In case you wonder 'rep xcrypt*' instructions above are *not* +- * affected by the Direction Flag and pointers advance toward larger +- * addresses unconditionally. +- */ +-static inline unsigned char *padlock_memcpy(void *dst, const void *src, +- size_t n) +-{ +- long *d = dst; +- const long *s = src; +- +- n /= sizeof(*d); +- do { +- *d++ = *s++; +- } while (--n); +- +- return dst; +-} +- +-# elif defined(_MSC_VER) +-/* +- * Unlike GCC these are real functions. In order to minimize impact +- * on performance we adhere to __fastcall calling convention in +- * order to get two first arguments passed through %ecx and %edx. +- * Which kind of suits very well, as instructions in question use +- * both %ecx and %edx as input:-) +- */ +-# define REP_XCRYPT(code) \ +- _asm _emit 0xf3 \ +- _asm _emit 0x0f _asm _emit 0xa7 \ +- _asm _emit code +- +-/* +- * BIG FAT WARNING: The offsets used with 'lea' instructions describe items +- * of the 'padlock_cipher_data' structure. +- */ +-# define PADLOCK_XCRYPT_ASM(name,code) \ +-static void * __fastcall \ +- name (size_t cnt, void *cdata, \ +- void *outp, const void *inp) \ +-{ _asm mov eax,edx \ +- _asm lea edx,[eax+16] \ +- _asm lea ebx,[eax+32] \ +- _asm mov edi,outp \ +- _asm mov esi,inp \ +- REP_XCRYPT(code) \ +-} +- +-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8) +-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0) +-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0) +-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8) +- +-static int __fastcall padlock_xstore(void *outp, unsigned int code) +-{ +- _asm mov edi,ecx +- _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 +-} +- +-static void __fastcall padlock_reload_key(void) +-{ +- _asm pushfd +- _asm popfd +-} +- +-static void __fastcall padlock_verify_context(void *cdata) +-{ +- _asm { +- pushfd +- bt DWORD PTR[esp],30 +- jnc skip +- cmp ecx,padlock_saved_context +- je skip +- popfd +- sub esp,4 +- skip: add esp,4 +- mov padlock_saved_context,ecx +- } +-} +- +-static int +-padlock_available(void) +-{ +- _asm { +- pushfd +- pop eax +- mov ecx,eax +- xor eax,1<<21 +- push eax +- popfd +- pushfd +- pop eax +- xor eax,ecx +- bt eax,21 +- jnc noluck +- mov eax,0 +- cpuid +- xor eax,eax +- cmp ebx,'tneC' +- jne noluck +- cmp edx,'Hrua' +- jne noluck +- cmp ecx,'slua' +- jne noluck +- mov eax,0xC0000000 +- cpuid +- mov edx,eax +- xor eax,eax +- cmp edx,0xC0000001 +- jb noluck +- mov eax,0xC0000001 +- cpuid +- xor eax,eax +- bt edx,6 +- jnc skip_a +- bt edx,7 +- jnc skip_a +- mov padlock_use_ace,1 +- inc eax +- skip_a: bt edx,2 +- jnc skip_r +- bt edx,3 +- jnc skip_r +- mov padlock_use_rng,1 +- inc eax +- skip_r: +- noluck: +- } +-} +- +-static void __fastcall padlock_bswapl(void *key) +-{ +- _asm { +- pushfd +- cld +- mov esi,ecx +- mov edi,ecx +- mov ecx,60 +- up: lodsd +- bswap eax +- stosd +- loop up +- popfd +- } +-} +- +-/* +- * MS actually specifies status of Direction Flag and compiler even manages +- * to compile following as 'rep movsd' all by itself... +- */ +-# define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U)) +-# endif +-/* ===== AES encryption/decryption ===== */ +-# ifndef OPENSSL_NO_AES +-# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) +-# define NID_aes_128_cfb NID_aes_128_cfb128 +-# endif +-# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) +-# define NID_aes_128_ofb NID_aes_128_ofb128 +-# endif +-# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) +-# define NID_aes_192_cfb NID_aes_192_cfb128 +-# endif +-# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) +-# define NID_aes_192_ofb NID_aes_192_ofb128 +-# endif +-# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) +-# define NID_aes_256_cfb NID_aes_256_cfb128 +-# endif +-# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) +-# define NID_aes_256_ofb NID_aes_256_ofb128 +-# endif +-/* +- * List of supported ciphers. +- */ static int padlock_cipher_nids[] = { +- NID_aes_128_ecb, +- NID_aes_128_cbc, +- NID_aes_128_cfb, +- NID_aes_128_ofb, +- +- NID_aes_192_ecb, +- NID_aes_192_cbc, +- NID_aes_192_cfb, +- NID_aes_192_ofb, +- +- NID_aes_256_ecb, +- NID_aes_256_cbc, +- NID_aes_256_cfb, +- NID_aes_256_ofb, +-}; +- +-static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) / +- sizeof(padlock_cipher_nids[0])); +- +-/* Function prototypes ... */ +-static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); +-static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t nbytes); +- +-# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \ +- ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) ) +-# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ +- NEAREST_ALIGNED(ctx->cipher_data)) +- +-# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE +-# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE +-# define EVP_CIPHER_block_size_OFB 1 +-# define EVP_CIPHER_block_size_CFB 1 +- +-/* +- * Declaring so many ciphers by hand would be a pain. Instead introduce a bit +- * of preprocessor magic :-) +- */ +-# define DECLARE_AES_EVP(ksize,lmode,umode) \ +-static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \ +- NID_aes_##ksize##_##lmode, \ +- EVP_CIPHER_block_size_##umode, \ +- AES_KEY_SIZE_##ksize, \ +- AES_BLOCK_SIZE, \ +- 0 | EVP_CIPH_##umode##_MODE, \ +- padlock_aes_init_key, \ +- padlock_aes_cipher, \ +- NULL, \ +- sizeof(struct padlock_cipher_data) + 16, \ +- EVP_CIPHER_set_asn1_iv, \ +- EVP_CIPHER_get_asn1_iv, \ +- NULL, \ +- NULL \ +-} +- +-DECLARE_AES_EVP(128, ecb, ECB); +-DECLARE_AES_EVP(128, cbc, CBC); +-DECLARE_AES_EVP(128, cfb, CFB); +-DECLARE_AES_EVP(128, ofb, OFB); +- +-DECLARE_AES_EVP(192, ecb, ECB); +-DECLARE_AES_EVP(192, cbc, CBC); +-DECLARE_AES_EVP(192, cfb, CFB); +-DECLARE_AES_EVP(192, ofb, OFB); +- +-DECLARE_AES_EVP(256, ecb, ECB); +-DECLARE_AES_EVP(256, cbc, CBC); +-DECLARE_AES_EVP(256, cfb, CFB); +-DECLARE_AES_EVP(256, ofb, OFB); +- +-static int +-padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, +- int nid) +-{ +- /* No specific cipher => return a list of supported nids ... */ +- if (!cipher) { +- *nids = padlock_cipher_nids; +- return padlock_cipher_nids_num; +- } +- +- /* ... or the requested "cipher" otherwise */ +- switch (nid) { +- case NID_aes_128_ecb: +- *cipher = &padlock_aes_128_ecb; +- break; +- case NID_aes_128_cbc: +- *cipher = &padlock_aes_128_cbc; +- break; +- case NID_aes_128_cfb: +- *cipher = &padlock_aes_128_cfb; +- break; +- case NID_aes_128_ofb: +- *cipher = &padlock_aes_128_ofb; +- break; +- +- case NID_aes_192_ecb: +- *cipher = &padlock_aes_192_ecb; +- break; +- case NID_aes_192_cbc: +- *cipher = &padlock_aes_192_cbc; +- break; +- case NID_aes_192_cfb: +- *cipher = &padlock_aes_192_cfb; +- break; +- case NID_aes_192_ofb: +- *cipher = &padlock_aes_192_ofb; +- break; +- +- case NID_aes_256_ecb: +- *cipher = &padlock_aes_256_ecb; +- break; +- case NID_aes_256_cbc: +- *cipher = &padlock_aes_256_cbc; +- break; +- case NID_aes_256_cfb: +- *cipher = &padlock_aes_256_cfb; +- break; +- case NID_aes_256_ofb: +- *cipher = &padlock_aes_256_ofb; +- break; +- +- default: +- /* Sorry, we don't support this NID */ +- *cipher = NULL; +- return 0; +- } +- +- return 1; +-} +- +-/* Prepare the encryption key for PadLock usage */ +-static int +-padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +-{ +- struct padlock_cipher_data *cdata; +- int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8; +- +- if (key == NULL) +- return 0; /* ERROR */ +- +- cdata = ALIGNED_CIPHER_DATA(ctx); +- memset(cdata, 0, sizeof(struct padlock_cipher_data)); +- +- /* Prepare Control word. */ +- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) +- cdata->cword.b.encdec = 0; +- else +- cdata->cword.b.encdec = (ctx->encrypt == 0); +- cdata->cword.b.rounds = 10 + (key_len - 128) / 32; +- cdata->cword.b.ksize = (key_len - 128) / 64; +- +- switch (key_len) { +- case 128: +- /* +- * PadLock can generate an extended key for AES128 in hardware +- */ +- memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128); +- cdata->cword.b.keygen = 0; +- break; +- +- case 192: +- case 256: +- /* +- * Generate an extended AES key in software. Needed for AES192/AES256 +- */ +- /* +- * Well, the above applies to Stepping 8 CPUs and is listed as +- * hardware errata. They most likely will fix it at some point and +- * then a check for stepping would be due here. +- */ +- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE || +- EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || enc) +- AES_set_encrypt_key(key, key_len, &cdata->ks); +- else +- AES_set_decrypt_key(key, key_len, &cdata->ks); +-# ifndef AES_ASM +- /* +- * OpenSSL C functions use byte-swapped extended key. +- */ +- padlock_bswapl(&cdata->ks); +-# endif +- cdata->cword.b.keygen = 1; +- break; +- +- default: +- /* ERROR */ +- return 0; +- } +- +- /* +- * This is done to cover for cases when user reuses the +- * context for new key. The catch is that if we don't do +- * this, padlock_eas_cipher might proceed with old key... +- */ +- padlock_reload_key(); +- +- return 1; +-} +- +-/*- +- * Simplified version of padlock_aes_cipher() used when +- * 1) both input and output buffers are at aligned addresses. +- * or when +- * 2) running on a newer CPU that doesn't require aligned buffers. +- */ +-static int +-padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, +- const unsigned char *in_arg, size_t nbytes) +-{ +- struct padlock_cipher_data *cdata; +- void *iv; +- +- cdata = ALIGNED_CIPHER_DATA(ctx); +- padlock_verify_context(cdata); +- +- switch (EVP_CIPHER_CTX_mode(ctx)) { +- case EVP_CIPH_ECB_MODE: +- padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg); +- break; +- +- case EVP_CIPH_CBC_MODE: +- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata, out_arg, +- in_arg); +- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); +- break; +- +- case EVP_CIPH_CFB_MODE: +- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, +- in_arg); +- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); +- break; +- +- case EVP_CIPH_OFB_MODE: +- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg); +- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); +- break; +- +- default: +- return 0; +- } +- +- memset(cdata->iv, 0, AES_BLOCK_SIZE); +- +- return 1; +-} +- +-# ifndef PADLOCK_CHUNK +-# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */ +-# endif +-# if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1) +-# error "insane PADLOCK_CHUNK..." +-# endif +- +-/* +- * Re-align the arguments to 16-Bytes boundaries and run the encryption +- * function itself. This function is not AES-specific. +- */ +-static int +-padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, +- const unsigned char *in_arg, size_t nbytes) +-{ +- struct padlock_cipher_data *cdata; +- const void *inp; +- unsigned char *out; +- void *iv; +- int inp_misaligned, out_misaligned, realign_in_loop; +- size_t chunk, allocated = 0; +- +- /* +- * ctx->num is maintained in byte-oriented modes, such as CFB and OFB... +- */ +- if ((chunk = ctx->num)) { /* borrow chunk variable */ +- unsigned char *ivp = ctx->iv; +- +- switch (EVP_CIPHER_CTX_mode(ctx)) { +- case EVP_CIPH_CFB_MODE: +- if (chunk >= AES_BLOCK_SIZE) +- return 0; /* bogus value */ +- +- if (ctx->encrypt) +- while (chunk < AES_BLOCK_SIZE && nbytes != 0) { +- ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk]; +- chunk++, nbytes--; +- } else +- while (chunk < AES_BLOCK_SIZE && nbytes != 0) { +- unsigned char c = *(in_arg++); +- *(out_arg++) = c ^ ivp[chunk]; +- ivp[chunk++] = c, nbytes--; +- } +- +- ctx->num = chunk % AES_BLOCK_SIZE; +- break; +- case EVP_CIPH_OFB_MODE: +- if (chunk >= AES_BLOCK_SIZE) +- return 0; /* bogus value */ +- +- while (chunk < AES_BLOCK_SIZE && nbytes != 0) { +- *(out_arg++) = *(in_arg++) ^ ivp[chunk]; +- chunk++, nbytes--; +- } +- +- ctx->num = chunk % AES_BLOCK_SIZE; +- break; +- } +- } +- +- if (nbytes == 0) +- return 1; +-# if 0 +- if (nbytes % AES_BLOCK_SIZE) +- return 0; /* are we expected to do tail processing? */ +-# else +- /* +- * nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC modes and +- * arbitrary value in byte-oriented modes, such as CFB and OFB... +- */ +-# endif +- +- /* +- * VIA promises CPUs that won't require alignment in the future. For now +- * padlock_aes_align_required is initialized to 1 and the condition is +- * never met... +- */ +- /* +- * C7 core is capable to manage unaligned input in non-ECB[!] mode, but +- * performance penalties appear to be approximately same as for software +- * alignment below or ~3x. They promise to improve it in the future, but +- * for now we can just as well pretend that it can only handle aligned +- * input... +- */ +- if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0) +- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); +- +- inp_misaligned = (((size_t)in_arg) & 0x0F); +- out_misaligned = (((size_t)out_arg) & 0x0F); +- +- /* +- * Note that even if output is aligned and input not, I still prefer to +- * loop instead of copy the whole input and then encrypt in one stroke. +- * This is done in order to improve L1 cache utilization... +- */ +- realign_in_loop = out_misaligned | inp_misaligned; +- +- if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0) +- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); +- +- /* this takes one "if" out of the loops */ +- chunk = nbytes; +- chunk %= PADLOCK_CHUNK; +- if (chunk == 0) +- chunk = PADLOCK_CHUNK; +- +- if (out_misaligned) { +- /* optmize for small input */ +- allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes); +- out = alloca(0x10 + allocated); +- out = NEAREST_ALIGNED(out); +- } else +- out = out_arg; +- +- cdata = ALIGNED_CIPHER_DATA(ctx); +- padlock_verify_context(cdata); +- +- switch (EVP_CIPHER_CTX_mode(ctx)) { +- case EVP_CIPH_ECB_MODE: +- do { +- if (inp_misaligned) +- inp = padlock_memcpy(out, in_arg, chunk); +- else +- inp = in_arg; +- in_arg += chunk; +- +- padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata, out, inp); +- +- if (out_misaligned) +- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; +- else +- out = out_arg += chunk; +- +- nbytes -= chunk; +- chunk = PADLOCK_CHUNK; +- } while (nbytes); +- break; +- +- case EVP_CIPH_CBC_MODE: +- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- goto cbc_shortcut; +- do { +- if (iv != cdata->iv) +- memcpy(cdata->iv, iv, AES_BLOCK_SIZE); +- chunk = PADLOCK_CHUNK; +- cbc_shortcut: /* optimize for small input */ +- if (inp_misaligned) +- inp = padlock_memcpy(out, in_arg, chunk); +- else +- inp = in_arg; +- in_arg += chunk; +- +- iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata, out, inp); +- +- if (out_misaligned) +- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; +- else +- out = out_arg += chunk; +- +- } while (nbytes -= chunk); +- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); +- break; +- +- case EVP_CIPH_CFB_MODE: +- memcpy(iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- chunk &= ~(AES_BLOCK_SIZE - 1); +- if (chunk) +- goto cfb_shortcut; +- else +- goto cfb_skiploop; +- do { +- if (iv != cdata->iv) +- memcpy(cdata->iv, iv, AES_BLOCK_SIZE); +- chunk = PADLOCK_CHUNK; +- cfb_shortcut: /* optimize for small input */ +- if (inp_misaligned) +- inp = padlock_memcpy(out, in_arg, chunk); +- else +- inp = in_arg; +- in_arg += chunk; +- +- iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata, out, inp); +- +- if (out_misaligned) +- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; +- else +- out = out_arg += chunk; +- +- nbytes -= chunk; +- } while (nbytes >= AES_BLOCK_SIZE); +- +- cfb_skiploop: +- if (nbytes) { +- unsigned char *ivp = cdata->iv; +- +- if (iv != ivp) { +- memcpy(ivp, iv, AES_BLOCK_SIZE); +- iv = ivp; +- } +- ctx->num = nbytes; +- if (cdata->cword.b.encdec) { +- cdata->cword.b.encdec = 0; +- padlock_reload_key(); +- padlock_xcrypt_ecb(1, cdata, ivp, ivp); +- cdata->cword.b.encdec = 1; +- padlock_reload_key(); +- while (nbytes) { +- unsigned char c = *(in_arg++); +- *(out_arg++) = c ^ *ivp; +- *(ivp++) = c, nbytes--; +- } +- } else { +- padlock_reload_key(); +- padlock_xcrypt_ecb(1, cdata, ivp, ivp); +- padlock_reload_key(); +- while (nbytes) { +- *ivp = *(out_arg++) = *(in_arg++) ^ *ivp; +- ivp++, nbytes--; +- } +- } +- } +- +- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); +- break; +- +- case EVP_CIPH_OFB_MODE: +- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- chunk &= ~(AES_BLOCK_SIZE - 1); +- if (chunk) +- do { +- if (inp_misaligned) +- inp = padlock_memcpy(out, in_arg, chunk); +- else +- inp = in_arg; +- in_arg += chunk; +- +- padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata, out, inp); +- +- if (out_misaligned) +- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; +- else +- out = out_arg += chunk; +- +- nbytes -= chunk; +- chunk = PADLOCK_CHUNK; +- } while (nbytes >= AES_BLOCK_SIZE); +- +- if (nbytes) { +- unsigned char *ivp = cdata->iv; +- +- ctx->num = nbytes; +- padlock_reload_key(); /* empirically found */ +- padlock_xcrypt_ecb(1, cdata, ivp, ivp); +- padlock_reload_key(); /* empirically found */ +- while (nbytes) { +- *(out_arg++) = *(in_arg++) ^ *ivp; +- ivp++, nbytes--; +- } +- } +- +- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); +- break; +- +- default: +- return 0; +- } +- +- /* Clean the realign buffer if it was used */ +- if (out_misaligned) { +- volatile unsigned long *p = (void *)out; +- size_t n = allocated / sizeof(*p); +- while (n--) +- *p++ = 0; +- } +- +- memset(cdata->iv, 0, AES_BLOCK_SIZE); +- +- return 1; +-} +- +-# endif /* OPENSSL_NO_AES */ +- +-/* ===== Random Number Generator ===== */ +-/* +- * This code is not engaged. The reason is that it does not comply +- * with recommendations for VIA RNG usage for secure applications +- * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it +- * provide meaningful error control... +- */ +-/* +- * Wrapper that provides an interface between the API and the raw PadLock +- * RNG +- */ +-static int padlock_rand_bytes(unsigned char *output, int count) +-{ +- unsigned int eax, buf; +- +- while (count >= 8) { +- eax = padlock_xstore(output, 0); +- if (!(eax & (1 << 6))) +- return 0; /* RNG disabled */ +- /* this ---vv--- covers DC bias, Raw Bits and String Filter */ +- if (eax & (0x1F << 10)) +- return 0; +- if ((eax & 0x1F) == 0) +- continue; /* no data, retry... */ +- if ((eax & 0x1F) != 8) +- return 0; /* fatal failure... */ +- output += 8; +- count -= 8; +- } +- while (count > 0) { +- eax = padlock_xstore(&buf, 3); +- if (!(eax & (1 << 6))) +- return 0; /* RNG disabled */ +- /* this ---vv--- covers DC bias, Raw Bits and String Filter */ +- if (eax & (0x1F << 10)) +- return 0; +- if ((eax & 0x1F) == 0) +- continue; /* no data, retry... */ +- if ((eax & 0x1F) != 1) +- return 0; /* fatal failure... */ +- *output++ = (unsigned char)buf; +- count--; +- } +- *(volatile unsigned int *)&buf = 0; +- +- return 1; +-} +- +-/* Dummy but necessary function */ +-static int padlock_rand_status(void) +-{ +- return 1; +-} +- +-/* Prepare structure for registration */ +-static RAND_METHOD padlock_rand = { +- NULL, /* seed */ +- padlock_rand_bytes, /* bytes */ +- NULL, /* cleanup */ +- NULL, /* add */ +- padlock_rand_bytes, /* pseudorand */ +- padlock_rand_status, /* rand status */ +-}; +- +-# endif /* COMPILE_HW_PADLOCK */ +- +-# endif /* !OPENSSL_NO_HW_PADLOCK */ +-#endif /* !OPENSSL_NO_HW */ +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c +deleted file mode 100644 +index 23580d9..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c ++++ /dev/null +@@ -1,186 +0,0 @@ +-/* crypto/engine/eng_pkey.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* Basic get/set stuff */ +- +-int ENGINE_set_load_privkey_function(ENGINE *e, +- ENGINE_LOAD_KEY_PTR loadpriv_f) +-{ +- e->load_privkey = loadpriv_f; +- return 1; +-} +- +-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) +-{ +- e->load_pubkey = loadpub_f; +- return 1; +-} +- +-int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, +- ENGINE_SSL_CLIENT_CERT_PTR +- loadssl_f) +-{ +- e->load_ssl_client_cert = loadssl_f; +- return 1; +-} +- +-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) +-{ +- return e->load_privkey; +-} +- +-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) +-{ +- return e->load_pubkey; +-} +- +-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE +- *e) +-{ +- return e->load_ssl_client_cert; +-} +- +-/* API functions to load public/private keys */ +- +-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +- UI_METHOD *ui_method, void *callback_data) +-{ +- EVP_PKEY *pkey; +- +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if (e->funct_ref == 0) { +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED); +- return 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- if (!e->load_privkey) { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, +- ENGINE_R_NO_LOAD_FUNCTION); +- return 0; +- } +- pkey = e->load_privkey(e, key_id, ui_method, callback_data); +- if (!pkey) { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, +- ENGINE_R_FAILED_LOADING_PRIVATE_KEY); +- return 0; +- } +- return pkey; +-} +- +-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +- UI_METHOD *ui_method, void *callback_data) +-{ +- EVP_PKEY *pkey; +- +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if (e->funct_ref == 0) { +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED); +- return 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- if (!e->load_pubkey) { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION); +- return 0; +- } +- pkey = e->load_pubkey(e, key_id, ui_method, callback_data); +- if (!pkey) { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, +- ENGINE_R_FAILED_LOADING_PUBLIC_KEY); +- return 0; +- } +- return pkey; +-} +- +-int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, +- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, +- EVP_PKEY **ppkey, STACK_OF(X509) **pother, +- UI_METHOD *ui_method, void *callback_data) +-{ +- +- if (e == NULL) { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if (e->funct_ref == 0) { +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, +- ENGINE_R_NOT_INITIALISED); +- return 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- if (!e->load_ssl_client_cert) { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, +- ENGINE_R_NO_LOAD_FUNCTION); +- return 0; +- } +- return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, +- ui_method, callback_data); +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_table.c b/Cryptlib/OpenSSL/crypto/engine/eng_table.c +deleted file mode 100644 +index 7dd8b1b..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_table.c ++++ /dev/null +@@ -1,326 +0,0 @@ +-/* ==================================================================== +- * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "cryptlib.h" +-#include +-#include +-#include "eng_int.h" +- +-/* The type of the items in the table */ +-typedef struct st_engine_pile { +- /* The 'nid' of this algorithm/mode */ +- int nid; +- /* ENGINEs that implement this algorithm/mode. */ +- STACK_OF(ENGINE) *sk; +- /* The default ENGINE to perform this algorithm/mode. */ +- ENGINE *funct; +- /* +- * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise +- */ +- int uptodate; +-} ENGINE_PILE; +- +-/* The type exposed in eng_int.h */ +-struct st_engine_table { +- LHASH piles; +-}; /* ENGINE_TABLE */ +- +-/* Global flags (ENGINE_TABLE_FLAG_***). */ +-static unsigned int table_flags = 0; +- +-/* API function manipulating 'table_flags' */ +-unsigned int ENGINE_get_table_flags(void) +-{ +- return table_flags; +-} +- +-void ENGINE_set_table_flags(unsigned int flags) +-{ +- table_flags = flags; +-} +- +-/* Internal functions for the "piles" hash table */ +-static unsigned long engine_pile_hash(const ENGINE_PILE *c) +-{ +- return c->nid; +-} +- +-static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) +-{ +- return a->nid - b->nid; +-} +- +-static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *) +-static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *) +-static int int_table_check(ENGINE_TABLE **t, int create) +-{ +- LHASH *lh; +- if (*t) +- return 1; +- if (!create) +- return 0; +- if ((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), +- LHASH_COMP_FN(engine_pile_cmp))) == NULL) +- return 0; +- *t = (ENGINE_TABLE *)lh; +- return 1; +-} +- +-/* +- * Privately exposed (via eng_int.h) functions for adding and/or removing +- * ENGINEs from the implementation table +- */ +-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, +- ENGINE *e, const int *nids, int num_nids, +- int setdefault) +-{ +- int ret = 0, added = 0; +- ENGINE_PILE tmplate, *fnd; +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if (!(*table)) +- added = 1; +- if (!int_table_check(table, 1)) +- goto end; +- if (added) +- /* The cleanup callback needs to be added */ +- engine_cleanup_add_first(cleanup); +- while (num_nids--) { +- tmplate.nid = *nids; +- fnd = lh_retrieve(&(*table)->piles, &tmplate); +- if (!fnd) { +- fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); +- if (!fnd) +- goto end; +- fnd->uptodate = 1; +- fnd->nid = *nids; +- fnd->sk = sk_ENGINE_new_null(); +- if (!fnd->sk) { +- OPENSSL_free(fnd); +- goto end; +- } +- fnd->funct = NULL; +- lh_insert(&(*table)->piles, fnd); +- } +- /* A registration shouldn't add duplciate entries */ +- (void)sk_ENGINE_delete_ptr(fnd->sk, e); +- /* +- * if 'setdefault', this ENGINE goes to the head of the list +- */ +- if (!sk_ENGINE_push(fnd->sk, e)) +- goto end; +- /* "touch" this ENGINE_PILE */ +- fnd->uptodate = 0; +- if (setdefault) { +- if (!engine_unlocked_init(e)) { +- ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER, +- ENGINE_R_INIT_FAILED); +- goto end; +- } +- if (fnd->funct) +- engine_unlocked_finish(fnd->funct, 0); +- fnd->funct = e; +- fnd->uptodate = 1; +- } +- nids++; +- } +- ret = 1; +- end: +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return ret; +-} +- +-static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) +-{ +- int n; +- /* Iterate the 'c->sk' stack removing any occurance of 'e' */ +- while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) { +- (void)sk_ENGINE_delete(pile->sk, n); +- pile->uptodate = 0; +- } +- if (pile->funct == e) { +- engine_unlocked_finish(e, 0); +- pile->funct = NULL; +- } +-} +- +-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE *, +- ENGINE *) +-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) +-{ +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if (int_table_check(table, 0)) +- lh_doall_arg(&(*table)->piles, +- LHASH_DOALL_ARG_FN(int_unregister_cb), e); +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +-} +- +-static void int_cleanup_cb(ENGINE_PILE *p) +-{ +- sk_ENGINE_free(p->sk); +- if (p->funct) +- engine_unlocked_finish(p->funct, 0); +- OPENSSL_free(p); +-} +- +-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE *) +-void engine_table_cleanup(ENGINE_TABLE **table) +-{ +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if (*table) { +- lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb)); +- lh_free(&(*table)->piles); +- *table = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +-} +- +-/* return a functional reference for a given 'nid' */ +-#ifndef ENGINE_TABLE_DEBUG +-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid) +-#else +-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, +- int l) +-#endif +-{ +- ENGINE *ret = NULL; +- ENGINE_PILE tmplate, *fnd = NULL; +- int initres, loop = 0; +- +- if (!(*table)) { +-#ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing " +- "registered!\n", f, l, nid); +-#endif +- return NULL; +- } +- ERR_set_mark(); +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- /* +- * Check again inside the lock otherwise we could race against cleanup +- * operations. But don't worry about a fprintf(stderr). +- */ +- if (!int_table_check(table, 0)) +- goto end; +- tmplate.nid = nid; +- fnd = lh_retrieve(&(*table)->piles, &tmplate); +- if (!fnd) +- goto end; +- if (fnd->funct && engine_unlocked_init(fnd->funct)) { +-#ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " +- "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id); +-#endif +- ret = fnd->funct; +- goto end; +- } +- if (fnd->uptodate) { +- ret = fnd->funct; +- goto end; +- } +- trynext: +- ret = sk_ENGINE_value(fnd->sk, loop++); +- if (!ret) { +-#ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " +- "registered implementations would initialise\n", f, l, nid); +-#endif +- goto end; +- } +- /* Try to initialise the ENGINE? */ +- if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) +- initres = engine_unlocked_init(ret); +- else +- initres = 0; +- if (initres) { +- /* Update 'funct' */ +- if ((fnd->funct != ret) && engine_unlocked_init(ret)) { +- /* If there was a previous default we release it. */ +- if (fnd->funct) +- engine_unlocked_finish(fnd->funct, 0); +- fnd->funct = ret; +-#ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " +- "setting default to '%s'\n", f, l, nid, ret->id); +-#endif +- } +-#ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " +- "newly initialised '%s'\n", f, l, nid, ret->id); +-#endif +- goto end; +- } +- goto trynext; +- end: +- /* +- * If it failed, it is unlikely to succeed again until some future +- * registrations have taken place. In all cases, we cache. +- */ +- if (fnd) +- fnd->uptodate = 1; +-#ifdef ENGINE_TABLE_DEBUG +- if (ret) +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " +- "ENGINE '%s'\n", f, l, nid, ret->id); +- else +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " +- "'no matching ENGINE'\n", f, l, nid); +-#endif +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* +- * Whatever happened, any failed init()s are not failures in this +- * context, so clear our error state. +- */ +- ERR_pop_to_mark(); +- return ret; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c +deleted file mode 100644 +index fcfb2ef..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c ++++ /dev/null +@@ -1,143 +0,0 @@ +-/* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * If this symbol is defined then ENGINE_get_cipher_engine(), the function +- * that is used by EVP to hook in cipher code and cache defaults (etc), will +- * display brief debugging summaries to stderr with the 'nid'. +- */ +-/* #define ENGINE_CIPHER_DEBUG */ +- +-static ENGINE_TABLE *cipher_table = NULL; +- +-void ENGINE_unregister_ciphers(ENGINE *e) +-{ +- engine_table_unregister(&cipher_table, e); +-} +- +-static void engine_unregister_all_ciphers(void) +-{ +- engine_table_cleanup(&cipher_table); +-} +- +-int ENGINE_register_ciphers(ENGINE *e) +-{ +- if (e->ciphers) { +- const int *nids; +- int num_nids = e->ciphers(e, NULL, &nids, 0); +- if (num_nids > 0) +- return engine_table_register(&cipher_table, +- engine_unregister_all_ciphers, e, +- nids, num_nids, 0); +- } +- return 1; +-} +- +-void ENGINE_register_all_ciphers() +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_ciphers(e); +-} +- +-int ENGINE_set_default_ciphers(ENGINE *e) +-{ +- if (e->ciphers) { +- const int *nids; +- int num_nids = e->ciphers(e, NULL, &nids, 0); +- if (num_nids > 0) +- return engine_table_register(&cipher_table, +- engine_unregister_all_ciphers, e, +- nids, num_nids, 1); +- } +- return 1; +-} +- +-/* +- * Exposed API function to get a functional reference from the implementation +- * table (ie. try to get a functional reference from the tabled structural +- * references) for a given cipher 'nid' +- */ +-ENGINE *ENGINE_get_cipher_engine(int nid) +-{ +- return engine_table_select(&cipher_table, nid); +-} +- +-/* Obtains a cipher implementation from an ENGINE functional reference */ +-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid) +-{ +- const EVP_CIPHER *ret; +- ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e); +- if (!fn || !fn(e, &ret, NULL, nid)) { +- ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, ENGINE_R_UNIMPLEMENTED_CIPHER); +- return NULL; +- } +- return ret; +-} +- +-/* Gets the cipher callback from an ENGINE structure */ +-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e) +-{ +- return e->ciphers; +-} +- +-/* Sets the cipher callback in an ENGINE structure */ +-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f) +-{ +- e->ciphers = f; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c +deleted file mode 100644 +index 8114afa..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c ++++ /dev/null +@@ -1,124 +0,0 @@ +-/* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * If this symbol is defined then ENGINE_get_default_DH(), the function that +- * is used by DH to hook in implementation code and cache defaults (etc), +- * will display brief debugging summaries to stderr with the 'nid'. +- */ +-/* #define ENGINE_DH_DEBUG */ +- +-static ENGINE_TABLE *dh_table = NULL; +-static const int dummy_nid = 1; +- +-void ENGINE_unregister_DH(ENGINE *e) +-{ +- engine_table_unregister(&dh_table, e); +-} +- +-static void engine_unregister_all_DH(void) +-{ +- engine_table_cleanup(&dh_table); +-} +- +-int ENGINE_register_DH(ENGINE *e) +-{ +- if (e->dh_meth) +- return engine_table_register(&dh_table, +- engine_unregister_all_DH, e, &dummy_nid, +- 1, 0); +- return 1; +-} +- +-void ENGINE_register_all_DH() +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_DH(e); +-} +- +-int ENGINE_set_default_DH(ENGINE *e) +-{ +- if (e->dh_meth) +- return engine_table_register(&dh_table, +- engine_unregister_all_DH, e, &dummy_nid, +- 1, 1); +- return 1; +-} +- +-/* +- * Exposed API function to get a functional reference from the implementation +- * table (ie. try to get a functional reference from the tabled structural +- * references). +- */ +-ENGINE *ENGINE_get_default_DH(void) +-{ +- return engine_table_select(&dh_table, dummy_nid); +-} +- +-/* Obtains an DH implementation from an ENGINE functional reference */ +-const DH_METHOD *ENGINE_get_DH(const ENGINE *e) +-{ +- return e->dh_meth; +-} +- +-/* Sets an DH implementation in an ENGINE structure */ +-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) +-{ +- e->dh_meth = dh_meth; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c +deleted file mode 100644 +index de1ad9c..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c ++++ /dev/null +@@ -1,143 +0,0 @@ +-/* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * If this symbol is defined then ENGINE_get_digest_engine(), the function +- * that is used by EVP to hook in digest code and cache defaults (etc), will +- * display brief debugging summaries to stderr with the 'nid'. +- */ +-/* #define ENGINE_DIGEST_DEBUG */ +- +-static ENGINE_TABLE *digest_table = NULL; +- +-void ENGINE_unregister_digests(ENGINE *e) +-{ +- engine_table_unregister(&digest_table, e); +-} +- +-static void engine_unregister_all_digests(void) +-{ +- engine_table_cleanup(&digest_table); +-} +- +-int ENGINE_register_digests(ENGINE *e) +-{ +- if (e->digests) { +- const int *nids; +- int num_nids = e->digests(e, NULL, &nids, 0); +- if (num_nids > 0) +- return engine_table_register(&digest_table, +- engine_unregister_all_digests, e, +- nids, num_nids, 0); +- } +- return 1; +-} +- +-void ENGINE_register_all_digests() +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_digests(e); +-} +- +-int ENGINE_set_default_digests(ENGINE *e) +-{ +- if (e->digests) { +- const int *nids; +- int num_nids = e->digests(e, NULL, &nids, 0); +- if (num_nids > 0) +- return engine_table_register(&digest_table, +- engine_unregister_all_digests, e, +- nids, num_nids, 1); +- } +- return 1; +-} +- +-/* +- * Exposed API function to get a functional reference from the implementation +- * table (ie. try to get a functional reference from the tabled structural +- * references) for a given digest 'nid' +- */ +-ENGINE *ENGINE_get_digest_engine(int nid) +-{ +- return engine_table_select(&digest_table, nid); +-} +- +-/* Obtains a digest implementation from an ENGINE functional reference */ +-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid) +-{ +- const EVP_MD *ret; +- ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e); +- if (!fn || !fn(e, &ret, NULL, nid)) { +- ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, ENGINE_R_UNIMPLEMENTED_DIGEST); +- return NULL; +- } +- return ret; +-} +- +-/* Gets the digest callback from an ENGINE structure */ +-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e) +-{ +- return e->digests; +-} +- +-/* Sets the digest callback in an ENGINE structure */ +-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f) +-{ +- e->digests = f; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c +deleted file mode 100644 +index c1f57f1..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c ++++ /dev/null +@@ -1,124 +0,0 @@ +-/* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * If this symbol is defined then ENGINE_get_default_DSA(), the function that +- * is used by DSA to hook in implementation code and cache defaults (etc), +- * will display brief debugging summaries to stderr with the 'nid'. +- */ +-/* #define ENGINE_DSA_DEBUG */ +- +-static ENGINE_TABLE *dsa_table = NULL; +-static const int dummy_nid = 1; +- +-void ENGINE_unregister_DSA(ENGINE *e) +-{ +- engine_table_unregister(&dsa_table, e); +-} +- +-static void engine_unregister_all_DSA(void) +-{ +- engine_table_cleanup(&dsa_table); +-} +- +-int ENGINE_register_DSA(ENGINE *e) +-{ +- if (e->dsa_meth) +- return engine_table_register(&dsa_table, +- engine_unregister_all_DSA, e, &dummy_nid, +- 1, 0); +- return 1; +-} +- +-void ENGINE_register_all_DSA() +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_DSA(e); +-} +- +-int ENGINE_set_default_DSA(ENGINE *e) +-{ +- if (e->dsa_meth) +- return engine_table_register(&dsa_table, +- engine_unregister_all_DSA, e, &dummy_nid, +- 1, 1); +- return 1; +-} +- +-/* +- * Exposed API function to get a functional reference from the implementation +- * table (ie. try to get a functional reference from the tabled structural +- * references). +- */ +-ENGINE *ENGINE_get_default_DSA(void) +-{ +- return engine_table_select(&dsa_table, dummy_nid); +-} +- +-/* Obtains an DSA implementation from an ENGINE functional reference */ +-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) +-{ +- return e->dsa_meth; +-} +- +-/* Sets an DSA implementation in an ENGINE structure */ +-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) +-{ +- e->dsa_meth = dsa_meth; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c +deleted file mode 100644 +index c51441b..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c ++++ /dev/null +@@ -1,139 +0,0 @@ +-/* crypto/engine/tb_ecdh.c */ +-/* ==================================================================== +- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * +- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included +- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed +- * to the OpenSSL project. +- * +- * The ECC Code is licensed pursuant to the OpenSSL open source +- * license provided below. +- * +- * The ECDH engine software is originally written by Nils Gura and +- * Douglas Stebila of Sun Microsystems Laboratories. +- * +- */ +-/* ==================================================================== +- * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * If this symbol is defined then ENGINE_get_default_ECDH(), the function +- * that is used by ECDH to hook in implementation code and cache defaults +- * (etc), will display brief debugging summaries to stderr with the 'nid'. +- */ +-/* #define ENGINE_ECDH_DEBUG */ +- +-static ENGINE_TABLE *ecdh_table = NULL; +-static const int dummy_nid = 1; +- +-void ENGINE_unregister_ECDH(ENGINE *e) +-{ +- engine_table_unregister(&ecdh_table, e); +-} +- +-static void engine_unregister_all_ECDH(void) +-{ +- engine_table_cleanup(&ecdh_table); +-} +- +-int ENGINE_register_ECDH(ENGINE *e) +-{ +- if (e->ecdh_meth) +- return engine_table_register(&ecdh_table, +- engine_unregister_all_ECDH, e, +- &dummy_nid, 1, 0); +- return 1; +-} +- +-void ENGINE_register_all_ECDH() +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_ECDH(e); +-} +- +-int ENGINE_set_default_ECDH(ENGINE *e) +-{ +- if (e->ecdh_meth) +- return engine_table_register(&ecdh_table, +- engine_unregister_all_ECDH, e, +- &dummy_nid, 1, 1); +- return 1; +-} +- +-/* +- * Exposed API function to get a functional reference from the implementation +- * table (ie. try to get a functional reference from the tabled structural +- * references). +- */ +-ENGINE *ENGINE_get_default_ECDH(void) +-{ +- return engine_table_select(&ecdh_table, dummy_nid); +-} +- +-/* Obtains an ECDH implementation from an ENGINE functional reference */ +-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e) +-{ +- return e->ecdh_meth; +-} +- +-/* Sets an ECDH implementation in an ENGINE structure */ +-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth) +-{ +- e->ecdh_meth = ecdh_meth; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c +deleted file mode 100644 +index a8b9be6..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c ++++ /dev/null +@@ -1,124 +0,0 @@ +-/* ==================================================================== +- * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * If this symbol is defined then ENGINE_get_default_ECDSA(), the function +- * that is used by ECDSA to hook in implementation code and cache defaults +- * (etc), will display brief debugging summaries to stderr with the 'nid'. +- */ +-/* #define ENGINE_ECDSA_DEBUG */ +- +-static ENGINE_TABLE *ecdsa_table = NULL; +-static const int dummy_nid = 1; +- +-void ENGINE_unregister_ECDSA(ENGINE *e) +-{ +- engine_table_unregister(&ecdsa_table, e); +-} +- +-static void engine_unregister_all_ECDSA(void) +-{ +- engine_table_cleanup(&ecdsa_table); +-} +- +-int ENGINE_register_ECDSA(ENGINE *e) +-{ +- if (e->ecdsa_meth) +- return engine_table_register(&ecdsa_table, +- engine_unregister_all_ECDSA, e, +- &dummy_nid, 1, 0); +- return 1; +-} +- +-void ENGINE_register_all_ECDSA() +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_ECDSA(e); +-} +- +-int ENGINE_set_default_ECDSA(ENGINE *e) +-{ +- if (e->ecdsa_meth) +- return engine_table_register(&ecdsa_table, +- engine_unregister_all_ECDSA, e, +- &dummy_nid, 1, 1); +- return 1; +-} +- +-/* +- * Exposed API function to get a functional reference from the implementation +- * table (ie. try to get a functional reference from the tabled structural +- * references). +- */ +-ENGINE *ENGINE_get_default_ECDSA(void) +-{ +- return engine_table_select(&ecdsa_table, dummy_nid); +-} +- +-/* Obtains an ECDSA implementation from an ENGINE functional reference */ +-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e) +-{ +- return e->ecdsa_meth; +-} +- +-/* Sets an ECDSA implementation in an ENGINE structure */ +-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth) +-{ +- e->ecdsa_meth = ecdsa_meth; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c +deleted file mode 100644 +index a522264..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c ++++ /dev/null +@@ -1,124 +0,0 @@ +-/* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * If this symbol is defined then ENGINE_get_default_RAND(), the function +- * that is used by RAND to hook in implementation code and cache defaults +- * (etc), will display brief debugging summaries to stderr with the 'nid'. +- */ +-/* #define ENGINE_RAND_DEBUG */ +- +-static ENGINE_TABLE *rand_table = NULL; +-static const int dummy_nid = 1; +- +-void ENGINE_unregister_RAND(ENGINE *e) +-{ +- engine_table_unregister(&rand_table, e); +-} +- +-static void engine_unregister_all_RAND(void) +-{ +- engine_table_cleanup(&rand_table); +-} +- +-int ENGINE_register_RAND(ENGINE *e) +-{ +- if (e->rand_meth) +- return engine_table_register(&rand_table, +- engine_unregister_all_RAND, e, +- &dummy_nid, 1, 0); +- return 1; +-} +- +-void ENGINE_register_all_RAND() +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_RAND(e); +-} +- +-int ENGINE_set_default_RAND(ENGINE *e) +-{ +- if (e->rand_meth) +- return engine_table_register(&rand_table, +- engine_unregister_all_RAND, e, +- &dummy_nid, 1, 1); +- return 1; +-} +- +-/* +- * Exposed API function to get a functional reference from the implementation +- * table (ie. try to get a functional reference from the tabled structural +- * references). +- */ +-ENGINE *ENGINE_get_default_RAND(void) +-{ +- return engine_table_select(&rand_table, dummy_nid); +-} +- +-/* Obtains an RAND implementation from an ENGINE functional reference */ +-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) +-{ +- return e->rand_meth; +-} +- +-/* Sets an RAND implementation in an ENGINE structure */ +-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) +-{ +- e->rand_meth = rand_meth; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c +deleted file mode 100644 +index 2790a82..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c ++++ /dev/null +@@ -1,124 +0,0 @@ +-/* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * If this symbol is defined then ENGINE_get_default_RSA(), the function that +- * is used by RSA to hook in implementation code and cache defaults (etc), +- * will display brief debugging summaries to stderr with the 'nid'. +- */ +-/* #define ENGINE_RSA_DEBUG */ +- +-static ENGINE_TABLE *rsa_table = NULL; +-static const int dummy_nid = 1; +- +-void ENGINE_unregister_RSA(ENGINE *e) +-{ +- engine_table_unregister(&rsa_table, e); +-} +- +-static void engine_unregister_all_RSA(void) +-{ +- engine_table_cleanup(&rsa_table); +-} +- +-int ENGINE_register_RSA(ENGINE *e) +-{ +- if (e->rsa_meth) +- return engine_table_register(&rsa_table, +- engine_unregister_all_RSA, e, &dummy_nid, +- 1, 0); +- return 1; +-} +- +-void ENGINE_register_all_RSA() +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_RSA(e); +-} +- +-int ENGINE_set_default_RSA(ENGINE *e) +-{ +- if (e->rsa_meth) +- return engine_table_register(&rsa_table, +- engine_unregister_all_RSA, e, &dummy_nid, +- 1, 1); +- return 1; +-} +- +-/* +- * Exposed API function to get a functional reference from the implementation +- * table (ie. try to get a functional reference from the tabled structural +- * references). +- */ +-ENGINE *ENGINE_get_default_RSA(void) +-{ +- return engine_table_select(&rsa_table, dummy_nid); +-} +- +-/* Obtains an RSA implementation from an ENGINE functional reference */ +-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) +-{ +- return e->rsa_meth; +-} +- +-/* Sets an RSA implementation in an ENGINE structure */ +-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) +-{ +- e->rsa_meth = rsa_meth; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_store.c b/Cryptlib/OpenSSL/crypto/engine/tb_store.c +deleted file mode 100644 +index 1eab49d..0000000 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_store.c ++++ /dev/null +@@ -1,129 +0,0 @@ +-/* ==================================================================== +- * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "eng_int.h" +- +-/* +- * If this symbol is defined then ENGINE_get_default_STORE(), the function +- * that is used by STORE to hook in implementation code and cache defaults +- * (etc), will display brief debugging summaries to stderr with the 'nid'. +- */ +-/* #define ENGINE_STORE_DEBUG */ +- +-static ENGINE_TABLE *store_table = NULL; +-static const int dummy_nid = 1; +- +-void ENGINE_unregister_STORE(ENGINE *e) +-{ +- engine_table_unregister(&store_table, e); +-} +- +-static void engine_unregister_all_STORE(void) +-{ +- engine_table_cleanup(&store_table); +-} +- +-int ENGINE_register_STORE(ENGINE *e) +-{ +- if (e->store_meth) +- return engine_table_register(&store_table, +- engine_unregister_all_STORE, e, +- &dummy_nid, 1, 0); +- return 1; +-} +- +-void ENGINE_register_all_STORE() +-{ +- ENGINE *e; +- +- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) +- ENGINE_register_STORE(e); +-} +- +-/* The following two functions are removed because they're useless. */ +-#if 0 +-int ENGINE_set_default_STORE(ENGINE *e) +-{ +- if (e->store_meth) +- return engine_table_register(&store_table, +- engine_unregister_all_STORE, e, +- &dummy_nid, 1, 1); +- return 1; +-} +-#endif +- +-#if 0 +-/* +- * Exposed API function to get a functional reference from the implementation +- * table (ie. try to get a functional reference from the tabled structural +- * references). +- */ +-ENGINE *ENGINE_get_default_STORE(void) +-{ +- return engine_table_select(&store_table, dummy_nid); +-} +-#endif +- +-/* Obtains an STORE implementation from an ENGINE functional reference */ +-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e) +-{ +- return e->store_meth; +-} +- +-/* Sets an STORE implementation in an ENGINE structure */ +-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth) +-{ +- e->store_meth = store_meth; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c +index 424eed9..f98cce6 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err.c ++++ b/Cryptlib/OpenSSL/crypto/err/err.c +@@ -56,7 +56,7 @@ + * [including the GNU Public Licence.] + */ + /* ==================================================================== +- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -119,9 +119,507 @@ + #include + #include + +-static unsigned long get_error_values(int inc, int top, +- const char **file, int *line, +- const char **data, int *flags); ++DECLARE_LHASH_OF(ERR_STRING_DATA); ++DECLARE_LHASH_OF(ERR_STATE); ++ ++static void err_load_strings(int lib, ERR_STRING_DATA *str); ++ ++static void ERR_STATE_free(ERR_STATE *s); ++#ifndef OPENSSL_NO_ERR ++static ERR_STRING_DATA ERR_str_libraries[] = { ++ {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"}, ++ {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"}, ++ {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"}, ++ {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"}, ++ {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"}, ++ {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"}, ++ {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"}, ++ {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"}, ++ {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"}, ++ {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"}, ++ {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"}, ++ {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"}, ++ {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"}, ++ {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"}, ++ {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"}, ++ {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"}, ++ {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"}, ++ {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"}, ++ {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"}, ++ {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"}, ++ {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"}, ++ {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"}, ++ {ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines"}, ++ {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"}, ++ {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"}, ++ {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, ++ {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, ++ {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"}, ++ {0, NULL}, ++}; ++ ++static ERR_STRING_DATA ERR_str_functs[] = { ++ {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"}, ++ {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"}, ++ {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"}, ++ {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"}, ++ {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"}, ++ {ERR_PACK(0, SYS_F_BIND, 0), "bind"}, ++ {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"}, ++ {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"}, ++# ifdef OPENSSL_SYS_WINDOWS ++ {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"}, ++# endif ++ {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, ++ {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, ++ {0, NULL}, ++}; ++ ++static ERR_STRING_DATA ERR_str_reasons[] = { ++ {ERR_R_SYS_LIB, "system lib"}, ++ {ERR_R_BN_LIB, "BN lib"}, ++ {ERR_R_RSA_LIB, "RSA lib"}, ++ {ERR_R_DH_LIB, "DH lib"}, ++ {ERR_R_EVP_LIB, "EVP lib"}, ++ {ERR_R_BUF_LIB, "BUF lib"}, ++ {ERR_R_OBJ_LIB, "OBJ lib"}, ++ {ERR_R_PEM_LIB, "PEM lib"}, ++ {ERR_R_DSA_LIB, "DSA lib"}, ++ {ERR_R_X509_LIB, "X509 lib"}, ++ {ERR_R_ASN1_LIB, "ASN1 lib"}, ++ {ERR_R_CONF_LIB, "CONF lib"}, ++ {ERR_R_CRYPTO_LIB, "CRYPTO lib"}, ++ {ERR_R_EC_LIB, "EC lib"}, ++ {ERR_R_SSL_LIB, "SSL lib"}, ++ {ERR_R_BIO_LIB, "BIO lib"}, ++ {ERR_R_PKCS7_LIB, "PKCS7 lib"}, ++ {ERR_R_X509V3_LIB, "X509V3 lib"}, ++ {ERR_R_PKCS12_LIB, "PKCS12 lib"}, ++ {ERR_R_RAND_LIB, "RAND lib"}, ++ {ERR_R_DSO_LIB, "DSO lib"}, ++ {ERR_R_ENGINE_LIB, "ENGINE lib"}, ++ {ERR_R_OCSP_LIB, "OCSP lib"}, ++ {ERR_R_TS_LIB, "TS lib"}, ++ ++ {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, ++ {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"}, ++ {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"}, ++ {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"}, ++ {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"}, ++ {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, ++ ++ {ERR_R_FATAL, "fatal"}, ++ {ERR_R_MALLOC_FAILURE, "malloc failure"}, ++ {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, ++ "called a function you should not call"}, ++ {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, ++ {ERR_R_INTERNAL_ERROR, "internal error"}, ++ {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, ++ ++ {0, NULL}, ++}; ++#endif ++ ++/* Define the predeclared (but externally opaque) "ERR_FNS" type */ ++struct st_ERR_FNS { ++ /* Works on the "error_hash" string table */ ++ LHASH_OF(ERR_STRING_DATA) *(*cb_err_get) (int create); ++ void (*cb_err_del) (void); ++ ERR_STRING_DATA *(*cb_err_get_item) (const ERR_STRING_DATA *); ++ ERR_STRING_DATA *(*cb_err_set_item) (ERR_STRING_DATA *); ++ ERR_STRING_DATA *(*cb_err_del_item) (ERR_STRING_DATA *); ++ /* Works on the "thread_hash" error-state table */ ++ LHASH_OF(ERR_STATE) *(*cb_thread_get) (int create); ++ void (*cb_thread_release) (LHASH_OF(ERR_STATE) **hash); ++ ERR_STATE *(*cb_thread_get_item) (const ERR_STATE *); ++ ERR_STATE *(*cb_thread_set_item) (ERR_STATE *); ++ void (*cb_thread_del_item) (const ERR_STATE *); ++ /* Returns the next available error "library" numbers */ ++ int (*cb_get_next_lib) (void); ++}; ++ ++/* Predeclarations of the "err_defaults" functions */ ++static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create); ++static void int_err_del(void); ++static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); ++static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); ++static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); ++static LHASH_OF(ERR_STATE) *int_thread_get(int create); ++static void int_thread_release(LHASH_OF(ERR_STATE) **hash); ++static ERR_STATE *int_thread_get_item(const ERR_STATE *); ++static ERR_STATE *int_thread_set_item(ERR_STATE *); ++static void int_thread_del_item(const ERR_STATE *); ++static int int_err_get_next_lib(void); ++/* The static ERR_FNS table using these defaults functions */ ++static const ERR_FNS err_defaults = { ++ int_err_get, ++ int_err_del, ++ int_err_get_item, ++ int_err_set_item, ++ int_err_del_item, ++ int_thread_get, ++ int_thread_release, ++ int_thread_get_item, ++ int_thread_set_item, ++ int_thread_del_item, ++ int_err_get_next_lib ++}; ++ ++/* The replacable table of ERR_FNS functions we use at run-time */ ++static const ERR_FNS *err_fns = NULL; ++ ++/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ ++#define ERRFN(a) err_fns->cb_##a ++ ++/* ++ * The internal state used by "err_defaults" - as such, the setting, reading, ++ * creating, and deleting of this data should only be permitted via the ++ * "err_defaults" functions. This way, a linked module can completely defer ++ * all ERR state operation (together with requisite locking) to the ++ * implementations and state in the loading application. ++ */ ++static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL; ++static LHASH_OF(ERR_STATE) *int_thread_hash = NULL; ++static int int_thread_hash_references = 0; ++static int int_err_library_number = ERR_LIB_USER; ++ ++/* ++ * Internal function that checks whether "err_fns" is set and if not, sets it ++ * to the defaults. ++ */ ++static void err_fns_check(void) ++{ ++ if (err_fns) ++ return; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!err_fns) ++ err_fns = &err_defaults; ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++} ++ ++/* API functions to get or set the underlying ERR functions. */ ++ ++const ERR_FNS *ERR_get_implementation(void) ++{ ++ err_fns_check(); ++ return err_fns; ++} ++ ++int ERR_set_implementation(const ERR_FNS *fns) ++{ ++ int ret = 0; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ /* ++ * It's too late if 'err_fns' is non-NULL. BTW: not much point setting an ++ * error is there?! ++ */ ++ if (!err_fns) { ++ err_fns = fns; ++ ret = 1; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ return ret; ++} ++ ++/* ++ * These are the callbacks provided to "lh_new()" when creating the LHASH ++ * tables internal to the "err_defaults" implementation. ++ */ ++ ++static unsigned long get_error_values(int inc, int top, const char **file, ++ int *line, const char **data, ++ int *flags); ++ ++/* The internal functions used in the "err_defaults" implementation */ ++ ++static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) ++{ ++ unsigned long ret, l; ++ ++ l = a->error; ++ ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l); ++ return (ret ^ ret % 19 * 13); ++} ++ ++static IMPLEMENT_LHASH_HASH_FN(err_string_data, ERR_STRING_DATA) ++ ++static int err_string_data_cmp(const ERR_STRING_DATA *a, ++ const ERR_STRING_DATA *b) ++{ ++ return (int)(a->error - b->error); ++} ++ ++static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA) ++ ++static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create) ++{ ++ LHASH_OF(ERR_STRING_DATA) *ret = NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!int_error_hash && create) { ++ CRYPTO_push_info("int_err_get (err.c)"); ++ int_error_hash = lh_ERR_STRING_DATA_new(); ++ CRYPTO_pop_info(); ++ } ++ if (int_error_hash) ++ ret = int_error_hash; ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ return ret; ++} ++ ++static void int_err_del(void) ++{ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (int_error_hash) { ++ lh_ERR_STRING_DATA_free(int_error_hash); ++ int_error_hash = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++} ++ ++static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) ++{ ++ ERR_STRING_DATA *p; ++ LHASH_OF(ERR_STRING_DATA) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(err_get) (0); ++ if (!hash) ++ return NULL; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STRING_DATA_retrieve(hash, d); ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ ++ return p; ++} ++ ++static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) ++{ ++ ERR_STRING_DATA *p; ++ LHASH_OF(ERR_STRING_DATA) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(err_get) (1); ++ if (!hash) ++ return NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STRING_DATA_insert(hash, d); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ return p; ++} ++ ++static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) ++{ ++ ERR_STRING_DATA *p; ++ LHASH_OF(ERR_STRING_DATA) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(err_get) (0); ++ if (!hash) ++ return NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STRING_DATA_delete(hash, d); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ return p; ++} ++ ++static unsigned long err_state_hash(const ERR_STATE *a) ++{ ++ return CRYPTO_THREADID_hash(&a->tid) * 13; ++} ++ ++static IMPLEMENT_LHASH_HASH_FN(err_state, ERR_STATE) ++ ++static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b) ++{ ++ return CRYPTO_THREADID_cmp(&a->tid, &b->tid); ++} ++ ++static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE) ++ ++static LHASH_OF(ERR_STATE) *int_thread_get(int create) ++{ ++ LHASH_OF(ERR_STATE) *ret = NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!int_thread_hash && create) { ++ CRYPTO_push_info("int_thread_get (err.c)"); ++ int_thread_hash = lh_ERR_STATE_new(); ++ CRYPTO_pop_info(); ++ } ++ if (int_thread_hash) { ++ int_thread_hash_references++; ++ ret = int_thread_hash; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ return ret; ++} ++ ++static void int_thread_release(LHASH_OF(ERR_STATE) **hash) ++{ ++ int i; ++ ++ if (hash == NULL || *hash == NULL) ++ return; ++ ++ i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); ++ ++#ifdef REF_PRINT ++ fprintf(stderr, "%4d:%s\n", int_thread_hash_references, "ERR"); ++#endif ++ if (i > 0) ++ return; ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "int_thread_release, bad reference count\n"); ++ abort(); /* ok */ ++ } ++#endif ++ *hash = NULL; ++} ++ ++static ERR_STATE *int_thread_get_item(const ERR_STATE *d) ++{ ++ ERR_STATE *p; ++ LHASH_OF(ERR_STATE) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(thread_get) (0); ++ if (!hash) ++ return NULL; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STATE_retrieve(hash, d); ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ ++ ERRFN(thread_release) (&hash); ++ return p; ++} ++ ++static ERR_STATE *int_thread_set_item(ERR_STATE *d) ++{ ++ ERR_STATE *p; ++ LHASH_OF(ERR_STATE) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(thread_get) (1); ++ if (!hash) ++ return NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STATE_insert(hash, d); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ ERRFN(thread_release) (&hash); ++ return p; ++} ++ ++static void int_thread_del_item(const ERR_STATE *d) ++{ ++ ERR_STATE *p; ++ LHASH_OF(ERR_STATE) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(thread_get) (0); ++ if (!hash) ++ return; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STATE_delete(hash, d); ++ /* make sure we don't leak memory */ ++ if (int_thread_hash_references == 1 ++ && int_thread_hash && lh_ERR_STATE_num_items(int_thread_hash) == 0) { ++ lh_ERR_STATE_free(int_thread_hash); ++ int_thread_hash = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ ERRFN(thread_release) (&hash); ++ if (p) ++ ERR_STATE_free(p); ++} ++ ++static int int_err_get_next_lib(void) ++{ ++ int ret; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ ret = int_err_library_number++; ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ return ret; ++} ++ ++#ifndef OPENSSL_NO_ERR ++# define NUM_SYS_STR_REASONS 127 ++# define LEN_SYS_STR_REASON 32 ++ ++static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; ++/* ++ * SYS_str_reasons is filled with copies of strerror() results at ++ * initialization. 'errno' values up to 127 should cover all usual errors, ++ * others will be displayed numerically by ERR_error_string. It is crucial ++ * that we have something for each reason code that occurs in ++ * ERR_str_reasons, or bogus reason strings will be returned for SYSerr(), ++ * which always gets an errno value and never one of those 'standard' reason ++ * codes. ++ */ ++ ++static void build_SYS_str_reasons(void) ++{ ++ /* OPENSSL_malloc cannot be used here, use static storage instead */ ++ static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; ++ int i; ++ static int init = 1; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); ++ if (!init) { ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ return; ++ } ++ ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!init) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ return; ++ } ++ ++ for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { ++ ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; ++ ++ str->error = (unsigned long)i; ++ if (str->string == NULL) { ++ char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); ++ char *src = strerror(i); ++ if (src != NULL) { ++ strncpy(*dest, src, sizeof *dest); ++ (*dest)[sizeof *dest - 1] = '\0'; ++ str->string = *dest; ++ } ++ } ++ if (str->string == NULL) ++ str->string = "unknown"; ++ } ++ ++ /* ++ * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as ++ * required by ERR_load_strings. ++ */ ++ ++ init = 0; ++ ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++} ++#endif + + #define err_clear_data(p,i) \ + do { \ +@@ -143,6 +641,65 @@ static unsigned long get_error_values(int inc, int top, + (p)->err_line[i]= -1; \ + } while(0) + ++static void ERR_STATE_free(ERR_STATE *s) ++{ ++ int i; ++ ++ if (s == NULL) ++ return; ++ ++ for (i = 0; i < ERR_NUM_ERRORS; i++) { ++ err_clear_data(s, i); ++ } ++ OPENSSL_free(s); ++} ++ ++void ERR_load_ERR_strings(void) ++{ ++ err_fns_check(); ++#ifndef OPENSSL_NO_ERR ++ err_load_strings(0, ERR_str_libraries); ++ err_load_strings(0, ERR_str_reasons); ++ err_load_strings(ERR_LIB_SYS, ERR_str_functs); ++ build_SYS_str_reasons(); ++ err_load_strings(ERR_LIB_SYS, SYS_str_reasons); ++#endif ++} ++ ++static void err_load_strings(int lib, ERR_STRING_DATA *str) ++{ ++ while (str->error) { ++ if (lib) ++ str->error |= ERR_PACK(lib, 0, 0); ++ ERRFN(err_set_item) (str); ++ str++; ++ } ++} ++ ++void ERR_load_strings(int lib, ERR_STRING_DATA *str) ++{ ++ ERR_load_ERR_strings(); ++ err_load_strings(lib, str); ++} ++ ++void ERR_unload_strings(int lib, ERR_STRING_DATA *str) ++{ ++ while (str->error) { ++ if (lib) ++ str->error |= ERR_PACK(lib, 0, 0); ++ ERRFN(err_del_item) (str); ++ str++; ++ } ++} ++ ++void ERR_free_strings(void) ++{ ++ err_fns_check(); ++ ERRFN(err_del) (); ++} ++ ++/********************************************************/ ++ + void ERR_put_error(int lib, int func, int reason, const char *file, int line) + { + ERR_STATE *es; +@@ -305,6 +862,200 @@ static unsigned long get_error_values(int inc, int top, const char **file, + return ret; + } + ++void ERR_error_string_n(unsigned long e, char *buf, size_t len) ++{ ++ char lsbuf[64], fsbuf[64], rsbuf[64]; ++ const char *ls, *fs, *rs; ++ unsigned long l, f, r; ++ ++ l = ERR_GET_LIB(e); ++ f = ERR_GET_FUNC(e); ++ r = ERR_GET_REASON(e); ++ ++ ls = ERR_lib_error_string(e); ++ fs = ERR_func_error_string(e); ++ rs = ERR_reason_error_string(e); ++ ++ if (ls == NULL) ++ BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); ++ if (fs == NULL) ++ BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); ++ if (rs == NULL) ++ BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); ++ ++ BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf, ++ fs ? fs : fsbuf, rs ? rs : rsbuf); ++ if (strlen(buf) == len - 1) { ++ /* ++ * output may be truncated; make sure we always have 5 ++ * colon-separated fields, i.e. 4 colons ... ++ */ ++#define NUM_COLONS 4 ++ if (len > NUM_COLONS) { /* ... if possible */ ++ int i; ++ char *s = buf; ++ ++ for (i = 0; i < NUM_COLONS; i++) { ++ char *colon = strchr(s, ':'); ++ if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) { ++ /* ++ * set colon no. i at last possible position (buf[len-1] ++ * is the terminating 0) ++ */ ++ colon = &buf[len - 1] - NUM_COLONS + i; ++ *colon = ':'; ++ } ++ s = colon + 1; ++ } ++ } ++ } ++} ++ ++/* BAD for multi-threading: uses a local buffer if ret == NULL */ ++/* ++ * ERR_error_string_n should be used instead for ret != NULL as ++ * ERR_error_string cannot know how large the buffer is ++ */ ++char *ERR_error_string(unsigned long e, char *ret) ++{ ++ static char buf[256]; ++ ++ if (ret == NULL) ++ ret = buf; ++ ERR_error_string_n(e, ret, 256); ++ ++ return ret; ++} ++ ++LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void) ++{ ++ err_fns_check(); ++ return ERRFN(err_get) (0); ++} ++ ++LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void) ++{ ++ err_fns_check(); ++ return ERRFN(thread_get) (0); ++} ++ ++void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash) ++{ ++ err_fns_check(); ++ ERRFN(thread_release) (hash); ++} ++ ++const char *ERR_lib_error_string(unsigned long e) ++{ ++ ERR_STRING_DATA d, *p; ++ unsigned long l; ++ ++ err_fns_check(); ++ l = ERR_GET_LIB(e); ++ d.error = ERR_PACK(l, 0, 0); ++ p = ERRFN(err_get_item) (&d); ++ return ((p == NULL) ? NULL : p->string); ++} ++ ++const char *ERR_func_error_string(unsigned long e) ++{ ++ ERR_STRING_DATA d, *p; ++ unsigned long l, f; ++ ++ err_fns_check(); ++ l = ERR_GET_LIB(e); ++ f = ERR_GET_FUNC(e); ++ d.error = ERR_PACK(l, f, 0); ++ p = ERRFN(err_get_item) (&d); ++ return ((p == NULL) ? NULL : p->string); ++} ++ ++const char *ERR_reason_error_string(unsigned long e) ++{ ++ ERR_STRING_DATA d, *p = NULL; ++ unsigned long l, r; ++ ++ err_fns_check(); ++ l = ERR_GET_LIB(e); ++ r = ERR_GET_REASON(e); ++ d.error = ERR_PACK(l, 0, r); ++ p = ERRFN(err_get_item) (&d); ++ if (!p) { ++ d.error = ERR_PACK(0, 0, r); ++ p = ERRFN(err_get_item) (&d); ++ } ++ return ((p == NULL) ? NULL : p->string); ++} ++ ++void ERR_remove_thread_state(const CRYPTO_THREADID *id) ++{ ++ ERR_STATE tmp; ++ ++ if (id) ++ CRYPTO_THREADID_cpy(&tmp.tid, id); ++ else ++ CRYPTO_THREADID_current(&tmp.tid); ++ err_fns_check(); ++ /* ++ * thread_del_item automatically destroys the LHASH if the number of ++ * items reaches zero. ++ */ ++ ERRFN(thread_del_item) (&tmp); ++} ++ ++#ifndef OPENSSL_NO_DEPRECATED ++void ERR_remove_state(unsigned long pid) ++{ ++ ERR_remove_thread_state(NULL); ++} ++#endif ++ ++ERR_STATE *ERR_get_state(void) ++{ ++ static ERR_STATE fallback; ++ ERR_STATE *ret, tmp, *tmpp = NULL; ++ int i; ++ CRYPTO_THREADID tid; ++ ++ err_fns_check(); ++ CRYPTO_THREADID_current(&tid); ++ CRYPTO_THREADID_cpy(&tmp.tid, &tid); ++ ret = ERRFN(thread_get_item) (&tmp); ++ ++ /* ret == the error state, if NULL, make a new one */ ++ if (ret == NULL) { ++ ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); ++ if (ret == NULL) ++ return (&fallback); ++ CRYPTO_THREADID_cpy(&ret->tid, &tid); ++ ret->top = 0; ++ ret->bottom = 0; ++ for (i = 0; i < ERR_NUM_ERRORS; i++) { ++ ret->err_data[i] = NULL; ++ ret->err_data_flags[i] = 0; ++ } ++ tmpp = ERRFN(thread_set_item) (ret); ++ /* To check if insertion failed, do a get. */ ++ if (ERRFN(thread_get_item) (ret) != ret) { ++ ERR_STATE_free(ret); /* could not insert it */ ++ return (&fallback); ++ } ++ /* ++ * If a race occured in this function and we came second, tmpp is the ++ * first one that we just replaced. ++ */ ++ if (tmpp) ++ ERR_STATE_free(tmpp); ++ } ++ return ret; ++} ++ ++int ERR_get_next_error_library(void) ++{ ++ err_fns_check(); ++ return ERRFN(get_next_lib) (); ++} ++ + void ERR_set_error_data(char *data, int flags) + { + ERR_STATE *es; +@@ -329,6 +1080,13 @@ void ERR_add_error_data(int num, ...) + #endif + { + va_list args; ++ va_start(args, num); ++ ERR_add_error_vdata(num, args); ++ va_end(args); ++} ++ ++void ERR_add_error_vdata(int num, va_list args) ++{ + int i, n, s; + char *str, *p, *a; + +@@ -338,7 +1096,6 @@ void ERR_add_error_data(int num, ...) + return; + str[0] = '\0'; + +- va_start(args, num); + n = 0; + for (i = 0; i < num; i++) { + a = va_arg(args, char *); +@@ -350,7 +1107,7 @@ void ERR_add_error_data(int num, ...) + p = OPENSSL_realloc(str, s + 1); + if (p == NULL) { + OPENSSL_free(str); +- goto err; ++ return; + } else + str = p; + } +@@ -358,9 +1115,6 @@ void ERR_add_error_data(int num, ...) + } + } + ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING); +- +- err: +- va_end(args); + } + + int ERR_set_mark(void) +@@ -394,34 +1148,3 @@ int ERR_pop_to_mark(void) + es->err_flags[es->top] &= ~ERR_FLAG_MARK; + return 1; + } +- +-#ifdef OPENSSL_FIPS +- +-static ERR_STATE *fget_state(void) +-{ +- static ERR_STATE fstate; +- return &fstate; +-} +- +-ERR_STATE *(*get_state_func) (void) = fget_state; +-void (*remove_state_func) (unsigned long pid); +- +-ERR_STATE *ERR_get_state(void) +-{ +- return get_state_func(); +-} +- +-void int_ERR_set_state_func(ERR_STATE *(*get_func) (void), +- void (*remove_func) (unsigned long pid)) +-{ +- get_state_func = get_func; +- remove_state_func = remove_func; +-} +- +-void ERR_remove_state(unsigned long pid) +-{ +- if (remove_state_func) +- remove_state_func(pid); +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c +index 6e12a7e..d7575a7 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err_all.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_all.c +@@ -64,6 +64,9 @@ + #endif + #include + #include ++#ifndef OPENSSL_NO_COMP ++# include ++#endif + #ifndef OPENSSL_NO_RSA + # include + #endif +@@ -97,16 +100,13 @@ + #ifdef OPENSSL_FIPS + # include + #endif +- ++#include + #ifndef OPENSSL_NO_CMS + # include + #endif + #ifndef OPENSSL_NO_JPAKE + # include + #endif +-#ifndef OPENSSL_NO_COMP +-# include +-#endif + + void ERR_load_crypto_strings(void) + { +@@ -130,6 +130,9 @@ void ERR_load_crypto_strings(void) + ERR_load_ASN1_strings(); + ERR_load_CONF_strings(); + ERR_load_CRYPTO_strings(); ++# ifndef OPENSSL_NO_COMP ++ ERR_load_COMP_strings(); ++# endif + # ifndef OPENSSL_NO_EC + ERR_load_EC_strings(); + # endif +@@ -146,6 +149,7 @@ void ERR_load_crypto_strings(void) + ERR_load_PKCS12_strings(); + ERR_load_RAND_strings(); + ERR_load_DSO_strings(); ++ ERR_load_TS_strings(); + # ifndef OPENSSL_NO_ENGINE + ERR_load_ENGINE_strings(); + # endif +@@ -160,6 +164,5 @@ void ERR_load_crypto_strings(void) + # ifndef OPENSSL_NO_JPAKE + ERR_load_JPAKE_strings(); + # endif +- ERR_load_COMP_strings(); + #endif + } +diff --git a/Cryptlib/OpenSSL/crypto/err/err_bio.c b/Cryptlib/OpenSSL/crypto/err/err_bio.c +deleted file mode 100644 +index b8b22fa..0000000 +--- a/Cryptlib/OpenSSL/crypto/err/err_bio.c ++++ /dev/null +@@ -1,74 +0,0 @@ +-/* crypto/err/err_prn.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +- +-static int print_bio(const char *str, size_t len, void *bp) +-{ +- return BIO_write((BIO *)bp, str, len); +-} +- +-void ERR_print_errors(BIO *bp) +-{ +- ERR_print_errors_cb(print_bio, bp); +-} +diff --git a/Cryptlib/OpenSSL/crypto/err/err_def.c b/Cryptlib/OpenSSL/crypto/err/err_def.c +deleted file mode 100644 +index 8144652..0000000 +--- a/Cryptlib/OpenSSL/crypto/err/err_def.c ++++ /dev/null +@@ -1,665 +0,0 @@ +-/* crypto/err/err_def.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#include +- +-#define err_clear_data(p,i) \ +- do { \ +- if (((p)->err_data[i] != NULL) && \ +- (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ +- { \ +- OPENSSL_free((p)->err_data[i]); \ +- (p)->err_data[i]=NULL; \ +- } \ +- (p)->err_data_flags[i]=0; \ +- } while(0) +- +-#define err_clear(p,i) \ +- do { \ +- (p)->err_flags[i]=0; \ +- (p)->err_buffer[i]=0; \ +- err_clear_data(p,i); \ +- (p)->err_file[i]=NULL; \ +- (p)->err_line[i]= -1; \ +- } while(0) +- +-static void err_load_strings(int lib, ERR_STRING_DATA *str); +- +-static void ERR_STATE_free(ERR_STATE *s); +- +-/* Define the predeclared (but externally opaque) "ERR_FNS" type */ +-struct st_ERR_FNS { +- /* Works on the "error_hash" string table */ +- LHASH *(*cb_err_get) (int create); +- void (*cb_err_del) (void); +- ERR_STRING_DATA *(*cb_err_get_item) (const ERR_STRING_DATA *); +- ERR_STRING_DATA *(*cb_err_set_item) (ERR_STRING_DATA *); +- ERR_STRING_DATA *(*cb_err_del_item) (ERR_STRING_DATA *); +- /* Works on the "thread_hash" error-state table */ +- LHASH *(*cb_thread_get) (int create); +- void (*cb_thread_release) (LHASH **hash); +- ERR_STATE *(*cb_thread_get_item) (const ERR_STATE *); +- ERR_STATE *(*cb_thread_set_item) (ERR_STATE *); +- void (*cb_thread_del_item) (const ERR_STATE *); +- /* Returns the next available error "library" numbers */ +- int (*cb_get_next_lib) (void); +-}; +- +-/* Predeclarations of the "err_defaults" functions */ +-static LHASH *int_err_get(int create); +-static void int_err_del(void); +-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); +-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); +-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); +-static LHASH *int_thread_get(int create); +-static void int_thread_release(LHASH **hash); +-static ERR_STATE *int_thread_get_item(const ERR_STATE *); +-static ERR_STATE *int_thread_set_item(ERR_STATE *); +-static void int_thread_del_item(const ERR_STATE *); +-static int int_err_get_next_lib(void); +-/* The static ERR_FNS table using these defaults functions */ +-static const ERR_FNS err_defaults = { +- int_err_get, +- int_err_del, +- int_err_get_item, +- int_err_set_item, +- int_err_del_item, +- int_thread_get, +- int_thread_release, +- int_thread_get_item, +- int_thread_set_item, +- int_thread_del_item, +- int_err_get_next_lib +-}; +- +-/* The replacable table of ERR_FNS functions we use at run-time */ +-static const ERR_FNS *err_fns = NULL; +- +-/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ +-#define ERRFN(a) err_fns->cb_##a +- +-/* +- * The internal state used by "err_defaults" - as such, the setting, reading, +- * creating, and deleting of this data should only be permitted via the +- * "err_defaults" functions. This way, a linked module can completely defer +- * all ERR state operation (together with requisite locking) to the +- * implementations and state in the loading application. +- */ +-static LHASH *int_error_hash = NULL; +-static LHASH *int_thread_hash = NULL; +-static int int_thread_hash_references = 0; +-static int int_err_library_number = ERR_LIB_USER; +- +-/* +- * Internal function that checks whether "err_fns" is set and if not, sets it +- * to the defaults. +- */ +-static void err_fns_check(void) +-{ +- if (err_fns) +- return; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (!err_fns) +- err_fns = &err_defaults; +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +-} +- +-/* API functions to get or set the underlying ERR functions. */ +- +-const ERR_FNS *ERR_get_implementation(void) +-{ +- err_fns_check(); +- return err_fns; +-} +- +-int ERR_set_implementation(const ERR_FNS *fns) +-{ +- int ret = 0; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- /* +- * It's too late if 'err_fns' is non-NULL. BTW: not much point setting an +- * error is there?! +- */ +- if (!err_fns) { +- err_fns = fns; +- ret = 1; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- return ret; +-} +- +-/* +- * These are the callbacks provided to "lh_new()" when creating the LHASH +- * tables internal to the "err_defaults" implementation. +- */ +- +-/* static unsigned long err_hash(ERR_STRING_DATA *a); */ +-static unsigned long err_hash(const void *a_void); +-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */ +-static int err_cmp(const void *a_void, const void *b_void); +-/* static unsigned long pid_hash(ERR_STATE *pid); */ +-static unsigned long pid_hash(const void *pid_void); +-/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */ +-static int pid_cmp(const void *a_void, const void *pid_void); +- +-/* The internal functions used in the "err_defaults" implementation */ +- +-static LHASH *int_err_get(int create) +-{ +- LHASH *ret = NULL; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (!int_error_hash && create) { +- CRYPTO_push_info("int_err_get (err.c)"); +- int_error_hash = lh_new(err_hash, err_cmp); +- CRYPTO_pop_info(); +- } +- if (int_error_hash) +- ret = int_error_hash; +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- +- return ret; +-} +- +-static void int_err_del(void) +-{ +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (int_error_hash) { +- lh_free(int_error_hash); +- int_error_hash = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +-} +- +-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) +-{ +- ERR_STRING_DATA *p; +- LHASH *hash; +- +- err_fns_check(); +- hash = ERRFN(err_get) (0); +- if (!hash) +- return NULL; +- +- CRYPTO_r_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STRING_DATA *)lh_retrieve(hash, d); +- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); +- +- return p; +-} +- +-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) +-{ +- ERR_STRING_DATA *p; +- LHASH *hash; +- +- err_fns_check(); +- hash = ERRFN(err_get) (1); +- if (!hash) +- return NULL; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STRING_DATA *)lh_insert(hash, d); +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- +- return p; +-} +- +-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) +-{ +- ERR_STRING_DATA *p; +- LHASH *hash; +- +- err_fns_check(); +- hash = ERRFN(err_get) (0); +- if (!hash) +- return NULL; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STRING_DATA *)lh_delete(hash, d); +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- +- return p; +-} +- +-static LHASH *int_thread_get(int create) +-{ +- LHASH *ret = NULL; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (!int_thread_hash && create) { +- CRYPTO_push_info("int_thread_get (err.c)"); +- int_thread_hash = lh_new(pid_hash, pid_cmp); +- CRYPTO_pop_info(); +- } +- if (int_thread_hash) { +- int_thread_hash_references++; +- ret = int_thread_hash; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- return ret; +-} +- +-static void int_thread_release(LHASH **hash) +-{ +- int i; +- +- if (hash == NULL || *hash == NULL) +- return; +- +- i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); +- +-#ifdef REF_PRINT +- fprintf(stderr, "%4d:%s\n", int_thread_hash_references, "ERR"); +-#endif +- if (i > 0) +- return; +-#ifdef REF_CHECK +- if (i < 0) { +- fprintf(stderr, "int_thread_release, bad reference count\n"); +- abort(); /* ok */ +- } +-#endif +- *hash = NULL; +-} +- +-static ERR_STATE *int_thread_get_item(const ERR_STATE *d) +-{ +- ERR_STATE *p; +- LHASH *hash; +- +- err_fns_check(); +- hash = ERRFN(thread_get) (0); +- if (!hash) +- return NULL; +- +- CRYPTO_r_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STATE *)lh_retrieve(hash, d); +- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); +- +- ERRFN(thread_release) (&hash); +- return p; +-} +- +-static ERR_STATE *int_thread_set_item(ERR_STATE *d) +-{ +- ERR_STATE *p; +- LHASH *hash; +- +- err_fns_check(); +- hash = ERRFN(thread_get) (1); +- if (!hash) +- return NULL; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STATE *)lh_insert(hash, d); +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- +- ERRFN(thread_release) (&hash); +- return p; +-} +- +-static void int_thread_del_item(const ERR_STATE *d) +-{ +- ERR_STATE *p; +- LHASH *hash; +- +- err_fns_check(); +- hash = ERRFN(thread_get) (0); +- if (!hash) +- return; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STATE *)lh_delete(hash, d); +- /* make sure we don't leak memory */ +- if (int_thread_hash_references == 1 +- && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) { +- lh_free(int_thread_hash); +- int_thread_hash = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- +- ERRFN(thread_release) (&hash); +- if (p) +- ERR_STATE_free(p); +-} +- +-static int int_err_get_next_lib(void) +-{ +- int ret; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- ret = int_err_library_number++; +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- +- return ret; +-} +- +-static void ERR_STATE_free(ERR_STATE *s) +-{ +- int i; +- +- if (s == NULL) +- return; +- +- for (i = 0; i < ERR_NUM_ERRORS; i++) { +- err_clear_data(s, i); +- } +- OPENSSL_free(s); +-} +- +-static void err_load_strings(int lib, ERR_STRING_DATA *str) +-{ +- while (str->error) { +- if (lib) +- str->error |= ERR_PACK(lib, 0, 0); +- ERRFN(err_set_item) (str); +- str++; +- } +-} +- +-void ERR_load_strings(int lib, ERR_STRING_DATA *str) +-{ +- err_fns_check(); +- err_load_strings(lib, str); +-} +- +-void ERR_unload_strings(int lib, ERR_STRING_DATA *str) +-{ +- while (str->error) { +- if (lib) +- str->error |= ERR_PACK(lib, 0, 0); +- ERRFN(err_del_item) (str); +- str++; +- } +-} +- +-void ERR_free_strings(void) +-{ +- err_fns_check(); +- ERRFN(err_del) (); +-} +- +-LHASH *ERR_get_string_table(void) +-{ +- err_fns_check(); +- return ERRFN(err_get) (0); +-} +- +-LHASH *ERR_get_err_state_table(void) +-{ +- err_fns_check(); +- return ERRFN(thread_get) (0); +-} +- +-void ERR_release_err_state_table(LHASH **hash) +-{ +- err_fns_check(); +- ERRFN(thread_release) (hash); +-} +- +-const char *ERR_lib_error_string(unsigned long e) +-{ +- ERR_STRING_DATA d, *p; +- unsigned long l; +- +- err_fns_check(); +- l = ERR_GET_LIB(e); +- d.error = ERR_PACK(l, 0, 0); +- p = ERRFN(err_get_item) (&d); +- return ((p == NULL) ? NULL : p->string); +-} +- +-const char *ERR_func_error_string(unsigned long e) +-{ +- ERR_STRING_DATA d, *p; +- unsigned long l, f; +- +- err_fns_check(); +- l = ERR_GET_LIB(e); +- f = ERR_GET_FUNC(e); +- d.error = ERR_PACK(l, f, 0); +- p = ERRFN(err_get_item) (&d); +- return ((p == NULL) ? NULL : p->string); +-} +- +-const char *ERR_reason_error_string(unsigned long e) +-{ +- ERR_STRING_DATA d, *p = NULL; +- unsigned long l, r; +- +- err_fns_check(); +- l = ERR_GET_LIB(e); +- r = ERR_GET_REASON(e); +- d.error = ERR_PACK(l, 0, r); +- p = ERRFN(err_get_item) (&d); +- if (!p) { +- d.error = ERR_PACK(0, 0, r); +- p = ERRFN(err_get_item) (&d); +- } +- return ((p == NULL) ? NULL : p->string); +-} +- +-/* static unsigned long err_hash(ERR_STRING_DATA *a) */ +-static unsigned long err_hash(const void *a_void) +-{ +- unsigned long ret, l; +- +- l = ((const ERR_STRING_DATA *)a_void)->error; +- ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l); +- return (ret ^ ret % 19 * 13); +-} +- +-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ +-static int err_cmp(const void *a_void, const void *b_void) +-{ +- return ((int)(((const ERR_STRING_DATA *)a_void)->error - +- ((const ERR_STRING_DATA *)b_void)->error)); +-} +- +-/* static unsigned long pid_hash(ERR_STATE *a) */ +-static unsigned long pid_hash(const void *a_void) +-{ +- return (((const ERR_STATE *)a_void)->pid * 13); +-} +- +-/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ +-static int pid_cmp(const void *a_void, const void *b_void) +-{ +- return ((int)((long)((const ERR_STATE *)a_void)->pid - +- (long)((const ERR_STATE *)b_void)->pid)); +-} +- +-#ifdef OPENSSL_FIPS +-static void int_err_remove_state(unsigned long pid) +-#else +-void ERR_remove_state(unsigned long pid) +-#endif +-{ +- ERR_STATE tmp; +- +- err_fns_check(); +- if (pid == 0) +- pid = (unsigned long)CRYPTO_thread_id(); +- tmp.pid = pid; +- /* +- * thread_del_item automatically destroys the LHASH if the number of +- * items reaches zero. +- */ +- ERRFN(thread_del_item) (&tmp); +-} +- +-#ifdef OPENSSL_FIPS +-static ERR_STATE *int_err_get_state(void) +-#else +-ERR_STATE *ERR_get_state(void) +-#endif +-{ +- static ERR_STATE fallback; +- ERR_STATE *ret, tmp, *tmpp = NULL; +- int i; +- unsigned long pid; +- +- err_fns_check(); +- pid = (unsigned long)CRYPTO_thread_id(); +- tmp.pid = pid; +- ret = ERRFN(thread_get_item) (&tmp); +- +- /* ret == the error state, if NULL, make a new one */ +- if (ret == NULL) { +- ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); +- if (ret == NULL) +- return (&fallback); +- ret->pid = pid; +- ret->top = 0; +- ret->bottom = 0; +- for (i = 0; i < ERR_NUM_ERRORS; i++) { +- ret->err_data[i] = NULL; +- ret->err_data_flags[i] = 0; +- } +- tmpp = ERRFN(thread_set_item) (ret); +- /* To check if insertion failed, do a get. */ +- if (ERRFN(thread_get_item) (ret) != ret) { +- ERR_STATE_free(ret); /* could not insert it */ +- return (&fallback); +- } +- /* +- * If a race occured in this function and we came second, tmpp is the +- * first one that we just replaced. +- */ +- if (tmpp) +- ERR_STATE_free(tmpp); +- } +- return ret; +-} +- +-#ifdef OPENSSL_FIPS +-void int_ERR_lib_init(void) +-{ +- int_ERR_set_state_func(int_err_get_state, int_err_remove_state); +-} +-#endif +- +-int ERR_get_next_error_library(void) +-{ +- err_fns_check(); +- return ERRFN(get_next_lib) (); +-} +diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c +index 060853a..6e352ef 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err_prn.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_prn.c +@@ -72,8 +72,10 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + const char *file, *data; + int line, flags; + unsigned long es; ++ CRYPTO_THREADID cur; + +- es = CRYPTO_thread_id(); ++ CRYPTO_THREADID_current(&cur); ++ es = CRYPTO_THREADID_hash(&cur); + while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { + ERR_error_string_n(l, buf, sizeof buf); + BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, +@@ -100,67 +102,12 @@ void ERR_print_errors_fp(FILE *fp) + } + #endif + +-void ERR_error_string_n(unsigned long e, char *buf, size_t len) ++static int print_bio(const char *str, size_t len, void *bp) + { +- char lsbuf[64], fsbuf[64], rsbuf[64]; +- const char *ls, *fs, *rs; +- unsigned long l, f, r; +- +- l = ERR_GET_LIB(e); +- f = ERR_GET_FUNC(e); +- r = ERR_GET_REASON(e); +- +- ls = ERR_lib_error_string(e); +- fs = ERR_func_error_string(e); +- rs = ERR_reason_error_string(e); +- +- if (ls == NULL) +- BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); +- if (fs == NULL) +- BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); +- if (rs == NULL) +- BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); +- +- BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf, +- fs ? fs : fsbuf, rs ? rs : rsbuf); +- if (strlen(buf) == len - 1) { +- /* +- * output may be truncated; make sure we always have 5 +- * colon-separated fields, i.e. 4 colons ... +- */ +-#define NUM_COLONS 4 +- if (len > NUM_COLONS) { /* ... if possible */ +- int i; +- char *s = buf; +- +- for (i = 0; i < NUM_COLONS; i++) { +- char *colon = strchr(s, ':'); +- if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) { +- /* +- * set colon no. i at last possible position (buf[len-1] +- * is the terminating 0) +- */ +- colon = &buf[len - 1] - NUM_COLONS + i; +- *colon = ':'; +- } +- s = colon + 1; +- } +- } +- } ++ return BIO_write((BIO *)bp, str, len); + } + +-/* BAD for multi-threading: uses a local buffer if ret == NULL */ +-/* +- * ERR_error_string_n should be used instead for ret != NULL as +- * ERR_error_string cannot know how large the buffer is +- */ +-char *ERR_error_string(unsigned long e, char *ret) ++void ERR_print_errors(BIO *bp) + { +- static char buf[256]; +- +- if (ret == NULL) +- ret = buf; +- ERR_error_string_n(e, ret, 256); +- +- return ret; ++ ERR_print_errors_cb(print_bio, bp); + } +diff --git a/Cryptlib/OpenSSL/crypto/err/err_str.c b/Cryptlib/OpenSSL/crypto/err/err_str.c +deleted file mode 100644 +index 5a642fb..0000000 +--- a/Cryptlib/OpenSSL/crypto/err/err_str.c ++++ /dev/null +@@ -1,289 +0,0 @@ +-/* crypto/err/err_str.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#include +- +-#ifndef OPENSSL_NO_ERR +-static ERR_STRING_DATA ERR_str_libraries[] = { +- {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"}, +- {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"}, +- {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"}, +- {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"}, +- {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"}, +- {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"}, +- {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"}, +- {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"}, +- {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"}, +- {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"}, +- {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"}, +- {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"}, +- {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"}, +- {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"}, +- {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"}, +- {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"}, +- {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"}, +- {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"}, +- {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"}, +- {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"}, +- {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"}, +- {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"}, +- {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"}, +- {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"}, +- {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, +- {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, +- {ERR_PACK(ERR_LIB_JPAKE, 0, 0), "JPAKE routines"}, +- {0, NULL}, +-}; +- +-static ERR_STRING_DATA ERR_str_functs[] = { +- {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"}, +- {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"}, +- {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"}, +- {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"}, +- {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"}, +- {ERR_PACK(0, SYS_F_BIND, 0), "bind"}, +- {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"}, +- {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"}, +-# ifdef OPENSSL_SYS_WINDOWS +- {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"}, +-# endif +- {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, +- {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, +- {0, NULL}, +-}; +- +-static ERR_STRING_DATA ERR_str_reasons[] = { +- {ERR_R_SYS_LIB, "system lib"}, +- {ERR_R_BN_LIB, "BN lib"}, +- {ERR_R_RSA_LIB, "RSA lib"}, +- {ERR_R_DH_LIB, "DH lib"}, +- {ERR_R_EVP_LIB, "EVP lib"}, +- {ERR_R_BUF_LIB, "BUF lib"}, +- {ERR_R_OBJ_LIB, "OBJ lib"}, +- {ERR_R_PEM_LIB, "PEM lib"}, +- {ERR_R_DSA_LIB, "DSA lib"}, +- {ERR_R_X509_LIB, "X509 lib"}, +- {ERR_R_ASN1_LIB, "ASN1 lib"}, +- {ERR_R_CONF_LIB, "CONF lib"}, +- {ERR_R_CRYPTO_LIB, "CRYPTO lib"}, +- {ERR_R_EC_LIB, "EC lib"}, +- {ERR_R_SSL_LIB, "SSL lib"}, +- {ERR_R_BIO_LIB, "BIO lib"}, +- {ERR_R_PKCS7_LIB, "PKCS7 lib"}, +- {ERR_R_X509V3_LIB, "X509V3 lib"}, +- {ERR_R_PKCS12_LIB, "PKCS12 lib"}, +- {ERR_R_RAND_LIB, "RAND lib"}, +- {ERR_R_DSO_LIB, "DSO lib"}, +- {ERR_R_ENGINE_LIB, "ENGINE lib"}, +- {ERR_R_OCSP_LIB, "OCSP lib"}, +- +- {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, +- {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"}, +- {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"}, +- {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"}, +- {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"}, +- {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, +- +- {ERR_R_FATAL, "fatal"}, +- {ERR_R_MALLOC_FAILURE, "malloc failure"}, +- {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, +- "called a function you should not call"}, +- {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, +- {ERR_R_INTERNAL_ERROR, "internal error"}, +- {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, +- +- {0, NULL}, +-}; +-#endif +- +-#ifndef OPENSSL_NO_ERR +-# define NUM_SYS_STR_REASONS 127 +-# define LEN_SYS_STR_REASON 32 +- +-static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; +-/* +- * SYS_str_reasons is filled with copies of strerror() results at +- * initialization. 'errno' values up to 127 should cover all usual errors, +- * others will be displayed numerically by ERR_error_string. It is crucial +- * that we have something for each reason code that occurs in +- * ERR_str_reasons, or bogus reason strings will be returned for SYSerr, +- * which always gets an errno value and never one of those 'standard' reason +- * codes. +- */ +- +-static void build_SYS_str_reasons(void) +-{ +- /* OPENSSL_malloc cannot be used here, use static storage instead */ +- static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; +- int i; +- static int init = 1; +- +- CRYPTO_r_lock(CRYPTO_LOCK_ERR); +- if (!init) { +- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); +- return; +- } +- +- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (!init) { +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- return; +- } +- +- for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { +- ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; +- +- str->error = (unsigned long)i; +- if (str->string == NULL) { +- char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); +- char *src = strerror(i); +- if (src != NULL) { +- strncpy(*dest, src, sizeof *dest); +- (*dest)[sizeof *dest - 1] = '\0'; +- str->string = *dest; +- } +- } +- if (str->string == NULL) +- str->string = "unknown"; +- } +- +- /* +- * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as +- * required by ERR_load_strings. +- */ +- +- init = 0; +- +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +-} +-#endif +- +-void ERR_load_ERR_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- if (ERR_func_error_string(ERR_str_functs[0].error) == NULL) { +- ERR_load_strings(0, ERR_str_libraries); +- ERR_load_strings(0, ERR_str_reasons); +- ERR_load_strings(ERR_LIB_SYS, ERR_str_functs); +- build_SYS_str_reasons(); +- ERR_load_strings(ERR_LIB_SYS, SYS_str_reasons); +- } +-#endif +-} +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c +index 4397fb1..363e024 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c +@@ -360,8 +360,10 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_CTRL_DUP: + dbio = (BIO *)ptr; + dctx = (BIO_ENC_CTX *)dbio->ptr; +- memcpy(&(dctx->cipher), &(ctx->cipher), sizeof(ctx->cipher)); +- dbio->init = 1; ++ EVP_CIPHER_CTX_init(&dctx->cipher); ++ ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher); ++ if (ret) ++ dbio->init = 1; + break; + default: + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c +index 9f0024b..f0b0c0c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_md.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_md.c +@@ -134,7 +134,9 @@ static int md_read(BIO *b, char *out, int outl) + ret = BIO_read(b->next_bio, out, outl); + if (b->init) { + if (ret > 0) { +- EVP_DigestUpdate(ctx, (unsigned char *)out, (unsigned int)ret); ++ if (EVP_DigestUpdate(ctx, (unsigned char *)out, ++ (unsigned int)ret) <= 0) ++ return (-1); + } + } + BIO_clear_retry_flags(b); +@@ -155,12 +157,17 @@ static int md_write(BIO *b, const char *in, int inl) + ret = BIO_write(b->next_bio, in, inl); + if (b->init) { + if (ret > 0) { +- EVP_DigestUpdate(ctx, (const unsigned char *)in, +- (unsigned int)ret); ++ if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, ++ (unsigned int)ret)) { ++ BIO_clear_retry_flags(b); ++ return 0; ++ } + } + } +- BIO_clear_retry_flags(b); +- BIO_copy_next_retry(b); ++ if (b->next_bio != NULL) { ++ BIO_clear_retry_flags(b); ++ BIO_copy_next_retry(b); ++ } + return (ret); + } + +@@ -193,6 +200,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_C_GET_MD_CTX: + pctx = ptr; + *pctx = ctx; ++ b->init = 1; + break; + case BIO_C_SET_MD_CTX: + if (b->init) +@@ -215,7 +223,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_CTRL_DUP: + dbio = ptr; + dctx = dbio->ptr; +- EVP_MD_CTX_copy_ex(dctx, ctx); ++ if (!EVP_MD_CTX_copy_ex(dctx, ctx)) ++ return 0; + b->init = 1; + break; + default: +@@ -247,7 +256,9 @@ static int md_gets(BIO *bp, char *buf, int size) + ctx = bp->ptr; + if (size < ctx->digest->md_size) + return (0); +- EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret); ++ if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) ++ return -1; ++ + return ((int)ret); + } + +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c +index e66854c..5c32e35 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c +@@ -133,10 +133,10 @@ static int ok_new(BIO *h); + static int ok_free(BIO *data); + static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); + +-static void sig_out(BIO *b); +-static void sig_in(BIO *b); +-static void block_out(BIO *b); +-static void block_in(BIO *b); ++static int sig_out(BIO *b); ++static int sig_in(BIO *b); ++static int block_out(BIO *b); ++static int block_in(BIO *b); + #define OK_BLOCK_SIZE (1024*4) + #define OK_BLOCK_BLOCK 4 + #define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) +@@ -267,12 +267,20 @@ static int ok_read(BIO *b, char *out, int outl) + ctx->buf_len += i; + + /* no signature yet -- check if we got one */ +- if (ctx->sigio == 1) +- sig_in(b); ++ if (ctx->sigio == 1) { ++ if (!sig_in(b)) { ++ BIO_clear_retry_flags(b); ++ return 0; ++ } ++ } + + /* signature ok -- check if we got block */ +- if (ctx->sigio == 0) +- block_in(b); ++ if (ctx->sigio == 0) { ++ if (!block_in(b)) { ++ BIO_clear_retry_flags(b); ++ return 0; ++ } ++ } + + /* invalid block -- cancel */ + if (ctx->cont <= 0) +@@ -299,8 +307,8 @@ static int ok_write(BIO *b, const char *in, int inl) + if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) + return (0); + +- if (ctx->sigio) +- sig_out(b); ++ if (ctx->sigio && !sig_out(b)) ++ return 0; + + do { + BIO_clear_retry_flags(b); +@@ -337,7 +345,10 @@ static int ok_write(BIO *b, const char *in, int inl) + in += n; + + if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) { +- block_out(b); ++ if (!block_out(b)) { ++ BIO_clear_retry_flags(b); ++ return 0; ++ } + } + } while (inl > 0); + +@@ -383,7 +394,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_CTRL_FLUSH: + /* do a final write */ + if (ctx->blockout == 0) +- block_out(b); ++ if (!block_out(b)) ++ return 0; + + while (ctx->blockout) { + i = ok_write(b, NULL, 0); +@@ -410,7 +422,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) + break; + case BIO_C_SET_MD: + md = ptr; +- EVP_DigestInit_ex(&ctx->md, md, NULL); ++ if (!EVP_DigestInit_ex(&ctx->md, md, NULL)) ++ return 0; + b->init = 1; + break; + case BIO_C_GET_MD: +@@ -461,7 +474,7 @@ static void longswap(void *_ptr, size_t len) + } + } + +-static void sig_out(BIO *b) ++static int sig_out(BIO *b) + { + BIO_OK_CTX *ctx; + EVP_MD_CTX *md; +@@ -470,26 +483,34 @@ static void sig_out(BIO *b) + md = &ctx->md; + + if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE) +- return; ++ return 1; + +- EVP_DigestInit_ex(md, md->digest, NULL); ++ if (!EVP_DigestInit_ex(md, md->digest, NULL)) ++ goto berr; + /* + * FIXME: there's absolutely no guarantee this makes any sense at all, + * particularly now EVP_MD_CTX has been restructured. + */ +- RAND_pseudo_bytes(md->md_data, md->digest->md_size); ++ if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0) ++ goto berr; + memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); + longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); + ctx->buf_len += md->digest->md_size; + +- EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); +- EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); ++ if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) ++ goto berr; ++ if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) ++ goto berr; + ctx->buf_len += md->digest->md_size; + ctx->blockout = 1; + ctx->sigio = 0; ++ return 1; ++ berr: ++ BIO_clear_retry_flags(b); ++ return 0; + } + +-static void sig_in(BIO *b) ++static int sig_in(BIO *b) + { + BIO_OK_CTX *ctx; + EVP_MD_CTX *md; +@@ -500,15 +521,18 @@ static void sig_in(BIO *b) + md = &ctx->md; + + if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size) +- return; ++ return 1; + +- EVP_DigestInit_ex(md, md->digest, NULL); ++ if (!EVP_DigestInit_ex(md, md->digest, NULL)) ++ goto berr; + memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); + longswap(md->md_data, md->digest->md_size); + ctx->buf_off += md->digest->md_size; + +- EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); +- EVP_DigestFinal_ex(md, tmp, NULL); ++ if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) ++ goto berr; ++ if (!EVP_DigestFinal_ex(md, tmp, NULL)) ++ goto berr; + ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; + ctx->buf_off += md->digest->md_size; + if (ret == 1) { +@@ -522,9 +546,13 @@ static void sig_in(BIO *b) + } else { + ctx->cont = 0; + } ++ return 1; ++ berr: ++ BIO_clear_retry_flags(b); ++ return 0; + } + +-static void block_out(BIO *b) ++static int block_out(BIO *b) + { + BIO_OK_CTX *ctx; + EVP_MD_CTX *md; +@@ -538,13 +566,20 @@ static void block_out(BIO *b) + ctx->buf[1] = (unsigned char)(tl >> 16); + ctx->buf[2] = (unsigned char)(tl >> 8); + ctx->buf[3] = (unsigned char)(tl); +- EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl); +- EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); ++ if (!EVP_DigestUpdate(md, ++ (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl)) ++ goto berr; ++ if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) ++ goto berr; + ctx->buf_len += md->digest->md_size; + ctx->blockout = 1; ++ return 1; ++ berr: ++ BIO_clear_retry_flags(b); ++ return 0; + } + +-static void block_in(BIO *b) ++static int block_in(BIO *b) + { + BIO_OK_CTX *ctx; + EVP_MD_CTX *md; +@@ -564,10 +599,13 @@ static void block_in(BIO *b) + tl |= ctx->buf[3]; + + if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size) +- return; ++ return 1; + +- EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl); +- EVP_DigestFinal_ex(md, tmp, NULL); ++ if (!EVP_DigestUpdate(md, ++ (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl)) ++ goto berr; ++ if (!EVP_DigestFinal_ex(md, tmp, NULL)) ++ goto berr; + if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == + 0) { + /* there might be parts from next block lurking around ! */ +@@ -579,4 +617,8 @@ static void block_in(BIO *b) + } else { + ctx->cont = 0; + } ++ return 1; ++ berr: ++ BIO_clear_retry_flags(b); ++ return 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c +index 83f5003..a3ed00d 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/c_all.c ++++ b/Cryptlib/OpenSSL/crypto/evp/c_all.c +@@ -83,7 +83,7 @@ void OPENSSL_add_all_algorithms_noconf(void) + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); + #ifndef OPENSSL_NO_ENGINE +-# if defined(__OpenBSD__) || defined(__FreeBSD__) ++# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) + ENGINE_setup_bsd_cryptodev(); + # endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c +index 7a2b524..280e584 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/c_allc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/c_allc.c +@@ -93,11 +93,15 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_des_ecb()); + EVP_add_cipher(EVP_des_ede()); + EVP_add_cipher(EVP_des_ede3()); ++ EVP_add_cipher(EVP_des_ede3_wrap()); + #endif + + #ifndef OPENSSL_NO_RC4 + EVP_add_cipher(EVP_rc4()); + EVP_add_cipher(EVP_rc4_40()); ++# ifndef OPENSSL_NO_MD5 ++ EVP_add_cipher(EVP_rc4_hmac_md5()); ++# endif + #endif + + #ifndef OPENSSL_NO_IDEA +@@ -166,9 +170,11 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_aes_128_cfb1()); + EVP_add_cipher(EVP_aes_128_cfb8()); + EVP_add_cipher(EVP_aes_128_ofb()); +-# if 0 + EVP_add_cipher(EVP_aes_128_ctr()); +-# endif ++ EVP_add_cipher(EVP_aes_128_gcm()); ++ EVP_add_cipher(EVP_aes_128_xts()); ++ EVP_add_cipher(EVP_aes_128_ccm()); ++ EVP_add_cipher(EVP_aes_128_wrap()); + EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); + EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); + EVP_add_cipher(EVP_aes_192_ecb()); +@@ -177,9 +183,10 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_aes_192_cfb1()); + EVP_add_cipher(EVP_aes_192_cfb8()); + EVP_add_cipher(EVP_aes_192_ofb()); +-# if 0 + EVP_add_cipher(EVP_aes_192_ctr()); +-# endif ++ EVP_add_cipher(EVP_aes_192_gcm()); ++ EVP_add_cipher(EVP_aes_192_ccm()); ++ EVP_add_cipher(EVP_aes_192_wrap()); + EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); + EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); + EVP_add_cipher(EVP_aes_256_ecb()); +@@ -188,11 +195,21 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_aes_256_cfb1()); + EVP_add_cipher(EVP_aes_256_cfb8()); + EVP_add_cipher(EVP_aes_256_ofb()); +-# if 0 + EVP_add_cipher(EVP_aes_256_ctr()); +-# endif ++ EVP_add_cipher(EVP_aes_256_gcm()); ++ EVP_add_cipher(EVP_aes_256_xts()); ++ EVP_add_cipher(EVP_aes_256_ccm()); ++ EVP_add_cipher(EVP_aes_256_wrap()); + EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); + EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); ++# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) ++ EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); ++ EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); ++# endif ++# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) ++ EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); ++ EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); ++# endif + #endif + + #ifndef OPENSSL_NO_CAMELLIA +@@ -221,7 +238,4 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); + EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); + #endif +- +- PKCS12_PBE_add(); +- PKCS5_PBE_add(); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c +index ab17f7c..fdbe3ee 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/c_alld.c ++++ b/Cryptlib/OpenSSL/crypto/evp/c_alld.c +@@ -78,7 +78,7 @@ void OpenSSL_add_all_digests(void) + EVP_add_digest(EVP_dss()); + # endif + #endif +-#ifndef OPENSSL_NO_SHA ++#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) + EVP_add_digest(EVP_sha1()); + EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); +@@ -108,4 +108,7 @@ void OpenSSL_add_all_digests(void) + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); + #endif ++#ifndef OPENSSL_NO_WHIRLPOOL ++ EVP_add_digest(EVP_whirlpool()); ++#endif + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c +deleted file mode 100644 +index a0a6bc0..0000000 +--- a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c ++++ /dev/null +@@ -1,176 +0,0 @@ +-/* crypto/evp/digest.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +-#include "evp_locl.h" +- +-#ifndef OPENSSL_NO_ENGINE +- +-# ifdef OPENSSL_FIPS +- +-static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, +- ENGINE *impl) +-{ +- if (*ptype) { +- /* +- * Ensure an ENGINE left lying around from last time is cleared (the +- * previous check attempted to avoid this if the same ENGINE and +- * EVP_MD could be used). +- */ +- if (ctx->engine) +- ENGINE_finish(ctx->engine); +- if (impl) { +- if (!ENGINE_init(impl)) { +- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, +- EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- } else +- /* Ask if an ENGINE is reserved for this job */ +- impl = ENGINE_get_digest_engine((*ptype)->type); +- if (impl) { +- /* There's an ENGINE for this job ... (apparently) */ +- const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); +- if (!d) { +- /* Same comment from evp_enc.c */ +- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, +- EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- /* We'll use the ENGINE's private digest definition */ +- *ptype = d; +- /* +- * Store the ENGINE functional reference so we know 'type' came +- * from an ENGINE and we need to release it when done. +- */ +- ctx->engine = impl; +- } else +- ctx->engine = NULL; +- } else if (!ctx->digest) { +- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, EVP_R_NO_DIGEST_SET); +- return 0; +- } +- return 1; +-} +- +-void int_EVP_MD_init_engine_callbacks(void) +-{ +- int_EVP_MD_set_engine_callbacks(ENGINE_init, ENGINE_finish, +- do_evp_md_engine_full); +-} +-# endif +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c +index 9f5ee7b..f2643f3 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/digest.c ++++ b/Cryptlib/OpenSSL/crypto/evp/digest.c +@@ -116,7 +116,11 @@ + #ifndef OPENSSL_NO_ENGINE + # include + #endif +-#include "evp_locl.h" ++ ++#ifdef OPENSSL_FIPS ++# include ++# include "evp_locl.h" ++#endif + + void EVP_MD_CTX_init(EVP_MD_CTX *ctx) + { +@@ -139,93 +143,33 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) + return EVP_DigestInit_ex(ctx, type, NULL); + } + +-#ifdef OPENSSL_FIPS +- +-/* +- * The purpose of these is to trap programs that attempt to use non FIPS +- * algorithms in FIPS mode and ignore the errors. +- */ +- +-static int bad_init(EVP_MD_CTX *ctx) +-{ +- FIPS_ERROR_IGNORED("Digest init"); +- return 0; +-} +- +-static int bad_update(EVP_MD_CTX *ctx, const void *data, size_t count) +-{ +- FIPS_ERROR_IGNORED("Digest update"); +- return 0; +-} +- +-static int bad_final(EVP_MD_CTX *ctx, unsigned char *md) ++int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + { +- FIPS_ERROR_IGNORED("Digest Final"); +- return 0; +-} +- +-static const EVP_MD bad_md = { +- 0, +- 0, +- 0, +- 0, +- bad_init, +- bad_update, +- bad_final, +- NULL, +- NULL, +- NULL, +- 0, +- {0, 0, 0, 0}, +-}; +- ++ EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); ++#ifdef OPENSSL_FIPS ++ /* If FIPS mode switch to approved implementation if possible */ ++ if (FIPS_mode()) { ++ const EVP_MD *fipsmd; ++ if (type) { ++ fipsmd = evp_get_fips_md(type); ++ if (fipsmd) ++ type = fipsmd; ++ } ++ } + #endif +- + #ifndef OPENSSL_NO_ENGINE +- +-# ifdef OPENSSL_FIPS +- +-static int do_engine_null(ENGINE *impl) +-{ +- return 0; +-} +- +-static int do_evp_md_engine_null(EVP_MD_CTX *ctx, +- const EVP_MD **ptype, ENGINE *impl) +-{ +- return 1; +-} +- +-static int (*do_engine_init) (ENGINE *impl) +- = do_engine_null; +- +-static int (*do_engine_finish) (ENGINE *impl) +- = do_engine_null; +- +-static int (*do_evp_md_engine) +- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) +- = do_evp_md_engine_null; +- +-void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl), +- int (*eng_md_fin) (ENGINE *impl), +- int (*eng_md_evp) +- (EVP_MD_CTX *ctx, const EVP_MD **ptype, +- ENGINE *impl)) +-{ +- do_engine_init = eng_md_init; +- do_engine_finish = eng_md_fin; +- do_evp_md_engine = eng_md_evp; +-} +- +-# else +- +-# define do_engine_init ENGINE_init +-# define do_engine_finish ENGINE_finish +- +-static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, +- ENGINE *impl) +-{ +- if (*ptype) { ++ /* ++ * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so ++ * this context may already have an ENGINE! Try to avoid releasing the ++ * previous handle, re-querying for an ENGINE, and having a ++ * reinitialisation, when it may all be unecessary. ++ */ ++ if (ctx->engine && ctx->digest && (!type || ++ (type ++ && (type->type == ++ ctx->digest->type)))) ++ goto skip_to_init; ++ if (type) { + /* + * Ensure an ENGINE left lying around from last time is cleared (the + * previous check attempted to avoid this if the same ENGINE and +@@ -235,23 +179,23 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, + ENGINE_finish(ctx->engine); + if (impl) { + if (!ENGINE_init(impl)) { +- EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR); ++ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } else + /* Ask if an ENGINE is reserved for this job */ +- impl = ENGINE_get_digest_engine((*ptype)->type); ++ impl = ENGINE_get_digest_engine(type->type); + if (impl) { + /* There's an ENGINE for this job ... (apparently) */ +- const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); ++ const EVP_MD *d = ENGINE_get_digest(impl, type->type); + if (!d) { + /* Same comment from evp_enc.c */ +- EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR); ++ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); + ENGINE_finish(impl); + return 0; + } + /* We'll use the ENGINE's private digest definition */ +- *ptype = d; ++ type = d; + /* + * Store the ENGINE functional reference so we know 'type' came + * from an ENGINE and we need to release it when done. +@@ -259,59 +203,22 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, + ctx->engine = impl; + } else + ctx->engine = NULL; +- } else if (!ctx->digest) { +- EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_NO_DIGEST_SET); +- return 0; +- } +- return 1; +-} +- +-# endif +- +-#endif +- +-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) +-{ +- M_EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); +-#ifdef OPENSSL_FIPS +- if (FIPS_selftest_failed()) { +- FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); +- ctx->digest = &bad_md; +- return 0; ++ } else { ++ if (!ctx->digest) { ++ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET); ++ return 0; ++ } ++ type = ctx->digest; + } + #endif +-#ifndef OPENSSL_NO_ENGINE +- /* +- * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so +- * this context may already have an ENGINE! Try to avoid releasing the +- * previous handle, re-querying for an ENGINE, and having a +- * reinitialisation, when it may all be unecessary. +- */ +- if (ctx->engine && ctx->digest && (!type || +- (type +- && (type->type == +- ctx->digest->type)))) +- goto skip_to_init; +- if (!do_evp_md_engine(ctx, &type, impl)) +- return 0; +-#endif + if (ctx->digest != type) { +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) { +- if (!(type->flags & EVP_MD_FLAG_FIPS) +- && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { +- EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); +- ctx->digest = &bad_md; +- return 0; +- } +- } +-#endif + if (ctx->digest && ctx->digest->ctx_size) + OPENSSL_free(ctx->md_data); + ctx->digest = type; +- if (type->ctx_size) { ++ if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ++ ctx->update = type->update; + ctx->md_data = OPENSSL_malloc(type->ctx_size); +- if (!ctx->md_data) { ++ if (ctx->md_data == NULL) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -320,15 +227,34 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + #ifndef OPENSSL_NO_ENGINE + skip_to_init: + #endif ++ if (ctx->pctx) { ++ int r; ++ r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, ++ EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); ++ if (r <= 0 && (r != -2)) ++ return 0; ++ } ++ if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) ++ return 1; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_digestinit(ctx, type)) ++ return 1; ++ OPENSSL_free(ctx->md_data); ++ ctx->md_data = NULL; ++ return 0; ++ } ++#endif + return ctx->digest->init(ctx); + } + + int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) + { + #ifdef OPENSSL_FIPS +- FIPS_selftest_check(); ++ return FIPS_digestupdate(ctx, data, count); ++#else ++ return ctx->update(ctx, data, count); + #endif +- return ctx->digest->update(ctx, data, count); + } + + /* The caller can assume that this removes any secret data from the context */ +@@ -343,10 +269,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + /* The caller can assume that this removes any secret data from the context */ + int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + { +- int ret; + #ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-#endif ++ return FIPS_digestfinal(ctx, md, size); ++#else ++ int ret; + + OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); + ret = ctx->digest->final(ctx, md); +@@ -354,10 +280,11 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + *size = ctx->digest->md_size; + if (ctx->digest->cleanup) { + ctx->digest->cleanup(ctx); +- M_EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); + } + memset(ctx->md_data, 0, ctx->digest->ctx_size); + return ret; ++#endif + } + + int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) +@@ -375,7 +302,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) + } + #ifndef OPENSSL_NO_ENGINE + /* Make sure it's safe to copy a digest context using an ENGINE */ +- if (in->engine && !do_engine_init(in->engine)) { ++ if (in->engine && !ENGINE_init(in->engine)) { + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB); + return 0; + } +@@ -383,13 +310,13 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) + + if (out->digest == in->digest) { + tmp_buf = out->md_data; +- M_EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); ++ EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); + } else + tmp_buf = NULL; + EVP_MD_CTX_cleanup(out); + memcpy(out, in, sizeof *out); + +- if (out->digest->ctx_size) { ++ if (in->md_data && out->digest->ctx_size) { + if (tmp_buf) + out->md_data = tmp_buf; + else { +@@ -402,6 +329,16 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) + memcpy(out->md_data, in->md_data, out->digest->ctx_size); + } + ++ out->update = in->update; ++ ++ if (in->pctx) { ++ out->pctx = EVP_PKEY_CTX_dup(in->pctx); ++ if (!out->pctx) { ++ EVP_MD_CTX_cleanup(out); ++ return 0; ++ } ++ } ++ + if (out->digest->copy) + return out->digest->copy(out, in); + +@@ -416,7 +353,7 @@ int EVP_Digest(const void *data, size_t count, + int ret; + + EVP_MD_CTX_init(&ctx); +- M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); ++ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); + ret = EVP_DigestInit_ex(&ctx, type, impl) + && EVP_DigestUpdate(&ctx, data, count) + && EVP_DigestFinal_ex(&ctx, md, size); +@@ -427,32 +364,41 @@ int EVP_Digest(const void *data, size_t count, + + void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) + { +- EVP_MD_CTX_cleanup(ctx); +- OPENSSL_free(ctx); ++ if (ctx) { ++ EVP_MD_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++ } + } + + /* This call frees resources associated with the context */ + int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) + { ++#ifndef OPENSSL_FIPS + /* + * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because + * sometimes only copies of the context are ever finalised. + */ + if (ctx->digest && ctx->digest->cleanup +- && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) ++ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data +- && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { ++ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { + OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); + OPENSSL_free(ctx->md_data); + } ++#endif ++ if (ctx->pctx) ++ EVP_PKEY_CTX_free(ctx->pctx); + #ifndef OPENSSL_NO_ENGINE + if (ctx->engine) + /* + * The EVP_MD we used belongs to an ENGINE, release the functional + * reference we held for this reason. + */ +- do_engine_finish(ctx->engine); ++ ENGINE_finish(ctx->engine); ++#endif ++#ifdef OPENSSL_FIPS ++ FIPS_md_ctx_cleanup(ctx); + #endif + memset(ctx, '\0', sizeof *ctx); + +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c +index 5d08405..1734a82 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_aes.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_aes.c +@@ -1,5 +1,5 @@ + /* ==================================================================== +- * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -50,53 +50,960 @@ + + #include + #ifndef OPENSSL_NO_AES ++#include + # include + # include + # include + # include + # include + # include "evp_locl.h" ++# include "modes_lcl.h" ++# include + +-static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); ++# undef EVP_CIPH_FLAG_FIPS ++# define EVP_CIPH_FLAG_FIPS 0 + + typedef struct { +- AES_KEY ks; ++ union { ++ double align; ++ AES_KEY ks; ++ } ks; ++ block128_f block; ++ union { ++ cbc128_f cbc; ++ ctr128_f ctr; ++ } stream; + } EVP_AES_KEY; + +-# define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx) +- +-IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, +- NID_aes_128, 16, 16, 16, 128, +- EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1, +- aes_init_key, NULL, NULL, NULL, NULL) +- IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, +- NID_aes_192, 16, 24, 16, 128, +- EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1, +- aes_init_key, NULL, NULL, NULL, NULL) +- IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, +- NID_aes_256, 16, 32, 16, 128, +- EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1, +- aes_init_key, NULL, NULL, NULL, NULL) +-# define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) +- IMPLEMENT_AES_CFBR(128, 1, EVP_CIPH_FLAG_FIPS) +- IMPLEMENT_AES_CFBR(192, 1, EVP_CIPH_FLAG_FIPS) +- IMPLEMENT_AES_CFBR(256, 1, EVP_CIPH_FLAG_FIPS) +- +- IMPLEMENT_AES_CFBR(128, 8, EVP_CIPH_FLAG_FIPS) +- IMPLEMENT_AES_CFBR(192, 8, EVP_CIPH_FLAG_FIPS) +- IMPLEMENT_AES_CFBR(256, 8, EVP_CIPH_FLAG_FIPS) ++typedef struct { ++ union { ++ double align; ++ AES_KEY ks; ++ } ks; /* AES key schedule to use */ ++ int key_set; /* Set if key initialised */ ++ int iv_set; /* Set if an iv is set */ ++ GCM128_CONTEXT gcm; ++ unsigned char *iv; /* Temporary IV store */ ++ int ivlen; /* IV length */ ++ int taglen; ++ int iv_gen; /* It is OK to generate IVs */ ++ int tls_aad_len; /* TLS AAD length */ ++ ctr128_f ctr; ++} EVP_AES_GCM_CTX; ++ ++typedef struct { ++ union { ++ double align; ++ AES_KEY ks; ++ } ks1, ks2; /* AES key schedules to use */ ++ XTS128_CONTEXT xts; ++ void (*stream) (const unsigned char *in, ++ unsigned char *out, size_t length, ++ const AES_KEY *key1, const AES_KEY *key2, ++ const unsigned char iv[16]); ++} EVP_AES_XTS_CTX; ++ ++typedef struct { ++ union { ++ double align; ++ AES_KEY ks; ++ } ks; /* AES key schedule to use */ ++ int key_set; /* Set if key initialised */ ++ int iv_set; /* Set if an iv is set */ ++ int tag_set; /* Set if tag is valid */ ++ int len_set; /* Set if message length set */ ++ int L, M; /* L and M parameters from RFC3610 */ ++ CCM128_CONTEXT ccm; ++ ccm128_f str; ++} EVP_AES_CCM_CTX; ++ ++# define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) ++ ++# ifdef VPAES_ASM ++int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++ ++void vpaes_encrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++void vpaes_decrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++ ++void vpaes_cbc_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key, unsigned char *ivec, int enc); ++# endif ++# ifdef BSAES_ASM ++void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const AES_KEY *key, ++ unsigned char ivec[16], int enc); ++void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ const unsigned char ivec[16]); ++void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, ++ size_t len, const AES_KEY *key1, ++ const AES_KEY *key2, const unsigned char iv[16]); ++void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, ++ size_t len, const AES_KEY *key1, ++ const AES_KEY *key2, const unsigned char iv[16]); ++# endif ++# ifdef AES_CTR_ASM ++void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key, ++ const unsigned char ivec[AES_BLOCK_SIZE]); ++# endif ++# ifdef AES_XTS_ASM ++void AES_xts_encrypt(const char *inp, char *out, size_t len, ++ const AES_KEY *key1, const AES_KEY *key2, ++ const unsigned char iv[16]); ++void AES_xts_decrypt(const char *inp, char *out, size_t len, ++ const AES_KEY *key1, const AES_KEY *key2, ++ const unsigned char iv[16]); ++# endif ++ ++# if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) ++# include "ppc_arch.h" ++# ifdef VPAES_ASM ++# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) ++# endif ++# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) ++# define HWAES_set_encrypt_key aes_p8_set_encrypt_key ++# define HWAES_set_decrypt_key aes_p8_set_decrypt_key ++# define HWAES_encrypt aes_p8_encrypt ++# define HWAES_decrypt aes_p8_decrypt ++# define HWAES_cbc_encrypt aes_p8_cbc_encrypt ++# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks ++# endif ++ ++# if defined(AES_ASM) && !defined(I386_ONLY) && ( \ ++ ((defined(__i386) || defined(__i386__) || \ ++ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ ++ defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__INTEL__) ) ++ ++extern unsigned int OPENSSL_ia32cap_P[]; ++ ++# ifdef VPAES_ASM ++# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) ++# endif ++# ifdef BSAES_ASM ++# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) ++# endif ++/* ++ * AES-NI section ++ */ ++# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) ++ ++int aesni_set_encrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++int aesni_set_decrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++ ++void aesni_encrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++void aesni_decrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++ ++void aesni_ecb_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, const AES_KEY *key, int enc); ++void aesni_cbc_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key, unsigned char *ivec, int enc); ++ ++void aesni_ctr32_encrypt_blocks(const unsigned char *in, ++ unsigned char *out, ++ size_t blocks, ++ const void *key, const unsigned char *ivec); ++ ++void aesni_xts_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key1, const AES_KEY *key2, ++ const unsigned char iv[16]); ++ ++void aesni_xts_decrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key1, const AES_KEY *key2, ++ const unsigned char iv[16]); ++ ++void aesni_ccm64_encrypt_blocks(const unsigned char *in, ++ unsigned char *out, ++ size_t blocks, ++ const void *key, ++ const unsigned char ivec[16], ++ unsigned char cmac[16]); ++ ++void aesni_ccm64_decrypt_blocks(const unsigned char *in, ++ unsigned char *out, ++ size_t blocks, ++ const void *key, ++ const unsigned char ivec[16], ++ unsigned char cmac[16]); ++ ++# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) ++size_t aesni_gcm_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi); ++# define AES_gcm_encrypt aesni_gcm_encrypt ++size_t aesni_gcm_decrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi); ++# define AES_gcm_decrypt aesni_gcm_decrypt ++void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, ++ size_t len); ++# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \ ++ gctx->gcm.ghash==gcm_ghash_avx) ++# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ ++ gctx->gcm.ghash==gcm_ghash_avx) ++# undef AES_GCM_ASM2 /* minor size optimization */ ++# endif ++ ++static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ int ret, mode; ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; ++ ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) ++ && !enc) { ++ ret = aesni_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); ++ dat->block = (block128_f) aesni_decrypt; ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) aesni_cbc_encrypt : NULL; ++ } else { ++ ret = aesni_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); ++ dat->block = (block128_f) aesni_encrypt; ++ if (mode == EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; ++ else if (mode == EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; ++ else ++ dat->stream.cbc = NULL; ++ } ++ ++ if (ret < 0) { ++ EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv, ctx->encrypt); ++ ++ return 1; ++} ++ ++static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ size_t bl = ctx->cipher->block_size; ++ ++ if (len < bl) ++ return 1; ++ ++ aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); ++ ++ return 1; ++} ++ ++# define aesni_ofb_cipher aes_ofb_cipher ++static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aesni_cfb_cipher aes_cfb_cipher ++static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aesni_cfb8_cipher aes_cfb8_cipher ++static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aesni_cfb1_cipher aes_cfb1_cipher ++static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aesni_ctr_cipher aes_ctr_cipher ++static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) { ++ aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); ++ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt); ++ gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; ++ /* ++ * If we have an iv can set it directly, otherwise use saved IV. ++ */ ++ if (iv == NULL && gctx->iv_set) ++ iv = gctx->iv; ++ if (iv) { ++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); ++ gctx->iv_set = 1; ++ } ++ gctx->key_set = 1; ++ } else { ++ /* If key set use IV, otherwise copy */ ++ if (gctx->key_set) ++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); ++ else ++ memcpy(gctx->iv, iv, gctx->ivlen); ++ gctx->iv_set = 1; ++ gctx->iv_gen = 0; ++ } ++ return 1; ++} ++ ++# define aesni_gcm_cipher aes_gcm_cipher ++static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ ++ if (key) { ++ /* key_len is two AES keys */ ++ if (enc) { ++ aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) aesni_encrypt; ++ xctx->stream = aesni_xts_encrypt; ++ } else { ++ aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) aesni_decrypt; ++ xctx->stream = aesni_xts_decrypt; ++ } ++ ++ aesni_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); ++ xctx->xts.block2 = (block128_f) aesni_encrypt; ++ ++ xctx->xts.key1 = &xctx->ks1; ++ } ++ ++ if (iv) { ++ xctx->xts.key2 = &xctx->ks2; ++ memcpy(ctx->iv, iv, 16); ++ } ++ ++ return 1; ++} ++ ++# define aesni_xts_cipher aes_xts_cipher ++static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) { ++ aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); ++ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, ++ &cctx->ks, (block128_f) aesni_encrypt); ++ cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks : ++ (ccm128_f) aesni_ccm64_decrypt_blocks; ++ cctx->key_set = 1; ++ } ++ if (iv) { ++ memcpy(ctx->iv, iv, 15 - cctx->L); ++ cctx->iv_set = 1; ++ } ++ return 1; ++} ++ ++# define aesni_ccm_cipher aes_ccm_cipher ++static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ ++static const EVP_CIPHER aesni_##keylen##_##mode = { \ ++ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aesni_init_key, \ ++ aesni_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_AES_KEY), \ ++ NULL,NULL,NULL,NULL }; \ ++static const EVP_CIPHER aes_##keylen##_##mode = { \ ++ nid##_##keylen##_##nmode,blocksize, \ ++ keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_init_key, \ ++ aes_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_AES_KEY), \ ++ NULL,NULL,NULL,NULL }; \ ++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ ++{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } ++ ++# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ ++static const EVP_CIPHER aesni_##keylen##_##mode = { \ ++ nid##_##keylen##_##mode,blocksize, \ ++ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aesni_##mode##_init_key, \ ++ aesni_##mode##_cipher, \ ++ aes_##mode##_cleanup, \ ++ sizeof(EVP_AES_##MODE##_CTX), \ ++ NULL,NULL,aes_##mode##_ctrl,NULL }; \ ++static const EVP_CIPHER aes_##keylen##_##mode = { \ ++ nid##_##keylen##_##mode,blocksize, \ ++ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_##mode##_init_key, \ ++ aes_##mode##_cipher, \ ++ aes_##mode##_cleanup, \ ++ sizeof(EVP_AES_##MODE##_CTX), \ ++ NULL,NULL,aes_##mode##_ctrl,NULL }; \ ++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ ++{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } ++ ++# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) ++ ++# include "sparc_arch.h" ++ ++extern unsigned int OPENSSL_sparcv9cap_P[]; ++ ++# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) ++ ++void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); ++void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); ++void aes_t4_encrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++void aes_t4_decrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++/* ++ * Key-length specific subroutines were chosen for following reason. ++ * Each SPARC T4 core can execute up to 8 threads which share core's ++ * resources. Loading as much key material to registers allows to ++ * minimize references to shared memory interface, as well as amount ++ * of instructions in inner loops [much needed on T4]. But then having ++ * non-key-length specific routines would require conditional branches ++ * either in inner loops or on subroutines' entries. Former is hardly ++ * acceptable, while latter means code size increase to size occupied ++ * by multiple key-length specfic subroutines, so why fight? ++ */ ++void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key, ++ unsigned char *ivec); ++void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key, ++ unsigned char *ivec); ++void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key, ++ unsigned char *ivec); ++void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key1, ++ const AES_KEY *key2, const unsigned char *ivec); ++void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key1, ++ const AES_KEY *key2, const unsigned char *ivec); ++void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key1, ++ const AES_KEY *key2, const unsigned char *ivec); ++void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key1, ++ const AES_KEY *key2, const unsigned char *ivec); ++ ++static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ int ret, mode, bits; ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; ++ ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ bits = ctx->key_len * 8; ++ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) ++ && !enc) { ++ ret = 0; ++ aes_t4_set_decrypt_key(key, bits, ctx->cipher_data); ++ dat->block = (block128_f) aes_t4_decrypt; ++ switch (bits) { ++ case 128: ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) aes128_t4_cbc_decrypt : NULL; ++ break; ++ case 192: ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) aes192_t4_cbc_decrypt : NULL; ++ break; ++ case 256: ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) aes256_t4_cbc_decrypt : NULL; ++ break; ++ default: ++ ret = -1; ++ } ++ } else { ++ ret = 0; ++ aes_t4_set_encrypt_key(key, bits, ctx->cipher_data); ++ dat->block = (block128_f) aes_t4_encrypt; ++ switch (bits) { ++ case 128: ++ if (mode == EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f) aes128_t4_cbc_encrypt; ++ else if (mode == EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f) aes128_t4_ctr32_encrypt; ++ else ++ dat->stream.cbc = NULL; ++ break; ++ case 192: ++ if (mode == EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f) aes192_t4_cbc_encrypt; ++ else if (mode == EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f) aes192_t4_ctr32_encrypt; ++ else ++ dat->stream.cbc = NULL; ++ break; ++ case 256: ++ if (mode == EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f) aes256_t4_cbc_encrypt; ++ else if (mode == EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f) aes256_t4_ctr32_encrypt; ++ else ++ dat->stream.cbc = NULL; ++ break; ++ default: ++ ret = -1; ++ } ++ } ++ ++ if (ret < 0) { ++ EVPerr(EVP_F_AES_T4_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++# define aes_t4_cbc_cipher aes_cbc_cipher ++static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aes_t4_ecb_cipher aes_ecb_cipher ++static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aes_t4_ofb_cipher aes_ofb_cipher ++static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aes_t4_cfb_cipher aes_cfb_cipher ++static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aes_t4_cfb8_cipher aes_cfb8_cipher ++static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aes_t4_cfb1_cipher aes_cfb1_cipher ++static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define aes_t4_ctr_cipher aes_ctr_cipher ++static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) { ++ int bits = ctx->key_len * 8; ++ aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks); ++ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, ++ (block128_f) aes_t4_encrypt); ++ switch (bits) { ++ case 128: ++ gctx->ctr = (ctr128_f) aes128_t4_ctr32_encrypt; ++ break; ++ case 192: ++ gctx->ctr = (ctr128_f) aes192_t4_ctr32_encrypt; ++ break; ++ case 256: ++ gctx->ctr = (ctr128_f) aes256_t4_ctr32_encrypt; ++ break; ++ default: ++ return 0; ++ } ++ /* ++ * If we have an iv can set it directly, otherwise use saved IV. ++ */ ++ if (iv == NULL && gctx->iv_set) ++ iv = gctx->iv; ++ if (iv) { ++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); ++ gctx->iv_set = 1; ++ } ++ gctx->key_set = 1; ++ } else { ++ /* If key set use IV, otherwise copy */ ++ if (gctx->key_set) ++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); ++ else ++ memcpy(gctx->iv, iv, gctx->ivlen); ++ gctx->iv_set = 1; ++ gctx->iv_gen = 0; ++ } ++ return 1; ++} ++ ++# define aes_t4_gcm_cipher aes_gcm_cipher ++static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ ++ if (key) { ++ int bits = ctx->key_len * 4; ++ xctx->stream = NULL; ++ /* key_len is two AES keys */ ++ if (enc) { ++ aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) aes_t4_encrypt; ++ switch (bits) { ++ case 128: ++ xctx->stream = aes128_t4_xts_encrypt; ++ break; ++# if 0 /* not yet */ ++ case 192: ++ xctx->stream = aes192_t4_xts_encrypt; ++ break; ++# endif ++ case 256: ++ xctx->stream = aes256_t4_xts_encrypt; ++ break; ++ default: ++ return 0; ++ } ++ } else { ++ aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) aes_t4_decrypt; ++ switch (bits) { ++ case 128: ++ xctx->stream = aes128_t4_xts_decrypt; ++ break; ++# if 0 /* not yet */ ++ case 192: ++ xctx->stream = aes192_t4_xts_decrypt; ++ break; ++# endif ++ case 256: ++ xctx->stream = aes256_t4_xts_decrypt; ++ break; ++ default: ++ return 0; ++ } ++ } ++ ++ aes_t4_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); ++ xctx->xts.block2 = (block128_f) aes_t4_encrypt; ++ ++ xctx->xts.key1 = &xctx->ks1; ++ } ++ ++ if (iv) { ++ xctx->xts.key2 = &xctx->ks2; ++ memcpy(ctx->iv, iv, 16); ++ } ++ ++ return 1; ++} ++ ++# define aes_t4_xts_cipher aes_xts_cipher ++static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) { ++ int bits = ctx->key_len * 8; ++ aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); ++ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, ++ &cctx->ks, (block128_f) aes_t4_encrypt); ++# if 0 /* not yet */ ++ switch (bits) { ++ case 128: ++ cctx->str = enc ? (ccm128_f) aes128_t4_ccm64_encrypt : ++ (ccm128_f) ae128_t4_ccm64_decrypt; ++ break; ++ case 192: ++ cctx->str = enc ? (ccm128_f) aes192_t4_ccm64_encrypt : ++ (ccm128_f) ae192_t4_ccm64_decrypt; ++ break; ++ case 256: ++ cctx->str = enc ? (ccm128_f) aes256_t4_ccm64_encrypt : ++ (ccm128_f) ae256_t4_ccm64_decrypt; ++ break; ++ default: ++ return 0; ++ } ++# else ++ cctx->str = NULL; ++# endif ++ cctx->key_set = 1; ++ } ++ if (iv) { ++ memcpy(ctx->iv, iv, 15 - cctx->L); ++ cctx->iv_set = 1; ++ } ++ return 1; ++} ++ ++# define aes_t4_ccm_cipher aes_ccm_cipher ++static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ ++static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ ++ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_t4_init_key, \ ++ aes_t4_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_AES_KEY), \ ++ NULL,NULL,NULL,NULL }; \ ++static const EVP_CIPHER aes_##keylen##_##mode = { \ ++ nid##_##keylen##_##nmode,blocksize, \ ++ keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_init_key, \ ++ aes_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_AES_KEY), \ ++ NULL,NULL,NULL,NULL }; \ ++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ ++{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } ++ ++# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ ++static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ ++ nid##_##keylen##_##mode,blocksize, \ ++ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_t4_##mode##_init_key, \ ++ aes_t4_##mode##_cipher, \ ++ aes_##mode##_cleanup, \ ++ sizeof(EVP_AES_##MODE##_CTX), \ ++ NULL,NULL,aes_##mode##_ctrl,NULL }; \ ++static const EVP_CIPHER aes_##keylen##_##mode = { \ ++ nid##_##keylen##_##mode,blocksize, \ ++ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_##mode##_init_key, \ ++ aes_##mode##_cipher, \ ++ aes_##mode##_cleanup, \ ++ sizeof(EVP_AES_##MODE##_CTX), \ ++ NULL,NULL,aes_##mode##_ctrl,NULL }; \ ++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ ++{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } ++ ++# else ++ ++# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ ++static const EVP_CIPHER aes_##keylen##_##mode = { \ ++ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_init_key, \ ++ aes_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_AES_KEY), \ ++ NULL,NULL,NULL,NULL }; \ ++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ ++{ return &aes_##keylen##_##mode; } ++ ++# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ ++static const EVP_CIPHER aes_##keylen##_##mode = { \ ++ nid##_##keylen##_##mode,blocksize, \ ++ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_##mode##_init_key, \ ++ aes_##mode##_cipher, \ ++ aes_##mode##_cleanup, \ ++ sizeof(EVP_AES_##MODE##_CTX), \ ++ NULL,NULL,aes_##mode##_ctrl,NULL }; \ ++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ ++{ return &aes_##keylen##_##mode; } ++# endif ++ ++# if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) ++# include "arm_arch.h" ++# if __ARM_MAX_ARCH__>=7 ++# if defined(BSAES_ASM) ++# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) ++# endif ++# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) ++# define HWAES_set_encrypt_key aes_v8_set_encrypt_key ++# define HWAES_set_decrypt_key aes_v8_set_decrypt_key ++# define HWAES_encrypt aes_v8_encrypt ++# define HWAES_decrypt aes_v8_decrypt ++# define HWAES_cbc_encrypt aes_v8_cbc_encrypt ++# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks ++# endif ++# endif ++ ++# if defined(HWAES_CAPABLE) ++int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key); ++int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key); ++void HWAES_encrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++void HWAES_decrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const AES_KEY *key, ++ unsigned char *ivec, const int enc); ++void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ const unsigned char ivec[16]); ++# endif ++ ++# define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ ++ BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ ++ BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ ++ BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ ++ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ ++ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ ++ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ ++ BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) + + static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- int ret; ++ int ret, mode; ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + +- if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE +- || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE || enc) +- ret = AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); +- else +- ret = AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) ++ && !enc) ++# ifdef HWAES_CAPABLE ++ if (HWAES_CAPABLE) { ++ ret = HWAES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); ++ dat->block = (block128_f) HWAES_decrypt; ++ dat->stream.cbc = NULL; ++# ifdef HWAES_cbc_encrypt ++ if (mode == EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; ++# endif ++ } else ++# endif ++# ifdef BSAES_CAPABLE ++ if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { ++ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); ++ dat->block = (block128_f) AES_decrypt; ++ dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt; ++ } else ++# endif ++# ifdef VPAES_CAPABLE ++ if (VPAES_CAPABLE) { ++ ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); ++ dat->block = (block128_f) vpaes_decrypt; ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) vpaes_cbc_encrypt : NULL; ++ } else ++# endif ++ { ++ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); ++ dat->block = (block128_f) AES_decrypt; ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) AES_cbc_encrypt : NULL; ++ } else ++# ifdef HWAES_CAPABLE ++ if (HWAES_CAPABLE) { ++ ret = HWAES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); ++ dat->block = (block128_f) HWAES_encrypt; ++ dat->stream.cbc = NULL; ++# ifdef HWAES_cbc_encrypt ++ if (mode == EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; ++ else ++# endif ++# ifdef HWAES_ctr32_encrypt_blocks ++ if (mode == EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; ++ else ++# endif ++ (void)0; /* terminate potentially open 'else' */ ++ } else ++# endif ++# ifdef BSAES_CAPABLE ++ if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { ++ ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); ++ dat->block = (block128_f) AES_encrypt; ++ dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; ++ } else ++# endif ++# ifdef VPAES_CAPABLE ++ if (VPAES_CAPABLE) { ++ ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); ++ dat->block = (block128_f) vpaes_encrypt; ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) vpaes_cbc_encrypt : NULL; ++ } else ++# endif ++ { ++ ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); ++ dat->block = (block128_f) AES_encrypt; ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) AES_cbc_encrypt : NULL; ++# ifdef AES_CTR_ASM ++ if (mode == EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt; ++# endif ++ } + + if (ret < 0) { + EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); +@@ -106,4 +1013,1012 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + return 1; + } + ++static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; ++ ++ if (dat->stream.cbc) ++ (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); ++ else if (ctx->encrypt) ++ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); ++ else ++ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); ++ ++ return 1; ++} ++ ++static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ size_t bl = ctx->cipher->block_size; ++ size_t i; ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; ++ ++ if (len < bl) ++ return 1; ++ ++ for (i = 0, len -= bl; i <= len; i += bl) ++ (*dat->block) (in + i, out + i, &dat->ks); ++ ++ return 1; ++} ++ ++static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; ++ ++ CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ++ ctx->iv, &ctx->num, dat->block); ++ return 1; ++} ++ ++static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; ++ ++ CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ return 1; ++} ++ ++static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; ++ ++ CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ return 1; ++} ++ ++static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; ++ ++ if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) { ++ CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ return 1; ++ } ++ ++ while (len >= MAXBITCHUNK) { ++ CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ len -= MAXBITCHUNK; ++ } ++ if (len) ++ CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ ++ return 1; ++} ++ ++static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ unsigned int num = ctx->num; ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; ++ ++ if (dat->stream.ctr) ++ CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ++ ctx->iv, ctx->buf, &num, dat->stream.ctr); ++ else ++ CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ++ ctx->iv, ctx->buf, &num, dat->block); ++ ctx->num = (size_t)num; ++ return 1; ++} ++ ++BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) ++ BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) ++ BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) ++ ++static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) ++{ ++ EVP_AES_GCM_CTX *gctx = c->cipher_data; ++ OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); ++ if (gctx->iv != c->iv) ++ OPENSSL_free(gctx->iv); ++ return 1; ++} ++ ++/* increment counter (64-bit int) by 1 */ ++static void ctr64_inc(unsigned char *counter) ++{ ++ int n = 8; ++ unsigned char c; ++ ++ do { ++ --n; ++ c = counter[n]; ++ ++c; ++ counter[n] = c; ++ if (c) ++ return; ++ } while (n); ++} ++ ++static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) ++{ ++ EVP_AES_GCM_CTX *gctx = c->cipher_data; ++ switch (type) { ++ case EVP_CTRL_INIT: ++ gctx->key_set = 0; ++ gctx->iv_set = 0; ++ gctx->ivlen = c->cipher->iv_len; ++ gctx->iv = c->iv; ++ gctx->taglen = -1; ++ gctx->iv_gen = 0; ++ gctx->tls_aad_len = -1; ++ return 1; ++ ++ case EVP_CTRL_GCM_SET_IVLEN: ++ if (arg <= 0) ++ return 0; ++ /* Allocate memory for IV if needed */ ++ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { ++ if (gctx->iv != c->iv) ++ OPENSSL_free(gctx->iv); ++ gctx->iv = OPENSSL_malloc(arg); ++ if (!gctx->iv) ++ return 0; ++ } ++ gctx->ivlen = arg; ++ return 1; ++ ++ case EVP_CTRL_GCM_SET_TAG: ++ if (arg <= 0 || arg > 16 || c->encrypt) ++ return 0; ++ memcpy(c->buf, ptr, arg); ++ gctx->taglen = arg; ++ return 1; ++ ++ case EVP_CTRL_GCM_GET_TAG: ++ if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) ++ return 0; ++ memcpy(ptr, c->buf, arg); ++ return 1; ++ ++ case EVP_CTRL_GCM_SET_IV_FIXED: ++ /* Special case: -1 length restores whole IV */ ++ if (arg == -1) { ++ memcpy(gctx->iv, ptr, gctx->ivlen); ++ gctx->iv_gen = 1; ++ return 1; ++ } ++ /* ++ * Fixed field must be at least 4 bytes and invocation field at least ++ * 8. ++ */ ++ if ((arg < 4) || (gctx->ivlen - arg) < 8) ++ return 0; ++ if (arg) ++ memcpy(gctx->iv, ptr, arg); ++ if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) ++ return 0; ++ gctx->iv_gen = 1; ++ return 1; ++ ++ case EVP_CTRL_GCM_IV_GEN: ++ if (gctx->iv_gen == 0 || gctx->key_set == 0) ++ return 0; ++ CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); ++ if (arg <= 0 || arg > gctx->ivlen) ++ arg = gctx->ivlen; ++ memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); ++ /* ++ * Invocation field will be at least 8 bytes in size and so no need ++ * to check wrap around or increment more than last 8 bytes. ++ */ ++ ctr64_inc(gctx->iv + gctx->ivlen - 8); ++ gctx->iv_set = 1; ++ return 1; ++ ++ case EVP_CTRL_GCM_SET_IV_INV: ++ if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) ++ return 0; ++ memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); ++ CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); ++ gctx->iv_set = 1; ++ return 1; ++ ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ /* Save the AAD for later use */ ++ if (arg != EVP_AEAD_TLS1_AAD_LEN) ++ return 0; ++ memcpy(c->buf, ptr, arg); ++ gctx->tls_aad_len = arg; ++ { ++ unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; ++ /* Correct length for explicit IV */ ++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ /* If decrypting correct for tag too */ ++ if (!c->encrypt) ++ len -= EVP_GCM_TLS_TAG_LEN; ++ c->buf[arg - 2] = len >> 8; ++ c->buf[arg - 1] = len & 0xff; ++ } ++ /* Extra padding: tag appended to record */ ++ return EVP_GCM_TLS_TAG_LEN; ++ ++ case EVP_CTRL_COPY: ++ { ++ EVP_CIPHER_CTX *out = ptr; ++ EVP_AES_GCM_CTX *gctx_out = out->cipher_data; ++ if (gctx->gcm.key) { ++ if (gctx->gcm.key != &gctx->ks) ++ return 0; ++ gctx_out->gcm.key = &gctx_out->ks; ++ } ++ if (gctx->iv == c->iv) ++ gctx_out->iv = out->iv; ++ else { ++ gctx_out->iv = OPENSSL_malloc(gctx->ivlen); ++ if (!gctx_out->iv) ++ return 0; ++ memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); ++ } ++ return 1; ++ } ++ ++ default: ++ return -1; ++ ++ } ++} ++ ++static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) { ++ do { ++# ifdef HWAES_CAPABLE ++ if (HWAES_CAPABLE) { ++ HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); ++ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, ++ (block128_f) HWAES_encrypt); ++# ifdef HWAES_ctr32_encrypt_blocks ++ gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; ++# else ++ gctx->ctr = NULL; ++# endif ++ break; ++ } else ++# endif ++# ifdef BSAES_CAPABLE ++ if (BSAES_CAPABLE) { ++ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); ++ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, ++ (block128_f) AES_encrypt); ++ gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; ++ break; ++ } else ++# endif ++# ifdef VPAES_CAPABLE ++ if (VPAES_CAPABLE) { ++ vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); ++ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, ++ (block128_f) vpaes_encrypt); ++ gctx->ctr = NULL; ++ break; ++ } else ++# endif ++ (void)0; /* terminate potentially open 'else' */ ++ ++ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); ++ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, ++ (block128_f) AES_encrypt); ++# ifdef AES_CTR_ASM ++ gctx->ctr = (ctr128_f) AES_ctr32_encrypt; ++# else ++ gctx->ctr = NULL; ++# endif ++ } while (0); ++ ++ /* ++ * If we have an iv can set it directly, otherwise use saved IV. ++ */ ++ if (iv == NULL && gctx->iv_set) ++ iv = gctx->iv; ++ if (iv) { ++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); ++ gctx->iv_set = 1; ++ } ++ gctx->key_set = 1; ++ } else { ++ /* If key set use IV, otherwise copy */ ++ if (gctx->key_set) ++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); ++ else ++ memcpy(gctx->iv, iv, gctx->ivlen); ++ gctx->iv_set = 1; ++ gctx->iv_gen = 0; ++ } ++ return 1; ++} ++ ++/* ++ * Handle TLS GCM packet format. This consists of the last portion of the IV ++ * followed by the payload and finally the tag. On encrypt generate IV, ++ * encrypt payload and write the tag. On verify retrieve IV, decrypt payload ++ * and verify tag. ++ */ ++ ++static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; ++ int rv = -1; ++ /* Encrypt/decrypt must be performed in place */ ++ if (out != in ++ || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) ++ return -1; ++ /* ++ * Set IV from start of buffer or generate IV and write to start of ++ * buffer. ++ */ ++ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? ++ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, ++ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) ++ goto err; ++ /* Use saved AAD */ ++ if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) ++ goto err; ++ /* Fix buffer and length to point to payload */ ++ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ out += EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; ++ if (ctx->encrypt) { ++ /* Encrypt payload */ ++ if (gctx->ctr) { ++ size_t bulk = 0; ++# if defined(AES_GCM_ASM) ++ if (len >= 32 && AES_GCM_ASM(gctx)) { ++ if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) ++ return -1; ++ ++ bulk = AES_gcm_encrypt(in, out, len, ++ gctx->gcm.key, ++ gctx->gcm.Yi.c, gctx->gcm.Xi.u); ++ gctx->gcm.len.u[1] += bulk; ++ } ++# endif ++ if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, ++ in + bulk, ++ out + bulk, ++ len - bulk, gctx->ctr)) ++ goto err; ++ } else { ++ size_t bulk = 0; ++# if defined(AES_GCM_ASM2) ++ if (len >= 32 && AES_GCM_ASM2(gctx)) { ++ if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) ++ return -1; ++ ++ bulk = AES_gcm_encrypt(in, out, len, ++ gctx->gcm.key, ++ gctx->gcm.Yi.c, gctx->gcm.Xi.u); ++ gctx->gcm.len.u[1] += bulk; ++ } ++# endif ++ if (CRYPTO_gcm128_encrypt(&gctx->gcm, ++ in + bulk, out + bulk, len - bulk)) ++ goto err; ++ } ++ out += len; ++ /* Finally write tag */ ++ CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); ++ rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; ++ } else { ++ /* Decrypt */ ++ if (gctx->ctr) { ++ size_t bulk = 0; ++# if defined(AES_GCM_ASM) ++ if (len >= 16 && AES_GCM_ASM(gctx)) { ++ if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) ++ return -1; ++ ++ bulk = AES_gcm_decrypt(in, out, len, ++ gctx->gcm.key, ++ gctx->gcm.Yi.c, gctx->gcm.Xi.u); ++ gctx->gcm.len.u[1] += bulk; ++ } ++# endif ++ if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, ++ in + bulk, ++ out + bulk, ++ len - bulk, gctx->ctr)) ++ goto err; ++ } else { ++ size_t bulk = 0; ++# if defined(AES_GCM_ASM2) ++ if (len >= 16 && AES_GCM_ASM2(gctx)) { ++ if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) ++ return -1; ++ ++ bulk = AES_gcm_decrypt(in, out, len, ++ gctx->gcm.key, ++ gctx->gcm.Yi.c, gctx->gcm.Xi.u); ++ gctx->gcm.len.u[1] += bulk; ++ } ++# endif ++ if (CRYPTO_gcm128_decrypt(&gctx->gcm, ++ in + bulk, out + bulk, len - bulk)) ++ goto err; ++ } ++ /* Retrieve tag */ ++ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); ++ /* If tag mismatch wipe buffer */ ++ if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { ++ OPENSSL_cleanse(out, len); ++ goto err; ++ } ++ rv = len; ++ } ++ ++ err: ++ gctx->iv_set = 0; ++ gctx->tls_aad_len = -1; ++ return rv; ++} ++ ++static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; ++ /* If not set up, return error */ ++ if (!gctx->key_set) ++ return -1; ++ ++ if (gctx->tls_aad_len >= 0) ++ return aes_gcm_tls_cipher(ctx, out, in, len); ++ ++ if (!gctx->iv_set) ++ return -1; ++ if (in) { ++ if (out == NULL) { ++ if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) ++ return -1; ++ } else if (ctx->encrypt) { ++ if (gctx->ctr) { ++ size_t bulk = 0; ++# if defined(AES_GCM_ASM) ++ if (len >= 32 && AES_GCM_ASM(gctx)) { ++ size_t res = (16 - gctx->gcm.mres) % 16; ++ ++ if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res)) ++ return -1; ++ ++ bulk = AES_gcm_encrypt(in + res, ++ out + res, len - res, ++ gctx->gcm.key, gctx->gcm.Yi.c, ++ gctx->gcm.Xi.u); ++ gctx->gcm.len.u[1] += bulk; ++ bulk += res; ++ } ++# endif ++ if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, ++ in + bulk, ++ out + bulk, ++ len - bulk, gctx->ctr)) ++ return -1; ++ } else { ++ size_t bulk = 0; ++# if defined(AES_GCM_ASM2) ++ if (len >= 32 && AES_GCM_ASM2(gctx)) { ++ size_t res = (16 - gctx->gcm.mres) % 16; ++ ++ if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res)) ++ return -1; ++ ++ bulk = AES_gcm_encrypt(in + res, ++ out + res, len - res, ++ gctx->gcm.key, gctx->gcm.Yi.c, ++ gctx->gcm.Xi.u); ++ gctx->gcm.len.u[1] += bulk; ++ bulk += res; ++ } ++# endif ++ if (CRYPTO_gcm128_encrypt(&gctx->gcm, ++ in + bulk, out + bulk, len - bulk)) ++ return -1; ++ } ++ } else { ++ if (gctx->ctr) { ++ size_t bulk = 0; ++# if defined(AES_GCM_ASM) ++ if (len >= 16 && AES_GCM_ASM(gctx)) { ++ size_t res = (16 - gctx->gcm.mres) % 16; ++ ++ if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res)) ++ return -1; ++ ++ bulk = AES_gcm_decrypt(in + res, ++ out + res, len - res, ++ gctx->gcm.key, ++ gctx->gcm.Yi.c, gctx->gcm.Xi.u); ++ gctx->gcm.len.u[1] += bulk; ++ bulk += res; ++ } ++# endif ++ if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, ++ in + bulk, ++ out + bulk, ++ len - bulk, gctx->ctr)) ++ return -1; ++ } else { ++ size_t bulk = 0; ++# if defined(AES_GCM_ASM2) ++ if (len >= 16 && AES_GCM_ASM2(gctx)) { ++ size_t res = (16 - gctx->gcm.mres) % 16; ++ ++ if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res)) ++ return -1; ++ ++ bulk = AES_gcm_decrypt(in + res, ++ out + res, len - res, ++ gctx->gcm.key, ++ gctx->gcm.Yi.c, gctx->gcm.Xi.u); ++ gctx->gcm.len.u[1] += bulk; ++ bulk += res; ++ } ++# endif ++ if (CRYPTO_gcm128_decrypt(&gctx->gcm, ++ in + bulk, out + bulk, len - bulk)) ++ return -1; ++ } ++ } ++ return len; ++ } else { ++ if (!ctx->encrypt) { ++ if (gctx->taglen < 0) ++ return -1; ++ if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) ++ return -1; ++ gctx->iv_set = 0; ++ return 0; ++ } ++ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); ++ gctx->taglen = 16; ++ /* Don't reuse the IV */ ++ gctx->iv_set = 0; ++ return 0; ++ } ++ ++} ++ ++# define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ ++ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ ++ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ ++ | EVP_CIPH_CUSTOM_COPY) ++ ++BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) ++ BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) ++ BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) ++ ++static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) ++{ ++ EVP_AES_XTS_CTX *xctx = c->cipher_data; ++ if (type == EVP_CTRL_COPY) { ++ EVP_CIPHER_CTX *out = ptr; ++ EVP_AES_XTS_CTX *xctx_out = out->cipher_data; ++ if (xctx->xts.key1) { ++ if (xctx->xts.key1 != &xctx->ks1) ++ return 0; ++ xctx_out->xts.key1 = &xctx_out->ks1; ++ } ++ if (xctx->xts.key2) { ++ if (xctx->xts.key2 != &xctx->ks2) ++ return 0; ++ xctx_out->xts.key2 = &xctx_out->ks2; ++ } ++ return 1; ++ } else if (type != EVP_CTRL_INIT) ++ return -1; ++ /* key1 and key2 are used as an indicator both key and IV are set */ ++ xctx->xts.key1 = NULL; ++ xctx->xts.key2 = NULL; ++ return 1; ++} ++ ++static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ ++ if (key) ++ do { ++# ifdef AES_XTS_ASM ++ xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; ++# else ++ xctx->stream = NULL; ++# endif ++ /* key_len is two AES keys */ ++# ifdef HWAES_CAPABLE ++ if (HWAES_CAPABLE) { ++ if (enc) { ++ HWAES_set_encrypt_key(key, ctx->key_len * 4, ++ &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) HWAES_encrypt; ++ } else { ++ HWAES_set_decrypt_key(key, ctx->key_len * 4, ++ &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) HWAES_decrypt; ++ } ++ ++ HWAES_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); ++ xctx->xts.block2 = (block128_f) HWAES_encrypt; ++ ++ xctx->xts.key1 = &xctx->ks1; ++ break; ++ } else ++# endif ++# ifdef BSAES_CAPABLE ++ if (BSAES_CAPABLE) ++ xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt; ++ else ++# endif ++# ifdef VPAES_CAPABLE ++ if (VPAES_CAPABLE) { ++ if (enc) { ++ vpaes_set_encrypt_key(key, ctx->key_len * 4, ++ &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) vpaes_encrypt; ++ } else { ++ vpaes_set_decrypt_key(key, ctx->key_len * 4, ++ &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) vpaes_decrypt; ++ } ++ ++ vpaes_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); ++ xctx->xts.block2 = (block128_f) vpaes_encrypt; ++ ++ xctx->xts.key1 = &xctx->ks1; ++ break; ++ } else ++# endif ++ (void)0; /* terminate potentially open 'else' */ ++ ++ if (enc) { ++ AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) AES_encrypt; ++ } else { ++ AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f) AES_decrypt; ++ } ++ ++ AES_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); ++ xctx->xts.block2 = (block128_f) AES_encrypt; ++ ++ xctx->xts.key1 = &xctx->ks1; ++ } while (0); ++ ++ if (iv) { ++ xctx->xts.key2 = &xctx->ks2; ++ memcpy(ctx->iv, iv, 16); ++ } ++ ++ return 1; ++} ++ ++static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; ++ if (!xctx->xts.key1 || !xctx->xts.key2) ++ return 0; ++ if (!out || !in || len < AES_BLOCK_SIZE) ++ return 0; ++ if (xctx->stream) ++ (*xctx->stream) (in, out, len, ++ xctx->xts.key1, xctx->xts.key2, ctx->iv); ++ else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, ++ ctx->encrypt)) ++ return 0; ++ return 1; ++} ++ ++# define aes_xts_cleanup NULL ++ ++# define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ ++ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ ++ | EVP_CIPH_CUSTOM_COPY) ++ ++BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, ++ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) ++ BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, ++ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) ++ ++static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) ++{ ++ EVP_AES_CCM_CTX *cctx = c->cipher_data; ++ switch (type) { ++ case EVP_CTRL_INIT: ++ cctx->key_set = 0; ++ cctx->iv_set = 0; ++ cctx->L = 8; ++ cctx->M = 12; ++ cctx->tag_set = 0; ++ cctx->len_set = 0; ++ return 1; ++ ++ case EVP_CTRL_CCM_SET_IVLEN: ++ arg = 15 - arg; ++ case EVP_CTRL_CCM_SET_L: ++ if (arg < 2 || arg > 8) ++ return 0; ++ cctx->L = arg; ++ return 1; ++ ++ case EVP_CTRL_CCM_SET_TAG: ++ if ((arg & 1) || arg < 4 || arg > 16) ++ return 0; ++ if (c->encrypt && ptr) ++ return 0; ++ if (ptr) { ++ cctx->tag_set = 1; ++ memcpy(c->buf, ptr, arg); ++ } ++ cctx->M = arg; ++ return 1; ++ ++ case EVP_CTRL_CCM_GET_TAG: ++ if (!c->encrypt || !cctx->tag_set) ++ return 0; ++ if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) ++ return 0; ++ cctx->tag_set = 0; ++ cctx->iv_set = 0; ++ cctx->len_set = 0; ++ return 1; ++ ++ case EVP_CTRL_COPY: ++ { ++ EVP_CIPHER_CTX *out = ptr; ++ EVP_AES_CCM_CTX *cctx_out = out->cipher_data; ++ if (cctx->ccm.key) { ++ if (cctx->ccm.key != &cctx->ks) ++ return 0; ++ cctx_out->ccm.key = &cctx_out->ks; ++ } ++ return 1; ++ } ++ ++ default: ++ return -1; ++ ++ } ++} ++ ++static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) ++ do { ++# ifdef HWAES_CAPABLE ++ if (HWAES_CAPABLE) { ++ HWAES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); ++ ++ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, ++ &cctx->ks, (block128_f) HWAES_encrypt); ++ cctx->str = NULL; ++ cctx->key_set = 1; ++ break; ++ } else ++# endif ++# ifdef VPAES_CAPABLE ++ if (VPAES_CAPABLE) { ++ vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); ++ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, ++ &cctx->ks, (block128_f) vpaes_encrypt); ++ cctx->str = NULL; ++ cctx->key_set = 1; ++ break; ++ } ++# endif ++ AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); ++ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, ++ &cctx->ks, (block128_f) AES_encrypt); ++ cctx->str = NULL; ++ cctx->key_set = 1; ++ } while (0); ++ if (iv) { ++ memcpy(ctx->iv, iv, 15 - cctx->L); ++ cctx->iv_set = 1; ++ } ++ return 1; ++} ++ ++static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; ++ CCM128_CONTEXT *ccm = &cctx->ccm; ++ /* If not set up, return error */ ++ if (!cctx->iv_set && !cctx->key_set) ++ return -1; ++ if (!ctx->encrypt && !cctx->tag_set) ++ return -1; ++ if (!out) { ++ if (!in) { ++ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) ++ return -1; ++ cctx->len_set = 1; ++ return len; ++ } ++ /* If have AAD need message length */ ++ if (!cctx->len_set && len) ++ return -1; ++ CRYPTO_ccm128_aad(ccm, in, len); ++ return len; ++ } ++ /* EVP_*Final() doesn't return any data */ ++ if (!in) ++ return 0; ++ /* If not set length yet do it */ ++ if (!cctx->len_set) { ++ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) ++ return -1; ++ cctx->len_set = 1; ++ } ++ if (ctx->encrypt) { ++ if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, ++ cctx->str) : ++ CRYPTO_ccm128_encrypt(ccm, in, out, len)) ++ return -1; ++ cctx->tag_set = 1; ++ return len; ++ } else { ++ int rv = -1; ++ if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, ++ cctx->str) : ++ !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { ++ unsigned char tag[16]; ++ if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { ++ if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) ++ rv = len; ++ } ++ } ++ if (rv == -1) ++ OPENSSL_cleanse(out, len); ++ cctx->iv_set = 0; ++ cctx->tag_set = 0; ++ cctx->len_set = 0; ++ return rv; ++ } ++ ++} ++ ++# define aes_ccm_cleanup NULL ++ ++BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, ++ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) ++ BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, ++ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) ++ BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, ++ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) + #endif ++typedef struct { ++ union { ++ double align; ++ AES_KEY ks; ++ } ks; ++ /* Indicates if IV has been set */ ++ unsigned char *iv; ++} EVP_AES_WRAP_CTX; ++ ++static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) { ++ if (ctx->encrypt) ++ AES_set_encrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); ++ else ++ AES_set_decrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); ++ if (!iv) ++ wctx->iv = NULL; ++ } ++ if (iv) { ++ memcpy(ctx->iv, iv, 8); ++ wctx->iv = ctx->iv; ++ } ++ return 1; ++} ++ ++static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inlen) ++{ ++ EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; ++ size_t rv; ++ if (!in) ++ return 0; ++ if (inlen % 8) ++ return -1; ++ if (ctx->encrypt && inlen < 8) ++ return -1; ++ if (!ctx->encrypt && inlen < 16) ++ return -1; ++ if (!out) { ++ if (ctx->encrypt) ++ return inlen + 8; ++ else ++ return inlen - 8; ++ } ++ if (ctx->encrypt) ++ rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen, ++ (block128_f) AES_encrypt); ++ else ++ rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen, ++ (block128_f) AES_decrypt); ++ return rv ? (int)rv : -1; ++} ++ ++#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ ++ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ ++ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) ++ ++static const EVP_CIPHER aes_128_wrap = { ++ NID_id_aes128_wrap, ++ 8, 16, 8, WRAP_FLAGS, ++ aes_wrap_init_key, aes_wrap_cipher, ++ NULL, ++ sizeof(EVP_AES_WRAP_CTX), ++ NULL, NULL, NULL, NULL ++}; ++ ++const EVP_CIPHER *EVP_aes_128_wrap(void) ++{ ++ return &aes_128_wrap; ++} ++ ++static const EVP_CIPHER aes_192_wrap = { ++ NID_id_aes192_wrap, ++ 8, 24, 8, WRAP_FLAGS, ++ aes_wrap_init_key, aes_wrap_cipher, ++ NULL, ++ sizeof(EVP_AES_WRAP_CTX), ++ NULL, NULL, NULL, NULL ++}; ++ ++const EVP_CIPHER *EVP_aes_192_wrap(void) ++{ ++ return &aes_192_wrap; ++} ++ ++static const EVP_CIPHER aes_256_wrap = { ++ NID_id_aes256_wrap, ++ 8, 32, 8, WRAP_FLAGS, ++ aes_wrap_init_key, aes_wrap_cipher, ++ NULL, ++ sizeof(EVP_AES_WRAP_CTX), ++ NULL, NULL, NULL, NULL ++}; ++ ++const EVP_CIPHER *EVP_aes_256_wrap(void) ++{ ++ return &aes_256_wrap; ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c +new file mode 100644 +index 0000000..8330964 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c +@@ -0,0 +1,1005 @@ ++/* ==================================================================== ++ * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++ ++#include ++#include ++ ++#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1) ++ ++# include ++# include ++# include ++# include ++# include ++# include "modes_lcl.h" ++ ++# ifndef EVP_CIPH_FLAG_AEAD_CIPHER ++# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 ++# define EVP_CTRL_AEAD_TLS1_AAD 0x16 ++# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 ++# endif ++ ++# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1) ++# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 ++# endif ++ ++# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) ++# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 ++# endif ++ ++# define TLS1_1_VERSION 0x0302 ++ ++typedef struct { ++ AES_KEY ks; ++ SHA_CTX head, tail, md; ++ size_t payload_length; /* AAD length in decrypt case */ ++ union { ++ unsigned int tls_ver; ++ unsigned char tls_aad[16]; /* 13 used */ ++ } aux; ++} EVP_AES_HMAC_SHA1; ++ ++# define NO_PAYLOAD_LENGTH ((size_t)-1) ++ ++# if defined(AES_ASM) && ( \ ++ defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__INTEL__) ) ++ ++extern unsigned int OPENSSL_ia32cap_P[]; ++# define AESNI_CAPABLE (1<<(57-32)) ++ ++int aesni_set_encrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++int aesni_set_decrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++ ++void aesni_cbc_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key, unsigned char *ivec, int enc); ++ ++void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks, ++ const AES_KEY *key, unsigned char iv[16], ++ SHA_CTX *ctx, const void *in0); ++ ++void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks, ++ const AES_KEY *key, unsigned char iv[16], ++ SHA_CTX *ctx, const void *in0); ++ ++# define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) ++ ++static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, ++ const unsigned char *inkey, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_HMAC_SHA1 *key = data(ctx); ++ int ret; ++ ++ if (enc) ++ ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); ++ else ++ ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); ++ ++ SHA1_Init(&key->head); /* handy when benchmarking */ ++ key->tail = key->head; ++ key->md = key->head; ++ ++ key->payload_length = NO_PAYLOAD_LENGTH; ++ ++ return ret < 0 ? 0 : 1; ++} ++ ++# define STITCHED_CALL ++# undef STITCHED_DECRYPT_CALL ++ ++# if !defined(STITCHED_CALL) ++# define aes_off 0 ++# endif ++ ++void sha1_block_data_order(void *c, const void *p, size_t len); ++ ++static void sha1_update(SHA_CTX *c, const void *data, size_t len) ++{ ++ const unsigned char *ptr = data; ++ size_t res; ++ ++ if ((res = c->num)) { ++ res = SHA_CBLOCK - res; ++ if (len < res) ++ res = len; ++ SHA1_Update(c, ptr, res); ++ ptr += res; ++ len -= res; ++ } ++ ++ res = len % SHA_CBLOCK; ++ len -= res; ++ ++ if (len) { ++ sha1_block_data_order(c, ptr, len / SHA_CBLOCK); ++ ++ ptr += len; ++ c->Nh += len >> 29; ++ c->Nl += len <<= 3; ++ if (c->Nl < (unsigned int)len) ++ c->Nh++; ++ } ++ ++ if (res) ++ SHA1_Update(c, ptr, res); ++} ++ ++# ifdef SHA1_Update ++# undef SHA1_Update ++# endif ++# define SHA1_Update sha1_update ++ ++# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK ++ ++typedef struct { ++ unsigned int A[8], B[8], C[8], D[8], E[8]; ++} SHA1_MB_CTX; ++typedef struct { ++ const unsigned char *ptr; ++ int blocks; ++} HASH_DESC; ++ ++void sha1_multi_block(SHA1_MB_CTX *, const HASH_DESC *, int); ++ ++typedef struct { ++ const unsigned char *inp; ++ unsigned char *out; ++ int blocks; ++ u64 iv[2]; ++} CIPH_DESC; ++ ++void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int); ++ ++static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, ++ unsigned char *out, ++ const unsigned char *inp, ++ size_t inp_len, int n4x) ++{ /* n4x is 1 or 2 */ ++ HASH_DESC hash_d[8], edges[8]; ++ CIPH_DESC ciph_d[8]; ++ unsigned char storage[sizeof(SHA1_MB_CTX) + 32]; ++ union { ++ u64 q[16]; ++ u32 d[32]; ++ u8 c[128]; ++ } blocks[8]; ++ SHA1_MB_CTX *ctx; ++ unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed = ++ 0; ++ size_t ret = 0; ++ u8 *IVs; ++# if defined(BSWAP8) ++ u64 seqnum; ++# endif ++ ++ /* ask for IVs in bulk */ ++ if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) ++ return 0; ++ ++ ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */ ++ ++ frag = (unsigned int)inp_len >> (1 + n4x); ++ last = (unsigned int)inp_len + frag - (frag << (1 + n4x)); ++ if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) { ++ frag++; ++ last -= x4 - 1; ++ } ++ ++ packlen = 5 + 16 + ((frag + 20 + 16) & -16); ++ ++ /* populate descriptors with pointers and IVs */ ++ hash_d[0].ptr = inp; ++ ciph_d[0].inp = inp; ++ /* 5+16 is place for header and explicit IV */ ++ ciph_d[0].out = out + 5 + 16; ++ memcpy(ciph_d[0].out - 16, IVs, 16); ++ memcpy(ciph_d[0].iv, IVs, 16); ++ IVs += 16; ++ ++ for (i = 1; i < x4; i++) { ++ ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag; ++ ciph_d[i].out = ciph_d[i - 1].out + packlen; ++ memcpy(ciph_d[i].out - 16, IVs, 16); ++ memcpy(ciph_d[i].iv, IVs, 16); ++ IVs += 16; ++ } ++ ++# if defined(BSWAP8) ++ memcpy(blocks[0].c, key->md.data, 8); ++ seqnum = BSWAP8(blocks[0].q[0]); ++# endif ++ for (i = 0; i < x4; i++) { ++ unsigned int len = (i == (x4 - 1) ? last : frag); ++# if !defined(BSWAP8) ++ unsigned int carry, j; ++# endif ++ ++ ctx->A[i] = key->md.h0; ++ ctx->B[i] = key->md.h1; ++ ctx->C[i] = key->md.h2; ++ ctx->D[i] = key->md.h3; ++ ctx->E[i] = key->md.h4; ++ ++ /* fix seqnum */ ++# if defined(BSWAP8) ++ blocks[i].q[0] = BSWAP8(seqnum + i); ++# else ++ for (carry = i, j = 8; j--;) { ++ blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; ++ carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); ++ } ++# endif ++ blocks[i].c[8] = ((u8 *)key->md.data)[8]; ++ blocks[i].c[9] = ((u8 *)key->md.data)[9]; ++ blocks[i].c[10] = ((u8 *)key->md.data)[10]; ++ /* fix length */ ++ blocks[i].c[11] = (u8)(len >> 8); ++ blocks[i].c[12] = (u8)(len); ++ ++ memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13); ++ hash_d[i].ptr += 64 - 13; ++ hash_d[i].blocks = (len - (64 - 13)) / 64; ++ ++ edges[i].ptr = blocks[i].c; ++ edges[i].blocks = 1; ++ } ++ ++ /* hash 13-byte headers and first 64-13 bytes of inputs */ ++ sha1_multi_block(ctx, edges, n4x); ++ /* hash bulk inputs */ ++# define MAXCHUNKSIZE 2048 ++# if MAXCHUNKSIZE%64 ++# error "MAXCHUNKSIZE is not divisible by 64" ++# elif MAXCHUNKSIZE ++ /* ++ * goal is to minimize pressure on L1 cache by moving in shorter steps, ++ * so that hashed data is still in the cache by the time we encrypt it ++ */ ++ minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64; ++ if (minblocks > MAXCHUNKSIZE / 64) { ++ for (i = 0; i < x4; i++) { ++ edges[i].ptr = hash_d[i].ptr; ++ edges[i].blocks = MAXCHUNKSIZE / 64; ++ ciph_d[i].blocks = MAXCHUNKSIZE / 16; ++ } ++ do { ++ sha1_multi_block(ctx, edges, n4x); ++ aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); ++ ++ for (i = 0; i < x4; i++) { ++ edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE; ++ hash_d[i].blocks -= MAXCHUNKSIZE / 64; ++ edges[i].blocks = MAXCHUNKSIZE / 64; ++ ciph_d[i].inp += MAXCHUNKSIZE; ++ ciph_d[i].out += MAXCHUNKSIZE; ++ ciph_d[i].blocks = MAXCHUNKSIZE / 16; ++ memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16); ++ } ++ processed += MAXCHUNKSIZE; ++ minblocks -= MAXCHUNKSIZE / 64; ++ } while (minblocks > MAXCHUNKSIZE / 64); ++ } ++# endif ++# undef MAXCHUNKSIZE ++ sha1_multi_block(ctx, hash_d, n4x); ++ ++ memset(blocks, 0, sizeof(blocks)); ++ for (i = 0; i < x4; i++) { ++ unsigned int len = (i == (x4 - 1) ? last : frag), ++ off = hash_d[i].blocks * 64; ++ const unsigned char *ptr = hash_d[i].ptr + off; ++ ++ off = (len - processed) - (64 - 13) - off; /* remainder actually */ ++ memcpy(blocks[i].c, ptr, off); ++ blocks[i].c[off] = 0x80; ++ len += 64 + 13; /* 64 is HMAC header */ ++ len *= 8; /* convert to bits */ ++ if (off < (64 - 8)) { ++# ifdef BSWAP4 ++ blocks[i].d[15] = BSWAP4(len); ++# else ++ PUTU32(blocks[i].c + 60, len); ++# endif ++ edges[i].blocks = 1; ++ } else { ++# ifdef BSWAP4 ++ blocks[i].d[31] = BSWAP4(len); ++# else ++ PUTU32(blocks[i].c + 124, len); ++# endif ++ edges[i].blocks = 2; ++ } ++ edges[i].ptr = blocks[i].c; ++ } ++ ++ /* hash input tails and finalize */ ++ sha1_multi_block(ctx, edges, n4x); ++ ++ memset(blocks, 0, sizeof(blocks)); ++ for (i = 0; i < x4; i++) { ++# ifdef BSWAP4 ++ blocks[i].d[0] = BSWAP4(ctx->A[i]); ++ ctx->A[i] = key->tail.h0; ++ blocks[i].d[1] = BSWAP4(ctx->B[i]); ++ ctx->B[i] = key->tail.h1; ++ blocks[i].d[2] = BSWAP4(ctx->C[i]); ++ ctx->C[i] = key->tail.h2; ++ blocks[i].d[3] = BSWAP4(ctx->D[i]); ++ ctx->D[i] = key->tail.h3; ++ blocks[i].d[4] = BSWAP4(ctx->E[i]); ++ ctx->E[i] = key->tail.h4; ++ blocks[i].c[20] = 0x80; ++ blocks[i].d[15] = BSWAP4((64 + 20) * 8); ++# else ++ PUTU32(blocks[i].c + 0, ctx->A[i]); ++ ctx->A[i] = key->tail.h0; ++ PUTU32(blocks[i].c + 4, ctx->B[i]); ++ ctx->B[i] = key->tail.h1; ++ PUTU32(blocks[i].c + 8, ctx->C[i]); ++ ctx->C[i] = key->tail.h2; ++ PUTU32(blocks[i].c + 12, ctx->D[i]); ++ ctx->D[i] = key->tail.h3; ++ PUTU32(blocks[i].c + 16, ctx->E[i]); ++ ctx->E[i] = key->tail.h4; ++ blocks[i].c[20] = 0x80; ++ PUTU32(blocks[i].c + 60, (64 + 20) * 8); ++# endif ++ edges[i].ptr = blocks[i].c; ++ edges[i].blocks = 1; ++ } ++ ++ /* finalize MACs */ ++ sha1_multi_block(ctx, edges, n4x); ++ ++ for (i = 0; i < x4; i++) { ++ unsigned int len = (i == (x4 - 1) ? last : frag), pad, j; ++ unsigned char *out0 = out; ++ ++ memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed); ++ ciph_d[i].inp = ciph_d[i].out; ++ ++ out += 5 + 16 + len; ++ ++ /* write MAC */ ++ PUTU32(out + 0, ctx->A[i]); ++ PUTU32(out + 4, ctx->B[i]); ++ PUTU32(out + 8, ctx->C[i]); ++ PUTU32(out + 12, ctx->D[i]); ++ PUTU32(out + 16, ctx->E[i]); ++ out += 20; ++ len += 20; ++ ++ /* pad */ ++ pad = 15 - len % 16; ++ for (j = 0; j <= pad; j++) ++ *(out++) = pad; ++ len += pad + 1; ++ ++ ciph_d[i].blocks = (len - processed) / 16; ++ len += 16; /* account for explicit iv */ ++ ++ /* arrange header */ ++ out0[0] = ((u8 *)key->md.data)[8]; ++ out0[1] = ((u8 *)key->md.data)[9]; ++ out0[2] = ((u8 *)key->md.data)[10]; ++ out0[3] = (u8)(len >> 8); ++ out0[4] = (u8)(len); ++ ++ ret += len + 5; ++ inp += frag; ++ } ++ ++ aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); ++ ++ OPENSSL_cleanse(blocks, sizeof(blocks)); ++ OPENSSL_cleanse(ctx, sizeof(*ctx)); ++ ++ return ret; ++} ++# endif ++ ++static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_HMAC_SHA1 *key = data(ctx); ++ unsigned int l; ++ size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and ++ * later */ ++ sha_off = 0; ++# if defined(STITCHED_CALL) ++ size_t aes_off = 0, blocks; ++ ++ sha_off = SHA_CBLOCK - key->md.num; ++# endif ++ ++ key->payload_length = NO_PAYLOAD_LENGTH; ++ ++ if (len % AES_BLOCK_SIZE) ++ return 0; ++ ++ if (ctx->encrypt) { ++ if (plen == NO_PAYLOAD_LENGTH) ++ plen = len; ++ else if (len != ++ ((plen + SHA_DIGEST_LENGTH + ++ AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) ++ return 0; ++ else if (key->aux.tls_ver >= TLS1_1_VERSION) ++ iv = AES_BLOCK_SIZE; ++ ++# if defined(STITCHED_CALL) ++ if (plen > (sha_off + iv) ++ && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { ++ SHA1_Update(&key->md, in + iv, sha_off); ++ ++ aesni_cbc_sha1_enc(in, out, blocks, &key->ks, ++ ctx->iv, &key->md, in + iv + sha_off); ++ blocks *= SHA_CBLOCK; ++ aes_off += blocks; ++ sha_off += blocks; ++ key->md.Nh += blocks >> 29; ++ key->md.Nl += blocks <<= 3; ++ if (key->md.Nl < (unsigned int)blocks) ++ key->md.Nh++; ++ } else { ++ sha_off = 0; ++ } ++# endif ++ sha_off += iv; ++ SHA1_Update(&key->md, in + sha_off, plen - sha_off); ++ ++ if (plen != len) { /* "TLS" mode of operation */ ++ if (in != out) ++ memcpy(out + aes_off, in + aes_off, plen - aes_off); ++ ++ /* calculate HMAC and append it to payload */ ++ SHA1_Final(out + plen, &key->md); ++ key->md = key->tail; ++ SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH); ++ SHA1_Final(out + plen, &key->md); ++ ++ /* pad the payload|hmac */ ++ plen += SHA_DIGEST_LENGTH; ++ for (l = len - plen - 1; plen < len; plen++) ++ out[plen] = l; ++ /* encrypt HMAC|padding at once */ ++ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, ++ &key->ks, ctx->iv, 1); ++ } else { ++ aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, ++ &key->ks, ctx->iv, 1); ++ } ++ } else { ++ union { ++ unsigned int u[SHA_DIGEST_LENGTH / sizeof(unsigned int)]; ++ unsigned char c[32 + SHA_DIGEST_LENGTH]; ++ } mac, *pmac; ++ ++ /* arrange cache line alignment */ ++ pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32)); ++ ++ if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ ++ size_t inp_len, mask, j, i; ++ unsigned int res, maxpad, pad, bitlen; ++ int ret = 1; ++ union { ++ unsigned int u[SHA_LBLOCK]; ++ unsigned char c[SHA_CBLOCK]; ++ } *data = (void *)key->md.data; ++# if defined(STITCHED_DECRYPT_CALL) ++ unsigned char tail_iv[AES_BLOCK_SIZE]; ++ int stitch = 0; ++# endif ++ ++ if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3]) ++ >= TLS1_1_VERSION) { ++ if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1)) ++ return 0; ++ ++ /* omit explicit iv */ ++ memcpy(ctx->iv, in, AES_BLOCK_SIZE); ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ len -= AES_BLOCK_SIZE; ++ } else if (len < (SHA_DIGEST_LENGTH + 1)) ++ return 0; ++ ++# if defined(STITCHED_DECRYPT_CALL) ++ if (len >= 1024 && ctx->key_len == 32) { ++ /* decrypt last block */ ++ memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE, ++ AES_BLOCK_SIZE); ++ aesni_cbc_encrypt(in + len - AES_BLOCK_SIZE, ++ out + len - AES_BLOCK_SIZE, AES_BLOCK_SIZE, ++ &key->ks, tail_iv, 0); ++ stitch = 1; ++ } else ++# endif ++ /* decrypt HMAC|padding at once */ ++ aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); ++ ++ /* figure out payload length */ ++ pad = out[len - 1]; ++ maxpad = len - (SHA_DIGEST_LENGTH + 1); ++ maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); ++ maxpad &= 255; ++ ++ inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); ++ mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); ++ inp_len &= mask; ++ ret &= (int)mask; ++ ++ key->aux.tls_aad[plen - 2] = inp_len >> 8; ++ key->aux.tls_aad[plen - 1] = inp_len; ++ ++ /* calculate HMAC */ ++ key->md = key->head; ++ SHA1_Update(&key->md, key->aux.tls_aad, plen); ++ ++# if defined(STITCHED_DECRYPT_CALL) ++ if (stitch) { ++ blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK; ++ aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK; ++ sha_off = SHA_CBLOCK - plen; ++ ++ aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0); ++ ++ SHA1_Update(&key->md, out, sha_off); ++ aesni256_cbc_sha1_dec(in + aes_off, ++ out + aes_off, blocks, &key->ks, ++ ctx->iv, &key->md, out + sha_off); ++ ++ sha_off += blocks *= SHA_CBLOCK; ++ out += sha_off; ++ len -= sha_off; ++ inp_len -= sha_off; ++ ++ key->md.Nl += (blocks << 3); /* at most 18 bits */ ++ memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE); ++ } ++# endif ++ ++# if 1 ++ len -= SHA_DIGEST_LENGTH; /* amend mac */ ++ if (len >= (256 + SHA_CBLOCK)) { ++ j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK); ++ j += SHA_CBLOCK - key->md.num; ++ SHA1_Update(&key->md, out, j); ++ out += j; ++ len -= j; ++ inp_len -= j; ++ } ++ ++ /* but pretend as if we hashed padded payload */ ++ bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ ++# ifdef BSWAP4 ++ bitlen = BSWAP4(bitlen); ++# else ++ mac.c[0] = 0; ++ mac.c[1] = (unsigned char)(bitlen >> 16); ++ mac.c[2] = (unsigned char)(bitlen >> 8); ++ mac.c[3] = (unsigned char)bitlen; ++ bitlen = mac.u[0]; ++# endif ++ ++ pmac->u[0] = 0; ++ pmac->u[1] = 0; ++ pmac->u[2] = 0; ++ pmac->u[3] = 0; ++ pmac->u[4] = 0; ++ ++ for (res = key->md.num, j = 0; j < len; j++) { ++ size_t c = out[j]; ++ mask = (j - inp_len) >> (sizeof(j) * 8 - 8); ++ c &= mask; ++ c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8)); ++ data->c[res++] = (unsigned char)c; ++ ++ if (res != SHA_CBLOCK) ++ continue; ++ ++ /* j is not incremented yet */ ++ mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1)); ++ data->u[SHA_LBLOCK - 1] |= bitlen & mask; ++ sha1_block_data_order(&key->md, data, 1); ++ mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1)); ++ pmac->u[0] |= key->md.h0 & mask; ++ pmac->u[1] |= key->md.h1 & mask; ++ pmac->u[2] |= key->md.h2 & mask; ++ pmac->u[3] |= key->md.h3 & mask; ++ pmac->u[4] |= key->md.h4 & mask; ++ res = 0; ++ } ++ ++ for (i = res; i < SHA_CBLOCK; i++, j++) ++ data->c[i] = 0; ++ ++ if (res > SHA_CBLOCK - 8) { ++ mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1)); ++ data->u[SHA_LBLOCK - 1] |= bitlen & mask; ++ sha1_block_data_order(&key->md, data, 1); ++ mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); ++ pmac->u[0] |= key->md.h0 & mask; ++ pmac->u[1] |= key->md.h1 & mask; ++ pmac->u[2] |= key->md.h2 & mask; ++ pmac->u[3] |= key->md.h3 & mask; ++ pmac->u[4] |= key->md.h4 & mask; ++ ++ memset(data, 0, SHA_CBLOCK); ++ j += 64; ++ } ++ data->u[SHA_LBLOCK - 1] = bitlen; ++ sha1_block_data_order(&key->md, data, 1); ++ mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); ++ pmac->u[0] |= key->md.h0 & mask; ++ pmac->u[1] |= key->md.h1 & mask; ++ pmac->u[2] |= key->md.h2 & mask; ++ pmac->u[3] |= key->md.h3 & mask; ++ pmac->u[4] |= key->md.h4 & mask; ++ ++# ifdef BSWAP4 ++ pmac->u[0] = BSWAP4(pmac->u[0]); ++ pmac->u[1] = BSWAP4(pmac->u[1]); ++ pmac->u[2] = BSWAP4(pmac->u[2]); ++ pmac->u[3] = BSWAP4(pmac->u[3]); ++ pmac->u[4] = BSWAP4(pmac->u[4]); ++# else ++ for (i = 0; i < 5; i++) { ++ res = pmac->u[i]; ++ pmac->c[4 * i + 0] = (unsigned char)(res >> 24); ++ pmac->c[4 * i + 1] = (unsigned char)(res >> 16); ++ pmac->c[4 * i + 2] = (unsigned char)(res >> 8); ++ pmac->c[4 * i + 3] = (unsigned char)res; ++ } ++# endif ++ len += SHA_DIGEST_LENGTH; ++# else ++ SHA1_Update(&key->md, out, inp_len); ++ res = key->md.num; ++ SHA1_Final(pmac->c, &key->md); ++ ++ { ++ unsigned int inp_blocks, pad_blocks; ++ ++ /* but pretend as if we hashed padded payload */ ++ inp_blocks = ++ 1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); ++ res += (unsigned int)(len - inp_len); ++ pad_blocks = res / SHA_CBLOCK; ++ res %= SHA_CBLOCK; ++ pad_blocks += ++ 1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); ++ for (; inp_blocks < pad_blocks; inp_blocks++) ++ sha1_block_data_order(&key->md, data, 1); ++ } ++# endif ++ key->md = key->tail; ++ SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH); ++ SHA1_Final(pmac->c, &key->md); ++ ++ /* verify HMAC */ ++ out += inp_len; ++ len -= inp_len; ++# if 1 ++ { ++ unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH; ++ size_t off = out - p; ++ unsigned int c, cmask; ++ ++ maxpad += SHA_DIGEST_LENGTH; ++ for (res = 0, i = 0, j = 0; j < maxpad; j++) { ++ c = p[j]; ++ cmask = ++ ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) * ++ 8 - 1); ++ res |= (c ^ pad) & ~cmask; /* ... and padding */ ++ cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1); ++ res |= (c ^ pmac->c[i]) & cmask; ++ i += 1 & cmask; ++ } ++ maxpad -= SHA_DIGEST_LENGTH; ++ ++ res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ++ ret &= (int)~res; ++ } ++# else ++ for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) ++ res |= out[i] ^ pmac->c[i]; ++ res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ++ ret &= (int)~res; ++ ++ /* verify padding */ ++ pad = (pad & ~res) | (maxpad & res); ++ out = out + len - 1 - pad; ++ for (res = 0, i = 0; i < pad; i++) ++ res |= out[i] ^ pad; ++ ++ res = (0 - res) >> (sizeof(res) * 8 - 1); ++ ret &= (int)~res; ++# endif ++ return ret; ++ } else { ++# if defined(STITCHED_DECRYPT_CALL) ++ if (len >= 1024 && ctx->key_len == 32) { ++ if (sha_off %= SHA_CBLOCK) ++ blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK; ++ else ++ blocks = (len - 2 * SHA_CBLOCK) / SHA_CBLOCK; ++ aes_off = len - blocks * SHA_CBLOCK; ++ ++ aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0); ++ SHA1_Update(&key->md, out, sha_off); ++ aesni256_cbc_sha1_dec(in + aes_off, ++ out + aes_off, blocks, &key->ks, ++ ctx->iv, &key->md, out + sha_off); ++ ++ sha_off += blocks *= SHA_CBLOCK; ++ out += sha_off; ++ len -= sha_off; ++ ++ key->md.Nh += blocks >> 29; ++ key->md.Nl += blocks <<= 3; ++ if (key->md.Nl < (unsigned int)blocks) ++ key->md.Nh++; ++ } else ++# endif ++ /* decrypt HMAC|padding at once */ ++ aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); ++ ++ SHA1_Update(&key->md, out, len); ++ } ++ } ++ ++ return 1; ++} ++ ++static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, ++ void *ptr) ++{ ++ EVP_AES_HMAC_SHA1 *key = data(ctx); ++ ++ switch (type) { ++ case EVP_CTRL_AEAD_SET_MAC_KEY: ++ { ++ unsigned int i; ++ unsigned char hmac_key[64]; ++ ++ memset(hmac_key, 0, sizeof(hmac_key)); ++ ++ if (arg > (int)sizeof(hmac_key)) { ++ SHA1_Init(&key->head); ++ SHA1_Update(&key->head, ptr, arg); ++ SHA1_Final(hmac_key, &key->head); ++ } else { ++ memcpy(hmac_key, ptr, arg); ++ } ++ ++ for (i = 0; i < sizeof(hmac_key); i++) ++ hmac_key[i] ^= 0x36; /* ipad */ ++ SHA1_Init(&key->head); ++ SHA1_Update(&key->head, hmac_key, sizeof(hmac_key)); ++ ++ for (i = 0; i < sizeof(hmac_key); i++) ++ hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ ++ SHA1_Init(&key->tail); ++ SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key)); ++ ++ OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); ++ ++ return 1; ++ } ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ { ++ unsigned char *p = ptr; ++ unsigned int len; ++ ++ if (arg != EVP_AEAD_TLS1_AAD_LEN) ++ return -1; ++ ++ len = p[arg - 2] << 8 | p[arg - 1]; ++ ++ if (ctx->encrypt) { ++ key->payload_length = len; ++ if ((key->aux.tls_ver = ++ p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { ++ len -= AES_BLOCK_SIZE; ++ p[arg - 2] = len >> 8; ++ p[arg - 1] = len; ++ } ++ key->md = key->head; ++ SHA1_Update(&key->md, p, arg); ++ ++ return (int)(((len + SHA_DIGEST_LENGTH + ++ AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) ++ - len); ++ } else { ++ memcpy(key->aux.tls_aad, ptr, arg); ++ key->payload_length = arg; ++ ++ return SHA_DIGEST_LENGTH; ++ } ++ } ++# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK ++ case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: ++ return (int)(5 + 16 + ((arg + 20 + 16) & -16)); ++ case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: ++ { ++ EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = ++ (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; ++ unsigned int n4x = 1, x4; ++ unsigned int frag, last, packlen, inp_len; ++ ++ if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) ++ return -1; ++ ++ inp_len = param->inp[11] << 8 | param->inp[12]; ++ ++ if (ctx->encrypt) { ++ if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) ++ return -1; ++ ++ if (inp_len) { ++ if (inp_len < 4096) ++ return 0; /* too short */ ++ ++ if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) ++ n4x = 2; /* AVX2 */ ++ } else if ((n4x = param->interleave / 4) && n4x <= 2) ++ inp_len = param->len; ++ else ++ return -1; ++ ++ key->md = key->head; ++ SHA1_Update(&key->md, param->inp, 13); ++ ++ x4 = 4 * n4x; ++ n4x += 1; ++ ++ frag = inp_len >> n4x; ++ last = inp_len + frag - (frag << n4x); ++ if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) { ++ frag++; ++ last -= x4 - 1; ++ } ++ ++ packlen = 5 + 16 + ((frag + 20 + 16) & -16); ++ packlen = (packlen << n4x) - packlen; ++ packlen += 5 + 16 + ((last + 20 + 16) & -16); ++ ++ param->interleave = x4; ++ ++ return (int)packlen; ++ } else ++ return -1; /* not yet */ ++ } ++ case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: ++ { ++ EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = ++ (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; ++ ++ return (int)tls1_1_multi_block_encrypt(key, param->out, ++ param->inp, param->len, ++ param->interleave / 4); ++ } ++ case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: ++# endif ++ default: ++ return -1; ++ } ++} ++ ++static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { ++# ifdef NID_aes_128_cbc_hmac_sha1 ++ NID_aes_128_cbc_hmac_sha1, ++# else ++ NID_undef, ++# endif ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | ++ EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, ++ aesni_cbc_hmac_sha1_init_key, ++ aesni_cbc_hmac_sha1_cipher, ++ NULL, ++ sizeof(EVP_AES_HMAC_SHA1), ++ EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv, ++ EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv, ++ aesni_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { ++# ifdef NID_aes_256_cbc_hmac_sha1 ++ NID_aes_256_cbc_hmac_sha1, ++# else ++ NID_undef, ++# endif ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | ++ EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, ++ aesni_cbc_hmac_sha1_init_key, ++ aesni_cbc_hmac_sha1_cipher, ++ NULL, ++ sizeof(EVP_AES_HMAC_SHA1), ++ EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv, ++ EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv, ++ aesni_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) ++{ ++ return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? ++ &aesni_128_cbc_hmac_sha1_cipher : NULL); ++} ++ ++const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) ++{ ++ return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? ++ &aesni_256_cbc_hmac_sha1_cipher : NULL); ++} ++# else ++const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) ++{ ++ return NULL; ++} ++ ++const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) ++{ ++ return NULL; ++} ++# endif ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c +new file mode 100644 +index 0000000..b1c586e +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c +@@ -0,0 +1,973 @@ ++/* ==================================================================== ++ * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++ ++#include ++#include ++ ++#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256) ++ ++# include ++# include ++# include ++# include ++# include ++# include "modes_lcl.h" ++ ++# ifndef EVP_CIPH_FLAG_AEAD_CIPHER ++# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 ++# define EVP_CTRL_AEAD_TLS1_AAD 0x16 ++# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 ++# endif ++ ++# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1) ++# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 ++# endif ++ ++# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) ++# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 ++# endif ++ ++# define TLS1_1_VERSION 0x0302 ++ ++typedef struct { ++ AES_KEY ks; ++ SHA256_CTX head, tail, md; ++ size_t payload_length; /* AAD length in decrypt case */ ++ union { ++ unsigned int tls_ver; ++ unsigned char tls_aad[16]; /* 13 used */ ++ } aux; ++} EVP_AES_HMAC_SHA256; ++ ++# define NO_PAYLOAD_LENGTH ((size_t)-1) ++ ++# if defined(AES_ASM) && ( \ ++ defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__INTEL__) ) ++ ++extern unsigned int OPENSSL_ia32cap_P[]; ++# define AESNI_CAPABLE (1<<(57-32)) ++ ++int aesni_set_encrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++int aesni_set_decrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++ ++void aesni_cbc_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key, unsigned char *ivec, int enc); ++ ++int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks, ++ const AES_KEY *key, unsigned char iv[16], ++ SHA256_CTX *ctx, const void *in0); ++ ++# define data(ctx) ((EVP_AES_HMAC_SHA256 *)(ctx)->cipher_data) ++ ++static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, ++ const unsigned char *inkey, ++ const unsigned char *iv, int enc) ++{ ++ EVP_AES_HMAC_SHA256 *key = data(ctx); ++ int ret; ++ ++ if (enc) ++ memset(&key->ks, 0, sizeof(key->ks.rd_key)), ++ ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); ++ else ++ ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); ++ ++ SHA256_Init(&key->head); /* handy when benchmarking */ ++ key->tail = key->head; ++ key->md = key->head; ++ ++ key->payload_length = NO_PAYLOAD_LENGTH; ++ ++ return ret < 0 ? 0 : 1; ++} ++ ++# define STITCHED_CALL ++ ++# if !defined(STITCHED_CALL) ++# define aes_off 0 ++# endif ++ ++void sha256_block_data_order(void *c, const void *p, size_t len); ++ ++static void sha256_update(SHA256_CTX *c, const void *data, size_t len) ++{ ++ const unsigned char *ptr = data; ++ size_t res; ++ ++ if ((res = c->num)) { ++ res = SHA256_CBLOCK - res; ++ if (len < res) ++ res = len; ++ SHA256_Update(c, ptr, res); ++ ptr += res; ++ len -= res; ++ } ++ ++ res = len % SHA256_CBLOCK; ++ len -= res; ++ ++ if (len) { ++ sha256_block_data_order(c, ptr, len / SHA256_CBLOCK); ++ ++ ptr += len; ++ c->Nh += len >> 29; ++ c->Nl += len <<= 3; ++ if (c->Nl < (unsigned int)len) ++ c->Nh++; ++ } ++ ++ if (res) ++ SHA256_Update(c, ptr, res); ++} ++ ++# ifdef SHA256_Update ++# undef SHA256_Update ++# endif ++# define SHA256_Update sha256_update ++ ++# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK ++ ++typedef struct { ++ unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8]; ++} SHA256_MB_CTX; ++typedef struct { ++ const unsigned char *ptr; ++ int blocks; ++} HASH_DESC; ++ ++void sha256_multi_block(SHA256_MB_CTX *, const HASH_DESC *, int); ++ ++typedef struct { ++ const unsigned char *inp; ++ unsigned char *out; ++ int blocks; ++ u64 iv[2]; ++} CIPH_DESC; ++ ++void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int); ++ ++static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, ++ unsigned char *out, ++ const unsigned char *inp, ++ size_t inp_len, int n4x) ++{ /* n4x is 1 or 2 */ ++ HASH_DESC hash_d[8], edges[8]; ++ CIPH_DESC ciph_d[8]; ++ unsigned char storage[sizeof(SHA256_MB_CTX) + 32]; ++ union { ++ u64 q[16]; ++ u32 d[32]; ++ u8 c[128]; ++ } blocks[8]; ++ SHA256_MB_CTX *ctx; ++ unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed = ++ 0; ++ size_t ret = 0; ++ u8 *IVs; ++# if defined(BSWAP8) ++ u64 seqnum; ++# endif ++ ++ /* ask for IVs in bulk */ ++ if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) ++ return 0; ++ ++ /* align */ ++ ctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); ++ ++ frag = (unsigned int)inp_len >> (1 + n4x); ++ last = (unsigned int)inp_len + frag - (frag << (1 + n4x)); ++ if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) { ++ frag++; ++ last -= x4 - 1; ++ } ++ ++ packlen = 5 + 16 + ((frag + 32 + 16) & -16); ++ ++ /* populate descriptors with pointers and IVs */ ++ hash_d[0].ptr = inp; ++ ciph_d[0].inp = inp; ++ /* 5+16 is place for header and explicit IV */ ++ ciph_d[0].out = out + 5 + 16; ++ memcpy(ciph_d[0].out - 16, IVs, 16); ++ memcpy(ciph_d[0].iv, IVs, 16); ++ IVs += 16; ++ ++ for (i = 1; i < x4; i++) { ++ ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag; ++ ciph_d[i].out = ciph_d[i - 1].out + packlen; ++ memcpy(ciph_d[i].out - 16, IVs, 16); ++ memcpy(ciph_d[i].iv, IVs, 16); ++ IVs += 16; ++ } ++ ++# if defined(BSWAP8) ++ memcpy(blocks[0].c, key->md.data, 8); ++ seqnum = BSWAP8(blocks[0].q[0]); ++# endif ++ for (i = 0; i < x4; i++) { ++ unsigned int len = (i == (x4 - 1) ? last : frag); ++# if !defined(BSWAP8) ++ unsigned int carry, j; ++# endif ++ ++ ctx->A[i] = key->md.h[0]; ++ ctx->B[i] = key->md.h[1]; ++ ctx->C[i] = key->md.h[2]; ++ ctx->D[i] = key->md.h[3]; ++ ctx->E[i] = key->md.h[4]; ++ ctx->F[i] = key->md.h[5]; ++ ctx->G[i] = key->md.h[6]; ++ ctx->H[i] = key->md.h[7]; ++ ++ /* fix seqnum */ ++# if defined(BSWAP8) ++ blocks[i].q[0] = BSWAP8(seqnum + i); ++# else ++ for (carry = i, j = 8; j--;) { ++ blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; ++ carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); ++ } ++# endif ++ blocks[i].c[8] = ((u8 *)key->md.data)[8]; ++ blocks[i].c[9] = ((u8 *)key->md.data)[9]; ++ blocks[i].c[10] = ((u8 *)key->md.data)[10]; ++ /* fix length */ ++ blocks[i].c[11] = (u8)(len >> 8); ++ blocks[i].c[12] = (u8)(len); ++ ++ memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13); ++ hash_d[i].ptr += 64 - 13; ++ hash_d[i].blocks = (len - (64 - 13)) / 64; ++ ++ edges[i].ptr = blocks[i].c; ++ edges[i].blocks = 1; ++ } ++ ++ /* hash 13-byte headers and first 64-13 bytes of inputs */ ++ sha256_multi_block(ctx, edges, n4x); ++ /* hash bulk inputs */ ++# define MAXCHUNKSIZE 2048 ++# if MAXCHUNKSIZE%64 ++# error "MAXCHUNKSIZE is not divisible by 64" ++# elif MAXCHUNKSIZE ++ /* ++ * goal is to minimize pressure on L1 cache by moving in shorter steps, ++ * so that hashed data is still in the cache by the time we encrypt it ++ */ ++ minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64; ++ if (minblocks > MAXCHUNKSIZE / 64) { ++ for (i = 0; i < x4; i++) { ++ edges[i].ptr = hash_d[i].ptr; ++ edges[i].blocks = MAXCHUNKSIZE / 64; ++ ciph_d[i].blocks = MAXCHUNKSIZE / 16; ++ } ++ do { ++ sha256_multi_block(ctx, edges, n4x); ++ aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); ++ ++ for (i = 0; i < x4; i++) { ++ edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE; ++ hash_d[i].blocks -= MAXCHUNKSIZE / 64; ++ edges[i].blocks = MAXCHUNKSIZE / 64; ++ ciph_d[i].inp += MAXCHUNKSIZE; ++ ciph_d[i].out += MAXCHUNKSIZE; ++ ciph_d[i].blocks = MAXCHUNKSIZE / 16; ++ memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16); ++ } ++ processed += MAXCHUNKSIZE; ++ minblocks -= MAXCHUNKSIZE / 64; ++ } while (minblocks > MAXCHUNKSIZE / 64); ++ } ++# endif ++# undef MAXCHUNKSIZE ++ sha256_multi_block(ctx, hash_d, n4x); ++ ++ memset(blocks, 0, sizeof(blocks)); ++ for (i = 0; i < x4; i++) { ++ unsigned int len = (i == (x4 - 1) ? last : frag), ++ off = hash_d[i].blocks * 64; ++ const unsigned char *ptr = hash_d[i].ptr + off; ++ ++ off = (len - processed) - (64 - 13) - off; /* remainder actually */ ++ memcpy(blocks[i].c, ptr, off); ++ blocks[i].c[off] = 0x80; ++ len += 64 + 13; /* 64 is HMAC header */ ++ len *= 8; /* convert to bits */ ++ if (off < (64 - 8)) { ++# ifdef BSWAP4 ++ blocks[i].d[15] = BSWAP4(len); ++# else ++ PUTU32(blocks[i].c + 60, len); ++# endif ++ edges[i].blocks = 1; ++ } else { ++# ifdef BSWAP4 ++ blocks[i].d[31] = BSWAP4(len); ++# else ++ PUTU32(blocks[i].c + 124, len); ++# endif ++ edges[i].blocks = 2; ++ } ++ edges[i].ptr = blocks[i].c; ++ } ++ ++ /* hash input tails and finalize */ ++ sha256_multi_block(ctx, edges, n4x); ++ ++ memset(blocks, 0, sizeof(blocks)); ++ for (i = 0; i < x4; i++) { ++# ifdef BSWAP4 ++ blocks[i].d[0] = BSWAP4(ctx->A[i]); ++ ctx->A[i] = key->tail.h[0]; ++ blocks[i].d[1] = BSWAP4(ctx->B[i]); ++ ctx->B[i] = key->tail.h[1]; ++ blocks[i].d[2] = BSWAP4(ctx->C[i]); ++ ctx->C[i] = key->tail.h[2]; ++ blocks[i].d[3] = BSWAP4(ctx->D[i]); ++ ctx->D[i] = key->tail.h[3]; ++ blocks[i].d[4] = BSWAP4(ctx->E[i]); ++ ctx->E[i] = key->tail.h[4]; ++ blocks[i].d[5] = BSWAP4(ctx->F[i]); ++ ctx->F[i] = key->tail.h[5]; ++ blocks[i].d[6] = BSWAP4(ctx->G[i]); ++ ctx->G[i] = key->tail.h[6]; ++ blocks[i].d[7] = BSWAP4(ctx->H[i]); ++ ctx->H[i] = key->tail.h[7]; ++ blocks[i].c[32] = 0x80; ++ blocks[i].d[15] = BSWAP4((64 + 32) * 8); ++# else ++ PUTU32(blocks[i].c + 0, ctx->A[i]); ++ ctx->A[i] = key->tail.h[0]; ++ PUTU32(blocks[i].c + 4, ctx->B[i]); ++ ctx->B[i] = key->tail.h[1]; ++ PUTU32(blocks[i].c + 8, ctx->C[i]); ++ ctx->C[i] = key->tail.h[2]; ++ PUTU32(blocks[i].c + 12, ctx->D[i]); ++ ctx->D[i] = key->tail.h[3]; ++ PUTU32(blocks[i].c + 16, ctx->E[i]); ++ ctx->E[i] = key->tail.h[4]; ++ PUTU32(blocks[i].c + 20, ctx->F[i]); ++ ctx->F[i] = key->tail.h[5]; ++ PUTU32(blocks[i].c + 24, ctx->G[i]); ++ ctx->G[i] = key->tail.h[6]; ++ PUTU32(blocks[i].c + 28, ctx->H[i]); ++ ctx->H[i] = key->tail.h[7]; ++ blocks[i].c[32] = 0x80; ++ PUTU32(blocks[i].c + 60, (64 + 32) * 8); ++# endif ++ edges[i].ptr = blocks[i].c; ++ edges[i].blocks = 1; ++ } ++ ++ /* finalize MACs */ ++ sha256_multi_block(ctx, edges, n4x); ++ ++ for (i = 0; i < x4; i++) { ++ unsigned int len = (i == (x4 - 1) ? last : frag), pad, j; ++ unsigned char *out0 = out; ++ ++ memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed); ++ ciph_d[i].inp = ciph_d[i].out; ++ ++ out += 5 + 16 + len; ++ ++ /* write MAC */ ++ PUTU32(out + 0, ctx->A[i]); ++ PUTU32(out + 4, ctx->B[i]); ++ PUTU32(out + 8, ctx->C[i]); ++ PUTU32(out + 12, ctx->D[i]); ++ PUTU32(out + 16, ctx->E[i]); ++ PUTU32(out + 20, ctx->F[i]); ++ PUTU32(out + 24, ctx->G[i]); ++ PUTU32(out + 28, ctx->H[i]); ++ out += 32; ++ len += 32; ++ ++ /* pad */ ++ pad = 15 - len % 16; ++ for (j = 0; j <= pad; j++) ++ *(out++) = pad; ++ len += pad + 1; ++ ++ ciph_d[i].blocks = (len - processed) / 16; ++ len += 16; /* account for explicit iv */ ++ ++ /* arrange header */ ++ out0[0] = ((u8 *)key->md.data)[8]; ++ out0[1] = ((u8 *)key->md.data)[9]; ++ out0[2] = ((u8 *)key->md.data)[10]; ++ out0[3] = (u8)(len >> 8); ++ out0[4] = (u8)(len); ++ ++ ret += len + 5; ++ inp += frag; ++ } ++ ++ aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); ++ ++ OPENSSL_cleanse(blocks, sizeof(blocks)); ++ OPENSSL_cleanse(ctx, sizeof(*ctx)); ++ ++ return ret; ++} ++# endif ++ ++static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, ++ unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_AES_HMAC_SHA256 *key = data(ctx); ++ unsigned int l; ++ size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and ++ * later */ ++ sha_off = 0; ++# if defined(STITCHED_CALL) ++ size_t aes_off = 0, blocks; ++ ++ sha_off = SHA256_CBLOCK - key->md.num; ++# endif ++ ++ key->payload_length = NO_PAYLOAD_LENGTH; ++ ++ if (len % AES_BLOCK_SIZE) ++ return 0; ++ ++ if (ctx->encrypt) { ++ if (plen == NO_PAYLOAD_LENGTH) ++ plen = len; ++ else if (len != ++ ((plen + SHA256_DIGEST_LENGTH + ++ AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) ++ return 0; ++ else if (key->aux.tls_ver >= TLS1_1_VERSION) ++ iv = AES_BLOCK_SIZE; ++ ++# if defined(STITCHED_CALL) ++ if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */ ++ plen > (sha_off + iv) && ++ (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { ++ SHA256_Update(&key->md, in + iv, sha_off); ++ ++ (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks, ++ ctx->iv, &key->md, in + iv + sha_off); ++ blocks *= SHA256_CBLOCK; ++ aes_off += blocks; ++ sha_off += blocks; ++ key->md.Nh += blocks >> 29; ++ key->md.Nl += blocks <<= 3; ++ if (key->md.Nl < (unsigned int)blocks) ++ key->md.Nh++; ++ } else { ++ sha_off = 0; ++ } ++# endif ++ sha_off += iv; ++ SHA256_Update(&key->md, in + sha_off, plen - sha_off); ++ ++ if (plen != len) { /* "TLS" mode of operation */ ++ if (in != out) ++ memcpy(out + aes_off, in + aes_off, plen - aes_off); ++ ++ /* calculate HMAC and append it to payload */ ++ SHA256_Final(out + plen, &key->md); ++ key->md = key->tail; ++ SHA256_Update(&key->md, out + plen, SHA256_DIGEST_LENGTH); ++ SHA256_Final(out + plen, &key->md); ++ ++ /* pad the payload|hmac */ ++ plen += SHA256_DIGEST_LENGTH; ++ for (l = len - plen - 1; plen < len; plen++) ++ out[plen] = l; ++ /* encrypt HMAC|padding at once */ ++ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, ++ &key->ks, ctx->iv, 1); ++ } else { ++ aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, ++ &key->ks, ctx->iv, 1); ++ } ++ } else { ++ union { ++ unsigned int u[SHA256_DIGEST_LENGTH / sizeof(unsigned int)]; ++ unsigned char c[64 + SHA256_DIGEST_LENGTH]; ++ } mac, *pmac; ++ ++ /* arrange cache line alignment */ ++ pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64)); ++ ++ /* decrypt HMAC|padding at once */ ++ aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); ++ ++ if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ ++ size_t inp_len, mask, j, i; ++ unsigned int res, maxpad, pad, bitlen; ++ int ret = 1; ++ union { ++ unsigned int u[SHA_LBLOCK]; ++ unsigned char c[SHA256_CBLOCK]; ++ } *data = (void *)key->md.data; ++ ++ if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3]) ++ >= TLS1_1_VERSION) ++ iv = AES_BLOCK_SIZE; ++ ++ if (len < (iv + SHA256_DIGEST_LENGTH + 1)) ++ return 0; ++ ++ /* omit explicit iv */ ++ out += iv; ++ len -= iv; ++ ++ /* figure out payload length */ ++ pad = out[len - 1]; ++ maxpad = len - (SHA256_DIGEST_LENGTH + 1); ++ maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); ++ maxpad &= 255; ++ ++ inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); ++ mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); ++ inp_len &= mask; ++ ret &= (int)mask; ++ ++ key->aux.tls_aad[plen - 2] = inp_len >> 8; ++ key->aux.tls_aad[plen - 1] = inp_len; ++ ++ /* calculate HMAC */ ++ key->md = key->head; ++ SHA256_Update(&key->md, key->aux.tls_aad, plen); ++ ++# if 1 ++ len -= SHA256_DIGEST_LENGTH; /* amend mac */ ++ if (len >= (256 + SHA256_CBLOCK)) { ++ j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK); ++ j += SHA256_CBLOCK - key->md.num; ++ SHA256_Update(&key->md, out, j); ++ out += j; ++ len -= j; ++ inp_len -= j; ++ } ++ ++ /* but pretend as if we hashed padded payload */ ++ bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ ++# ifdef BSWAP4 ++ bitlen = BSWAP4(bitlen); ++# else ++ mac.c[0] = 0; ++ mac.c[1] = (unsigned char)(bitlen >> 16); ++ mac.c[2] = (unsigned char)(bitlen >> 8); ++ mac.c[3] = (unsigned char)bitlen; ++ bitlen = mac.u[0]; ++# endif ++ ++ pmac->u[0] = 0; ++ pmac->u[1] = 0; ++ pmac->u[2] = 0; ++ pmac->u[3] = 0; ++ pmac->u[4] = 0; ++ pmac->u[5] = 0; ++ pmac->u[6] = 0; ++ pmac->u[7] = 0; ++ ++ for (res = key->md.num, j = 0; j < len; j++) { ++ size_t c = out[j]; ++ mask = (j - inp_len) >> (sizeof(j) * 8 - 8); ++ c &= mask; ++ c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8)); ++ data->c[res++] = (unsigned char)c; ++ ++ if (res != SHA256_CBLOCK) ++ continue; ++ ++ /* j is not incremented yet */ ++ mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1)); ++ data->u[SHA_LBLOCK - 1] |= bitlen & mask; ++ sha256_block_data_order(&key->md, data, 1); ++ mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1)); ++ pmac->u[0] |= key->md.h[0] & mask; ++ pmac->u[1] |= key->md.h[1] & mask; ++ pmac->u[2] |= key->md.h[2] & mask; ++ pmac->u[3] |= key->md.h[3] & mask; ++ pmac->u[4] |= key->md.h[4] & mask; ++ pmac->u[5] |= key->md.h[5] & mask; ++ pmac->u[6] |= key->md.h[6] & mask; ++ pmac->u[7] |= key->md.h[7] & mask; ++ res = 0; ++ } ++ ++ for (i = res; i < SHA256_CBLOCK; i++, j++) ++ data->c[i] = 0; ++ ++ if (res > SHA256_CBLOCK - 8) { ++ mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1)); ++ data->u[SHA_LBLOCK - 1] |= bitlen & mask; ++ sha256_block_data_order(&key->md, data, 1); ++ mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); ++ pmac->u[0] |= key->md.h[0] & mask; ++ pmac->u[1] |= key->md.h[1] & mask; ++ pmac->u[2] |= key->md.h[2] & mask; ++ pmac->u[3] |= key->md.h[3] & mask; ++ pmac->u[4] |= key->md.h[4] & mask; ++ pmac->u[5] |= key->md.h[5] & mask; ++ pmac->u[6] |= key->md.h[6] & mask; ++ pmac->u[7] |= key->md.h[7] & mask; ++ ++ memset(data, 0, SHA256_CBLOCK); ++ j += 64; ++ } ++ data->u[SHA_LBLOCK - 1] = bitlen; ++ sha256_block_data_order(&key->md, data, 1); ++ mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); ++ pmac->u[0] |= key->md.h[0] & mask; ++ pmac->u[1] |= key->md.h[1] & mask; ++ pmac->u[2] |= key->md.h[2] & mask; ++ pmac->u[3] |= key->md.h[3] & mask; ++ pmac->u[4] |= key->md.h[4] & mask; ++ pmac->u[5] |= key->md.h[5] & mask; ++ pmac->u[6] |= key->md.h[6] & mask; ++ pmac->u[7] |= key->md.h[7] & mask; ++ ++# ifdef BSWAP4 ++ pmac->u[0] = BSWAP4(pmac->u[0]); ++ pmac->u[1] = BSWAP4(pmac->u[1]); ++ pmac->u[2] = BSWAP4(pmac->u[2]); ++ pmac->u[3] = BSWAP4(pmac->u[3]); ++ pmac->u[4] = BSWAP4(pmac->u[4]); ++ pmac->u[5] = BSWAP4(pmac->u[5]); ++ pmac->u[6] = BSWAP4(pmac->u[6]); ++ pmac->u[7] = BSWAP4(pmac->u[7]); ++# else ++ for (i = 0; i < 8; i++) { ++ res = pmac->u[i]; ++ pmac->c[4 * i + 0] = (unsigned char)(res >> 24); ++ pmac->c[4 * i + 1] = (unsigned char)(res >> 16); ++ pmac->c[4 * i + 2] = (unsigned char)(res >> 8); ++ pmac->c[4 * i + 3] = (unsigned char)res; ++ } ++# endif ++ len += SHA256_DIGEST_LENGTH; ++# else ++ SHA256_Update(&key->md, out, inp_len); ++ res = key->md.num; ++ SHA256_Final(pmac->c, &key->md); ++ ++ { ++ unsigned int inp_blocks, pad_blocks; ++ ++ /* but pretend as if we hashed padded payload */ ++ inp_blocks = ++ 1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); ++ res += (unsigned int)(len - inp_len); ++ pad_blocks = res / SHA256_CBLOCK; ++ res %= SHA256_CBLOCK; ++ pad_blocks += ++ 1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); ++ for (; inp_blocks < pad_blocks; inp_blocks++) ++ sha1_block_data_order(&key->md, data, 1); ++ } ++# endif ++ key->md = key->tail; ++ SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH); ++ SHA256_Final(pmac->c, &key->md); ++ ++ /* verify HMAC */ ++ out += inp_len; ++ len -= inp_len; ++# if 1 ++ { ++ unsigned char *p = ++ out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; ++ size_t off = out - p; ++ unsigned int c, cmask; ++ ++ maxpad += SHA256_DIGEST_LENGTH; ++ for (res = 0, i = 0, j = 0; j < maxpad; j++) { ++ c = p[j]; ++ cmask = ++ ((int)(j - off - SHA256_DIGEST_LENGTH)) >> ++ (sizeof(int) * 8 - 1); ++ res |= (c ^ pad) & ~cmask; /* ... and padding */ ++ cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1); ++ res |= (c ^ pmac->c[i]) & cmask; ++ i += 1 & cmask; ++ } ++ maxpad -= SHA256_DIGEST_LENGTH; ++ ++ res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ++ ret &= (int)~res; ++ } ++# else ++ for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++) ++ res |= out[i] ^ pmac->c[i]; ++ res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ++ ret &= (int)~res; ++ ++ /* verify padding */ ++ pad = (pad & ~res) | (maxpad & res); ++ out = out + len - 1 - pad; ++ for (res = 0, i = 0; i < pad; i++) ++ res |= out[i] ^ pad; ++ ++ res = (0 - res) >> (sizeof(res) * 8 - 1); ++ ret &= (int)~res; ++# endif ++ return ret; ++ } else { ++ SHA256_Update(&key->md, out, len); ++ } ++ } ++ ++ return 1; ++} ++ ++static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, ++ void *ptr) ++{ ++ EVP_AES_HMAC_SHA256 *key = data(ctx); ++ ++ switch (type) { ++ case EVP_CTRL_AEAD_SET_MAC_KEY: ++ { ++ unsigned int i; ++ unsigned char hmac_key[64]; ++ ++ memset(hmac_key, 0, sizeof(hmac_key)); ++ ++ if (arg > (int)sizeof(hmac_key)) { ++ SHA256_Init(&key->head); ++ SHA256_Update(&key->head, ptr, arg); ++ SHA256_Final(hmac_key, &key->head); ++ } else { ++ memcpy(hmac_key, ptr, arg); ++ } ++ ++ for (i = 0; i < sizeof(hmac_key); i++) ++ hmac_key[i] ^= 0x36; /* ipad */ ++ SHA256_Init(&key->head); ++ SHA256_Update(&key->head, hmac_key, sizeof(hmac_key)); ++ ++ for (i = 0; i < sizeof(hmac_key); i++) ++ hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ ++ SHA256_Init(&key->tail); ++ SHA256_Update(&key->tail, hmac_key, sizeof(hmac_key)); ++ ++ OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); ++ ++ return 1; ++ } ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ { ++ unsigned char *p = ptr; ++ unsigned int len = p[arg - 2] << 8 | p[arg - 1]; ++ ++ if (arg != EVP_AEAD_TLS1_AAD_LEN) ++ return -1; ++ ++ len = p[arg - 2] << 8 | p[arg - 1]; ++ ++ if (ctx->encrypt) { ++ key->payload_length = len; ++ if ((key->aux.tls_ver = ++ p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { ++ len -= AES_BLOCK_SIZE; ++ p[arg - 2] = len >> 8; ++ p[arg - 1] = len; ++ } ++ key->md = key->head; ++ SHA256_Update(&key->md, p, arg); ++ ++ return (int)(((len + SHA256_DIGEST_LENGTH + ++ AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) ++ - len); ++ } else { ++ memcpy(key->aux.tls_aad, ptr, arg); ++ key->payload_length = arg; ++ ++ return SHA256_DIGEST_LENGTH; ++ } ++ } ++# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK ++ case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: ++ return (int)(5 + 16 + ((arg + 32 + 16) & -16)); ++ case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: ++ { ++ EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = ++ (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; ++ unsigned int n4x = 1, x4; ++ unsigned int frag, last, packlen, inp_len; ++ ++ if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) ++ return -1; ++ ++ inp_len = param->inp[11] << 8 | param->inp[12]; ++ ++ if (ctx->encrypt) { ++ if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) ++ return -1; ++ ++ if (inp_len) { ++ if (inp_len < 4096) ++ return 0; /* too short */ ++ ++ if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) ++ n4x = 2; /* AVX2 */ ++ } else if ((n4x = param->interleave / 4) && n4x <= 2) ++ inp_len = param->len; ++ else ++ return -1; ++ ++ key->md = key->head; ++ SHA256_Update(&key->md, param->inp, 13); ++ ++ x4 = 4 * n4x; ++ n4x += 1; ++ ++ frag = inp_len >> n4x; ++ last = inp_len + frag - (frag << n4x); ++ if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) { ++ frag++; ++ last -= x4 - 1; ++ } ++ ++ packlen = 5 + 16 + ((frag + 32 + 16) & -16); ++ packlen = (packlen << n4x) - packlen; ++ packlen += 5 + 16 + ((last + 32 + 16) & -16); ++ ++ param->interleave = x4; ++ ++ return (int)packlen; ++ } else ++ return -1; /* not yet */ ++ } ++ case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: ++ { ++ EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = ++ (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; ++ ++ return (int)tls1_1_multi_block_encrypt(key, param->out, ++ param->inp, param->len, ++ param->interleave / 4); ++ } ++ case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: ++# endif ++ default: ++ return -1; ++ } ++} ++ ++static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { ++# ifdef NID_aes_128_cbc_hmac_sha256 ++ NID_aes_128_cbc_hmac_sha256, ++# else ++ NID_undef, ++# endif ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | ++ EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, ++ aesni_cbc_hmac_sha256_init_key, ++ aesni_cbc_hmac_sha256_cipher, ++ NULL, ++ sizeof(EVP_AES_HMAC_SHA256), ++ EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv, ++ EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv, ++ aesni_cbc_hmac_sha256_ctrl, ++ NULL ++}; ++ ++static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { ++# ifdef NID_aes_256_cbc_hmac_sha256 ++ NID_aes_256_cbc_hmac_sha256, ++# else ++ NID_undef, ++# endif ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | ++ EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, ++ aesni_cbc_hmac_sha256_init_key, ++ aesni_cbc_hmac_sha256_cipher, ++ NULL, ++ sizeof(EVP_AES_HMAC_SHA256), ++ EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv, ++ EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv, ++ aesni_cbc_hmac_sha256_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void) ++{ ++ return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) && ++ aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? ++ &aesni_128_cbc_hmac_sha256_cipher : NULL); ++} ++ ++const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) ++{ ++ return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) && ++ aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? ++ &aesni_256_cbc_hmac_sha256_cipher : NULL); ++} ++# else ++const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void) ++{ ++ return NULL; ++} ++ ++const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) ++{ ++ return NULL; ++} ++# endif ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c +new file mode 100644 +index 0000000..f9c8401 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c +@@ -0,0 +1,394 @@ ++/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#ifndef OPENSSL_NO_CAMELLIA ++# include ++# include ++# include ++# include ++# include ++# include "evp_locl.h" ++# include "modes_lcl.h" ++ ++static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc); ++ ++/* Camellia subkey Structure */ ++typedef struct { ++ CAMELLIA_KEY ks; ++ block128_f block; ++ union { ++ cbc128_f cbc; ++ ctr128_f ctr; ++ } stream; ++} EVP_CAMELLIA_KEY; ++ ++# define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) ++ ++/* Attribute operation for Camellia */ ++# define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) ++ ++# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) ++/* ---------^^^ this is not a typo, just a way to detect that ++ * assembler support was in general requested... */ ++# include "sparc_arch.h" ++ ++extern unsigned int OPENSSL_sparcv9cap_P[]; ++ ++# define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA) ++ ++void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks); ++void cmll_t4_encrypt(const unsigned char *in, unsigned char *out, ++ const CAMELLIA_KEY *key); ++void cmll_t4_decrypt(const unsigned char *in, unsigned char *out, ++ const CAMELLIA_KEY *key); ++ ++void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const CAMELLIA_KEY *key, ++ unsigned char *ivec); ++void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const CAMELLIA_KEY *key, ++ unsigned char *ivec); ++void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const CAMELLIA_KEY *key, ++ unsigned char *ivec); ++void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const CAMELLIA_KEY *key, ++ unsigned char *ivec); ++void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const CAMELLIA_KEY *key, ++ unsigned char *ivec); ++void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, ++ size_t blocks, const CAMELLIA_KEY *key, ++ unsigned char *ivec); ++ ++static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ int ret, mode, bits; ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; ++ ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ bits = ctx->key_len * 8; ++ ++ cmll_t4_set_key(key, bits, &dat->ks); ++ ++ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) ++ && !enc) { ++ ret = 0; ++ dat->block = (block128_f) cmll_t4_decrypt; ++ switch (bits) { ++ case 128: ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) cmll128_t4_cbc_decrypt : NULL; ++ break; ++ case 192: ++ case 256: ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) cmll256_t4_cbc_decrypt : NULL; ++ break; ++ default: ++ ret = -1; ++ } ++ } else { ++ ret = 0; ++ dat->block = (block128_f) cmll_t4_encrypt; ++ switch (bits) { ++ case 128: ++ if (mode == EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt; ++ else if (mode == EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt; ++ else ++ dat->stream.cbc = NULL; ++ break; ++ case 192: ++ case 256: ++ if (mode == EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt; ++ else if (mode == EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt; ++ else ++ dat->stream.cbc = NULL; ++ break; ++ default: ++ ret = -1; ++ } ++ } ++ ++ if (ret < 0) { ++ EVPerr(EVP_F_CMLL_T4_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++# define cmll_t4_cbc_cipher camellia_cbc_cipher ++static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define cmll_t4_ecb_cipher camellia_ecb_cipher ++static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define cmll_t4_ofb_cipher camellia_ofb_cipher ++static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define cmll_t4_cfb_cipher camellia_cfb_cipher ++static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define cmll_t4_cfb8_cipher camellia_cfb8_cipher ++static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define cmll_t4_cfb1_cipher camellia_cfb1_cipher ++static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define cmll_t4_ctr_cipher camellia_ctr_cipher ++static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len); ++ ++# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ ++static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \ ++ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ cmll_t4_init_key, \ ++ cmll_t4_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_CAMELLIA_KEY), \ ++ NULL,NULL,NULL,NULL }; \ ++static const EVP_CIPHER camellia_##keylen##_##mode = { \ ++ nid##_##keylen##_##nmode,blocksize, \ ++ keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ camellia_init_key, \ ++ camellia_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_CAMELLIA_KEY), \ ++ NULL,NULL,NULL,NULL }; \ ++const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ ++{ return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; } ++ ++# else ++ ++# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ ++static const EVP_CIPHER camellia_##keylen##_##mode = { \ ++ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ camellia_init_key, \ ++ camellia_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_CAMELLIA_KEY), \ ++ NULL,NULL,NULL,NULL }; \ ++const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ ++{ return &camellia_##keylen##_##mode; } ++ ++# endif ++ ++# define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ ++ BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ ++ BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ ++ BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ ++ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ ++ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ ++ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) ++# if 0 /* not yet, missing NID */ ++BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) ++# endif ++/* The subkey for Camellia is generated. */ ++static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ int ret, mode; ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; ++ ++ ret = Camellia_set_key(key, ctx->key_len * 8, &dat->ks); ++ if (ret < 0) { ++ EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED); ++ return 0; ++ } ++ ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) ++ && !enc) { ++ dat->block = (block128_f) Camellia_decrypt; ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) Camellia_cbc_encrypt : NULL; ++ } else { ++ dat->block = (block128_f) Camellia_encrypt; ++ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? ++ (cbc128_f) Camellia_cbc_encrypt : NULL; ++ } ++ ++ return 1; ++} ++ ++static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; ++ ++ if (dat->stream.cbc) ++ (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); ++ else if (ctx->encrypt) ++ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); ++ else ++ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); ++ ++ return 1; ++} ++ ++static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ size_t bl = ctx->cipher->block_size; ++ size_t i; ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; ++ ++ if (len < bl) ++ return 1; ++ ++ for (i = 0, len -= bl; i <= len; i += bl) ++ (*dat->block) (in + i, out + i, &dat->ks); ++ ++ return 1; ++} ++ ++static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; ++ ++ CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ++ ctx->iv, &ctx->num, dat->block); ++ return 1; ++} ++ ++static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; ++ ++ CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ return 1; ++} ++ ++static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; ++ ++ CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ return 1; ++} ++ ++static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; ++ ++ if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) { ++ CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ return 1; ++ } ++ ++ while (len >= MAXBITCHUNK) { ++ CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ len -= MAXBITCHUNK; ++ } ++ if (len) ++ CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); ++ ++ return 1; ++} ++ ++# if 0 /* not yet, missing NID */ ++static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ unsigned int num = ctx->num; ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; ++ ++ if (dat->stream.ctr) ++ CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ++ ctx->iv, ctx->buf, &num, dat->stream.ctr); ++ else ++ CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ++ ctx->iv, ctx->buf, &num, dat->block); ++ ctx->num = (size_t)num; ++ return 1; ++} ++# endif ++ ++BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0) ++ BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) ++ BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) ++#else ++ ++# ifdef PEDANTIC ++static void *dummy = &dummy; ++# endif ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c +index e5b99ec..aae13a6 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_des.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_des.c +@@ -65,6 +65,32 @@ + # include + # include + ++typedef struct { ++ union { ++ double align; ++ DES_key_schedule ks; ++ } ks; ++ union { ++ void (*cbc) (const void *, void *, size_t, const void *, void *); ++ } stream; ++} EVP_DES_KEY; ++ ++# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) ++/* ---------^^^ this is not a typo, just a way to detect that ++ * assembler support was in general requested... */ ++# include "sparc_arch.h" ++ ++extern unsigned int OPENSSL_sparcv9cap_P[]; ++ ++# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) ++ ++void des_t4_key_expand(const void *key, DES_key_schedule *ks); ++void des_t4_cbc_encrypt(const void *inp, void *out, size_t len, ++ DES_key_schedule *ks, unsigned char iv[8]); ++void des_t4_cbc_decrypt(const void *inp, void *out, size_t len, ++ DES_key_schedule *ks, unsigned char iv[8]); ++# endif ++ + static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); +@@ -75,7 +101,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + */ + + static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { + BLOCK_CIPHER_ecb_loop() + DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), +@@ -84,26 +110,56 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + } + + static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, +- (DES_cblock *)ctx->iv, &ctx->num); ++ while (inl >= EVP_MAXCHUNK) { ++ DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num); ++ inl -= EVP_MAXCHUNK; ++ in += EVP_MAXCHUNK; ++ out += EVP_MAXCHUNK; ++ } ++ if (inl) ++ DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num); + return 1; + } + + static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, +- (DES_cblock *)ctx->iv, ctx->encrypt); ++ EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; ++ ++ if (dat->stream.cbc) { ++ (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv); ++ return 1; ++ } ++ while (inl >= EVP_MAXCHUNK) { ++ DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); ++ inl -= EVP_MAXCHUNK; ++ in += EVP_MAXCHUNK; ++ out += EVP_MAXCHUNK; ++ } ++ if (inl) ++ DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; + } + + static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, +- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); ++ while (inl >= EVP_MAXCHUNK) { ++ DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); ++ inl -= EVP_MAXCHUNK; ++ in += EVP_MAXCHUNK; ++ out += EVP_MAXCHUNK; ++ } ++ if (inl) ++ DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + return 1; + } + +@@ -112,51 +168,81 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + * way, so wrap it here + */ + static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- unsigned int n; ++ size_t n, chunk = EVP_MAXCHUNK / 8; + unsigned char c[1], d[1]; + +- for (n = 0; n < inl; ++n) { +- c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; +- DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, (DES_cblock *)ctx->iv, +- ctx->encrypt); +- out[n / 8] = +- (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8)); ++ if (inl < chunk) ++ chunk = inl; ++ ++ while (inl && inl >= chunk) { ++ for (n = 0; n < chunk * 8; ++n) { ++ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; ++ DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); ++ out[n / 8] = ++ (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ++ ((d[0] & 0x80) >> (unsigned int)(n % 8)); ++ } ++ inl -= chunk; ++ in += chunk; ++ out += chunk; ++ if (inl < chunk) ++ chunk = inl; + } ++ + return 1; + } + + static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- DES_cfb_encrypt(in, out, 8, inl, ctx->cipher_data, (DES_cblock *)ctx->iv, +- ctx->encrypt); ++ while (inl >= EVP_MAXCHUNK) { ++ DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); ++ inl -= EVP_MAXCHUNK; ++ in += EVP_MAXCHUNK; ++ out += EVP_MAXCHUNK; ++ } ++ if (inl) ++ DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; + } + +-BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, +- EVP_CIPH_RAND_KEY, +- des_init_key, NULL, ++BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64, ++ EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) + ++ BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1, ++ EVP_CIPH_RAND_KEY, des_init_key, NULL, ++ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) + +-BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1, +- EVP_CIPH_RAND_KEY, +- des_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) +- +-BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8, +- EVP_CIPH_RAND_KEY, +- des_init_key, NULL, ++ BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8, ++ EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) + + static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + DES_cblock *deskey = (DES_cblock *)key; ++ EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; ++ ++ dat->stream.cbc = NULL; ++# if defined(SPARC_DES_CAPABLE) ++ if (SPARC_DES_CAPABLE) { ++ int mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ ++ if (mode == EVP_CIPH_CBC_MODE) { ++ des_t4_key_expand(key, &dat->ks.ks); ++ dat->stream.cbc = enc ? des_t4_cbc_encrypt : des_t4_cbc_decrypt; ++ return 1; ++ } ++ } ++# endif + # ifdef EVP_CHECK_DES_KEY +- if (DES_set_key_checked(deskey, ctx->cipher_data) != 0) ++ if (DES_set_key_checked(deskey, dat->ks.ks) != 0) + return 0; + # else + DES_set_key_unchecked(deskey, ctx->cipher_data); +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c +index b80348b..96f272e 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_des3.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_des3.c +@@ -65,6 +65,39 @@ + # include + # include + ++/* Block use of implementations in FIPS mode */ ++# undef EVP_CIPH_FLAG_FIPS ++# define EVP_CIPH_FLAG_FIPS 0 ++ ++typedef struct { ++ union { ++ double align; ++ DES_key_schedule ks[3]; ++ } ks; ++ union { ++ void (*cbc) (const void *, void *, size_t, const void *, void *); ++ } stream; ++} DES_EDE_KEY; ++# define ks1 ks.ks[0] ++# define ks2 ks.ks[1] ++# define ks3 ks.ks[2] ++ ++# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) ++/* ---------^^^ this is not a typo, just a way to detect that ++ * assembler support was in general requested... */ ++# include "sparc_arch.h" ++ ++extern unsigned int OPENSSL_sparcv9cap_P[]; ++ ++# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) ++ ++void des_t4_key_expand(const void *key, DES_key_schedule *ks); ++void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len, ++ DES_key_schedule *ks, unsigned char iv[8]); ++void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len, ++ DES_key_schedule *ks, unsigned char iv[8]); ++# endif ++ + static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + +@@ -73,12 +106,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + + static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + +-typedef struct { +- DES_key_schedule ks1; /* key schedule */ +- DES_key_schedule ks2; /* key schedule (for ede) */ +- DES_key_schedule ks3; /* key schedule (for ede3) */ +-} DES_EDE_KEY; +- + # define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) + + /* +@@ -87,7 +114,7 @@ typedef struct { + */ + + static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { + BLOCK_CIPHER_ecb_loop() + DES_ecb3_encrypt((const_DES_cblock *)(in + i), +@@ -98,40 +125,79 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + } + + static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- DES_ede3_ofb64_encrypt(in, out, (long)inl, +- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, +- (DES_cblock *)ctx->iv, &ctx->num); ++ while (inl >= EVP_MAXCHUNK) { ++ DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ++ &data(ctx)->ks1, &data(ctx)->ks2, ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ &ctx->num); ++ inl -= EVP_MAXCHUNK; ++ in += EVP_MAXCHUNK; ++ out += EVP_MAXCHUNK; ++ } ++ if (inl) ++ DES_ede3_ofb64_encrypt(in, out, (long)inl, ++ &data(ctx)->ks1, &data(ctx)->ks2, ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ &ctx->num); ++ + return 1; + } + + static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { ++ DES_EDE_KEY *dat = data(ctx); ++ + # ifdef KSSL_DEBUG + { + int i; +- printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, +- ctx->buf_len); +- printf("\t iv= "); ++ fprintf(stderr, "des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, ++ ctx->buf_len); ++ fprintf(stderr, "\t iv= "); + for (i = 0; i < 8; i++) +- printf("%02X", ctx->iv[i]); +- printf("\n"); ++ fprintf(stderr, "%02X", ctx->iv[i]); ++ fprintf(stderr, "\n"); + } + # endif /* KSSL_DEBUG */ +- DES_ede3_cbc_encrypt(in, out, (long)inl, +- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, +- (DES_cblock *)ctx->iv, ctx->encrypt); ++ if (dat->stream.cbc) { ++ (*dat->stream.cbc) (in, out, inl, &dat->ks, ctx->iv); ++ return 1; ++ } ++ ++ while (inl >= EVP_MAXCHUNK) { ++ DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, ++ &dat->ks1, &dat->ks2, &dat->ks3, ++ (DES_cblock *)ctx->iv, ctx->encrypt); ++ inl -= EVP_MAXCHUNK; ++ in += EVP_MAXCHUNK; ++ out += EVP_MAXCHUNK; ++ } ++ if (inl) ++ DES_ede3_cbc_encrypt(in, out, (long)inl, ++ &dat->ks1, &dat->ks2, &dat->ks3, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; + } + + static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- DES_ede3_cfb64_encrypt(in, out, (long)inl, +- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, +- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); ++ while (inl >= EVP_MAXCHUNK) { ++ DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ++ &data(ctx)->ks1, &data(ctx)->ks2, ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ &ctx->num, ctx->encrypt); ++ inl -= EVP_MAXCHUNK; ++ in += EVP_MAXCHUNK; ++ out += EVP_MAXCHUNK; ++ } ++ if (inl) ++ DES_ede3_cfb64_encrypt(in, out, (long)inl, ++ &data(ctx)->ks1, &data(ctx)->ks2, ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ &ctx->num, ctx->encrypt); + return 1; + } + +@@ -140,9 +206,9 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + * right way, so wrap it here + */ + static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- unsigned int n; ++ size_t n; + unsigned char c[1], d[1]; + + for (n = 0; n < inl; ++n) { +@@ -151,26 +217,36 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, (DES_cblock *)ctx->iv, + ctx->encrypt); +- out[n / 8] = +- (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8)); ++ out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) ++ | ((d[0] & 0x80) >> (unsigned int)(n % 8)); + } + + return 1; + } + + static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- DES_ede3_cfb_encrypt(in, out, 8, inl, +- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, +- (DES_cblock *)ctx->iv, ctx->encrypt); ++ while (inl >= EVP_MAXCHUNK) { ++ DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, ++ &data(ctx)->ks1, &data(ctx)->ks2, ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ ctx->encrypt); ++ inl -= EVP_MAXCHUNK; ++ in += EVP_MAXCHUNK; ++ out += EVP_MAXCHUNK; ++ } ++ if (inl) ++ DES_ede3_cfb_encrypt(in, out, 8, (long)inl, ++ &data(ctx)->ks1, &data(ctx)->ks2, ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ ctx->encrypt); + return 1; + } + + BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | +- EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede_init_key, NULL, NULL, +- NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, ++ des_ede_init_key, NULL, NULL, NULL, des3_ctrl) + # define des_ede3_cfb64_cipher des_ede_cfb64_cipher + # define des_ede3_ofb_cipher des_ede_ofb_cipher + # define des_ede3_cbc_cipher des_ede_cbc_cipher +@@ -194,15 +270,32 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + DES_cblock *deskey = (DES_cblock *)key; ++ DES_EDE_KEY *dat = data(ctx); ++ ++ dat->stream.cbc = NULL; ++# if defined(SPARC_DES_CAPABLE) ++ if (SPARC_DES_CAPABLE) { ++ int mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ ++ if (mode == EVP_CIPH_CBC_MODE) { ++ des_t4_key_expand(&deskey[0], &dat->ks1); ++ des_t4_key_expand(&deskey[1], &dat->ks2); ++ memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); ++ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : ++ des_t4_ede3_cbc_decrypt; ++ return 1; ++ } ++ } ++# endif + # ifdef EVP_CHECK_DES_KEY +- if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) +- ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2)) ++ if (DES_set_key_checked(&deskey[0], &dat->ks1) ++ ! !DES_set_key_checked(&deskey[1], &dat->ks2)) + return 0; + # else +- DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); +- DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); ++ DES_set_key_unchecked(&deskey[0], &dat->ks1); ++ DES_set_key_unchecked(&deskey[1], &dat->ks2); + # endif +- memcpy(&data(ctx)->ks3, &data(ctx)->ks1, sizeof(data(ctx)->ks1)); ++ memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); + return 1; + } + +@@ -210,30 +303,49 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + DES_cblock *deskey = (DES_cblock *)key; ++ DES_EDE_KEY *dat = data(ctx); ++ + # ifdef KSSL_DEBUG + { + int i; +- printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx); +- printf("\tKEY= "); ++ fprintf(stderr, "des_ede3_init_key(ctx=%p)\n", ctx); ++ fprintf(stderr, "\tKEY= "); + for (i = 0; i < 24; i++) +- printf("%02X", key[i]); +- printf("\n"); +- printf("\t IV= "); +- for (i = 0; i < 8; i++) +- printf("%02X", iv[i]); +- printf("\n"); ++ fprintf(stderr, "%02X", key[i]); ++ fprintf(stderr, "\n"); ++ if (iv) { ++ fprintf(stderr, "\t IV= "); ++ for (i = 0; i < 8; i++) ++ fprintf(stderr, "%02X", iv[i]); ++ fprintf(stderr, "\n"); ++ } + } + # endif /* KSSL_DEBUG */ + ++ dat->stream.cbc = NULL; ++# if defined(SPARC_DES_CAPABLE) ++ if (SPARC_DES_CAPABLE) { ++ int mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ ++ if (mode == EVP_CIPH_CBC_MODE) { ++ des_t4_key_expand(&deskey[0], &dat->ks1); ++ des_t4_key_expand(&deskey[1], &dat->ks2); ++ des_t4_key_expand(&deskey[2], &dat->ks3); ++ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : ++ des_t4_ede3_cbc_decrypt; ++ return 1; ++ } ++ } ++# endif + # ifdef EVP_CHECK_DES_KEY +- if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) +- || DES_set_key_checked(&deskey[1], &data(ctx)->ks2) +- || DES_set_key_checked(&deskey[2], &data(ctx)->ks3)) ++ if (DES_set_key_checked(&deskey[0], &dat->ks1) ++ || DES_set_key_checked(&deskey[1], &dat->ks2) ++ || DES_set_key_checked(&deskey[2], &dat->ks3)) + return 0; + # else +- DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); +- DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); +- DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3); ++ DES_set_key_unchecked(&deskey[0], &dat->ks1); ++ DES_set_key_unchecked(&deskey[1], &dat->ks2); ++ DES_set_key_unchecked(&deskey[2], &dat->ks3); + # endif + return 1; + } +@@ -268,4 +380,115 @@ const EVP_CIPHER *EVP_des_ede3(void) + { + return &des_ede3_ecb; + } ++ ++# ifndef OPENSSL_NO_SHA ++ ++# include ++ ++static const unsigned char wrap_iv[8] = ++ { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; ++ ++static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++{ ++ unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH]; ++ int rv = -1; ++ if (inl < 24) ++ return -1; ++ if (!out) ++ return inl - 16; ++ memcpy(ctx->iv, wrap_iv, 8); ++ /* Decrypt first block which will end up as icv */ ++ des_ede_cbc_cipher(ctx, icv, in, 8); ++ /* Decrypt central blocks */ ++ /* ++ * If decrypting in place move whole output along a block so the next ++ * des_ede_cbc_cipher is in place. ++ */ ++ if (out == in) { ++ memmove(out, out + 8, inl - 8); ++ in -= 8; ++ } ++ des_ede_cbc_cipher(ctx, out, in + 8, inl - 16); ++ /* Decrypt final block which will be IV */ ++ des_ede_cbc_cipher(ctx, iv, in + inl - 8, 8); ++ /* Reverse order of everything */ ++ BUF_reverse(icv, NULL, 8); ++ BUF_reverse(out, NULL, inl - 16); ++ BUF_reverse(ctx->iv, iv, 8); ++ /* Decrypt again using new IV */ ++ des_ede_cbc_cipher(ctx, out, out, inl - 16); ++ des_ede_cbc_cipher(ctx, icv, icv, 8); ++ /* Work out SHA1 hash of first portion */ ++ SHA1(out, inl - 16, sha1tmp); ++ ++ if (!CRYPTO_memcmp(sha1tmp, icv, 8)) ++ rv = inl - 16; ++ OPENSSL_cleanse(icv, 8); ++ OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); ++ OPENSSL_cleanse(iv, 8); ++ OPENSSL_cleanse(ctx->iv, 8); ++ if (rv == -1) ++ OPENSSL_cleanse(out, inl - 16); ++ ++ return rv; ++} ++ ++static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++{ ++ unsigned char sha1tmp[SHA_DIGEST_LENGTH]; ++ if (!out) ++ return inl + 16; ++ /* Copy input to output buffer + 8 so we have space for IV */ ++ memmove(out + 8, in, inl); ++ /* Work out ICV */ ++ SHA1(in, inl, sha1tmp); ++ memcpy(out + inl + 8, sha1tmp, 8); ++ OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); ++ /* Generate random IV */ ++ if (RAND_bytes(ctx->iv, 8) <= 0) ++ return -1; ++ memcpy(out, ctx->iv, 8); ++ /* Encrypt everything after IV in place */ ++ des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); ++ BUF_reverse(out, NULL, inl + 16); ++ memcpy(ctx->iv, wrap_iv, 8); ++ des_ede_cbc_cipher(ctx, out, out, inl + 16); ++ return inl + 16; ++} ++ ++static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++{ ++ /* ++ * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK ++ * is more than will ever be needed. Also input length must be a multiple ++ * of 8 bits. ++ */ ++ if (inl >= EVP_MAXCHUNK || inl % 8) ++ return -1; ++ if (ctx->encrypt) ++ return des_ede3_wrap(ctx, out, in, inl); ++ else ++ return des_ede3_unwrap(ctx, out, in, inl); ++} ++ ++static const EVP_CIPHER des3_wrap = { ++ NID_id_smime_alg_CMS3DESwrap, ++ 8, 24, 0, ++ EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER ++ | EVP_CIPH_FLAG_DEFAULT_ASN1, ++ des_ede3_init_key, des_ede3_wrap_cipher, ++ NULL, ++ sizeof(DES_EDE_KEY), ++ NULL, NULL, NULL, NULL ++}; ++ ++const EVP_CIPHER *EVP_des_ede3_wrap(void) ++{ ++ return &des3_wrap; ++} ++ ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c +index 035034b..cac72b3 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_idea.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_idea.c +@@ -74,7 +74,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + */ + + static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { + BLOCK_CIPHER_ecb_loop() + idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c +index 13e359c..599fcb8 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_null.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_null.c +@@ -64,11 +64,11 @@ + static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); ++ const unsigned char *in, size_t inl); + static const EVP_CIPHER n_cipher = { + NID_undef, + 1, 0, 0, +- EVP_CIPH_FLAG_FIPS, ++ 0, + null_init_key, + null_cipher, + NULL, +@@ -92,9 +92,9 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + } + + static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { + if (in != out) +- memcpy((char *)out, (const char *)in, (size_t)inl); ++ memcpy((char *)out, (const char *)in, inl); + return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c +index 2990f91..718cc86 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c +@@ -183,8 +183,8 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) + key_bits = rc2_magic_to_meth((int)num); + if (!key_bits) + return (-1); +- if (i > 0) +- EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); ++ if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) ++ return -1; + EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); + EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); + } +@@ -221,6 +221,11 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + return 1; + } + return 0; ++# ifdef PBE_PRF_TEST ++ case EVP_CTRL_PBE_PRF_NID: ++ *(int *)ptr = NID_hmacWithMD5; ++ return 1; ++# endif + + default: + return -1; +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c +index 544cc25..08e48f3 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c +@@ -62,9 +62,9 @@ + #ifndef OPENSSL_NO_RC4 + + # include ++# include "evp_locl.h" + # include + # include +-# include "evp_locl.h" + + /* FIXME: surely this is available elsewhere? */ + # define EVP_RC4_KEY_SIZE 16 +@@ -78,7 +78,7 @@ typedef struct { + static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); ++ const unsigned char *in, size_t inl); + static const EVP_CIPHER r4_cipher = { + NID_rc4, + 1, EVP_RC4_KEY_SIZE, 0, +@@ -125,7 +125,7 @@ static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + } + + static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { + RC4(&data(ctx)->ks, inl, in, out); + return 1; +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c +new file mode 100644 +index 0000000..2da1117 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c +@@ -0,0 +1,308 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++ ++#include ++#include ++ ++#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) ++ ++# include ++# include ++# include ++# include ++# include ++ ++# ifndef EVP_CIPH_FLAG_AEAD_CIPHER ++# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 ++# define EVP_CTRL_AEAD_TLS1_AAD 0x16 ++# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 ++# endif ++ ++/* FIXME: surely this is available elsewhere? */ ++# define EVP_RC4_KEY_SIZE 16 ++ ++typedef struct { ++ RC4_KEY ks; ++ MD5_CTX head, tail, md; ++ size_t payload_length; ++} EVP_RC4_HMAC_MD5; ++ ++# define NO_PAYLOAD_LENGTH ((size_t)-1) ++ ++void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, ++ MD5_CTX *ctx, const void *inp, size_t blocks); ++ ++# define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) ++ ++static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, ++ const unsigned char *inkey, ++ const unsigned char *iv, int enc) ++{ ++ EVP_RC4_HMAC_MD5 *key = data(ctx); ++ ++ RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey); ++ ++ MD5_Init(&key->head); /* handy when benchmarking */ ++ key->tail = key->head; ++ key->md = key->head; ++ ++ key->payload_length = NO_PAYLOAD_LENGTH; ++ ++ return 1; ++} ++ ++# if !defined(OPENSSL_NO_ASM) && ( \ ++ defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__INTEL__) ) && \ ++ !(defined(__APPLE__) && defined(__MACH__)) ++# define STITCHED_CALL ++# endif ++ ++# if !defined(STITCHED_CALL) ++# define rc4_off 0 ++# define md5_off 0 ++# endif ++ ++static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ EVP_RC4_HMAC_MD5 *key = data(ctx); ++# if defined(STITCHED_CALL) ++ size_t rc4_off = 32 - 1 - (key->ks.x & (32 - 1)), /* 32 is $MOD from ++ * rc4_md5-x86_64.pl */ ++ md5_off = MD5_CBLOCK - key->md.num, blocks; ++ unsigned int l; ++ extern unsigned int OPENSSL_ia32cap_P[]; ++# endif ++ size_t plen = key->payload_length; ++ ++ if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) ++ return 0; ++ ++ if (ctx->encrypt) { ++ if (plen == NO_PAYLOAD_LENGTH) ++ plen = len; ++# if defined(STITCHED_CALL) ++ /* cipher has to "fall behind" */ ++ if (rc4_off > md5_off) ++ md5_off += MD5_CBLOCK; ++ ++ if (plen > md5_off && (blocks = (plen - md5_off) / MD5_CBLOCK) && ++ (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { ++ MD5_Update(&key->md, in, md5_off); ++ RC4(&key->ks, rc4_off, in, out); ++ ++ rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, ++ &key->md, in + md5_off, blocks); ++ blocks *= MD5_CBLOCK; ++ rc4_off += blocks; ++ md5_off += blocks; ++ key->md.Nh += blocks >> 29; ++ key->md.Nl += blocks <<= 3; ++ if (key->md.Nl < (unsigned int)blocks) ++ key->md.Nh++; ++ } else { ++ rc4_off = 0; ++ md5_off = 0; ++ } ++# endif ++ MD5_Update(&key->md, in + md5_off, plen - md5_off); ++ ++ if (plen != len) { /* "TLS" mode of operation */ ++ if (in != out) ++ memcpy(out + rc4_off, in + rc4_off, plen - rc4_off); ++ ++ /* calculate HMAC and append it to payload */ ++ MD5_Final(out + plen, &key->md); ++ key->md = key->tail; ++ MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH); ++ MD5_Final(out + plen, &key->md); ++ /* encrypt HMAC at once */ ++ RC4(&key->ks, len - rc4_off, out + rc4_off, out + rc4_off); ++ } else { ++ RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off); ++ } ++ } else { ++ unsigned char mac[MD5_DIGEST_LENGTH]; ++# if defined(STITCHED_CALL) ++ /* digest has to "fall behind" */ ++ if (md5_off > rc4_off) ++ rc4_off += 2 * MD5_CBLOCK; ++ else ++ rc4_off += MD5_CBLOCK; ++ ++ if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) && ++ (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { ++ RC4(&key->ks, rc4_off, in, out); ++ MD5_Update(&key->md, out, md5_off); ++ ++ rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, ++ &key->md, out + md5_off, blocks); ++ blocks *= MD5_CBLOCK; ++ rc4_off += blocks; ++ md5_off += blocks; ++ l = (key->md.Nl + (blocks << 3)) & 0xffffffffU; ++ if (l < key->md.Nl) ++ key->md.Nh++; ++ key->md.Nl = l; ++ key->md.Nh += blocks >> 29; ++ } else { ++ md5_off = 0; ++ rc4_off = 0; ++ } ++# endif ++ /* decrypt HMAC at once */ ++ RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off); ++ if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ ++ MD5_Update(&key->md, out + md5_off, plen - md5_off); ++ ++ /* calculate HMAC and verify it */ ++ MD5_Final(mac, &key->md); ++ key->md = key->tail; ++ MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); ++ MD5_Final(mac, &key->md); ++ ++ if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) ++ return 0; ++ } else { ++ MD5_Update(&key->md, out + md5_off, len - md5_off); ++ } ++ } ++ ++ key->payload_length = NO_PAYLOAD_LENGTH; ++ ++ return 1; ++} ++ ++static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, ++ void *ptr) ++{ ++ EVP_RC4_HMAC_MD5 *key = data(ctx); ++ ++ switch (type) { ++ case EVP_CTRL_AEAD_SET_MAC_KEY: ++ { ++ unsigned int i; ++ unsigned char hmac_key[64]; ++ ++ memset(hmac_key, 0, sizeof(hmac_key)); ++ ++ if (arg > (int)sizeof(hmac_key)) { ++ MD5_Init(&key->head); ++ MD5_Update(&key->head, ptr, arg); ++ MD5_Final(hmac_key, &key->head); ++ } else { ++ memcpy(hmac_key, ptr, arg); ++ } ++ ++ for (i = 0; i < sizeof(hmac_key); i++) ++ hmac_key[i] ^= 0x36; /* ipad */ ++ MD5_Init(&key->head); ++ MD5_Update(&key->head, hmac_key, sizeof(hmac_key)); ++ ++ for (i = 0; i < sizeof(hmac_key); i++) ++ hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ ++ MD5_Init(&key->tail); ++ MD5_Update(&key->tail, hmac_key, sizeof(hmac_key)); ++ ++ return 1; ++ } ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ { ++ unsigned char *p = ptr; ++ unsigned int len; ++ ++ if (arg != EVP_AEAD_TLS1_AAD_LEN) ++ return -1; ++ ++ len = p[arg - 2] << 8 | p[arg - 1]; ++ ++ if (!ctx->encrypt) { ++ len -= MD5_DIGEST_LENGTH; ++ p[arg - 2] = len >> 8; ++ p[arg - 1] = len; ++ } ++ key->payload_length = len; ++ key->md = key->head; ++ MD5_Update(&key->md, p, arg); ++ ++ return MD5_DIGEST_LENGTH; ++ } ++ default: ++ return -1; ++ } ++} ++ ++static EVP_CIPHER r4_hmac_md5_cipher = { ++# ifdef NID_rc4_hmac_md5 ++ NID_rc4_hmac_md5, ++# else ++ NID_undef, ++# endif ++ 1, EVP_RC4_KEY_SIZE, 0, ++ EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH | ++ EVP_CIPH_FLAG_AEAD_CIPHER, ++ rc4_hmac_md5_init_key, ++ rc4_hmac_md5_cipher, ++ NULL, ++ sizeof(EVP_RC4_HMAC_MD5), ++ NULL, ++ NULL, ++ rc4_hmac_md5_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER *EVP_rc4_hmac_md5(void) ++{ ++ return (&r4_hmac_md5_cipher); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_seed.c b/Cryptlib/OpenSSL/crypto/evp/e_seed.c +new file mode 100644 +index 0000000..c948a8f +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/e_seed.c +@@ -0,0 +1,82 @@ ++/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */ ++/* ==================================================================== ++ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#ifndef OPENSSL_NO_SEED ++# include ++# include ++# include ++# include ++# include ++# include "evp_locl.h" ++ ++static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc); ++ ++typedef struct { ++ SEED_KEY_SCHEDULE ks; ++} EVP_SEED_KEY; ++ ++IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, ++ 16, 16, 16, 128, 0, seed_init_key, 0, 0, 0, 0) ++ ++static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ SEED_set_key(key, ctx->cipher_data); ++ return 1; ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c +index 105967f..3430df9 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c +@@ -63,12 +63,13 @@ + + # include + # include ++# include "evp_locl.h" + # include + + static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); ++ const unsigned char *in, size_t inl); + + typedef struct { + DES_key_schedule ks; /* key schedule */ +@@ -110,11 +111,20 @@ static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + } + + static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { +- DES_xcbc_encrypt(in, out, inl, &data(ctx)->ks, +- (DES_cblock *)&(ctx->iv[0]), +- &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); ++ while (inl >= EVP_MAXCHUNK) { ++ DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks, ++ (DES_cblock *)&(ctx->iv[0]), ++ &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); ++ inl -= EVP_MAXCHUNK; ++ in += EVP_MAXCHUNK; ++ out += EVP_MAXCHUNK; ++ } ++ if (inl) ++ DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks, ++ (DES_cblock *)&(ctx->iv[0]), ++ &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); + return 1; + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c +deleted file mode 100644 +index 77e0126..0000000 +--- a/Cryptlib/OpenSSL/crypto/evp/enc_min.c ++++ /dev/null +@@ -1,410 +0,0 @@ +-/* crypto/evp/enc_min.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +-#include "evp_locl.h" +- +-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) +-{ +-#ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-#endif +- memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); +- /* ctx->cipher=NULL; */ +-} +- +-#ifdef OPENSSL_FIPS +- +-/* +- * The purpose of these is to trap programs that attempt to use non FIPS +- * algorithms in FIPS mode and ignore the errors. +- */ +- +-static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +-{ +- FIPS_ERROR_IGNORED("Cipher init"); +- return 0; +-} +- +-static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +-{ +- FIPS_ERROR_IGNORED("Cipher update"); +- return 0; +-} +- +-/* NB: no cleanup because it is allowed after failed init */ +- +-static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) +-{ +- FIPS_ERROR_IGNORED("Cipher set_asn1"); +- return 0; +-} +- +-static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) +-{ +- FIPS_ERROR_IGNORED("Cipher get_asn1"); +- return 0; +-} +- +-static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +-{ +- FIPS_ERROR_IGNORED("Cipher ctrl"); +- return 0; +-} +- +-static const EVP_CIPHER bad_cipher = { +- 0, +- 0, +- 0, +- 0, +- 0, +- bad_init, +- bad_do_cipher, +- NULL, +- 0, +- bad_set_asn1, +- bad_get_asn1, +- bad_ctrl, +- NULL +-}; +- +-#endif +- +-#ifndef OPENSSL_NO_ENGINE +- +-# ifdef OPENSSL_FIPS +- +-static int do_engine_null(ENGINE *impl) +-{ +- return 0; +-} +- +-static int do_evp_enc_engine_null(EVP_CIPHER_CTX *ctx, +- const EVP_CIPHER **pciph, ENGINE *impl) +-{ +- return 1; +-} +- +-static int (*do_engine_finish) (ENGINE *impl) +- = do_engine_null; +- +-static int (*do_evp_enc_engine) +- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl) +- = do_evp_enc_engine_null; +- +-void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl), +- int (*eng_ciph_evp) +- (EVP_CIPHER_CTX *ctx, +- const EVP_CIPHER **pciph, +- ENGINE *impl)) +-{ +- do_engine_finish = eng_ciph_fin; +- do_evp_enc_engine = eng_ciph_evp; +-} +- +-# else +- +-# define do_engine_finish ENGINE_finish +- +-static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, +- ENGINE *impl) +-{ +- if (impl) { +- if (!ENGINE_init(impl)) { +- EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- } else +- /* Ask if an ENGINE is reserved for this job */ +- impl = ENGINE_get_cipher_engine((*pcipher)->nid); +- if (impl) { +- /* There's an ENGINE for this job ... (apparently) */ +- const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); +- if (!c) { +- /* +- * One positive side-effect of US's export control history, is +- * that we should at least be able to avoid using US mispellings +- * of "initialisation"? +- */ +- EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- /* We'll use the ENGINE's private cipher definition */ +- *pcipher = c; +- /* +- * Store the ENGINE functional reference so we know 'cipher' came +- * from an ENGINE and we need to release it when done. +- */ +- ctx->engine = impl; +- } else +- ctx->engine = NULL; +- return 1; +-} +- +-# endif +- +-#endif +- +-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, +- ENGINE *impl, const unsigned char *key, +- const unsigned char *iv, int enc) +-{ +- if (enc == -1) +- enc = ctx->encrypt; +- else { +- if (enc) +- enc = 1; +- ctx->encrypt = enc; +- } +-#ifdef OPENSSL_FIPS +- if (FIPS_selftest_failed()) { +- FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); +- ctx->cipher = &bad_cipher; +- return 0; +- } +-#endif +-#ifndef OPENSSL_NO_ENGINE +- /* +- * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so +- * this context may already have an ENGINE! Try to avoid releasing the +- * previous handle, re-querying for an ENGINE, and having a +- * reinitialisation, when it may all be unecessary. +- */ +- if (ctx->engine && ctx->cipher && (!cipher || +- (cipher +- && (cipher->nid == +- ctx->cipher->nid)))) +- goto skip_to_init; +-#endif +- if (cipher) { +- /* +- * Ensure a context left lying around from last time is cleared (the +- * previous check attempted to avoid this if the same ENGINE and +- * EVP_CIPHER could be used). +- */ +- EVP_CIPHER_CTX_cleanup(ctx); +- +- /* Restore encrypt field: it is zeroed by cleanup */ +- ctx->encrypt = enc; +-#ifndef OPENSSL_NO_ENGINE +- if (!do_evp_enc_engine(ctx, &cipher, impl)) +- return 0; +-#endif +- +- ctx->cipher = cipher; +- if (ctx->cipher->ctx_size) { +- ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); +- if (!ctx->cipher_data) { +- EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } else { +- ctx->cipher_data = NULL; +- } +- ctx->key_len = cipher->key_len; +- ctx->flags = 0; +- if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { +- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { +- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- } +- } else if (!ctx->cipher) { +- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); +- return 0; +- } +-#ifndef OPENSSL_NO_ENGINE +- skip_to_init: +-#endif +- /* we assume block size is a power of 2 in *cryptUpdate */ +- OPENSSL_assert(ctx->cipher->block_size == 1 +- || ctx->cipher->block_size == 8 +- || ctx->cipher->block_size == 16); +- +- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { +- switch (EVP_CIPHER_CTX_mode(ctx)) { +- +- case EVP_CIPH_STREAM_CIPHER: +- case EVP_CIPH_ECB_MODE: +- break; +- +- case EVP_CIPH_CFB_MODE: +- case EVP_CIPH_OFB_MODE: +- +- ctx->num = 0; +- /* fall-through */ +- +- case EVP_CIPH_CBC_MODE: +- +- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= +- (int)sizeof(ctx->iv)); +- if (iv) +- memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); +- memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); +- break; +- +- default: +- return 0; +- break; +- } +- } +-#ifdef OPENSSL_FIPS +- /* +- * After 'key' is set no further parameters changes are permissible. So +- * only check for non FIPS enabling at this point. +- */ +- if (key && FIPS_mode()) { +- if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) +- & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { +- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS); +-# if 0 +- ERR_add_error_data(2, "cipher=", EVP_CIPHER_name(ctx->cipher)); +-# endif +- ctx->cipher = &bad_cipher; +- return 0; +- } +- } +-#endif +- +- if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { +- if (!ctx->cipher->init(ctx, key, iv, enc)) +- return 0; +- } +- ctx->buf_len = 0; +- ctx->final_used = 0; +- ctx->block_mask = ctx->cipher->block_size - 1; +- return 1; +-} +- +-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) +-{ +- if (c->cipher != NULL) { +- if (c->cipher->cleanup && !c->cipher->cleanup(c)) +- return 0; +- /* Cleanse cipher context data */ +- if (c->cipher_data) +- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); +- } +- if (c->cipher_data) +- OPENSSL_free(c->cipher_data); +-#ifndef OPENSSL_NO_ENGINE +- if (c->engine) +- /* +- * The EVP_CIPHER we used belongs to an ENGINE, release the +- * functional reference we held for this reason. +- */ +- do_engine_finish(c->engine); +-#endif +- memset(c, 0, sizeof(EVP_CIPHER_CTX)); +- return 1; +-} +- +-int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +-{ +-#ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-#endif +- return ctx->cipher->do_cipher(ctx, out, in, inl); +-} +- +-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +-{ +- int ret; +- if (!ctx->cipher) { +- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); +- return 0; +- } +- +- if (!ctx->cipher->ctrl) { +- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); +- return 0; +- } +- +- ret = ctx->cipher->ctrl(ctx, type, arg, ptr); +- if (ret == -1) { +- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, +- EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); +- return 0; +- } +- return ret; +-} +- +-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) +-{ +- return ctx->cipher->flags; +-} +- +-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) +-{ +- return ctx->cipher->iv_len; +-} +- +-int EVP_CIPHER_nid(const EVP_CIPHER *cipher) +-{ +- return cipher->nid; +-} +diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c +index 9bdcd57..c361d1f 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/encode.c ++++ b/Cryptlib/OpenSSL/crypto/evp/encode.c +@@ -86,7 +86,7 @@ + #define CHUNKS_PER_LINE (64/4) + #define CHAR_PER_LINE (64+1) + +-static unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\ ++static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\ + abcdefghijklmnopqrstuvwxyz0123456789+/"; + + /*- +@@ -104,7 +104,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; + #define B64_ERROR 0xFF + #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) + +-static unsigned char data_ascii2bin[128] = { ++static const unsigned char data_ascii2bin[128] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +@@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + unsigned int total = 0; + + *outl = 0; +- if (inl == 0) ++ if (inl <= 0) + return; + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); + if ((ctx->num + inl) < ctx->length) { +@@ -248,7 +248,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + + /* We parse the input data */ + for (i = 0; i < inl; i++) { +- /* If the current line is > 80 characters, scream alot */ ++ /* If the current line is > 80 characters, scream a lot */ + if (ln >= 80) { + rv = -1; + goto end; +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +index 8a91a67..65f0e02 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +@@ -64,18 +64,25 @@ + #ifndef OPENSSL_NO_ENGINE + # include + #endif ++#ifdef OPENSSL_FIPS ++# include ++#endif + #include "evp_locl.h" + + #ifdef OPENSSL_FIPS +-# define M_do_cipher(ctx, out, in, inl) \ +- EVP_Cipher(ctx,out,in,inl) ++# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl) + #else +-# define M_do_cipher(ctx, out, in, inl) \ +- ctx->cipher->do_cipher(ctx,out,in,inl) ++# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) + #endif + + const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT; + ++void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) ++{ ++ memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); ++ /* ctx->cipher=NULL; */ ++} ++ + EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) + { + EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); +@@ -92,6 +99,171 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); + } + ++int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ if (enc == -1) ++ enc = ctx->encrypt; ++ else { ++ if (enc) ++ enc = 1; ++ ctx->encrypt = enc; ++ } ++#ifndef OPENSSL_NO_ENGINE ++ /* ++ * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so ++ * this context may already have an ENGINE! Try to avoid releasing the ++ * previous handle, re-querying for an ENGINE, and having a ++ * reinitialisation, when it may all be unecessary. ++ */ ++ if (ctx->engine && ctx->cipher && (!cipher || ++ (cipher ++ && (cipher->nid == ++ ctx->cipher->nid)))) ++ goto skip_to_init; ++#endif ++ if (cipher) { ++ /* ++ * Ensure a context left lying around from last time is cleared (the ++ * previous check attempted to avoid this if the same ENGINE and ++ * EVP_CIPHER could be used). ++ */ ++ if (ctx->cipher) { ++ unsigned long flags = ctx->flags; ++ EVP_CIPHER_CTX_cleanup(ctx); ++ /* Restore encrypt and flags */ ++ ctx->encrypt = enc; ++ ctx->flags = flags; ++ } ++#ifndef OPENSSL_NO_ENGINE ++ if (impl) { ++ if (!ENGINE_init(impl)) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ } else ++ /* Ask if an ENGINE is reserved for this job */ ++ impl = ENGINE_get_cipher_engine(cipher->nid); ++ if (impl) { ++ /* There's an ENGINE for this job ... (apparently) */ ++ const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); ++ if (!c) { ++ /* ++ * One positive side-effect of US's export control history, ++ * is that we should at least be able to avoid using US ++ * mispellings of "initialisation"? ++ */ ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ /* We'll use the ENGINE's private cipher definition */ ++ cipher = c; ++ /* ++ * Store the ENGINE functional reference so we know 'cipher' came ++ * from an ENGINE and we need to release it when done. ++ */ ++ ctx->engine = impl; ++ } else ++ ctx->engine = NULL; ++#endif ++ ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ const EVP_CIPHER *fcipher; ++ if (cipher) ++ fcipher = evp_get_fips_cipher(cipher); ++ if (fcipher) ++ cipher = fcipher; ++ return FIPS_cipherinit(ctx, cipher, key, iv, enc); ++ } ++#endif ++ ctx->cipher = cipher; ++ if (ctx->cipher->ctx_size) { ++ ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); ++ if (!ctx->cipher_data) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } else { ++ ctx->cipher_data = NULL; ++ } ++ ctx->key_len = cipher->key_len; ++ /* Preserve wrap enable flag, zero everything else */ ++ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; ++ if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ } ++ } else if (!ctx->cipher) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); ++ return 0; ++ } ++#ifndef OPENSSL_NO_ENGINE ++ skip_to_init: ++#endif ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_cipherinit(ctx, cipher, key, iv, enc); ++#endif ++ /* we assume block size is a power of 2 in *cryptUpdate */ ++ OPENSSL_assert(ctx->cipher->block_size == 1 ++ || ctx->cipher->block_size == 8 ++ || ctx->cipher->block_size == 16); ++ ++ if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) ++ && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED); ++ return 0; ++ } ++ ++ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { ++ switch (EVP_CIPHER_CTX_mode(ctx)) { ++ ++ case EVP_CIPH_STREAM_CIPHER: ++ case EVP_CIPH_ECB_MODE: ++ break; ++ ++ case EVP_CIPH_CFB_MODE: ++ case EVP_CIPH_OFB_MODE: ++ ++ ctx->num = 0; ++ /* fall-through */ ++ ++ case EVP_CIPH_CBC_MODE: ++ ++ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= ++ (int)sizeof(ctx->iv)); ++ if (iv) ++ memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); ++ memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); ++ break; ++ ++ case EVP_CIPH_CTR_MODE: ++ ctx->num = 0; ++ /* Don't reuse IV for CTR mode */ ++ if (iv) ++ memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); ++ break; ++ ++ default: ++ return 0; ++ break; ++ } ++ } ++ ++ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { ++ if (!ctx->cipher->init(ctx, key, iv, enc)) ++ return 0; ++ } ++ ctx->buf_len = 0; ++ ctx->final_used = 0; ++ ctx->block_mask = ctx->cipher->block_size - 1; ++ return 1; ++} ++ + int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) + { +@@ -148,6 +320,15 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + { + int i, j, bl; + ++ if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { ++ i = M_do_cipher(ctx, out, in, inl); ++ if (i < 0) ++ return 0; ++ else ++ *outl = i; ++ return 1; ++ } ++ + if (inl <= 0) { + *outl = 0; + return inl == 0; +@@ -209,6 +390,15 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + int n, ret; + unsigned int i, b, bl; + ++ if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { ++ ret = M_do_cipher(ctx, out, NULL, 0); ++ if (ret < 0) ++ return 0; ++ else ++ *outl = ret; ++ return 1; ++ } ++ + b = ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->buf); + if (b == 1) { +@@ -243,6 +433,16 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + int fix_len; + unsigned int b; + ++ if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { ++ fix_len = M_do_cipher(ctx, out, in, inl); ++ if (fix_len < 0) { ++ *outl = 0; ++ return 0; ++ } else ++ *outl = fix_len; ++ return 1; ++ } ++ + if (inl <= 0) { + *outl = 0; + return inl == 0; +@@ -292,8 +492,17 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { + int i, n; + unsigned int b; +- + *outl = 0; ++ ++ if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { ++ i = M_do_cipher(ctx, out, NULL, 0); ++ if (i < 0) ++ return 0; ++ else ++ *outl = i; ++ return 1; ++ } ++ + b = ctx->cipher->block_size; + if (ctx->flags & EVP_CIPH_NO_PADDING) { + if (ctx->buf_len) { +@@ -310,6 +519,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + return (0); + } + OPENSSL_assert(b <= sizeof ctx->final); ++ ++ /* ++ * The following assumes that the ciphertext has been authenticated. ++ * Otherwise it provides a padding oracle. ++ */ + n = ctx->final[b - 1]; + if (n == 0 || n > (int)b) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); +@@ -338,6 +552,34 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) + } + } + ++int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) ++{ ++#ifndef OPENSSL_FIPS ++ if (c->cipher != NULL) { ++ if (c->cipher->cleanup && !c->cipher->cleanup(c)) ++ return 0; ++ /* Cleanse cipher context data */ ++ if (c->cipher_data) ++ OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); ++ } ++ if (c->cipher_data) ++ OPENSSL_free(c->cipher_data); ++#endif ++#ifndef OPENSSL_NO_ENGINE ++ if (c->engine) ++ /* ++ * The EVP_CIPHER we used belongs to an ENGINE, release the ++ * functional reference we held for this reason. ++ */ ++ ENGINE_finish(c->engine); ++#endif ++#ifdef OPENSSL_FIPS ++ FIPS_cipher_ctx_cleanup(c); ++#endif ++ memset(c, 0, sizeof(EVP_CIPHER_CTX)); ++ return 1; ++} ++ + int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) + { + if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) +@@ -361,6 +603,28 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) + return 1; + } + ++int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) ++{ ++ int ret; ++ if (!ctx->cipher) { ++ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); ++ return 0; ++ } ++ ++ if (!ctx->cipher->ctrl) { ++ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); ++ return 0; ++ } ++ ++ ret = ctx->cipher->ctrl(ctx, type, arg, ptr); ++ if (ret == -1) { ++ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, ++ EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); ++ return 0; ++ } ++ return ret; ++} ++ + int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) + { + if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) +@@ -370,51 +634,33 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) + return 1; + } + ++int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) ++{ ++ if ((in == NULL) || (in->cipher == NULL)) { ++ EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED); ++ return 0; ++ } + #ifndef OPENSSL_NO_ENGINE ++ /* Make sure it's safe to copy a cipher context using an ENGINE */ ++ if (in->engine && !ENGINE_init(in->engine)) { ++ EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB); ++ return 0; ++ } ++#endif + +-# ifdef OPENSSL_FIPS ++ EVP_CIPHER_CTX_cleanup(out); ++ memcpy(out, in, sizeof *out); + +-static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, +- const EVP_CIPHER **pcipher, ENGINE *impl) +-{ +- if (impl) { +- if (!ENGINE_init(impl)) { +- EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); ++ if (in->cipher_data && in->cipher->ctx_size) { ++ out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); ++ if (!out->cipher_data) { ++ EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); + return 0; + } +- } else +- /* Ask if an ENGINE is reserved for this job */ +- impl = ENGINE_get_cipher_engine((*pcipher)->nid); +- if (impl) { +- /* There's an ENGINE for this job ... (apparently) */ +- const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); +- if (!c) { +- /* +- * One positive side-effect of US's export control history, is +- * that we should at least be able to avoid using US mispellings +- * of "initialisation"? +- */ +- EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- /* We'll use the ENGINE's private cipher definition */ +- *pcipher = c; +- /* +- * Store the ENGINE functional reference so we know 'cipher' came +- * from an ENGINE and we need to release it when done. +- */ +- ctx->engine = impl; +- } else +- ctx->engine = NULL; +- return 1; +-} ++ memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); ++ } + +-void int_EVP_CIPHER_init_engine_callbacks(void) +-{ +- int_EVP_CIPHER_set_engine_callbacks(ENGINE_finish, +- do_evp_enc_engine_full); ++ if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) ++ return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); ++ return 1; + } +- +-# endif +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c +index 02d24ec..15cf553 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c +@@ -1,6 +1,6 @@ + /* crypto/evp/evp_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -70,54 +70,93 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) + + static ERR_STRING_DATA EVP_str_functs[] = { ++ {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"}, + {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"}, ++ {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, + {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, + {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"}, ++ {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "CMLL_T4_INIT_KEY"}, + {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, +- {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"}, +- {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"}, +- {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"}, +- {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"}, ++ {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"}, + {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, + {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, + {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, + {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, +- {ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, + {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, ++ {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"}, + {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, + {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), + "EVP_CIPHER_CTX_set_key_length"}, + {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, +- {ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, + {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, + {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, + {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, ++ {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"}, + {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, + {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, ++ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, + {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, + {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, ++ {ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"}, + {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, + {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"}, + {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"}, + {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"}, + {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), ++ "EVP_PKEY_verify_recover_init"}, + {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, + {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, + {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, ++ {ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"}, ++ {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"}, ++ {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"}, ++ {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH), ++ "FIPS_CIPHER_CTX_SET_KEY_LENGTH"}, ++ {ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"}, ++ {ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"}, ++ {ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"}, ++ {ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"}, + {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, + {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, ++ {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"}, + {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, ++ {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, + {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, + {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, + {0, NULL} + }; + + static ERR_STRING_DATA EVP_str_reasons[] = { ++ {ERR_REASON(EVP_R_AES_IV_SETUP_FAILED), "aes iv setup failed"}, + {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, + {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"}, + {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"}, +@@ -125,9 +164,11 @@ static ERR_STRING_DATA EVP_str_reasons[] = { + {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"}, + {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"}, + {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"}, ++ {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), + "camellia key setup failed"}, + {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, ++ {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"}, + {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, + {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), + "ctrl operation not implemented"}, +@@ -135,6 +176,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { + "data not multiple of block length"}, + {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, ++ {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, + {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"}, + {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"}, + {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, +@@ -148,26 +190,41 @@ static ERR_STRING_DATA EVP_str_reasons[] = { + {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, + {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, + {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, ++ {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, + {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, ++ {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, + {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, + {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, ++ {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, ++ {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED), "method not supported"}, + {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"}, ++ {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, + {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"}, + {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"}, ++ {ERR_REASON(EVP_R_NO_KEY_SET), "no key set"}, ++ {ERR_REASON(EVP_R_NO_OPERATION_SET), "no operation set"}, + {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED), + "no sign function configured"}, + {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED), + "no verify function configured"}, ++ {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), ++ "operation not supported for this keytype"}, ++ {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, + {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), + "pkcs8 unknown broken type"}, ++ {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, ++ {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, + {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, +- {ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED), "seed key setup failed"}, ++ {ERR_REASON(EVP_R_TOO_LARGE), "too large"}, ++ {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, ++ {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, + {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, + {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, + {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS), + "unsuported number of rounds"}, ++ {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, + {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, + {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"}, + {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), +@@ -177,6 +234,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { + {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), + "unsupported private key algorithm"}, + {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"}, ++ {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"}, + {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, + {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, + {0, NULL} +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c +index 924e12f..71fa627 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_key.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_key.c +@@ -91,6 +91,12 @@ char *EVP_get_pw_prompt(void) + */ + int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) + { ++ return EVP_read_pw_string_min(buf, 0, len, prompt, verify); ++} ++ ++int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, ++ int verify) ++{ + int ret; + char buff[BUFSIZ]; + UI *ui; +@@ -98,11 +104,11 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) + if ((prompt == NULL) && (prompt_string[0] != '\0')) + prompt = prompt_string; + ui = UI_new(); +- UI_add_input_string(ui, prompt, 0, buf, 0, ++ UI_add_input_string(ui, prompt, 0, buf, min, + (len >= BUFSIZ) ? BUFSIZ - 1 : len); + if (verify) + UI_add_verify_string(ui, prompt, 0, +- buff, 0, (len >= BUFSIZ) ? BUFSIZ - 1 : len, ++ buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len, + buf); + ret = UI_process(ui); + UI_free(ui); +@@ -119,7 +125,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + unsigned char md_buf[EVP_MAX_MD_SIZE]; + int niv, nkey, addmd = 0; + unsigned int mds = 0, i; +- ++ int rv = 0; + nkey = type->key_len; + niv = type->iv_len; + OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); +@@ -133,16 +139,23 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + if (!EVP_DigestInit_ex(&c, md, NULL)) + return 0; + if (addmd++) +- EVP_DigestUpdate(&c, &(md_buf[0]), mds); +- EVP_DigestUpdate(&c, data, datal); ++ if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) ++ goto err; ++ if (!EVP_DigestUpdate(&c, data, datal)) ++ goto err; + if (salt != NULL) +- EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); +- EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds); ++ if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) ++ goto err; + + for (i = 1; i < (unsigned int)count; i++) { +- EVP_DigestInit_ex(&c, md, NULL); +- EVP_DigestUpdate(&c, &(md_buf[0]), mds); +- EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds); ++ if (!EVP_DigestInit_ex(&c, md, NULL)) ++ goto err; ++ if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) ++ goto err; + } + i = 0; + if (nkey) { +@@ -172,7 +185,9 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + if ((nkey == 0) && (niv == 0)) + break; + } ++ rv = type->key_len; ++ err: + EVP_MD_CTX_cleanup(&c); + OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE); +- return (type->key_len); ++ return rv; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +index 13dad6e..a53a27c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +@@ -60,6 +60,10 @@ + #include "cryptlib.h" + #include + #include ++#ifdef OPENSSL_FIPS ++# include ++# include "evp_locl.h" ++#endif + + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) + { +@@ -67,9 +71,13 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) + + if (c->cipher->set_asn1_parameters != NULL) + ret = c->cipher->set_asn1_parameters(c, type); +- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) +- ret = EVP_CIPHER_set_asn1_iv(c, type); +- else ++ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { ++ if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) { ++ ASN1_TYPE_set(type, V_ASN1_NULL, NULL); ++ ret = 1; ++ } else ++ ret = EVP_CIPHER_set_asn1_iv(c, type); ++ } else + ret = -1; + return (ret); + } +@@ -80,9 +88,11 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) + + if (c->cipher->get_asn1_parameters != NULL) + ret = c->cipher->get_asn1_parameters(c, type); +- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) ++ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { ++ if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) ++ return 1; + ret = EVP_CIPHER_get_asn1_iv(c, type); +- else ++ } else + ret = -1; + return (ret); + } +@@ -187,6 +197,12 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) + return ctx->cipher->block_size; + } + ++int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, unsigned int inl) ++{ ++ return ctx->cipher->do_cipher(ctx, out, in, inl); ++} ++ + const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher; +@@ -194,9 +210,24 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) + + unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) + { ++#ifdef OPENSSL_FIPS ++ const EVP_CIPHER *fcipher; ++ fcipher = evp_get_fips_cipher(cipher); ++ if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS) ++ return cipher->flags | EVP_CIPH_FLAG_FIPS; ++#endif + return cipher->flags; + } + ++unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) ++{ ++#ifdef OPENSSL_FIPS ++ return EVP_CIPHER_flags(ctx->cipher); ++#else ++ return ctx->cipher->flags; ++#endif ++} ++ + void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) + { + return ctx->app_data; +@@ -212,6 +243,11 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) + return cipher->iv_len; + } + ++int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) ++{ ++ return ctx->cipher->iv_len; ++} ++ + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) + { + return cipher->key_len; +@@ -222,6 +258,11 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) + return ctx->key_len; + } + ++int EVP_CIPHER_nid(const EVP_CIPHER *cipher) ++{ ++ return cipher->nid; ++} ++ + int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher->nid; +@@ -244,11 +285,54 @@ int EVP_MD_pkey_type(const EVP_MD *md) + + int EVP_MD_size(const EVP_MD *md) + { ++ if (!md) { ++ EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); ++ return -1; ++ } + return md->md_size; + } + ++#ifdef OPENSSL_FIPS ++ ++const EVP_MD *evp_get_fips_md(const EVP_MD *md) ++{ ++ int nid = EVP_MD_type(md); ++ if (nid == NID_dsa) ++ return FIPS_evp_dss1(); ++ else if (nid == NID_dsaWithSHA) ++ return FIPS_evp_dss(); ++ else if (nid == NID_ecdsa_with_SHA1) ++ return FIPS_evp_ecdsa(); ++ else ++ return FIPS_get_digestbynid(nid); ++} ++ ++const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher) ++{ ++ int nid = cipher->nid; ++ if (nid == NID_undef) ++ return FIPS_evp_enc_null(); ++ else ++ return FIPS_get_cipherbynid(nid); ++} ++ ++#endif ++ ++unsigned long EVP_MD_flags(const EVP_MD *md) ++{ ++#ifdef OPENSSL_FIPS ++ const EVP_MD *fmd; ++ fmd = evp_get_fips_md(md); ++ if (fmd && fmd->flags & EVP_MD_FLAG_FIPS) ++ return md->flags | EVP_MD_FLAG_FIPS; ++#endif ++ return md->flags; ++} ++ + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) + { ++ if (!ctx) ++ return NULL; + return ctx->digest; + } + +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h +index eabcc96..2bb709a 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h +@@ -1,6 +1,7 @@ + /* evp_locl.h */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,192 +62,312 @@ + /* Wrapper functions for each cipher mode */ + + #define BLOCK_CIPHER_ecb_loop() \ +- unsigned int i, bl; \ +- bl = ctx->cipher->block_size;\ +- if(inl < bl) return 1;\ +- inl -= bl; \ +- for(i=0; i <= inl; i+=bl) ++ size_t i, bl; \ ++ bl = ctx->cipher->block_size;\ ++ if(inl < bl) return 1;\ ++ inl -= bl; \ ++ for(i=0; i <= inl; i+=bl) + + #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ +-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ ++static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ + {\ +- BLOCK_CIPHER_ecb_loop() \ +- cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ +- return 1;\ ++ BLOCK_CIPHER_ecb_loop() \ ++ cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ ++ return 1;\ + } + ++#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) ++ + #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ +-static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ ++static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ + {\ +- cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ +- return 1;\ ++ while(inl>=EVP_MAXCHUNK)\ ++ {\ ++ cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ ++ inl-=EVP_MAXCHUNK;\ ++ in +=EVP_MAXCHUNK;\ ++ out+=EVP_MAXCHUNK;\ ++ }\ ++ if (inl)\ ++ cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ ++ return 1;\ + } + + #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ +-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ ++static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ + {\ +- cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ +- return 1;\ ++ while(inl>=EVP_MAXCHUNK) \ ++ {\ ++ cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ ++ inl-=EVP_MAXCHUNK;\ ++ in +=EVP_MAXCHUNK;\ ++ out+=EVP_MAXCHUNK;\ ++ }\ ++ if (inl)\ ++ cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ ++ return 1;\ + } + + #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ +-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ ++static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ + {\ +- cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ +- return 1;\ ++ size_t chunk=EVP_MAXCHUNK;\ ++ if (cbits==1) chunk>>=3;\ ++ if (inl=chunk)\ ++ {\ ++ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ ++ inl-=chunk;\ ++ in +=chunk;\ ++ out+=chunk;\ ++ if(inlc))+\ +- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ +- set_asn1, get_asn1,\ +- ctrl, \ +- NULL \ ++ nid##_cbc, block_size, key_len, iv_len, \ ++ flags | EVP_CIPH_CBC_MODE,\ ++ init_key,\ ++ cname##_cbc_cipher,\ ++ cleanup,\ ++ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ ++ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ ++ set_asn1, get_asn1,\ ++ ctrl, \ ++ NULL \ + };\ + const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ + static const EVP_CIPHER cname##_cfb = {\ +- nid##_cfb64, 1, key_len, iv_len, \ +- flags | EVP_CIPH_CFB_MODE,\ +- init_key,\ +- cname##_cfb_cipher,\ +- cleanup,\ +- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ +- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ +- set_asn1, get_asn1,\ +- ctrl,\ +- NULL \ ++ nid##_cfb64, 1, key_len, iv_len, \ ++ flags | EVP_CIPH_CFB_MODE,\ ++ init_key,\ ++ cname##_cfb_cipher,\ ++ cleanup,\ ++ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ ++ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ ++ set_asn1, get_asn1,\ ++ ctrl,\ ++ NULL \ + };\ + const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ + static const EVP_CIPHER cname##_ofb = {\ +- nid##_ofb64, 1, key_len, iv_len, \ +- flags | EVP_CIPH_OFB_MODE,\ +- init_key,\ +- cname##_ofb_cipher,\ +- cleanup,\ +- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ +- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ +- set_asn1, get_asn1,\ +- ctrl,\ +- NULL \ ++ nid##_ofb64, 1, key_len, iv_len, \ ++ flags | EVP_CIPH_OFB_MODE,\ ++ init_key,\ ++ cname##_ofb_cipher,\ ++ cleanup,\ ++ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ ++ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ ++ set_asn1, get_asn1,\ ++ ctrl,\ ++ NULL \ + };\ + const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ + static const EVP_CIPHER cname##_ecb = {\ +- nid##_ecb, block_size, key_len, iv_len, \ +- flags | EVP_CIPH_ECB_MODE,\ +- init_key,\ +- cname##_ecb_cipher,\ +- cleanup,\ +- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ +- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ +- set_asn1, get_asn1,\ +- ctrl,\ +- NULL \ ++ nid##_ecb, block_size, key_len, iv_len, \ ++ flags | EVP_CIPH_ECB_MODE,\ ++ init_key,\ ++ cname##_ecb_cipher,\ ++ cleanup,\ ++ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ ++ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ ++ set_asn1, get_asn1,\ ++ ctrl,\ ++ NULL \ + };\ + const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } + */ + + #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ +- block_size, key_len, iv_len, cbits, \ +- flags, init_key, \ +- cleanup, set_asn1, get_asn1, ctrl) \ +- BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ +- BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ +- cbits, flags, init_key, cleanup, set_asn1, \ +- get_asn1, ctrl) +- +-#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) +- +-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ +- BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ +- BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ +- NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ +- (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ +- cipher##_init_key, NULL, NULL, NULL, NULL) ++ block_size, key_len, iv_len, cbits, \ ++ flags, init_key, \ ++ cleanup, set_asn1, get_asn1, ctrl) \ ++ BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ ++ BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ ++ cbits, flags, init_key, cleanup, set_asn1, \ ++ get_asn1, ctrl) ++ ++#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) ++ ++#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ ++ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ ++ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ ++ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ ++ 0, cipher##_init_key, NULL, \ ++ EVP_CIPHER_set_asn1_iv, \ ++ EVP_CIPHER_get_asn1_iv, \ ++ NULL) ++ ++struct evp_pkey_ctx_st { ++ /* Method associated with this operation */ ++ const EVP_PKEY_METHOD *pmeth; ++ /* Engine that implements this method or NULL if builtin */ ++ ENGINE *engine; ++ /* Key: may be NULL */ ++ EVP_PKEY *pkey; ++ /* Peer key for key agreement, may be NULL */ ++ EVP_PKEY *peerkey; ++ /* Actual operation */ ++ int operation; ++ /* Algorithm specific data */ ++ void *data; ++ /* Application specific data */ ++ void *app_data; ++ /* Keygen callback */ ++ EVP_PKEY_gen_cb *pkey_gencb; ++ /* implementation specific keygen data */ ++ int *keygen_info; ++ int keygen_info_count; ++} /* EVP_PKEY_CTX */ ; ++ ++#define EVP_PKEY_FLAG_DYNAMIC 1 ++ ++struct evp_pkey_method_st { ++ int pkey_id; ++ int flags; ++ int (*init) (EVP_PKEY_CTX *ctx); ++ int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); ++ void (*cleanup) (EVP_PKEY_CTX *ctx); ++ int (*paramgen_init) (EVP_PKEY_CTX *ctx); ++ int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); ++ int (*keygen_init) (EVP_PKEY_CTX *ctx); ++ int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); ++ int (*sign_init) (EVP_PKEY_CTX *ctx); ++ int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, size_t tbslen); ++ int (*verify_init) (EVP_PKEY_CTX *ctx); ++ int (*verify) (EVP_PKEY_CTX *ctx, ++ const unsigned char *sig, size_t siglen, ++ const unsigned char *tbs, size_t tbslen); ++ int (*verify_recover_init) (EVP_PKEY_CTX *ctx); ++ int (*verify_recover) (EVP_PKEY_CTX *ctx, ++ unsigned char *rout, size_t *routlen, ++ const unsigned char *sig, size_t siglen); ++ int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); ++ int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, ++ EVP_MD_CTX *mctx); ++ int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); ++ int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, ++ EVP_MD_CTX *mctx); ++ int (*encrypt_init) (EVP_PKEY_CTX *ctx); ++ int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen); ++ int (*decrypt_init) (EVP_PKEY_CTX *ctx); ++ int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen); ++ int (*derive_init) (EVP_PKEY_CTX *ctx); ++ int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); ++ int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); ++ int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); ++} /* EVP_PKEY_METHOD */ ; ++ ++void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); ++ ++int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, ++ int passlen, ASN1_TYPE *param, ++ const EVP_CIPHER *c, const EVP_MD *md, ++ int en_de); ++ ++const EVP_MD *evp_get_fips_md(const EVP_MD *md); ++const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher); + + #ifdef OPENSSL_FIPS +-#define RC2_set_key private_RC2_set_key +-#define RC4_set_key private_RC4_set_key +-#define CAST_set_key private_CAST_set_key +-#define RC5_32_set_key private_RC5_32_set_key +-#define BF_set_key private_BF_set_key +-#define Camellia_set_key private_Camellia_set_key +-#define idea_set_encrypt_key private_idea_set_encrypt_key +- +-#define MD5_Init private_MD5_Init +-#define MD4_Init private_MD4_Init +-#define MD2_Init private_MD2_Init +-#define MDC2_Init private_MDC2_Init +-#define SHA_Init private_SHA_Init + +-#endif ++# ifdef OPENSSL_DOING_MAKEDEPEND ++# undef SHA1_Init ++# undef SHA1_Update ++# undef SHA224_Init ++# undef SHA256_Init ++# undef SHA384_Init ++# undef SHA512_Init ++# undef DES_set_key_unchecked ++# endif ++ ++# define RIPEMD160_Init private_RIPEMD160_Init ++# define WHIRLPOOL_Init private_WHIRLPOOL_Init ++# define MD5_Init private_MD5_Init ++# define MD4_Init private_MD4_Init ++# define MD2_Init private_MD2_Init ++# define MDC2_Init private_MDC2_Init ++# define SHA_Init private_SHA_Init ++# define SHA1_Init private_SHA1_Init ++# define SHA224_Init private_SHA224_Init ++# define SHA256_Init private_SHA256_Init ++# define SHA384_Init private_SHA384_Init ++# define SHA512_Init private_SHA512_Init + ++# define BF_set_key private_BF_set_key ++# define CAST_set_key private_CAST_set_key ++# define idea_set_encrypt_key private_idea_set_encrypt_key ++# define SEED_set_key private_SEED_set_key ++# define RC2_set_key private_RC2_set_key ++# define RC4_set_key private_RC4_set_key ++# define DES_set_key_unchecked private_DES_set_key_unchecked ++# define Camellia_set_key private_Camellia_set_key ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +index e83fbe7..e3fa95d 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +@@ -4,7 +4,7 @@ + * 1999. + */ + /* ==================================================================== +- * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -60,34 +60,104 @@ + #include + #include "cryptlib.h" + #include ++#include + #include ++#include "evp_locl.h" + + /* Password based encryption (PBE) functions */ + +-static STACK *pbe_algs; ++DECLARE_STACK_OF(EVP_PBE_CTL) ++static STACK_OF(EVP_PBE_CTL) *pbe_algs; + + /* Setup a cipher context from a PBE algorithm */ + + typedef struct { ++ int pbe_type; + int pbe_nid; +- const EVP_CIPHER *cipher; +- const EVP_MD *md; ++ int cipher_nid; ++ int md_nid; + EVP_PBE_KEYGEN *keygen; + } EVP_PBE_CTL; + ++static const EVP_PBE_CTL builtin_pbe[] = { ++ {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, ++ NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen}, ++ {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, ++ NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen}, ++ {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, ++ NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, ++ ++#ifndef OPENSSL_NO_HMAC ++ {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, ++#endif ++ ++ {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, ++ NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, ++ {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, ++ NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen}, ++ {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, ++ NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen}, ++ {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, ++ NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen}, ++ {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC, ++ NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen}, ++ {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, ++ NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, ++ ++#ifndef OPENSSL_NO_HMAC ++ {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, ++#endif ++ {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, ++ NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, ++ {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, ++ NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen}, ++ {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC, ++ NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen}, ++ ++ {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0}, ++ {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0}, ++ {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0}, ++ {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0}, ++ {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, ++ {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, ++ {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, ++}; ++ ++#ifdef TEST ++int main(int argc, char **argv) ++{ ++ int i, nid_md, nid_cipher; ++ EVP_PBE_CTL *tpbe, *tpbe2; ++ /* ++ * OpenSSL_add_all_algorithms(); ++ */ ++ ++ for (i = 0; i < sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL); i++) { ++ tpbe = builtin_pbe + i; ++ fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid, ++ OBJ_nid2sn(tpbe->pbe_nid)); ++ if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid, ++ &nid_cipher, &nid_md, 0)) ++ fprintf(stderr, "Found %s %s\n", ++ OBJ_nid2sn(nid_cipher), OBJ_nid2sn(nid_md)); ++ else ++ fprintf(stderr, "Find ERROR!!\n"); ++ } ++ ++ return 0; ++} ++#endif ++ + int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) + { ++ const EVP_CIPHER *cipher; ++ const EVP_MD *md; ++ int cipher_nid, md_nid; ++ EVP_PBE_KEYGEN *keygen; + +- EVP_PBE_CTL *pbetmp, pbelu; +- int i; +- pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); +- if (pbelu.pbe_nid != NID_undef) +- i = sk_find(pbe_algs, (char *)&pbelu); +- else +- i = -1; +- +- if (i == -1) { ++ if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj), ++ &cipher_nid, &md_nid, &keygen)) { + char obj_tmp[80]; + EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); + if (!pbe_obj) +@@ -97,73 +167,138 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ERR_add_error_data(2, "TYPE=", obj_tmp); + return 0; + } ++ + if (!pass) + passlen = 0; + else if (passlen == -1) + passlen = strlen(pass); +- pbetmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i); +- i = (*pbetmp->keygen) (ctx, pass, passlen, param, pbetmp->cipher, +- pbetmp->md, en_de); +- if (!i) { ++ ++ if (cipher_nid == -1) ++ cipher = NULL; ++ else { ++ cipher = EVP_get_cipherbynid(cipher_nid); ++ if (!cipher) { ++ EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_CIPHER); ++ return 0; ++ } ++ } ++ ++ if (md_nid == -1) ++ md = NULL; ++ else { ++ md = EVP_get_digestbynid(md_nid); ++ if (!md) { ++ EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_DIGEST); ++ return 0; ++ } ++ } ++ ++ if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) { + EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE); + return 0; + } + return 1; + } + +-static int pbe_cmp(const char *const *a, const char *const *b) ++DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2); ++ ++static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2) ++{ ++ int ret = pbe1->pbe_type - pbe2->pbe_type; ++ if (ret) ++ return ret; ++ else ++ return pbe1->pbe_nid - pbe2->pbe_nid; ++} ++ ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2); ++ ++static int pbe_cmp(const EVP_PBE_CTL *const *a, const EVP_PBE_CTL *const *b) + { +- const EVP_PBE_CTL *const *pbe1 = (const EVP_PBE_CTL *const *)a, +- *const *pbe2 = (const EVP_PBE_CTL *const *)b; +- return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); ++ int ret = (*a)->pbe_type - (*b)->pbe_type; ++ if (ret) ++ return ret; ++ else ++ return (*a)->pbe_nid - (*b)->pbe_nid; + } + + /* Add a PBE algorithm */ + ++int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, ++ int md_nid, EVP_PBE_KEYGEN *keygen) ++{ ++ EVP_PBE_CTL *pbe_tmp; ++ if (!pbe_algs) ++ pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); ++ if (!(pbe_tmp = (EVP_PBE_CTL *)OPENSSL_malloc(sizeof(EVP_PBE_CTL)))) { ++ EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ pbe_tmp->pbe_type = pbe_type; ++ pbe_tmp->pbe_nid = pbe_nid; ++ pbe_tmp->cipher_nid = cipher_nid; ++ pbe_tmp->md_nid = md_nid; ++ pbe_tmp->keygen = keygen; ++ ++ sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp); ++ return 1; ++} ++ + int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen) + { +- EVP_PBE_CTL *pbe_tmp = NULL, pbelu; ++ int cipher_nid, md_nid; ++ if (cipher) ++ cipher_nid = EVP_CIPHER_nid(cipher); ++ else ++ cipher_nid = -1; ++ if (md) ++ md_nid = EVP_MD_type(md); ++ else ++ md_nid = -1; ++ ++ return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid, ++ cipher_nid, md_nid, keygen); ++} ++ ++int EVP_PBE_find(int type, int pbe_nid, ++ int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen) ++{ ++ EVP_PBE_CTL *pbetmp = NULL, pbelu; + int i; +- if (!pbe_algs) { +- pbe_algs = sk_new(pbe_cmp); +- if (!pbe_algs) { +- EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } else { +- /* Check if already present */ +- pbelu.pbe_nid = nid; +- i = sk_find(pbe_algs, (char *)&pbelu); +- if (i >= 0) { +- pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i); +- /* If everything identical leave alone */ +- if (pbe_tmp->cipher == cipher +- && pbe_tmp->md == md && pbe_tmp->keygen == keygen) +- return 1; +- } +- } ++ if (pbe_nid == NID_undef) ++ return 0; + +- if (!pbe_tmp) { +- pbe_tmp = OPENSSL_malloc(sizeof(EVP_PBE_CTL)); +- if (!pbe_tmp) { +- EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- /* If adding a new PBE, set nid, append and sort */ +- pbe_tmp->pbe_nid = nid; +- sk_push(pbe_algs, (char *)pbe_tmp); +- sk_sort(pbe_algs); +- } ++ pbelu.pbe_type = type; ++ pbelu.pbe_nid = pbe_nid; + +- pbe_tmp->cipher = cipher; +- pbe_tmp->md = md; +- pbe_tmp->keygen = keygen; ++ if (pbe_algs) { ++ i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu); ++ if (i != -1) ++ pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i); ++ } ++ if (pbetmp == NULL) { ++ pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, ++ sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL)); ++ } ++ if (pbetmp == NULL) ++ return 0; ++ if (pcnid) ++ *pcnid = pbetmp->cipher_nid; ++ if (pmnid) ++ *pmnid = pbetmp->md_nid; ++ if (pkeygen) ++ *pkeygen = pbetmp->keygen; + return 1; + } + ++static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe) ++{ ++ OPENSSL_freeFunc(pbe); ++} ++ + void EVP_PBE_cleanup(void) + { +- sk_pop_free(pbe_algs, OPENSSL_freeFunc); ++ sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); + pbe_algs = NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c +index bc4d5c2..6a45629 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c +@@ -4,7 +4,7 @@ + * 1999. + */ + /* ==================================================================== +- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -62,281 +62,46 @@ + #include "cryptlib.h" + #include + #include +-#ifndef OPENSSL_NO_RSA +-# include +-#endif +-#ifndef OPENSSL_NO_DSA +-# include +-#endif +-#include +- +-#ifndef OPENSSL_NO_DSA +-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); +-#endif +-#ifndef OPENSSL_NO_EC +-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); +-#endif ++#include "asn1_locl.h" + + /* Extract a private key from a PKCS8 structure */ + + EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) + { + EVP_PKEY *pkey = NULL; +-#ifndef OPENSSL_NO_RSA +- RSA *rsa = NULL; +-#endif +-#ifndef OPENSSL_NO_DSA +- DSA *dsa = NULL; +- ASN1_TYPE *t1, *t2; +- ASN1_INTEGER *privkey; +- STACK_OF(ASN1_TYPE) *ndsa = NULL; +-#endif +-#ifndef OPENSSL_NO_EC +- EC_KEY *eckey = NULL; +- const unsigned char *p_tmp; +-#endif +-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) +- ASN1_TYPE *param = NULL; +- BN_CTX *ctx = NULL; +- int plen; +-#endif +- X509_ALGOR *a; +- const unsigned char *p; +- const unsigned char *cp; +- int pkeylen; +- int nid; ++ ASN1_OBJECT *algoid; + char obj_tmp[80]; + +- if (p8->pkey->type == V_ASN1_OCTET_STRING) { +- p8->broken = PKCS8_OK; +- p = p8->pkey->value.octet_string->data; +- pkeylen = p8->pkey->value.octet_string->length; +- } else { +- p8->broken = PKCS8_NO_OCTET; +- p = p8->pkey->value.sequence->data; +- pkeylen = p8->pkey->value.sequence->length; +- } ++ if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) ++ return NULL; ++ + if (!(pkey = EVP_PKEY_new())) { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); + return NULL; + } +- a = p8->pkeyalg; +- nid = OBJ_obj2nid(a->algorithm); +- switch (nid) { +-#ifndef OPENSSL_NO_RSA +- case NID_rsaEncryption: +- cp = p; +- if (!(rsa = d2i_RSAPrivateKey(NULL, &cp, pkeylen))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- return NULL; +- } +- EVP_PKEY_assign_RSA(pkey, rsa); +- break; +-#endif +-#ifndef OPENSSL_NO_DSA +- case NID_dsa: +- /* +- * PKCS#8 DSA is weird: you just get a private key integer and +- * parameters in the AlgorithmIdentifier the pubkey must be +- * recalculated. +- */ +- +- /* Check for broken DSA PKCS#8, UGH! */ +- if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { +- if (!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, +- d2i_ASN1_TYPE, +- ASN1_TYPE_free))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- if (sk_ASN1_TYPE_num(ndsa) != 2) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- /* +- * Handle Two broken types: SEQUENCE {parameters, priv_key} +- * SEQUENCE {pub_key, priv_key} +- */ + +- t1 = sk_ASN1_TYPE_value(ndsa, 0); +- t2 = sk_ASN1_TYPE_value(ndsa, 1); +- if (t1->type == V_ASN1_SEQUENCE) { +- p8->broken = PKCS8_EMBEDDED_PARAM; +- param = t1; +- } else if (a->parameter->type == V_ASN1_SEQUENCE) { +- p8->broken = PKCS8_NS_DB; +- param = a->parameter; +- } else { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- +- if (t2->type != V_ASN1_INTEGER) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- privkey = t2->value.integer; +- } else { +- if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pkeylen))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- param = p8->pkeyalg->parameter; +- } +- if (!param || (param->type != V_ASN1_SEQUENCE)) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- cp = p = param->value.sequence->data; +- plen = param->value.sequence->length; +- if (!(dsa = d2i_DSAparams(NULL, &cp, plen))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- /* We have parameters now set private key */ +- if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR); +- goto dsaerr; +- } +- /* Calculate public key (ouch!) */ +- if (!(dsa->pub_key = BN_new())) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); +- goto dsaerr; +- } +- if (!(ctx = BN_CTX_new())) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); +- goto dsaerr; +- } +- +- if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { +- +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_PUBKEY_ERROR); +- goto dsaerr; +- } +- +- EVP_PKEY_assign_DSA(pkey, dsa); +- BN_CTX_free(ctx); +- if (ndsa) +- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- else +- ASN1_INTEGER_free(privkey); +- break; +- dsaerr: +- BN_CTX_free(ctx); +- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- DSA_free(dsa); +- EVP_PKEY_free(pkey); +- return NULL; +- break; +-#endif +-#ifndef OPENSSL_NO_EC +- case NID_X9_62_id_ecPublicKey: +- p_tmp = p; +- /* extract the ec parameters */ +- param = p8->pkeyalg->parameter; +- +- if (!param || ((param->type != V_ASN1_SEQUENCE) && +- (param->type != V_ASN1_OBJECT))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto ecerr; +- } +- +- if (param->type == V_ASN1_SEQUENCE) { +- cp = p = param->value.sequence->data; +- plen = param->value.sequence->length; +- +- if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto ecerr; +- } +- } else { +- EC_GROUP *group; +- cp = p = param->value.object->data; +- plen = param->value.object->length; +- +- /* +- * type == V_ASN1_OBJECT => the parameters are given by an asn1 +- * OID +- */ +- if ((eckey = EC_KEY_new()) == NULL) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); +- goto ecerr; +- } +- group = +- EC_GROUP_new_by_curve_name(OBJ_obj2nid +- (a->parameter->value.object)); +- if (group == NULL) +- goto ecerr; +- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); +- if (EC_KEY_set_group(eckey, group) == 0) +- goto ecerr; +- EC_GROUP_free(group); +- } +- +- /* We have parameters now set private key */ +- if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto ecerr; +- } +- +- /* calculate public key (if necessary) */ +- if (EC_KEY_get0_public_key(eckey) == NULL) { +- const BIGNUM *priv_key; +- const EC_GROUP *group; +- EC_POINT *pub_key; +- /* +- * the public key was not included in the SEC1 private key => +- * calculate the public key +- */ +- group = EC_KEY_get0_group(eckey); +- pub_key = EC_POINT_new(group); +- if (pub_key == NULL) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); +- goto ecerr; +- } +- if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { +- EC_POINT_free(pub_key); +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); +- goto ecerr; +- } +- priv_key = EC_KEY_get0_private_key(eckey); +- if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { +- EC_POINT_free(pub_key); +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); +- goto ecerr; +- } +- if (EC_KEY_set_public_key(eckey, pub_key) == 0) { +- EC_POINT_free(pub_key); +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); +- goto ecerr; +- } +- EC_POINT_free(pub_key); +- } +- +- EVP_PKEY_assign_EC_KEY(pkey, eckey); +- if (ctx) +- BN_CTX_free(ctx); +- break; +- ecerr: +- if (ctx) +- BN_CTX_free(ctx); +- if (eckey) +- EC_KEY_free(eckey); +- if (pkey) +- EVP_PKEY_free(pkey); +- return NULL; +-#endif +- default: ++ if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); +- if (!a->algorithm) +- BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); +- else +- i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); ++ i2t_ASN1_OBJECT(obj_tmp, 80, algoid); + ERR_add_error_data(2, "TYPE=", obj_tmp); +- EVP_PKEY_free(pkey); +- return NULL; ++ goto error; + } ++ ++ if (pkey->ameth->priv_decode) { ++ if (!pkey->ameth->priv_decode(pkey, p8)) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_PRIVATE_KEY_DECODE_ERROR); ++ goto error; ++ } ++ } else { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED); ++ goto error; ++ } ++ + return pkey; ++ ++ error: ++ EVP_PKEY_free(pkey); ++ return NULL; + } + + PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) +@@ -355,60 +120,29 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) + return NULL; + } + p8->broken = broken; +- if (!ASN1_INTEGER_set(p8->version, 0)) { +- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); +- PKCS8_PRIV_KEY_INFO_free(p8); +- return NULL; +- } +- if (!(p8->pkeyalg->parameter = ASN1_TYPE_new())) { +- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); +- PKCS8_PRIV_KEY_INFO_free(p8); +- return NULL; +- } +- p8->pkey->type = V_ASN1_OCTET_STRING; +- switch (EVP_PKEY_type(pkey->type)) { +-#ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- +- if (p8->broken == PKCS8_NO_OCTET) +- p8->pkey->type = V_ASN1_SEQUENCE; + +- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); +- p8->pkeyalg->parameter->type = V_ASN1_NULL; +- if (!ASN1_pack_string_of(EVP_PKEY, pkey, i2d_PrivateKey, +- &p8->pkey->value.octet_string)) { +- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); +- PKCS8_PRIV_KEY_INFO_free(p8); +- return NULL; +- } +- break; +-#endif +-#ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- if (!dsa_pkey2pkcs8(p8, pkey)) { +- PKCS8_PRIV_KEY_INFO_free(p8); +- return NULL; +- } +- +- break; +-#endif +-#ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- if (!eckey_pkey2pkcs8(p8, pkey)) { +- PKCS8_PRIV_KEY_INFO_free(p8); +- return (NULL); ++ if (pkey->ameth) { ++ if (pkey->ameth->priv_encode) { ++ if (!pkey->ameth->priv_encode(p8, pkey)) { ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ++ EVP_R_PRIVATE_KEY_ENCODE_ERROR); ++ goto error; ++ } ++ } else { ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_METHOD_NOT_SUPPORTED); ++ goto error; + } +- break; +-#endif +- default: ++ } else { + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, + EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); +- PKCS8_PRIV_KEY_INFO_free(p8); +- return NULL; ++ goto error; + } + RAND_add(p8->pkey->value.octet_string->data, + p8->pkey->value.octet_string->length, 0.0); + return p8; ++ error: ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ return NULL; + } + + PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) +@@ -432,293 +166,6 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) + } + } + +-#ifndef OPENSSL_NO_DSA +-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) +-{ +- ASN1_STRING *params = NULL; +- ASN1_INTEGER *prkey = NULL; +- ASN1_TYPE *ttmp = NULL; +- STACK_OF(ASN1_TYPE) *ndsa = NULL; +- unsigned char *p = NULL, *q; +- int len; +- +- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); +- len = i2d_DSAparams(pkey->pkey.dsa, NULL); +- if (!(p = OPENSSL_malloc(len))) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- q = p; +- i2d_DSAparams(pkey->pkey.dsa, &q); +- if (!(params = ASN1_STRING_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!ASN1_STRING_set(params, p, len)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- OPENSSL_free(p); +- p = NULL; +- /* Get private key into integer */ +- if (!(prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL))) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR); +- goto err; +- } +- +- switch (p8->broken) { +- +- case PKCS8_OK: +- case PKCS8_NO_OCTET: +- +- if (!ASN1_pack_string_of(ASN1_INTEGER, prkey, i2d_ASN1_INTEGER, +- &p8->pkey->value.octet_string)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- M_ASN1_INTEGER_free(prkey); +- prkey = NULL; +- p8->pkeyalg->parameter->value.sequence = params; +- params = NULL; +- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; +- +- break; +- +- case PKCS8_NS_DB: +- +- p8->pkeyalg->parameter->value.sequence = params; +- params = NULL; +- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; +- if (!(ndsa = sk_ASN1_TYPE_new_null())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!(ttmp = ASN1_TYPE_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!(ttmp->value.integer = +- BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR); +- goto err; +- } +- ttmp->type = V_ASN1_INTEGER; +- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!(ttmp = ASN1_TYPE_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp->value.integer = prkey; +- prkey = NULL; +- ttmp->type = V_ASN1_INTEGER; +- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp = NULL; +- +- if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, +- &p8->pkey->value.octet_string->data, +- &p8->pkey->value.octet_string->length)) { +- +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- break; +- +- case PKCS8_EMBEDDED_PARAM: +- +- p8->pkeyalg->parameter->type = V_ASN1_NULL; +- if (!(ndsa = sk_ASN1_TYPE_new_null())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!(ttmp = ASN1_TYPE_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp->value.sequence = params; +- params = NULL; +- ttmp->type = V_ASN1_SEQUENCE; +- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!(ttmp = ASN1_TYPE_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp->value.integer = prkey; +- prkey = NULL; +- ttmp->type = V_ASN1_INTEGER; +- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp = NULL; +- +- if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, +- &p8->pkey->value.octet_string->data, +- &p8->pkey->value.octet_string->length)) { +- +- EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- break; +- } +- return 1; +- err: +- if (p != NULL) +- OPENSSL_free(p); +- if (params != NULL) +- ASN1_STRING_free(params); +- if (prkey != NULL) +- M_ASN1_INTEGER_free(prkey); +- if (ttmp != NULL) +- ASN1_TYPE_free(ttmp); +- if (ndsa != NULL) +- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- return 0; +-} +-#endif +- +-#ifndef OPENSSL_NO_EC +-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) +-{ +- EC_KEY *ec_key; +- const EC_GROUP *group; +- unsigned char *p, *pp; +- int nid, i, ret = 0; +- unsigned int tmp_flags, old_flags; +- +- ec_key = pkey->pkey.ec; +- if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); +- return 0; +- } +- +- /* set the ec parameters OID */ +- if (p8->pkeyalg->algorithm) +- ASN1_OBJECT_free(p8->pkeyalg->algorithm); +- +- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); +- +- /* set the ec parameters */ +- +- if (p8->pkeyalg->parameter) { +- ASN1_TYPE_free(p8->pkeyalg->parameter); +- p8->pkeyalg->parameter = NULL; +- } +- +- if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- if (EC_GROUP_get_asn1_flag(group) +- && (nid = EC_GROUP_get_curve_name(group))) { +- /* we have a 'named curve' => just set the OID */ +- p8->pkeyalg->parameter->type = V_ASN1_OBJECT; +- p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); +- } else { /* explicit parameters */ +- +- if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); +- return 0; +- } +- if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- pp = p; +- if (!i2d_ECParameters(ec_key, &pp)) { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); +- OPENSSL_free(p); +- return 0; +- } +- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; +- if ((p8->pkeyalg->parameter->value.sequence +- = ASN1_STRING_new()) == NULL) { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); +- OPENSSL_free(p); +- return 0; +- } +- ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); +- OPENSSL_free(p); +- } +- +- /* set the private key */ +- +- /* +- * do not include the parameters in the SEC1 private key see PKCS#11 +- * 12.11 +- */ +- old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); +- tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; +- EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); +- i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); +- if (!i) { +- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); +- return 0; +- } +- p = (unsigned char *)OPENSSL_malloc(i); +- if (!p) { +- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- pp = p; +- if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) { +- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); +- OPENSSL_free(p); +- return 0; +- } +- /* restore old encoding flags */ +- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); +- +- switch (p8->broken) { +- +- case PKCS8_OK: +- p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); +- if (!p8->pkey->value.octet_string || +- !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, +- (const void *)p, i)) { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- } else +- ret = 1; +- break; +- case PKCS8_NO_OCTET: /* RSA specific */ +- case PKCS8_NS_DB: /* DSA specific */ +- case PKCS8_EMBEDDED_PARAM: /* DSA specific */ +- default: +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_ENCODE_ERROR); +- } +- OPENSSL_cleanse(p, (size_t)i); +- OPENSSL_free(p); +- return ret; +-} +-#endif +- + /* EVP_PKEY attribute functions */ + + int EVP_PKEY_get_attr_count(const EVP_PKEY *key) +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c +index 24c852d..1478448 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_dss.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_dss.c +@@ -60,7 +60,7 @@ + #include "cryptlib.h" + #include + #include +-#include ++#include + #ifndef OPENSSL_NO_DSA + # include + #endif +@@ -86,7 +86,7 @@ static const EVP_MD dsa_md = { + NID_dsaWithSHA, + NID_dsaWithSHA, + SHA_DIGEST_LENGTH, +- EVP_MD_FLAG_FIPS, ++ EVP_MD_FLAG_PKEY_DIGEST, + init, + update, + final, +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c +index 137eb36..e36fabf 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c +@@ -63,13 +63,11 @@ + + # include + # include +-# include ++# include + # ifndef OPENSSL_NO_DSA + # include + # endif + +-# ifndef OPENSSL_FIPS +- + static int init(EVP_MD_CTX *ctx) + { + return SHA1_Init(ctx->md_data); +@@ -89,7 +87,7 @@ static const EVP_MD dss1_md = { + NID_dsa, + NID_dsaWithSHA1, + SHA_DIGEST_LENGTH, +- 0, ++ EVP_MD_FLAG_PKEY_DIGEST, + init, + update, + final, +@@ -104,5 +102,4 @@ const EVP_MD *EVP_dss1(void) + { + return (&dss1_md); + } +-# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c +index aef84c2..803d314 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c +@@ -116,6 +116,7 @@ + #include + + #ifndef OPENSSL_NO_SHA ++ + static int init(EVP_MD_CTX *ctx) + { + return SHA1_Init(ctx->md_data); +@@ -135,7 +136,7 @@ static const EVP_MD ecdsa_md = { + NID_ecdsa_with_SHA1, + NID_ecdsa_with_SHA1, + SHA_DIGEST_LENGTH, +- 0, ++ EVP_MD_FLAG_PKEY_DIGEST, + init, + update, + final, +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c +index 7c6efd1..3c4cd7b 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_md2.c +@@ -58,7 +58,6 @@ + + #include + #include "cryptlib.h" +-#include "evp_locl.h" + + #ifndef OPENSSL_NO_MD2 + +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c +index 01a05ad..851de69 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md4.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_md4.c +@@ -58,7 +58,6 @@ + + #include + #include "cryptlib.h" +-#include "evp_locl.h" + + #ifndef OPENSSL_NO_MD4 + +@@ -70,6 +69,8 @@ + # include + # endif + ++# include "evp_locl.h" ++ + static int init(EVP_MD_CTX *ctx) + { + return MD4_Init(ctx->md_data); +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c +index 5aabcb7..e5d5f71 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md5.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_md5.c +@@ -62,13 +62,13 @@ + #ifndef OPENSSL_NO_MD5 + + # include +-# include "evp_locl.h" + # include + # include + # include + # ifndef OPENSSL_NO_RSA + # include + # endif ++# include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c b/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c +new file mode 100644 +index 0000000..94e12a6 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c +@@ -0,0 +1,108 @@ ++/* crypto/evp/m_mdc2.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++ ++#ifndef OPENSSL_NO_MDC2 ++ ++# include ++# include ++# include ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++ ++# include "evp_locl.h" ++ ++static int init(EVP_MD_CTX *ctx) ++{ ++ return MDC2_Init(ctx->md_data); ++} ++ ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return MDC2_Update(ctx->md_data, data, count); ++} ++ ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return MDC2_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD mdc2_md = { ++ NID_mdc2, ++ NID_mdc2WithRSA, ++ MDC2_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_ASN1_OCTET_STRING_method, ++ MDC2_BLOCK, ++ sizeof(EVP_MD *) + sizeof(MDC2_CTX), ++}; ++ ++const EVP_MD *EVP_mdc2(void) ++{ ++ return (&mdc2_md); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c +index 979f77c..81de0ef 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c +@@ -68,6 +68,7 @@ + # ifndef OPENSSL_NO_RSA + # include + # endif ++# include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c +index 918ca5e..e1e22e0 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_sha.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_sha.c +@@ -58,7 +58,6 @@ + + #include + #include "cryptlib.h" +-#include "evp_locl.h" + + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) + +@@ -68,6 +67,7 @@ + # ifndef OPENSSL_NO_RSA + # include + # endif ++# include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c +index 4b10769..a74e6b7 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c +@@ -63,13 +63,11 @@ + + # include + # include +-# include ++# include + # ifndef OPENSSL_NO_RSA + # include + # endif + +-# ifndef OPENSSL_FIPS +- + static int init(EVP_MD_CTX *ctx) + { + return SHA1_Init(ctx->md_data); +@@ -89,7 +87,7 @@ static const EVP_MD sha1_md = { + NID_sha1, + NID_sha1WithRSAEncryption, + SHA_DIGEST_LENGTH, +- 0, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init, + update, + final, +@@ -104,8 +102,9 @@ const EVP_MD *EVP_sha1(void) + { + return (&sha1_md); + } ++#endif + +-# ifndef OPENSSL_NO_SHA256 ++#ifndef OPENSSL_NO_SHA256 + static int init224(EVP_MD_CTX *ctx) + { + return SHA224_Init(ctx->md_data); +@@ -135,7 +134,7 @@ static const EVP_MD sha224_md = { + NID_sha224, + NID_sha224WithRSAEncryption, + SHA224_DIGEST_LENGTH, +- 0, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init224, + update256, + final256, +@@ -155,7 +154,7 @@ static const EVP_MD sha256_md = { + NID_sha256, + NID_sha256WithRSAEncryption, + SHA256_DIGEST_LENGTH, +- 0, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init256, + update256, + final256, +@@ -170,9 +169,9 @@ const EVP_MD *EVP_sha256(void) + { + return (&sha256_md); + } +-# endif /* ifndef OPENSSL_NO_SHA256 */ ++#endif /* ifndef OPENSSL_NO_SHA256 */ + +-# ifndef OPENSSL_NO_SHA512 ++#ifndef OPENSSL_NO_SHA512 + static int init384(EVP_MD_CTX *ctx) + { + return SHA384_Init(ctx->md_data); +@@ -198,7 +197,7 @@ static const EVP_MD sha384_md = { + NID_sha384, + NID_sha384WithRSAEncryption, + SHA384_DIGEST_LENGTH, +- 0, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init384, + update512, + final512, +@@ -218,7 +217,7 @@ static const EVP_MD sha512_md = { + NID_sha512, + NID_sha512WithRSAEncryption, + SHA512_DIGEST_LENGTH, +- 0, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init512, + update512, + final512, +@@ -233,8 +232,4 @@ const EVP_MD *EVP_sha512(void) + { + return (&sha512_md); + } +-# endif /* ifndef OPENSSL_NO_SHA512 */ +- +-# endif +- +-#endif ++#endif /* ifndef OPENSSL_NO_SHA512 */ +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sigver.c b/Cryptlib/OpenSSL/crypto/evp/m_sigver.c +new file mode 100644 +index 0000000..4492d20 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/m_sigver.c +@@ -0,0 +1,203 @@ ++/* m_sigver.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include "evp_locl.h" ++ ++static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ++ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, ++ int ver) ++{ ++ if (ctx->pctx == NULL) ++ ctx->pctx = EVP_PKEY_CTX_new(pkey, e); ++ if (ctx->pctx == NULL) ++ return 0; ++ ++ if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) { ++ ++ if (type == NULL) { ++ int def_nid; ++ if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) ++ type = EVP_get_digestbynid(def_nid); ++ } ++ ++ if (type == NULL) { ++ EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST); ++ return 0; ++ } ++ } ++ ++ if (ver) { ++ if (ctx->pctx->pmeth->verifyctx_init) { ++ if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0) ++ return 0; ++ ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; ++ } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) ++ return 0; ++ } else { ++ if (ctx->pctx->pmeth->signctx_init) { ++ if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) ++ return 0; ++ ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; ++ } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) ++ return 0; ++ } ++ if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) ++ return 0; ++ if (pctx) ++ *pctx = ctx->pctx; ++ if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) ++ return 1; ++ if (!EVP_DigestInit_ex(ctx, type, e)) ++ return 0; ++ return 1; ++} ++ ++int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ++ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) ++{ ++ return do_sigver_init(ctx, pctx, type, e, pkey, 0); ++} ++ ++int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ++ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) ++{ ++ return do_sigver_init(ctx, pctx, type, e, pkey, 1); ++} ++ ++int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, ++ size_t *siglen) ++{ ++ int sctx, r = 0; ++ EVP_PKEY_CTX *pctx = ctx->pctx; ++ if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { ++ EVP_PKEY_CTX *dctx; ++ if (!sigret) ++ return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); ++ dctx = EVP_PKEY_CTX_dup(ctx->pctx); ++ if (!dctx) ++ return 0; ++ r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); ++ EVP_PKEY_CTX_free(dctx); ++ return r; ++ } ++ if (pctx->pmeth->signctx) ++ sctx = 1; ++ else ++ sctx = 0; ++ if (sigret) { ++ EVP_MD_CTX tmp_ctx; ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ unsigned int mdlen; ++ EVP_MD_CTX_init(&tmp_ctx); ++ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) ++ return 0; ++ if (sctx) ++ r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, ++ sigret, siglen, &tmp_ctx); ++ else ++ r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); ++ EVP_MD_CTX_cleanup(&tmp_ctx); ++ if (sctx || !r) ++ return r; ++ if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) ++ return 0; ++ } else { ++ if (sctx) { ++ if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0) ++ return 0; ++ } else { ++ int s = EVP_MD_size(ctx->digest); ++ if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0) ++ return 0; ++ } ++ } ++ return 1; ++} ++ ++int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, ++ size_t siglen) ++{ ++ EVP_MD_CTX tmp_ctx; ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ int r; ++ unsigned int mdlen; ++ int vctx; ++ ++ if (ctx->pctx->pmeth->verifyctx) ++ vctx = 1; ++ else ++ vctx = 0; ++ EVP_MD_CTX_init(&tmp_ctx); ++ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) ++ return -1; ++ if (vctx) { ++ r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, ++ sig, siglen, &tmp_ctx); ++ } else ++ r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); ++ EVP_MD_CTX_cleanup(&tmp_ctx); ++ if (vctx || !r) ++ return r; ++ return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_wp.c b/Cryptlib/OpenSSL/crypto/evp/m_wp.c +new file mode 100644 +index 0000000..a890939 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/m_wp.c +@@ -0,0 +1,48 @@ ++/* crypto/evp/m_wp.c */ ++ ++#include ++#include "cryptlib.h" ++ ++#ifndef OPENSSL_NO_WHIRLPOOL ++ ++# include ++# include ++# include ++# include ++# include "evp_locl.h" ++ ++static int init(EVP_MD_CTX *ctx) ++{ ++ return WHIRLPOOL_Init(ctx->md_data); ++} ++ ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return WHIRLPOOL_Update(ctx->md_data, data, count); ++} ++ ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return WHIRLPOOL_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD whirlpool_md = { ++ NID_whirlpool, ++ 0, ++ WHIRLPOOL_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_NULL_method, ++ WHIRLPOOL_BBLOCK / 8, ++ sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), ++}; ++ ++const EVP_MD *EVP_whirlpool(void) ++{ ++ return (&whirlpool_md); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c +index d05c000..ff115a3 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/names.c ++++ b/Cryptlib/OpenSSL/crypto/evp/names.c +@@ -66,14 +66,16 @@ int EVP_add_cipher(const EVP_CIPHER *c) + { + int r; + +-#ifdef OPENSSL_FIPS ++ if (c == NULL) ++ return 0; ++ + OPENSSL_init(); +-#endif + + r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, + (const char *)c); + if (r == 0) + return (0); ++ check_defer(c->nid); + r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, + (const char *)c); + return (r); +@@ -83,14 +85,13 @@ int EVP_add_digest(const EVP_MD *md) + { + int r; + const char *name; +- +-#ifdef OPENSSL_FIPS + OPENSSL_init(); +-#endif ++ + name = OBJ_nid2sn(md->type); + r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); + if (r == 0) + return (0); ++ check_defer(md->type); + r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, + (const char *)md); + if (r == 0) +@@ -101,6 +102,7 @@ int EVP_add_digest(const EVP_MD *md) + OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); + if (r == 0) + return (0); ++ check_defer(md->pkey_type); + r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), + OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); + } +@@ -135,4 +137,79 @@ void EVP_cleanup(void) + OBJ_NAME_cleanup(-1); + + EVP_PBE_cleanup(); ++ if (obj_cleanup_defer == 2) { ++ obj_cleanup_defer = 0; ++ OBJ_cleanup(); ++ } ++ OBJ_sigid_free(); ++} ++ ++struct doall_cipher { ++ void *arg; ++ void (*fn) (const EVP_CIPHER *ciph, ++ const char *from, const char *to, void *arg); ++}; ++ ++static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg) ++{ ++ struct doall_cipher *dc = arg; ++ if (nm->alias) ++ dc->fn(NULL, nm->name, nm->data, dc->arg); ++ else ++ dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg); ++} ++ ++void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, ++ const char *from, const char *to, void *x), ++ void *arg) ++{ ++ struct doall_cipher dc; ++ dc.fn = fn; ++ dc.arg = arg; ++ OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); ++} ++ ++void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph, ++ const char *from, const char *to, ++ void *x), void *arg) ++{ ++ struct doall_cipher dc; ++ dc.fn = fn; ++ dc.arg = arg; ++ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); ++} ++ ++struct doall_md { ++ void *arg; ++ void (*fn) (const EVP_MD *ciph, ++ const char *from, const char *to, void *arg); ++}; ++ ++static void do_all_md_fn(const OBJ_NAME *nm, void *arg) ++{ ++ struct doall_md *dc = arg; ++ if (nm->alias) ++ dc->fn(NULL, nm->name, nm->data, dc->arg); ++ else ++ dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg); ++} ++ ++void EVP_MD_do_all(void (*fn) (const EVP_MD *md, ++ const char *from, const char *to, void *x), ++ void *arg) ++{ ++ struct doall_md dc; ++ dc.fn = fn; ++ dc.arg = arg; ++ OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); ++} ++ ++void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md, ++ const char *from, const char *to, ++ void *x), void *arg) ++{ ++ struct doall_md dc; ++ dc.fn = fn; ++ dc.arg = arg; ++ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c +index 0607fea..d06ab90 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c +@@ -64,42 +64,11 @@ + #include + + /* +- * PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. ++ * Doesn't do anything now: Builtin PBE algorithms in static table. + */ + + void PKCS5_PBE_add(void) + { +-#ifndef OPENSSL_NO_DES +-# ifndef OPENSSL_NO_MD5 +- EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), +- PKCS5_PBE_keyivgen); +-# endif +-# ifndef OPENSSL_NO_MD2 +- EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), +- PKCS5_PBE_keyivgen); +-# endif +-# ifndef OPENSSL_NO_SHA +- EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), +- PKCS5_PBE_keyivgen); +-# endif +-#endif +-#ifndef OPENSSL_NO_RC2 +-# ifndef OPENSSL_NO_MD5 +- EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), +- PKCS5_PBE_keyivgen); +-# endif +-# ifndef OPENSSL_NO_MD2 +- EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), +- PKCS5_PBE_keyivgen); +-# endif +-# ifndef OPENSSL_NO_SHA +- EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), +- PKCS5_PBE_keyivgen); +-# endif +-#endif +-#ifndef OPENSSL_NO_HMAC +- EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); +-#endif + } + + int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, +@@ -114,6 +83,9 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + int saltlen, iter; + unsigned char *salt; + const unsigned char *pbuf; ++ int mdsize; ++ int rv = 0; ++ EVP_MD_CTX_init(&ctx); + + /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || +@@ -140,26 +112,38 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + else if (passlen == -1) + passlen = strlen(pass); + +- EVP_MD_CTX_init(&ctx); +- EVP_DigestInit_ex(&ctx, md, NULL); +- EVP_DigestUpdate(&ctx, pass, passlen); +- EVP_DigestUpdate(&ctx, salt, saltlen); ++ if (!EVP_DigestInit_ex(&ctx, md, NULL)) ++ goto err; ++ if (!EVP_DigestUpdate(&ctx, pass, passlen)) ++ goto err; ++ if (!EVP_DigestUpdate(&ctx, salt, saltlen)) ++ goto err; + PBEPARAM_free(pbe); +- EVP_DigestFinal_ex(&ctx, md_tmp, NULL); ++ if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) ++ goto err; ++ mdsize = EVP_MD_size(md); ++ if (mdsize < 0) ++ return 0; + for (i = 1; i < iter; i++) { +- EVP_DigestInit_ex(&ctx, md, NULL); +- EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); +- EVP_DigestFinal_ex(&ctx, md_tmp, NULL); ++ if (!EVP_DigestInit_ex(&ctx, md, NULL)) ++ goto err; ++ if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) ++ goto err; + } +- EVP_MD_CTX_cleanup(&ctx); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); + memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); + memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), + EVP_CIPHER_iv_length(cipher)); +- EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); ++ if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) ++ goto err; + OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); + OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); +- return 1; ++ rv = 1; ++ err: ++ EVP_MD_CTX_cleanup(&ctx); ++ return rv; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c +index 4c9496c..f2ae1e5 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c +@@ -4,7 +4,7 @@ + * 1999. + */ + /* ==================================================================== +- * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -63,6 +63,7 @@ + # include + # include + # include ++# include "evp_locl.h" + + /* set this to print out info about the keygen algorithm */ + /* #define DEBUG_PKCS5V2 */ +@@ -73,31 +74,38 @@ static void h__dump(const unsigned char *p, int len); + + /* + * This is an implementation of PKCS#5 v2.0 password based encryption key +- * derivation function PBKDF2 using the only currently defined function HMAC +- * with SHA1. Verified against test vectors posted by Peter Gutmann +- * to the PKCS-TNG mailing +- * list. ++ * derivation function PBKDF2. SHA1 version verified against test vectors ++ * posted by Peter Gutmann to the PKCS-TNG ++ * mailing list. + */ + +-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +- const unsigned char *salt, int saltlen, int iter, +- int keylen, unsigned char *out) ++int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, ++ const unsigned char *salt, int saltlen, int iter, ++ const EVP_MD *digest, int keylen, unsigned char *out) + { +- unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; +- int cplen, j, k, tkeylen; ++ unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; ++ int cplen, j, k, tkeylen, mdlen; + unsigned long i = 1; +- HMAC_CTX hctx; ++ HMAC_CTX hctx_tpl, hctx; + +- HMAC_CTX_init(&hctx); ++ mdlen = EVP_MD_size(digest); ++ if (mdlen < 0) ++ return 0; ++ ++ HMAC_CTX_init(&hctx_tpl); + p = out; + tkeylen = keylen; + if (!pass) + passlen = 0; + else if (passlen == -1) + passlen = strlen(pass); ++ if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { ++ HMAC_CTX_cleanup(&hctx_tpl); ++ return 0; ++ } + while (tkeylen) { +- if (tkeylen > SHA_DIGEST_LENGTH) +- cplen = SHA_DIGEST_LENGTH; ++ if (tkeylen > mdlen) ++ cplen = mdlen; + else + cplen = tkeylen; + /* +@@ -108,14 +116,31 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + itmp[1] = (unsigned char)((i >> 16) & 0xff); + itmp[2] = (unsigned char)((i >> 8) & 0xff); + itmp[3] = (unsigned char)(i & 0xff); +- HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); +- HMAC_Update(&hctx, salt, saltlen); +- HMAC_Update(&hctx, itmp, 4); +- HMAC_Final(&hctx, digtmp, NULL); ++ if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { ++ HMAC_CTX_cleanup(&hctx_tpl); ++ return 0; ++ } ++ if (!HMAC_Update(&hctx, salt, saltlen) ++ || !HMAC_Update(&hctx, itmp, 4) ++ || !HMAC_Final(&hctx, digtmp, NULL)) { ++ HMAC_CTX_cleanup(&hctx_tpl); ++ HMAC_CTX_cleanup(&hctx); ++ return 0; ++ } ++ HMAC_CTX_cleanup(&hctx); + memcpy(p, digtmp, cplen); + for (j = 1; j < iter; j++) { +- HMAC(EVP_sha1(), pass, passlen, +- digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); ++ if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { ++ HMAC_CTX_cleanup(&hctx_tpl); ++ return 0; ++ } ++ if (!HMAC_Update(&hctx, digtmp, mdlen) ++ || !HMAC_Final(&hctx, digtmp, NULL)) { ++ HMAC_CTX_cleanup(&hctx_tpl); ++ HMAC_CTX_cleanup(&hctx); ++ return 0; ++ } ++ HMAC_CTX_cleanup(&hctx); + for (k = 0; k < cplen; k++) + p[k] ^= digtmp[k]; + } +@@ -123,7 +148,7 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + i++; + p += cplen; + } +- HMAC_CTX_cleanup(&hctx); ++ HMAC_CTX_cleanup(&hctx_tpl); + # ifdef DEBUG_PKCS5V2 + fprintf(stderr, "Password:\n"); + h__dump(pass, passlen); +@@ -136,6 +161,14 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + return 1; + } + ++int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, ++ const unsigned char *salt, int saltlen, int iter, ++ int keylen, unsigned char *out) ++{ ++ return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(), ++ keylen, out); ++} ++ + # ifdef DO_TEST + main() + { +@@ -158,25 +191,24 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *c, + const EVP_MD *md, int en_de) + { +- unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; + const unsigned char *pbuf; +- int saltlen, iter, plen; +- unsigned int keylen; ++ int plen; + PBE2PARAM *pbe2 = NULL; + const EVP_CIPHER *cipher; +- PBKDF2PARAM *kdf = NULL; ++ ++ int rv = 0; + + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); +- return 0; ++ goto err; + } + + pbuf = param->value.sequence->data; + plen = param->value.sequence->length; + if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); +- return 0; ++ goto err; + } + + /* See if we recognise the key derivation function */ +@@ -191,9 +223,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + * lets see if we recognise the encryption algorithm. + */ + +- cipher = +- EVP_get_cipherbyname(OBJ_nid2sn +- (OBJ_obj2nid(pbe2->encryption->algorithm))); ++ cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); + + if (!cipher) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_CIPHER); +@@ -201,46 +231,81 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + } + + /* Fixup cipher based on AlgorithmIdentifier */ +- EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); ++ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) ++ goto err; + if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); + goto err; + } ++ rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, ++ pbe2->keyfunc->parameter, c, md, en_de); ++ err: ++ PBE2PARAM_free(pbe2); ++ return rv; ++} ++ ++int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, ++ int passlen, ASN1_TYPE *param, ++ const EVP_CIPHER *c, const EVP_MD *md, int en_de) ++{ ++ unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; ++ const unsigned char *pbuf; ++ int saltlen, iter, plen; ++ int rv = 0; ++ unsigned int keylen = 0; ++ int prf_nid, hmac_md_nid; ++ PBKDF2PARAM *kdf = NULL; ++ const EVP_MD *prfmd; ++ ++ if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { ++ EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET); ++ goto err; ++ } + keylen = EVP_CIPHER_CTX_key_length(ctx); + OPENSSL_assert(keylen <= sizeof key); + +- /* Now decode key derivation function */ ++ /* Decode parameter */ + +- if (!pbe2->keyfunc->parameter || +- (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); ++ if (!param || (param->type != V_ASN1_SEQUENCE)) { ++ EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); + goto err; + } + +- pbuf = pbe2->keyfunc->parameter->value.sequence->data; +- plen = pbe2->keyfunc->parameter->value.sequence->length; ++ pbuf = param->value.sequence->data; ++ plen = param->value.sequence->length; ++ + if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen))) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); ++ EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); + goto err; + } + +- PBE2PARAM_free(pbe2); +- pbe2 = NULL; ++ keylen = EVP_CIPHER_CTX_key_length(ctx); + + /* Now check the parameters of the kdf */ + + if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); ++ EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); + goto err; + } + +- if (kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); ++ if (kdf->prf) ++ prf_nid = OBJ_obj2nid(kdf->prf->algorithm); ++ else ++ prf_nid = NID_hmacWithSHA1; ++ ++ if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) { ++ EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); ++ goto err; ++ } ++ ++ prfmd = EVP_get_digestbynid(hmac_md_nid); ++ if (prfmd == NULL) { ++ EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); + goto err; + } + + if (kdf->salt->type != V_ASN1_OCTET_STRING) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE); ++ EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE); + goto err; + } + +@@ -248,16 +313,14 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + salt = kdf->salt->value.octet_string->data; + saltlen = kdf->salt->value.octet_string->length; + iter = ASN1_INTEGER_get(kdf->iter); +- PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); +- EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); +- OPENSSL_cleanse(key, keylen); +- PBKDF2PARAM_free(kdf); +- return 1; +- ++ if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, ++ keylen, key)) ++ goto err; ++ rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); + err: +- PBE2PARAM_free(pbe2); ++ OPENSSL_cleanse(key, keylen); + PBKDF2PARAM_free(kdf); +- return 0; ++ return rv; + } + + # ifdef DEBUG_PKCS5V2 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c +index 65d3fef..225b8b4 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_dec.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_dec.c +@@ -66,15 +66,15 @@ + #include + #include + +-int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, +- EVP_PKEY *priv) ++int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, ++ EVP_PKEY *priv) + { + int ret = -1; + + #ifndef OPENSSL_NO_RSA + if (priv->type != EVP_PKEY_RSA) { + #endif +- EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_PUBLIC_KEY_NOT_RSA); ++ EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); + #ifndef OPENSSL_NO_RSA + goto err; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c +index 5342146..f565f33 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_enc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_enc.c +@@ -66,15 +66,15 @@ + #include + #include + +-int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, +- EVP_PKEY *pubk) ++int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, ++ int key_len, EVP_PKEY *pubk) + { + int ret = 0; + + #ifndef OPENSSL_NO_RSA + if (pubk->type != EVP_PKEY_RSA) { + #endif +- EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_PUBLIC_KEY_NOT_RSA); ++ EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); + #ifndef OPENSSL_NO_RSA + goto err; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c +index 6430f6c..1171d30 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_lib.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_lib.c +@@ -74,63 +74,26 @@ + # include + #endif + ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++ ++#include "asn1_locl.h" ++ + static void EVP_PKEY_free_it(EVP_PKEY *x); + + int EVP_PKEY_bits(EVP_PKEY *pkey) + { +- if (0) +- return 0; +-#ifndef OPENSSL_NO_RSA +- else if (pkey->type == EVP_PKEY_RSA) +- return (BN_num_bits(pkey->pkey.rsa->n)); +-#endif +-#ifndef OPENSSL_NO_DSA +- else if (pkey->type == EVP_PKEY_DSA) +- return (BN_num_bits(pkey->pkey.dsa->p)); +-#endif +-#ifndef OPENSSL_NO_EC +- else if (pkey->type == EVP_PKEY_EC) { +- BIGNUM *order = BN_new(); +- const EC_GROUP *group; +- int ret; +- +- if (!order) { +- ERR_clear_error(); +- return 0; +- } +- group = EC_KEY_get0_group(pkey->pkey.ec); +- if (!EC_GROUP_get_order(group, order, NULL)) { +- ERR_clear_error(); +- return 0; +- } +- +- ret = BN_num_bits(order); +- BN_free(order); +- return ret; +- } +-#endif +- return (0); ++ if (pkey && pkey->ameth && pkey->ameth->pkey_bits) ++ return pkey->ameth->pkey_bits(pkey); ++ return 0; + } + + int EVP_PKEY_size(EVP_PKEY *pkey) + { +- if (pkey == NULL) +- return (0); +-#ifndef OPENSSL_NO_RSA +- if (pkey->type == EVP_PKEY_RSA) +- return (RSA_size(pkey->pkey.rsa)); +- else +-#endif +-#ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) +- return (DSA_size(pkey->pkey.dsa)); +-#endif +-#ifndef OPENSSL_NO_ECDSA +- if (pkey->type == EVP_PKEY_EC) +- return (ECDSA_size(pkey->pkey.ec)); +-#endif +- +- return (0); ++ if (pkey && pkey->ameth && pkey->ameth->pkey_size) ++ return pkey->ameth->pkey_size(pkey); ++ return 0; + } + + int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) +@@ -167,88 +130,26 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS); + goto err; + } +-#ifndef OPENSSL_NO_DSA +- if (to->type == EVP_PKEY_DSA) { +- BIGNUM *a; +- +- if ((a = BN_dup(from->pkey.dsa->p)) == NULL) +- goto err; +- if (to->pkey.dsa->p != NULL) +- BN_free(to->pkey.dsa->p); +- to->pkey.dsa->p = a; +- +- if ((a = BN_dup(from->pkey.dsa->q)) == NULL) +- goto err; +- if (to->pkey.dsa->q != NULL) +- BN_free(to->pkey.dsa->q); +- to->pkey.dsa->q = a; +- +- if ((a = BN_dup(from->pkey.dsa->g)) == NULL) +- goto err; +- if (to->pkey.dsa->g != NULL) +- BN_free(to->pkey.dsa->g); +- to->pkey.dsa->g = a; +- } +-#endif +-#ifndef OPENSSL_NO_EC +- if (to->type == EVP_PKEY_EC) { +- EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); +- if (group == NULL) +- goto err; +- if (EC_KEY_set_group(to->pkey.ec, group) == 0) +- goto err; +- EC_GROUP_free(group); +- } +-#endif +- return (1); ++ if (from->ameth && from->ameth->param_copy) ++ return from->ameth->param_copy(to, from); + err: +- return (0); ++ return 0; + } + + int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) + { +-#ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) { +- DSA *dsa; +- +- dsa = pkey->pkey.dsa; +- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) +- return (1); +- } +-#endif +-#ifndef OPENSSL_NO_EC +- if (pkey->type == EVP_PKEY_EC) { +- if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) +- return (1); +- } +-#endif +- +- return (0); ++ if (pkey->ameth && pkey->ameth->param_missing) ++ return pkey->ameth->param_missing(pkey); ++ return 0; + } + + int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { +-#ifndef OPENSSL_NO_DSA +- if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) { +- if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || +- BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || +- BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) +- return (0); +- else +- return (1); +- } +-#endif +-#ifndef OPENSSL_NO_EC +- if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) { +- const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), +- *group_b = EC_KEY_get0_group(b->pkey.ec); +- if (EC_GROUP_cmp(group_a, group_b, NULL)) +- return 0; +- else +- return 1; +- } +-#endif +- return (-1); ++ if (a->type != b->type) ++ return -1; ++ if (a->ameth && a->ameth->param_cmp) ++ return a->ameth->param_cmp(a, b); ++ return -2; + } + + int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +@@ -256,49 +157,20 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + if (a->type != b->type) + return -1; + +- if (EVP_PKEY_cmp_parameters(a, b) == 0) +- return 0; +- +- switch (a->type) { +-#ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 +- || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) +- return 0; +- break; +-#endif +-#ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) +- return 0; +- break; +-#endif +-#ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- { +- int r; +- const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); +- const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), +- *pb = EC_KEY_get0_public_key(b->pkey.ec); +- r = EC_POINT_cmp(group, pa, pb, NULL); +- if (r != 0) { +- if (r == 1) +- return 0; +- else +- return -2; +- } ++ if (a->ameth) { ++ int ret; ++ /* Compare parameters if the algorithm has them */ ++ if (a->ameth->param_cmp) { ++ ret = a->ameth->param_cmp(a, b); ++ if (ret <= 0) ++ return ret; + } +- break; +-#endif +-#ifndef OPENSSL_NO_DH +- case EVP_PKEY_DH: +- return -2; +-#endif +- default: +- return -2; ++ ++ if (a->ameth->pub_cmp) ++ return a->ameth->pub_cmp(a, b); + } + +- return 1; ++ return -2; + } + + EVP_PKEY *EVP_PKEY_new(void) +@@ -311,25 +183,87 @@ EVP_PKEY *EVP_PKEY_new(void) + return (NULL); + } + ret->type = EVP_PKEY_NONE; ++ ret->save_type = EVP_PKEY_NONE; + ret->references = 1; ++ ret->ameth = NULL; ++ ret->engine = NULL; + ret->pkey.ptr = NULL; + ret->attributes = NULL; + ret->save_parameters = 1; + return (ret); + } + +-int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) ++/* ++ * Setup a public key ASN1 method and ENGINE from a NID or a string. If pkey ++ * is NULL just return 1 or 0 if the algorithm exists. ++ */ ++ ++static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) ++{ ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ ENGINE *e = NULL; ++ if (pkey) { ++ if (pkey->pkey.ptr) ++ EVP_PKEY_free_it(pkey); ++ /* ++ * If key type matches and a method exists then this lookup has ++ * succeeded once so just indicate success. ++ */ ++ if ((type == pkey->save_type) && pkey->ameth) ++ return 1; ++#ifndef OPENSSL_NO_ENGINE ++ /* If we have an ENGINE release it */ ++ if (pkey->engine) { ++ ENGINE_finish(pkey->engine); ++ pkey->engine = NULL; ++ } ++#endif ++ } ++ if (str) ++ ameth = EVP_PKEY_asn1_find_str(&e, str, len); ++ else ++ ameth = EVP_PKEY_asn1_find(&e, type); ++#ifndef OPENSSL_NO_ENGINE ++ if (!pkey && e) ++ ENGINE_finish(e); ++#endif ++ if (!ameth) { ++ EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); ++ return 0; ++ } ++ if (pkey) { ++ pkey->ameth = ameth; ++ pkey->engine = e; ++ ++ pkey->type = pkey->ameth->pkey_id; ++ pkey->save_type = type; ++ } ++ return 1; ++} ++ ++int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) + { +- if (pkey == NULL) +- return (0); +- if (pkey->pkey.ptr != NULL) +- EVP_PKEY_free_it(pkey); +- pkey->type = EVP_PKEY_type(type); +- pkey->save_type = type; ++ return pkey_set_type(pkey, type, NULL, -1); ++} ++ ++int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) ++{ ++ return pkey_set_type(pkey, EVP_PKEY_NONE, str, len); ++} ++ ++int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) ++{ ++ if (!EVP_PKEY_set_type(pkey, type)) ++ return 0; + pkey->pkey.ptr = key; + return (key != NULL); + } + ++void *EVP_PKEY_get0(EVP_PKEY *pkey) ++{ ++ return pkey->pkey.ptr; ++} ++ + #ifndef OPENSSL_NO_RSA + int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) + { +@@ -403,7 +337,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) + + DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) + { +- if (pkey->type != EVP_PKEY_DH) { ++ if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) { + EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); + return NULL; + } +@@ -414,23 +348,29 @@ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) + + int EVP_PKEY_type(int type) + { +- switch (type) { +- case EVP_PKEY_RSA: +- case EVP_PKEY_RSA2: +- return (EVP_PKEY_RSA); +- case EVP_PKEY_DSA: +- case EVP_PKEY_DSA1: +- case EVP_PKEY_DSA2: +- case EVP_PKEY_DSA3: +- case EVP_PKEY_DSA4: +- return (EVP_PKEY_DSA); +- case EVP_PKEY_DH: +- return (EVP_PKEY_DH); +- case EVP_PKEY_EC: +- return (EVP_PKEY_EC); +- default: +- return (NID_undef); +- } ++ int ret; ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ ENGINE *e; ++ ameth = EVP_PKEY_asn1_find(&e, type); ++ if (ameth) ++ ret = ameth->pkey_id; ++ else ++ ret = NID_undef; ++#ifndef OPENSSL_NO_ENGINE ++ if (e) ++ ENGINE_finish(e); ++#endif ++ return ret; ++} ++ ++int EVP_PKEY_id(const EVP_PKEY *pkey) ++{ ++ return pkey->type; ++} ++ ++int EVP_PKEY_base_id(const EVP_PKEY *pkey) ++{ ++ return EVP_PKEY_type(pkey->type); + } + + void EVP_PKEY_free(EVP_PKEY *x) +@@ -460,30 +400,57 @@ void EVP_PKEY_free(EVP_PKEY *x) + + static void EVP_PKEY_free_it(EVP_PKEY *x) + { +- switch (x->type) { +-#ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- case EVP_PKEY_RSA2: +- RSA_free(x->pkey.rsa); +- break; +-#endif +-#ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- case EVP_PKEY_DSA2: +- case EVP_PKEY_DSA3: +- case EVP_PKEY_DSA4: +- DSA_free(x->pkey.dsa); +- break; +-#endif +-#ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- EC_KEY_free(x->pkey.ec); +- break; +-#endif +-#ifndef OPENSSL_NO_DH +- case EVP_PKEY_DH: +- DH_free(x->pkey.dh); +- break; +-#endif ++ if (x->ameth && x->ameth->pkey_free) { ++ x->ameth->pkey_free(x); ++ x->pkey.ptr = NULL; ++ } ++#ifndef OPENSSL_NO_ENGINE ++ if (x->engine) { ++ ENGINE_finish(x->engine); ++ x->engine = NULL; + } ++#endif ++} ++ ++static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, ++ const char *kstr) ++{ ++ BIO_indent(out, indent, 128); ++ BIO_printf(out, "%s algorithm \"%s\" unsupported\n", ++ kstr, OBJ_nid2ln(pkey->type)); ++ return 1; ++} ++ ++int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, ++ int indent, ASN1_PCTX *pctx) ++{ ++ if (pkey->ameth && pkey->ameth->pub_print) ++ return pkey->ameth->pub_print(out, pkey, indent, pctx); ++ ++ return unsup_alg(out, pkey, indent, "Public Key"); ++} ++ ++int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, ++ int indent, ASN1_PCTX *pctx) ++{ ++ if (pkey->ameth && pkey->ameth->priv_print) ++ return pkey->ameth->priv_print(out, pkey, indent, pctx); ++ ++ return unsup_alg(out, pkey, indent, "Private Key"); ++} ++ ++int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, ++ int indent, ASN1_PCTX *pctx) ++{ ++ if (pkey->ameth && pkey->ameth->param_print) ++ return pkey->ameth->param_print(out, pkey, indent, pctx); ++ return unsup_alg(out, pkey, indent, "Parameters"); ++} ++ ++int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) ++{ ++ if (!pkey->ameth || !pkey->ameth->pkey_ctrl) ++ return -2; ++ return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, ++ 0, pnid); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c +index 6740ac8..229eb64 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_open.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_open.c +@@ -95,7 +95,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + goto err; + } + +- i = EVP_PKEY_decrypt(key, ek, ekl, priv); ++ i = EVP_PKEY_decrypt_old(key, ek, ekl, priv); + if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) { + /* ERROR */ + goto err; +@@ -116,7 +116,8 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + int i; + + i = EVP_DecryptFinal_ex(ctx, out, outl); +- EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); ++ if (i) ++ i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); + return (i); + } + #else /* !OPENSSL_NO_RSA */ +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c +index be297dc..ba9dfff 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_seal.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_seal.c +@@ -82,15 +82,17 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + return 1; + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) + return 0; +- if (EVP_CIPHER_CTX_iv_length(ctx)) +- RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)); ++ if (EVP_CIPHER_CTX_iv_length(ctx) ++ && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) ++ return 0; + + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) + return 0; + + for (i = 0; i < npubk; i++) { +- ekl[i] = EVP_PKEY_encrypt(ek[i], key, EVP_CIPHER_CTX_key_length(ctx), +- pubk[i]); ++ ekl[i] = ++ EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx), ++ pubk[i]); + if (ekl[i] <= 0) + return (-1); + } +@@ -113,6 +115,7 @@ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { + int i; + i = EVP_EncryptFinal_ex(ctx, out, outl); +- EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL); ++ if (i) ++ i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL); + return i; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c +index 6f31912..1b9ba06 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_sign.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_sign.c +@@ -79,10 +79,37 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + { + unsigned char m[EVP_MAX_MD_SIZE]; + unsigned int m_len; +- int i, ok = 0, v; ++ int i = 0, ok = 0, v; + EVP_MD_CTX tmp_ctx; ++ EVP_PKEY_CTX *pkctx = NULL; + + *siglen = 0; ++ EVP_MD_CTX_init(&tmp_ctx); ++ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) ++ goto err; ++ EVP_MD_CTX_cleanup(&tmp_ctx); ++ ++ if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { ++ size_t sltmp = (size_t)EVP_PKEY_size(pkey); ++ i = 0; ++ pkctx = EVP_PKEY_CTX_new(pkey, NULL); ++ if (!pkctx) ++ goto err; ++ if (EVP_PKEY_sign_init(pkctx) <= 0) ++ goto err; ++ if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) ++ goto err; ++ if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) ++ goto err; ++ *siglen = sltmp; ++ i = 1; ++ err: ++ EVP_PKEY_CTX_free(pkctx); ++ return i; ++ } ++ + for (i = 0; i < 4; i++) { + v = ctx->digest->required_pkey_type[i]; + if (v == 0) +@@ -96,23 +123,11 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); + return (0); + } ++ + if (ctx->digest->sign == NULL) { + EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED); + return (0); + } +- EVP_MD_CTX_init(&tmp_ctx); +- EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); +- if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) { +- EVP_MD_SVCTX sctmp; +- sctmp.mctx = &tmp_ctx; +- sctmp.key = pkey->pkey.ptr; +- i = ctx->digest->sign(ctx->digest->type, +- NULL, -1, sigret, siglen, &sctmp); +- } else { +- EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len); +- i = ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, +- pkey->pkey.ptr); +- } +- EVP_MD_CTX_cleanup(&tmp_ctx); +- return i; ++ return (ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, ++ pkey->pkey.ptr)); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c +index ee2f257..65e1e21 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_verify.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_verify.c +@@ -67,8 +67,31 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + { + unsigned char m[EVP_MAX_MD_SIZE]; + unsigned int m_len; +- int i, ok = 0, v; ++ int i = 0, ok = 0, v; + EVP_MD_CTX tmp_ctx; ++ EVP_PKEY_CTX *pkctx = NULL; ++ ++ EVP_MD_CTX_init(&tmp_ctx); ++ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) ++ goto err; ++ EVP_MD_CTX_cleanup(&tmp_ctx); ++ ++ if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { ++ i = -1; ++ pkctx = EVP_PKEY_CTX_new(pkey, NULL); ++ if (!pkctx) ++ goto err; ++ if (EVP_PKEY_verify_init(pkctx) <= 0) ++ goto err; ++ if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) ++ goto err; ++ i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); ++ err: ++ EVP_PKEY_CTX_free(pkctx); ++ return i; ++ } + + for (i = 0; i < 4; i++) { + v = ctx->digest->required_pkey_type[i]; +@@ -88,19 +111,6 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + return (0); + } + +- EVP_MD_CTX_init(&tmp_ctx); +- EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); +- if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) { +- EVP_MD_SVCTX sctmp; +- sctmp.mctx = &tmp_ctx; +- sctmp.key = pkey->pkey.ptr; +- i = ctx->digest->verify(ctx->digest->type, +- NULL, -1, sigbuf, siglen, &sctmp); +- } else { +- EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len); +- i = ctx->digest->verify(ctx->digest->type, m, m_len, +- sigbuf, siglen, pkey->pkey.ptr); +- } +- EVP_MD_CTX_cleanup(&tmp_ctx); +- return i; ++ return (ctx->digest->verify(ctx->digest->type, m, m_len, ++ sigbuf, siglen, pkey->pkey.ptr)); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c +new file mode 100644 +index 0000000..a8b7f2f +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c +@@ -0,0 +1,346 @@ ++/* pmeth_fn.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++#include "cryptlib.h" ++#include ++#include ++#include "evp_locl.h" ++ ++#define M_check_autoarg(ctx, arg, arglen, err) \ ++ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ ++ { \ ++ size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ ++ if (!arg) \ ++ { \ ++ *arglen = pksize; \ ++ return 1; \ ++ } \ ++ else if (*arglen < pksize) \ ++ { \ ++ EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\ ++ return 0; \ ++ } \ ++ } ++ ++int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { ++ EVPerr(EVP_F_EVP_PKEY_SIGN_INIT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ ctx->operation = EVP_PKEY_OP_SIGN; ++ if (!ctx->pmeth->sign_init) ++ return 1; ++ ret = ctx->pmeth->sign_init(ctx); ++ if (ret <= 0) ++ ctx->operation = EVP_PKEY_OP_UNDEFINED; ++ return ret; ++} ++ ++int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, ++ unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, size_t tbslen) ++{ ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { ++ EVPerr(EVP_F_EVP_PKEY_SIGN, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ if (ctx->operation != EVP_PKEY_OP_SIGN) { ++ EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED); ++ return -1; ++ } ++ M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) ++ return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); ++} ++ ++int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { ++ EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ ctx->operation = EVP_PKEY_OP_VERIFY; ++ if (!ctx->pmeth->verify_init) ++ return 1; ++ ret = ctx->pmeth->verify_init(ctx); ++ if (ret <= 0) ++ ctx->operation = EVP_PKEY_OP_UNDEFINED; ++ return ret; ++} ++ ++int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, ++ const unsigned char *sig, size_t siglen, ++ const unsigned char *tbs, size_t tbslen) ++{ ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { ++ EVPerr(EVP_F_EVP_PKEY_VERIFY, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ if (ctx->operation != EVP_PKEY_OP_VERIFY) { ++ EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED); ++ return -1; ++ } ++ return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); ++} ++ ++int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) { ++ EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ ctx->operation = EVP_PKEY_OP_VERIFYRECOVER; ++ if (!ctx->pmeth->verify_recover_init) ++ return 1; ++ ret = ctx->pmeth->verify_recover_init(ctx); ++ if (ret <= 0) ++ ctx->operation = EVP_PKEY_OP_UNDEFINED; ++ return ret; ++} ++ ++int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, ++ unsigned char *rout, size_t *routlen, ++ const unsigned char *sig, size_t siglen) ++{ ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) { ++ EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { ++ EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED); ++ return -1; ++ } ++ M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) ++ return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); ++} ++ ++int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { ++ EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ ctx->operation = EVP_PKEY_OP_ENCRYPT; ++ if (!ctx->pmeth->encrypt_init) ++ return 1; ++ ret = ctx->pmeth->encrypt_init(ctx); ++ if (ret <= 0) ++ ctx->operation = EVP_PKEY_OP_UNDEFINED; ++ return ret; ++} ++ ++int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, ++ unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen) ++{ ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { ++ EVPerr(EVP_F_EVP_PKEY_ENCRYPT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { ++ EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED); ++ return -1; ++ } ++ M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) ++ return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); ++} ++ ++int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { ++ EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ ctx->operation = EVP_PKEY_OP_DECRYPT; ++ if (!ctx->pmeth->decrypt_init) ++ return 1; ++ ret = ctx->pmeth->decrypt_init(ctx); ++ if (ret <= 0) ++ ctx->operation = EVP_PKEY_OP_UNDEFINED; ++ return ret; ++} ++ ++int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, ++ unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen) ++{ ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { ++ EVPerr(EVP_F_EVP_PKEY_DECRYPT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ if (ctx->operation != EVP_PKEY_OP_DECRYPT) { ++ EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED); ++ return -1; ++ } ++ M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) ++ return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); ++} ++ ++int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { ++ EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ ctx->operation = EVP_PKEY_OP_DERIVE; ++ if (!ctx->pmeth->derive_init) ++ return 1; ++ ret = ctx->pmeth->derive_init(ctx); ++ if (ret <= 0) ++ ctx->operation = EVP_PKEY_OP_UNDEFINED; ++ return ret; ++} ++ ++int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth ++ || !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt) ++ || !ctx->pmeth->ctrl) { ++ EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ if (ctx->operation != EVP_PKEY_OP_DERIVE ++ && ctx->operation != EVP_PKEY_OP_ENCRYPT ++ && ctx->operation != EVP_PKEY_OP_DECRYPT) { ++ EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ++ EVP_R_OPERATON_NOT_INITIALIZED); ++ return -1; ++ } ++ ++ ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); ++ ++ if (ret <= 0) ++ return ret; ++ ++ if (ret == 2) ++ return 1; ++ ++ if (!ctx->pkey) { ++ EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET); ++ return -1; ++ } ++ ++ if (ctx->pkey->type != peer->type) { ++ EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES); ++ return -1; ++ } ++ ++ /* ++ * ran@cryptocom.ru: For clarity. The error is if parameters in peer are ++ * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return ++ * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 ++ * (different key types) is impossible here because it is checked earlier. ++ * -2 is OK for us here, as well as 1, so we can check for 0 only. ++ */ ++ if (!EVP_PKEY_missing_parameters(peer) && ++ !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { ++ EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS); ++ return -1; ++ } ++ ++ if (ctx->peerkey) ++ EVP_PKEY_free(ctx->peerkey); ++ ctx->peerkey = peer; ++ ++ ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); ++ ++ if (ret <= 0) { ++ ctx->peerkey = NULL; ++ return ret; ++ } ++ ++ CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ return 1; ++} ++ ++int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) ++{ ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { ++ EVPerr(EVP_F_EVP_PKEY_DERIVE, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ if (ctx->operation != EVP_PKEY_OP_DERIVE) { ++ EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED); ++ return -1; ++ } ++ M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) ++ return ctx->pmeth->derive(ctx, key, pkeylen); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c +new file mode 100644 +index 0000000..59f8134 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c +@@ -0,0 +1,215 @@ ++/* pmeth_gn.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include "evp_locl.h" ++ ++int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) { ++ EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ ctx->operation = EVP_PKEY_OP_PARAMGEN; ++ if (!ctx->pmeth->paramgen_init) ++ return 1; ++ ret = ctx->pmeth->paramgen_init(ctx); ++ if (ret <= 0) ++ ctx->operation = EVP_PKEY_OP_UNDEFINED; ++ return ret; ++} ++ ++int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) { ++ EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ ++ if (ctx->operation != EVP_PKEY_OP_PARAMGEN) { ++ EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED); ++ return -1; ++ } ++ ++ if (!ppkey) ++ return -1; ++ ++ if (!*ppkey) ++ *ppkey = EVP_PKEY_new(); ++ ++ ret = ctx->pmeth->paramgen(ctx, *ppkey); ++ if (ret <= 0) { ++ EVP_PKEY_free(*ppkey); ++ *ppkey = NULL; ++ } ++ return ret; ++} ++ ++int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { ++ EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ ctx->operation = EVP_PKEY_OP_KEYGEN; ++ if (!ctx->pmeth->keygen_init) ++ return 1; ++ ret = ctx->pmeth->keygen_init(ctx); ++ if (ret <= 0) ++ ctx->operation = EVP_PKEY_OP_UNDEFINED; ++ return ret; ++} ++ ++int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ++{ ++ int ret; ++ ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { ++ EVPerr(EVP_F_EVP_PKEY_KEYGEN, ++ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ } ++ if (ctx->operation != EVP_PKEY_OP_KEYGEN) { ++ EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED); ++ return -1; ++ } ++ ++ if (!ppkey) ++ return -1; ++ ++ if (!*ppkey) ++ *ppkey = EVP_PKEY_new(); ++ ++ ret = ctx->pmeth->keygen(ctx, *ppkey); ++ if (ret <= 0) { ++ EVP_PKEY_free(*ppkey); ++ *ppkey = NULL; ++ } ++ return ret; ++} ++ ++void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb) ++{ ++ ctx->pkey_gencb = cb; ++} ++ ++EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx) ++{ ++ return ctx->pkey_gencb; ++} ++ ++/* ++ * "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style ++ * callbacks. ++ */ ++ ++static int trans_cb(int a, int b, BN_GENCB *gcb) ++{ ++ EVP_PKEY_CTX *ctx = gcb->arg; ++ ctx->keygen_info[0] = a; ++ ctx->keygen_info[1] = b; ++ return ctx->pkey_gencb(ctx); ++} ++ ++void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) ++{ ++ BN_GENCB_set(cb, trans_cb, ctx) ++} ++ ++int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) ++{ ++ if (idx == -1) ++ return ctx->keygen_info_count; ++ if (idx < 0 || idx > ctx->keygen_info_count) ++ return 0; ++ return ctx->keygen_info[idx]; ++} ++ ++EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, ++ const unsigned char *key, int keylen) ++{ ++ EVP_PKEY_CTX *mac_ctx = NULL; ++ EVP_PKEY *mac_key = NULL; ++ mac_ctx = EVP_PKEY_CTX_new_id(type, e); ++ if (!mac_ctx) ++ return NULL; ++ if (EVP_PKEY_keygen_init(mac_ctx) <= 0) ++ goto merr; ++ if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, ++ EVP_PKEY_CTRL_SET_MAC_KEY, ++ keylen, (void *)key) <= 0) ++ goto merr; ++ if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) ++ goto merr; ++ merr: ++ if (mac_ctx) ++ EVP_PKEY_CTX_free(mac_ctx); ++ return mac_key; ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c +new file mode 100644 +index 0000000..9f81d10 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c +@@ -0,0 +1,613 @@ ++/* pmeth_lib.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++#include "cryptlib.h" ++#include ++#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++#include "asn1_locl.h" ++#include "evp_locl.h" ++ ++typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); ++ ++DECLARE_STACK_OF(EVP_PKEY_METHOD) ++STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; ++ ++extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; ++extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; ++extern const EVP_PKEY_METHOD dhx_pkey_meth; ++ ++static const EVP_PKEY_METHOD *standard_methods[] = { ++#ifndef OPENSSL_NO_RSA ++ &rsa_pkey_meth, ++#endif ++#ifndef OPENSSL_NO_DH ++ &dh_pkey_meth, ++#endif ++#ifndef OPENSSL_NO_DSA ++ &dsa_pkey_meth, ++#endif ++#ifndef OPENSSL_NO_EC ++ &ec_pkey_meth, ++#endif ++ &hmac_pkey_meth, ++ &cmac_pkey_meth, ++#ifndef OPENSSL_NO_DH ++ &dhx_pkey_meth ++#endif ++}; ++ ++DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, ++ pmeth); ++ ++static int pmeth_cmp(const EVP_PKEY_METHOD *const *a, ++ const EVP_PKEY_METHOD *const *b) ++{ ++ return ((*a)->pkey_id - (*b)->pkey_id); ++} ++ ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, ++ pmeth); ++ ++const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) ++{ ++ EVP_PKEY_METHOD tmp; ++ const EVP_PKEY_METHOD *t = &tmp, **ret; ++ tmp.pkey_id = type; ++ if (app_pkey_methods) { ++ int idx; ++ idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp); ++ if (idx >= 0) ++ return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); ++ } ++ ret = OBJ_bsearch_pmeth(&t, standard_methods, ++ sizeof(standard_methods) / ++ sizeof(EVP_PKEY_METHOD *)); ++ if (!ret || !*ret) ++ return NULL; ++ return *ret; ++} ++ ++static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) ++{ ++ EVP_PKEY_CTX *ret; ++ const EVP_PKEY_METHOD *pmeth; ++ if (id == -1) { ++ if (!pkey || !pkey->ameth) ++ return NULL; ++ id = pkey->ameth->pkey_id; ++ } ++#ifndef OPENSSL_NO_ENGINE ++ if (pkey && pkey->engine) ++ e = pkey->engine; ++ /* Try to find an ENGINE which implements this method */ ++ if (e) { ++ if (!ENGINE_init(e)) { ++ EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB); ++ return NULL; ++ } ++ } else ++ e = ENGINE_get_pkey_meth_engine(id); ++ ++ /* ++ * If an ENGINE handled this method look it up. Othewise use internal ++ * tables. ++ */ ++ ++ if (e) ++ pmeth = ENGINE_get_pkey_meth(e, id); ++ else ++#endif ++ pmeth = EVP_PKEY_meth_find(id); ++ ++ if (pmeth == NULL) { ++ EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM); ++ return NULL; ++ } ++ ++ ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); ++ if (!ret) { ++#ifndef OPENSSL_NO_ENGINE ++ if (e) ++ ENGINE_finish(e); ++#endif ++ EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ret->engine = e; ++ ret->pmeth = pmeth; ++ ret->operation = EVP_PKEY_OP_UNDEFINED; ++ ret->pkey = pkey; ++ ret->peerkey = NULL; ++ ret->pkey_gencb = 0; ++ if (pkey) ++ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ ret->data = NULL; ++ ++ if (pmeth->init) { ++ if (pmeth->init(ret) <= 0) { ++ EVP_PKEY_CTX_free(ret); ++ return NULL; ++ } ++ } ++ ++ return ret; ++} ++ ++EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) ++{ ++ EVP_PKEY_METHOD *pmeth; ++ pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD)); ++ if (!pmeth) ++ return NULL; ++ ++ memset(pmeth, 0, sizeof(EVP_PKEY_METHOD)); ++ ++ pmeth->pkey_id = id; ++ pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; ++ ++ pmeth->init = 0; ++ pmeth->copy = 0; ++ pmeth->cleanup = 0; ++ pmeth->paramgen_init = 0; ++ pmeth->paramgen = 0; ++ pmeth->keygen_init = 0; ++ pmeth->keygen = 0; ++ pmeth->sign_init = 0; ++ pmeth->sign = 0; ++ pmeth->verify_init = 0; ++ pmeth->verify = 0; ++ pmeth->verify_recover_init = 0; ++ pmeth->verify_recover = 0; ++ pmeth->signctx_init = 0; ++ pmeth->signctx = 0; ++ pmeth->verifyctx_init = 0; ++ pmeth->verifyctx = 0; ++ pmeth->encrypt_init = 0; ++ pmeth->encrypt = 0; ++ pmeth->decrypt_init = 0; ++ pmeth->decrypt = 0; ++ pmeth->derive_init = 0; ++ pmeth->derive = 0; ++ pmeth->ctrl = 0; ++ pmeth->ctrl_str = 0; ++ ++ return pmeth; ++} ++ ++void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, ++ const EVP_PKEY_METHOD *meth) ++{ ++ if (ppkey_id) ++ *ppkey_id = meth->pkey_id; ++ if (pflags) ++ *pflags = meth->flags; ++} ++ ++void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) ++{ ++ ++ dst->init = src->init; ++ dst->copy = src->copy; ++ dst->cleanup = src->cleanup; ++ ++ dst->paramgen_init = src->paramgen_init; ++ dst->paramgen = src->paramgen; ++ ++ dst->keygen_init = src->keygen_init; ++ dst->keygen = src->keygen; ++ ++ dst->sign_init = src->sign_init; ++ dst->sign = src->sign; ++ ++ dst->verify_init = src->verify_init; ++ dst->verify = src->verify; ++ ++ dst->verify_recover_init = src->verify_recover_init; ++ dst->verify_recover = src->verify_recover; ++ ++ dst->signctx_init = src->signctx_init; ++ dst->signctx = src->signctx; ++ ++ dst->verifyctx_init = src->verifyctx_init; ++ dst->verifyctx = src->verifyctx; ++ ++ dst->encrypt_init = src->encrypt_init; ++ dst->encrypt = src->encrypt; ++ ++ dst->decrypt_init = src->decrypt_init; ++ dst->decrypt = src->decrypt; ++ ++ dst->derive_init = src->derive_init; ++ dst->derive = src->derive; ++ ++ dst->ctrl = src->ctrl; ++ dst->ctrl_str = src->ctrl_str; ++} ++ ++void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) ++{ ++ if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) ++ OPENSSL_free(pmeth); ++} ++ ++EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) ++{ ++ return int_ctx_new(pkey, e, -1); ++} ++ ++EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) ++{ ++ return int_ctx_new(NULL, e, id); ++} ++ ++EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) ++{ ++ EVP_PKEY_CTX *rctx; ++ if (!pctx->pmeth || !pctx->pmeth->copy) ++ return NULL; ++#ifndef OPENSSL_NO_ENGINE ++ /* Make sure it's safe to copy a pkey context using an ENGINE */ ++ if (pctx->engine && !ENGINE_init(pctx->engine)) { ++ EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_ENGINE_LIB); ++ return 0; ++ } ++#endif ++ rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); ++ if (!rctx) ++ return NULL; ++ ++ rctx->pmeth = pctx->pmeth; ++#ifndef OPENSSL_NO_ENGINE ++ rctx->engine = pctx->engine; ++#endif ++ ++ if (pctx->pkey) ++ CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ ++ rctx->pkey = pctx->pkey; ++ ++ if (pctx->peerkey) ++ CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ ++ rctx->peerkey = pctx->peerkey; ++ ++ rctx->data = NULL; ++ rctx->app_data = NULL; ++ rctx->operation = pctx->operation; ++ ++ if (pctx->pmeth->copy(rctx, pctx) > 0) ++ return rctx; ++ ++ EVP_PKEY_CTX_free(rctx); ++ return NULL; ++ ++} ++ ++int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) ++{ ++ if (app_pkey_methods == NULL) { ++ app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); ++ if (!app_pkey_methods) ++ return 0; ++ } ++ if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) ++ return 0; ++ sk_EVP_PKEY_METHOD_sort(app_pkey_methods); ++ return 1; ++} ++ ++void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) ++{ ++ if (ctx == NULL) ++ return; ++ if (ctx->pmeth && ctx->pmeth->cleanup) ++ ctx->pmeth->cleanup(ctx); ++ if (ctx->pkey) ++ EVP_PKEY_free(ctx->pkey); ++ if (ctx->peerkey) ++ EVP_PKEY_free(ctx->peerkey); ++#ifndef OPENSSL_NO_ENGINE ++ if (ctx->engine) ++ /* ++ * The EVP_PKEY_CTX we used belongs to an ENGINE, release the ++ * functional reference we held for this reason. ++ */ ++ ENGINE_finish(ctx->engine); ++#endif ++ OPENSSL_free(ctx); ++} ++ ++int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, ++ int cmd, int p1, void *p2) ++{ ++ int ret; ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { ++ EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); ++ return -2; ++ } ++ if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) ++ return -1; ++ ++ if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { ++ EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET); ++ return -1; ++ } ++ ++ if ((optype != -1) && !(ctx->operation & optype)) { ++ EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION); ++ return -1; ++ } ++ ++ ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); ++ ++ if (ret == -2) ++ EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); ++ ++ return ret; ++ ++} ++ ++int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, ++ const char *name, const char *value) ++{ ++ if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) { ++ EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); ++ return -2; ++ } ++ if (!strcmp(name, "digest")) { ++ const EVP_MD *md; ++ if (!value || !(md = EVP_get_digestbyname(value))) { ++ EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST); ++ return 0; ++ } ++ return EVP_PKEY_CTX_set_signature_md(ctx, md); ++ } ++ return ctx->pmeth->ctrl_str(ctx, name, value); ++} ++ ++int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) ++{ ++ return ctx->operation; ++} ++ ++void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen) ++{ ++ ctx->keygen_info = dat; ++ ctx->keygen_info_count = datlen; ++} ++ ++void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data) ++{ ++ ctx->data = data; ++} ++ ++void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx) ++{ ++ return ctx->data; ++} ++ ++EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) ++{ ++ return ctx->pkey; ++} ++ ++EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx) ++{ ++ return ctx->peerkey; ++} ++ ++void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) ++{ ++ ctx->app_data = data; ++} ++ ++void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) ++{ ++ return ctx->app_data; ++} ++ ++void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, ++ int (*init) (EVP_PKEY_CTX *ctx)) ++{ ++ pmeth->init = init; ++} ++ ++void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, ++ int (*copy) (EVP_PKEY_CTX *dst, ++ EVP_PKEY_CTX *src)) ++{ ++ pmeth->copy = copy; ++} ++ ++void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, ++ void (*cleanup) (EVP_PKEY_CTX *ctx)) ++{ ++ pmeth->cleanup = cleanup; ++} ++ ++void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, ++ int (*paramgen_init) (EVP_PKEY_CTX *ctx), ++ int (*paramgen) (EVP_PKEY_CTX *ctx, ++ EVP_PKEY *pkey)) ++{ ++ pmeth->paramgen_init = paramgen_init; ++ pmeth->paramgen = paramgen; ++} ++ ++void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, ++ int (*keygen_init) (EVP_PKEY_CTX *ctx), ++ int (*keygen) (EVP_PKEY_CTX *ctx, ++ EVP_PKEY *pkey)) ++{ ++ pmeth->keygen_init = keygen_init; ++ pmeth->keygen = keygen; ++} ++ ++void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, ++ int (*sign_init) (EVP_PKEY_CTX *ctx), ++ int (*sign) (EVP_PKEY_CTX *ctx, ++ unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, ++ size_t tbslen)) ++{ ++ pmeth->sign_init = sign_init; ++ pmeth->sign = sign; ++} ++ ++void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, ++ int (*verify_init) (EVP_PKEY_CTX *ctx), ++ int (*verify) (EVP_PKEY_CTX *ctx, ++ const unsigned char *sig, ++ size_t siglen, ++ const unsigned char *tbs, ++ size_t tbslen)) ++{ ++ pmeth->verify_init = verify_init; ++ pmeth->verify = verify; ++} ++ ++void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, ++ int (*verify_recover_init) (EVP_PKEY_CTX ++ *ctx), ++ int (*verify_recover) (EVP_PKEY_CTX ++ *ctx, ++ unsigned char ++ *sig, ++ size_t *siglen, ++ const unsigned ++ char *tbs, ++ size_t tbslen)) ++{ ++ pmeth->verify_recover_init = verify_recover_init; ++ pmeth->verify_recover = verify_recover; ++} ++ ++void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, ++ int (*signctx_init) (EVP_PKEY_CTX *ctx, ++ EVP_MD_CTX *mctx), ++ int (*signctx) (EVP_PKEY_CTX *ctx, ++ unsigned char *sig, ++ size_t *siglen, ++ EVP_MD_CTX *mctx)) ++{ ++ pmeth->signctx_init = signctx_init; ++ pmeth->signctx = signctx; ++} ++ ++void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, ++ int (*verifyctx_init) (EVP_PKEY_CTX *ctx, ++ EVP_MD_CTX *mctx), ++ int (*verifyctx) (EVP_PKEY_CTX *ctx, ++ const unsigned char *sig, ++ int siglen, ++ EVP_MD_CTX *mctx)) ++{ ++ pmeth->verifyctx_init = verifyctx_init; ++ pmeth->verifyctx = verifyctx; ++} ++ ++void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, ++ int (*encrypt_init) (EVP_PKEY_CTX *ctx), ++ int (*encryptfn) (EVP_PKEY_CTX *ctx, ++ unsigned char *out, ++ size_t *outlen, ++ const unsigned char *in, ++ size_t inlen)) ++{ ++ pmeth->encrypt_init = encrypt_init; ++ pmeth->encrypt = encryptfn; ++} ++ ++void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, ++ int (*decrypt_init) (EVP_PKEY_CTX *ctx), ++ int (*decrypt) (EVP_PKEY_CTX *ctx, ++ unsigned char *out, ++ size_t *outlen, ++ const unsigned char *in, ++ size_t inlen)) ++{ ++ pmeth->decrypt_init = decrypt_init; ++ pmeth->decrypt = decrypt; ++} ++ ++void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, ++ int (*derive_init) (EVP_PKEY_CTX *ctx), ++ int (*derive) (EVP_PKEY_CTX *ctx, ++ unsigned char *key, ++ size_t *keylen)) ++{ ++ pmeth->derive_init = derive_init; ++ pmeth->derive = derive; ++} ++ ++void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, ++ int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, ++ void *p2), ++ int (*ctrl_str) (EVP_PKEY_CTX *ctx, ++ const char *type, ++ const char *value)) ++{ ++ pmeth->ctrl = ctrl; ++ pmeth->ctrl_str = ctrl_str; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c +index efd9911..f96a517 100644 +--- a/Cryptlib/OpenSSL/crypto/ex_data.c ++++ b/Cryptlib/OpenSSL/crypto/ex_data.c +@@ -250,30 +250,33 @@ typedef struct st_ex_class_item { + static int ex_class = CRYPTO_EX_INDEX_USER; + + /* The global hash table of EX_CLASS_ITEM items */ +-static LHASH *ex_data = NULL; ++DECLARE_LHASH_OF(EX_CLASS_ITEM); ++static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL; + + /* The callbacks required in the "ex_data" hash table */ +-static unsigned long ex_hash_cb(const void *a_void) ++static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a) + { +- return ((const EX_CLASS_ITEM *)a_void)->class_index; ++ return a->class_index; + } + +-static int ex_cmp_cb(const void *a_void, const void *b_void) ++static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM) ++ ++static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b) + { +- return (((const EX_CLASS_ITEM *)a_void)->class_index - +- ((const EX_CLASS_ITEM *)b_void)->class_index); ++ return a->class_index - b->class_index; + } + ++static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM) ++ + /* + * Internal functions used by the "impl_default" implementation to access the + * state + */ +- + static int ex_data_check(void) + { + int toret = 1; + CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); +- if (!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL)) ++ if (!ex_data && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL) + toret = 0; + CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); + return toret; +@@ -313,7 +316,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index) + EX_DATA_CHECK(return NULL;) + d.class_index = class_index; + CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); +- p = lh_retrieve(ex_data, &d); ++ p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d); + if (!p) { + gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); + if (gen) { +@@ -327,7 +330,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index) + * Because we're inside the ex_data lock, the return value + * from the insert will be NULL + */ +- lh_insert(ex_data, gen); ++ (void)lh_EX_CLASS_ITEM_insert(ex_data, gen); + p = gen; + } + } +@@ -388,8 +391,8 @@ static int int_new_class(void) + static void int_cleanup(void) + { + EX_DATA_CHECK(return;) +- lh_doall(ex_data, def_cleanup_cb); +- lh_free(ex_data); ++ lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb); ++ lh_EX_CLASS_ITEM_free(ex_data); + ex_data = NULL; + impl = NULL; + } +@@ -462,7 +465,7 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + return 0; + CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); + mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); +- j = sk_num(from->sk); ++ j = sk_void_num(from->sk); + if (j < mx) + mx = j; + if (mx > 0) { +@@ -497,6 +500,8 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) + EX_CLASS_ITEM *item; + void *ptr; + CRYPTO_EX_DATA_FUNCS **storage = NULL; ++ if (ex_data == NULL) ++ return; + if ((item = def_get_class(class_index)) == NULL) + return; + CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); +@@ -524,7 +529,7 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) + if (storage) + OPENSSL_free(storage); + if (ad->sk) { +- sk_free(ad->sk); ++ sk_void_free(ad->sk); + ad->sk = NULL; + } + } +@@ -606,21 +611,21 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) + int i; + + if (ad->sk == NULL) { +- if ((ad->sk = sk_new_null()) == NULL) { ++ if ((ad->sk = sk_void_new_null()) == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); + return (0); + } + } +- i = sk_num(ad->sk); ++ i = sk_void_num(ad->sk); + + while (i <= idx) { +- if (!sk_push(ad->sk, NULL)) { ++ if (!sk_void_push(ad->sk, NULL)) { + CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); + return (0); + } + i++; + } +- sk_set(ad->sk, idx, val); ++ sk_void_set(ad->sk, idx, val); + return (1); + } + +@@ -632,10 +637,10 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) + { + if (ad->sk == NULL) + return (0); +- else if (idx >= sk_num(ad->sk)) ++ else if (idx >= sk_void_num(ad->sk)) + return (0); + else +- return (sk_value(ad->sk, idx)); ++ return (sk_void_value(ad->sk, idx)); + } + + IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) +diff --git a/Cryptlib/OpenSSL/crypto/fips_err.c b/Cryptlib/OpenSSL/crypto/fips_err.c +deleted file mode 100644 +index 1788ed2..0000000 +--- a/Cryptlib/OpenSSL/crypto/fips_err.c ++++ /dev/null +@@ -1,7 +0,0 @@ +-#include +- +-#ifdef OPENSSL_FIPS +-# include "fips_err.h" +-#else +-static void *dummy = &dummy; +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/fips_ers.c b/Cryptlib/OpenSSL/crypto/fips_ers.c +new file mode 100644 +index 0000000..1788ed2 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/fips_ers.c +@@ -0,0 +1,7 @@ ++#include ++ ++#ifdef OPENSSL_FIPS ++# include "fips_err.h" ++#else ++static void *dummy = &dummy; ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c b/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c +new file mode 100644 +index 0000000..29b2b5d +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c +@@ -0,0 +1,162 @@ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2007. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include "asn1_locl.h" ++ ++#define HMAC_TEST_PRIVATE_KEY_FORMAT ++ ++/* ++ * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output ++ * length and to free up an HMAC key. ++ */ ++ ++static int hmac_size(const EVP_PKEY *pkey) ++{ ++ return EVP_MAX_MD_SIZE; ++} ++ ++static void hmac_key_free(EVP_PKEY *pkey) ++{ ++ ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; ++ if (os) { ++ if (os->data) ++ OPENSSL_cleanse(os->data, os->length); ++ ASN1_OCTET_STRING_free(os); ++ } ++} ++ ++static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) ++{ ++ switch (op) { ++ case ASN1_PKEY_CTRL_DEFAULT_MD_NID: ++ *(int *)arg2 = NID_sha256; ++ return 1; ++ ++ default: ++ return -2; ++ } ++} ++ ++#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT ++/* ++ * A bogus private key format for test purposes. This is simply the HMAC key ++ * with "HMAC PRIVATE KEY" in the headers. When enabled the genpkey utility ++ * can be used to "generate" HMAC keys. ++ */ ++ ++static int old_hmac_decode(EVP_PKEY *pkey, ++ const unsigned char **pder, int derlen) ++{ ++ ASN1_OCTET_STRING *os; ++ os = ASN1_OCTET_STRING_new(); ++ if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) ++ return 0; ++ EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os); ++ return 1; ++} ++ ++static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) ++{ ++ int inc; ++ ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; ++ if (pder) { ++ if (!*pder) { ++ *pder = OPENSSL_malloc(os->length); ++ inc = 0; ++ } else ++ inc = 1; ++ ++ memcpy(*pder, os->data, os->length); ++ ++ if (inc) ++ *pder += os->length; ++ } ++ ++ return os->length; ++} ++ ++#endif ++ ++const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { ++ EVP_PKEY_HMAC, ++ EVP_PKEY_HMAC, ++ 0, ++ ++ "HMAC", ++ "OpenSSL HMAC method", ++ ++ 0, 0, 0, 0, ++ ++ 0, 0, 0, ++ ++ hmac_size, ++ 0, ++ 0, 0, 0, 0, 0, 0, 0, ++ ++ hmac_key_free, ++ hmac_pkey_ctrl, ++#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT ++ old_hmac_decode, ++ old_hmac_encode ++#else ++ 0, 0 ++#endif ++}; +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c b/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c +new file mode 100644 +index 0000000..0ffff79 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c +@@ -0,0 +1,262 @@ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2007. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include "evp_locl.h" ++ ++/* HMAC pkey context structure */ ++ ++typedef struct { ++ const EVP_MD *md; /* MD for HMAC use */ ++ ASN1_OCTET_STRING ktmp; /* Temp storage for key */ ++ HMAC_CTX ctx; ++} HMAC_PKEY_CTX; ++ ++static int pkey_hmac_init(EVP_PKEY_CTX *ctx) ++{ ++ HMAC_PKEY_CTX *hctx; ++ hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); ++ if (!hctx) ++ return 0; ++ hctx->md = NULL; ++ hctx->ktmp.data = NULL; ++ hctx->ktmp.length = 0; ++ hctx->ktmp.flags = 0; ++ hctx->ktmp.type = V_ASN1_OCTET_STRING; ++ HMAC_CTX_init(&hctx->ctx); ++ ++ ctx->data = hctx; ++ ctx->keygen_info_count = 0; ++ ++ return 1; ++} ++ ++static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) ++{ ++ HMAC_PKEY_CTX *sctx, *dctx; ++ if (!pkey_hmac_init(dst)) ++ return 0; ++ sctx = src->data; ++ dctx = dst->data; ++ dctx->md = sctx->md; ++ HMAC_CTX_init(&dctx->ctx); ++ if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) ++ return 0; ++ if (sctx->ktmp.data) { ++ if (!ASN1_OCTET_STRING_set(&dctx->ktmp, ++ sctx->ktmp.data, sctx->ktmp.length)) ++ return 0; ++ } ++ return 1; ++} ++ ++static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) ++{ ++ HMAC_PKEY_CTX *hctx = ctx->data; ++ HMAC_CTX_cleanup(&hctx->ctx); ++ if (hctx->ktmp.data) { ++ if (hctx->ktmp.length) ++ OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); ++ OPENSSL_free(hctx->ktmp.data); ++ hctx->ktmp.data = NULL; ++ } ++ OPENSSL_free(hctx); ++} ++ ++static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ++{ ++ ASN1_OCTET_STRING *hkey = NULL; ++ HMAC_PKEY_CTX *hctx = ctx->data; ++ if (!hctx->ktmp.data) ++ return 0; ++ hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); ++ if (!hkey) ++ return 0; ++ EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); ++ ++ return 1; ++} ++ ++static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ HMAC_PKEY_CTX *hctx = ctx->pctx->data; ++ if (!HMAC_Update(&hctx->ctx, data, count)) ++ return 0; ++ return 1; ++} ++ ++static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) ++{ ++ HMAC_PKEY_CTX *hctx = ctx->data; ++ HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); ++ EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); ++ mctx->update = int_update; ++ return 1; ++} ++ ++static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, ++ EVP_MD_CTX *mctx) ++{ ++ unsigned int hlen; ++ HMAC_PKEY_CTX *hctx = ctx->data; ++ int l = EVP_MD_CTX_size(mctx); ++ ++ if (l < 0) ++ return 0; ++ *siglen = l; ++ if (!sig) ++ return 1; ++ ++ if (!HMAC_Final(&hctx->ctx, sig, &hlen)) ++ return 0; ++ *siglen = (size_t)hlen; ++ return 1; ++} ++ ++static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++{ ++ HMAC_PKEY_CTX *hctx = ctx->data; ++ ASN1_OCTET_STRING *key; ++ switch (type) { ++ ++ case EVP_PKEY_CTRL_SET_MAC_KEY: ++ if ((!p2 && p1 > 0) || (p1 < -1)) ++ return 0; ++ if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) ++ return 0; ++ break; ++ ++ case EVP_PKEY_CTRL_MD: ++ hctx->md = p2; ++ break; ++ ++ case EVP_PKEY_CTRL_DIGESTINIT: ++ key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; ++ if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, ++ ctx->engine)) ++ return 0; ++ break; ++ ++ default: ++ return -2; ++ ++ } ++ return 1; ++} ++ ++static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, ++ const char *type, const char *value) ++{ ++ if (!value) { ++ return 0; ++ } ++ if (!strcmp(type, "key")) { ++ void *p = (void *)value; ++ return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); ++ } ++ if (!strcmp(type, "hexkey")) { ++ unsigned char *key; ++ int r; ++ long keylen; ++ key = string_to_hex(value, &keylen); ++ if (!key) ++ return 0; ++ r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); ++ OPENSSL_free(key); ++ return r; ++ } ++ return -2; ++} ++ ++const EVP_PKEY_METHOD hmac_pkey_meth = { ++ EVP_PKEY_HMAC, ++ 0, ++ pkey_hmac_init, ++ pkey_hmac_copy, ++ pkey_hmac_cleanup, ++ ++ 0, 0, ++ ++ 0, ++ pkey_hmac_keygen, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ hmac_signctx_init, ++ hmac_signctx, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ pkey_hmac_ctrl, ++ pkey_hmac_ctrl_str ++}; +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c +index 639fd8c..51a0a3e 100644 +--- a/Cryptlib/OpenSSL/crypto/hmac/hmac.c ++++ b/Cryptlib/OpenSSL/crypto/hmac/hmac.c +@@ -61,30 +61,70 @@ + #include "cryptlib.h" + #include + +-#ifndef OPENSSL_FIPS ++#ifdef OPENSSL_FIPS ++# include ++#endif + +-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +- const EVP_MD *md, ENGINE *impl) ++int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, ++ const EVP_MD *md, ENGINE *impl) + { + int i, j, reset = 0; + unsigned char pad[HMAC_MAX_MD_CBLOCK]; + ++#ifdef OPENSSL_FIPS ++ /* If FIPS mode switch to approved implementation if possible */ ++ if (FIPS_mode()) { ++ const EVP_MD *fipsmd; ++ if (md) { ++ fipsmd = FIPS_get_digestbynid(EVP_MD_type(md)); ++ if (fipsmd) ++ md = fipsmd; ++ } ++ } ++ ++ if (FIPS_mode()) { ++ /* If we have an ENGINE need to allow non FIPS */ ++ if ((impl || ctx->i_ctx.engine) ++ && !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { ++ EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); ++ return 0; ++ } ++ /* ++ * Other algorithm blocking will be done in FIPS_cmac_init, via ++ * FIPS_hmac_init_ex(). ++ */ ++ if (!impl && !ctx->i_ctx.engine) ++ return FIPS_hmac_init_ex(ctx, key, len, md, NULL); ++ } ++#endif ++ /* If we are changing MD then we must have a key */ ++ if (md != NULL && md != ctx->md && (key == NULL || len < 0)) ++ return 0; ++ + if (md != NULL) { + reset = 1; + ctx->md = md; +- } else ++ } else if (ctx->md) { + md = ctx->md; ++ } else { ++ return 0; ++ } + + if (key != NULL) { + reset = 1; + j = EVP_MD_block_size(md); + OPENSSL_assert(j <= (int)sizeof(ctx->key)); + if (j < len) { +- EVP_DigestInit_ex(&ctx->md_ctx, md, impl); +- EVP_DigestUpdate(&ctx->md_ctx, key, len); +- EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, &ctx->key_length); ++ if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) ++ goto err; ++ if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, ++ &ctx->key_length)) ++ goto err; + } else { +- OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key)); ++ if (len < 0 || len > (int)sizeof(ctx->key)) ++ return 0; + memcpy(ctx->key, key, len); + ctx->key_length = len; + } +@@ -96,38 +136,67 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + if (reset) { + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x36 ^ ctx->key[i]; +- EVP_DigestInit_ex(&ctx->i_ctx, md, impl); +- EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md)); ++ if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) ++ goto err; ++ if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) ++ goto err; + + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x5c ^ ctx->key[i]; +- EVP_DigestInit_ex(&ctx->o_ctx, md, impl); +- EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md)); ++ if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) ++ goto err; ++ if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) ++ goto err; + } +- EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx); ++ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) ++ goto err; ++ return 1; ++ err: ++ return 0; + } + +-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) ++int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) + { + if (key && md) + HMAC_CTX_init(ctx); +- HMAC_Init_ex(ctx, key, len, md, NULL); ++ return HMAC_Init_ex(ctx, key, len, md, NULL); + } + +-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) ++int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) + { +- EVP_DigestUpdate(&ctx->md_ctx, data, len); ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->i_ctx.engine) ++ return FIPS_hmac_update(ctx, data, len); ++#endif ++ if (!ctx->md) ++ return 0; ++ ++ return EVP_DigestUpdate(&ctx->md_ctx, data, len); + } + +-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) ++int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) + { + unsigned int i; + unsigned char buf[EVP_MAX_MD_SIZE]; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->i_ctx.engine) ++ return FIPS_hmac_final(ctx, md, len); ++#endif ++ ++ if (!ctx->md) ++ goto err; + +- EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i); +- EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx); +- EVP_DigestUpdate(&ctx->md_ctx, buf, i); +- EVP_DigestFinal_ex(&ctx->md_ctx, md, len); ++ if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) ++ goto err; ++ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) ++ goto err; ++ if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) ++ goto err; ++ return 1; ++ err: ++ return 0; + } + + void HMAC_CTX_init(HMAC_CTX *ctx) +@@ -135,10 +204,33 @@ void HMAC_CTX_init(HMAC_CTX *ctx) + EVP_MD_CTX_init(&ctx->i_ctx); + EVP_MD_CTX_init(&ctx->o_ctx); + EVP_MD_CTX_init(&ctx->md_ctx); ++ ctx->md = NULL; ++} ++ ++int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) ++{ ++ if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx)) ++ goto err; ++ if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx)) ++ goto err; ++ if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) ++ goto err; ++ memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); ++ dctx->key_length = sctx->key_length; ++ dctx->md = sctx->md; ++ return 1; ++ err: ++ return 0; + } + + void HMAC_CTX_cleanup(HMAC_CTX *ctx) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->i_ctx.engine) { ++ FIPS_hmac_ctx_cleanup(ctx); ++ return; ++ } ++#endif + EVP_MD_CTX_cleanup(&ctx->i_ctx); + EVP_MD_CTX_cleanup(&ctx->o_ctx); + EVP_MD_CTX_cleanup(&ctx->md_ctx); +@@ -155,11 +247,17 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + if (md == NULL) + md = m; + HMAC_CTX_init(&c); +- HMAC_Init(&c, key, key_len, evp_md); +- HMAC_Update(&c, d, n); +- HMAC_Final(&c, md, md_len); ++ if (!HMAC_Init(&c, key, key_len, evp_md)) ++ goto err; ++ if (!HMAC_Update(&c, d, n)) ++ goto err; ++ if (!HMAC_Final(&c, md, md_len)) ++ goto err; ++ HMAC_CTX_cleanup(&c); ++ return md; ++ err: + HMAC_CTX_cleanup(&c); +- return (md); ++ return NULL; + } + + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) +@@ -168,5 +266,3 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) + EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + } +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c +deleted file mode 100644 +index 950df98..0000000 +--- a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c ++++ /dev/null +@@ -1,171 +0,0 @@ +-/* crypto/idea/i_cbc.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "idea_lcl.h" +- +-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, +- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, +- int encrypt) +-{ +- register unsigned long tin0, tin1; +- register unsigned long tout0, tout1, xor0, xor1; +- register long l = length; +- unsigned long tin[2]; +- +- if (encrypt) { +- n2l(iv, tout0); +- n2l(iv, tout1); +- iv -= 8; +- for (l -= 8; l >= 0; l -= 8) { +- n2l(in, tin0); +- n2l(in, tin1); +- tin0 ^= tout0; +- tin1 ^= tout1; +- tin[0] = tin0; +- tin[1] = tin1; +- idea_encrypt(tin, ks); +- tout0 = tin[0]; +- l2n(tout0, out); +- tout1 = tin[1]; +- l2n(tout1, out); +- } +- if (l != -8) { +- n2ln(in, tin0, tin1, l + 8); +- tin0 ^= tout0; +- tin1 ^= tout1; +- tin[0] = tin0; +- tin[1] = tin1; +- idea_encrypt(tin, ks); +- tout0 = tin[0]; +- l2n(tout0, out); +- tout1 = tin[1]; +- l2n(tout1, out); +- } +- l2n(tout0, iv); +- l2n(tout1, iv); +- } else { +- n2l(iv, xor0); +- n2l(iv, xor1); +- iv -= 8; +- for (l -= 8; l >= 0; l -= 8) { +- n2l(in, tin0); +- tin[0] = tin0; +- n2l(in, tin1); +- tin[1] = tin1; +- idea_encrypt(tin, ks); +- tout0 = tin[0] ^ xor0; +- tout1 = tin[1] ^ xor1; +- l2n(tout0, out); +- l2n(tout1, out); +- xor0 = tin0; +- xor1 = tin1; +- } +- if (l != -8) { +- n2l(in, tin0); +- tin[0] = tin0; +- n2l(in, tin1); +- tin[1] = tin1; +- idea_encrypt(tin, ks); +- tout0 = tin[0] ^ xor0; +- tout1 = tin[1] ^ xor1; +- l2nn(tout0, tout1, out, l + 8); +- xor0 = tin0; +- xor1 = tin1; +- } +- l2n(xor0, iv); +- l2n(xor1, iv); +- } +- tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; +- tin[0] = tin[1] = 0; +-} +- +-void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key) +-{ +- register IDEA_INT *p; +- register unsigned long x1, x2, x3, x4, t0, t1, ul; +- +- x2 = d[0]; +- x1 = (x2 >> 16); +- x4 = d[1]; +- x3 = (x4 >> 16); +- +- p = &(key->data[0][0]); +- +- E_IDEA(0); +- E_IDEA(1); +- E_IDEA(2); +- E_IDEA(3); +- E_IDEA(4); +- E_IDEA(5); +- E_IDEA(6); +- E_IDEA(7); +- +- x1 &= 0xffff; +- idea_mul(x1, x1, *p, ul); +- p++; +- +- t0 = x3 + *(p++); +- t1 = x2 + *(p++); +- +- x4 &= 0xffff; +- idea_mul(x4, x4, *p, ul); +- +- d[0] = (t0 & 0xffff) | ((x1 & 0xffff) << 16); +- d[1] = (x4 & 0xffff) | ((t1 & 0xffff) << 16); +-} +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c +deleted file mode 100644 +index a1547ed..0000000 +--- a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c ++++ /dev/null +@@ -1,123 +0,0 @@ +-/* crypto/idea/i_cfb64.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "idea_lcl.h" +- +-/* +- * The input and output encrypted as though 64bit cfb mode is being used. +- * The extra state information to record how much of the 64bit block we have +- * used is contained in *num; +- */ +- +-void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, IDEA_KEY_SCHEDULE *schedule, +- unsigned char *ivec, int *num, int encrypt) +-{ +- register unsigned long v0, v1, t; +- register int n = *num; +- register long l = length; +- unsigned long ti[2]; +- unsigned char *iv, c, cc; +- +- iv = (unsigned char *)ivec; +- if (encrypt) { +- while (l--) { +- if (n == 0) { +- n2l(iv, v0); +- ti[0] = v0; +- n2l(iv, v1); +- ti[1] = v1; +- idea_encrypt((unsigned long *)ti, schedule); +- iv = (unsigned char *)ivec; +- t = ti[0]; +- l2n(t, iv); +- t = ti[1]; +- l2n(t, iv); +- iv = (unsigned char *)ivec; +- } +- c = *(in++) ^ iv[n]; +- *(out++) = c; +- iv[n] = c; +- n = (n + 1) & 0x07; +- } +- } else { +- while (l--) { +- if (n == 0) { +- n2l(iv, v0); +- ti[0] = v0; +- n2l(iv, v1); +- ti[1] = v1; +- idea_encrypt((unsigned long *)ti, schedule); +- iv = (unsigned char *)ivec; +- t = ti[0]; +- l2n(t, iv); +- t = ti[1]; +- l2n(t, iv); +- iv = (unsigned char *)ivec; +- } +- cc = *(in++); +- c = iv[n]; +- iv[n] = cc; +- *(out++) = c ^ cc; +- n = (n + 1) & 0x07; +- } +- } +- v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; +- *num = n; +-} +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c +deleted file mode 100644 +index a6b879a..0000000 +--- a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c ++++ /dev/null +@@ -1,88 +0,0 @@ +-/* crypto/idea/i_ecb.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "idea_lcl.h" +-#include +- +-const char IDEA_version[] = "IDEA" OPENSSL_VERSION_PTEXT; +- +-const char *idea_options(void) +-{ +- if (sizeof(short) != sizeof(IDEA_INT)) +- return ("idea(int)"); +- else +- return ("idea(short)"); +-} +- +-void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, +- IDEA_KEY_SCHEDULE *ks) +-{ +- unsigned long l0, l1, d[2]; +- +- n2l(in, l0); +- d[0] = l0; +- n2l(in, l1); +- d[1] = l1; +- idea_encrypt(d, ks); +- l0 = d[0]; +- l2n(l0, out); +- l1 = d[1]; +- l2n(l1, out); +- l0 = l1 = d[0] = d[1] = 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c +deleted file mode 100644 +index aa59488..0000000 +--- a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c ++++ /dev/null +@@ -1,110 +0,0 @@ +-/* crypto/idea/i_ofb64.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "idea_lcl.h" +- +-/* +- * The input and output encrypted as though 64bit ofb mode is being used. +- * The extra state information to record how much of the 64bit block we have +- * used is contained in *num; +- */ +-void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, IDEA_KEY_SCHEDULE *schedule, +- unsigned char *ivec, int *num) +-{ +- register unsigned long v0, v1, t; +- register int n = *num; +- register long l = length; +- unsigned char d[8]; +- register char *dp; +- unsigned long ti[2]; +- unsigned char *iv; +- int save = 0; +- +- iv = (unsigned char *)ivec; +- n2l(iv, v0); +- n2l(iv, v1); +- ti[0] = v0; +- ti[1] = v1; +- dp = (char *)d; +- l2n(v0, dp); +- l2n(v1, dp); +- while (l--) { +- if (n == 0) { +- idea_encrypt((unsigned long *)ti, schedule); +- dp = (char *)d; +- t = ti[0]; +- l2n(t, dp); +- t = ti[1]; +- l2n(t, dp); +- save++; +- } +- *(out++) = *(in++) ^ d[n]; +- n = (n + 1) & 0x07; +- } +- if (save) { +- v0 = ti[0]; +- v1 = ti[1]; +- iv = (unsigned char *)ivec; +- l2n(v0, iv); +- l2n(v1, iv); +- } +- t = v0 = v1 = ti[0] = ti[1] = 0; +- *num = n; +-} +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_skey.c b/Cryptlib/OpenSSL/crypto/idea/i_skey.c +deleted file mode 100644 +index 195e2ef..0000000 +--- a/Cryptlib/OpenSSL/crypto/idea/i_skey.c ++++ /dev/null +@@ -1,180 +0,0 @@ +-/* crypto/idea/i_skey.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-#include "idea_lcl.h" +- +-static IDEA_INT inverse(unsigned int xin); +- +-#ifdef OPENSSL_FIPS +-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) +-{ +- if (FIPS_mode()) +- FIPS_BAD_ABORT(IDEA) +- private_idea_set_encrypt_key(key, ks); +-} +- +-void private_idea_set_encrypt_key(const unsigned char *key, +- IDEA_KEY_SCHEDULE *ks) +-#else +-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) +-#endif +-{ +- int i; +- register IDEA_INT *kt, *kf, r0, r1, r2; +- +- kt = &(ks->data[0][0]); +- n2s(key, kt[0]); +- n2s(key, kt[1]); +- n2s(key, kt[2]); +- n2s(key, kt[3]); +- n2s(key, kt[4]); +- n2s(key, kt[5]); +- n2s(key, kt[6]); +- n2s(key, kt[7]); +- +- kf = kt; +- kt += 8; +- for (i = 0; i < 6; i++) { +- r2 = kf[1]; +- r1 = kf[2]; +- *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff; +- r0 = kf[3]; +- *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; +- r1 = kf[4]; +- *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; +- r0 = kf[5]; +- *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; +- r1 = kf[6]; +- *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; +- r0 = kf[7]; +- *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; +- r1 = kf[0]; +- if (i >= 5) +- break; +- *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; +- *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff; +- kf += 8; +- } +-} +- +-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) +-{ +- int r; +- register IDEA_INT *tp, t; +- const IDEA_INT *fp; +- +- tp = &(dk->data[0][0]); +- fp = &(ek->data[8][0]); +- for (r = 0; r < 9; r++) { +- *(tp++) = inverse(fp[0]); +- *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff); +- *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff); +- *(tp++) = inverse(fp[3]); +- if (r == 8) +- break; +- fp -= 6; +- *(tp++) = fp[4]; +- *(tp++) = fp[5]; +- } +- +- tp = &(dk->data[0][0]); +- t = tp[1]; +- tp[1] = tp[2]; +- tp[2] = t; +- +- t = tp[49]; +- tp[49] = tp[50]; +- tp[50] = t; +-} +- +-/* taken directly from the 'paper' I'll have a look at it later */ +-static IDEA_INT inverse(unsigned int xin) +-{ +- long n1, n2, q, r, b1, b2, t; +- +- if (xin == 0) +- b2 = 0; +- else { +- n1 = 0x10001; +- n2 = xin; +- b2 = 1; +- b1 = 0; +- +- do { +- r = (n1 % n2); +- q = (n1 - r) / n2; +- if (r == 0) { +- if (b2 < 0) +- b2 = 0x10001 + b2; +- } else { +- n1 = n2; +- n2 = r; +- t = b2; +- b2 = b1 - q * b2; +- b1 = t; +- } +- } while (r != 0); +- } +- return ((IDEA_INT) b2); +-} +diff --git a/Cryptlib/OpenSSL/crypto/idea/idea_lcl.h b/Cryptlib/OpenSSL/crypto/idea/idea_lcl.h +deleted file mode 100644 +index f3dbfa6..0000000 +--- a/Cryptlib/OpenSSL/crypto/idea/idea_lcl.h ++++ /dev/null +@@ -1,215 +0,0 @@ +-/* crypto/idea/idea_lcl.h */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-/* The new form of this macro (check if the a*b == 0) was suggested by +- * Colin Plumb */ +-/* Removal of the inner if from from Wei Dai 24/4/96 */ +-#define idea_mul(r,a,b,ul) \ +-ul=(unsigned long)a*b; \ +-if (ul != 0) \ +- { \ +- r=(ul&0xffff)-(ul>>16); \ +- r-=((r)>>16); \ +- } \ +-else \ +- r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ +- +-#ifdef undef +-#define idea_mul(r,a,b,ul,sl) \ +-if (a == 0) r=(0x10001-b)&0xffff; \ +-else if (b == 0) r=(0x10001-a)&0xffff; \ +-else { \ +- ul=(unsigned long)a*b; \ +- sl=(ul&0xffff)-(ul>>16); \ +- if (sl <= 0) sl+=0x10001; \ +- r=sl; \ +- } +-#endif +- +-/* 7/12/95 - Many thanks to Rhys Weatherley +- * for pointing out that I was assuming little endian +- * byte order for all quantities what idea +- * actually used bigendian. No where in the spec does it mention +- * this, it is all in terms of 16 bit numbers and even the example +- * does not use byte streams for the input example :-(. +- * If you byte swap each pair of input, keys and iv, the functions +- * would produce the output as the old version :-(. +- */ +- +-/* NOTE - c is not incremented as per n2l */ +-#define n2ln(c,l1,l2,n) { \ +- c+=n; \ +- l1=l2=0; \ +- switch (n) { \ +- case 8: l2 =((unsigned long)(*(--(c)))) ; \ +- case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ +- case 6: l2|=((unsigned long)(*(--(c))))<<16; \ +- case 5: l2|=((unsigned long)(*(--(c))))<<24; \ +- case 4: l1 =((unsigned long)(*(--(c)))) ; \ +- case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ +- case 2: l1|=((unsigned long)(*(--(c))))<<16; \ +- case 1: l1|=((unsigned long)(*(--(c))))<<24; \ +- } \ +- } +- +-/* NOTE - c is not incremented as per l2n */ +-#define l2nn(l1,l2,c,n) { \ +- c+=n; \ +- switch (n) { \ +- case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ +- case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ +- case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ +- case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ +- case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ +- case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ +- case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ +- case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ +- } \ +- } +- +-#undef n2l +-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ +- l|=((unsigned long)(*((c)++)))<<16L, \ +- l|=((unsigned long)(*((c)++)))<< 8L, \ +- l|=((unsigned long)(*((c)++)))) +- +-#undef l2n +-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l) )&0xff)) +- +-#undef s2n +-#define s2n(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) +- +-#undef n2s +-#define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \ +- l|=((IDEA_INT)(*((c)++))) ) +- +-#ifdef undef +-/* NOTE - c is not incremented as per c2l */ +-#define c2ln(c,l1,l2,n) { \ +- c+=n; \ +- l1=l2=0; \ +- switch (n) { \ +- case 8: l2 =((unsigned long)(*(--(c))))<<24; \ +- case 7: l2|=((unsigned long)(*(--(c))))<<16; \ +- case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ +- case 5: l2|=((unsigned long)(*(--(c)))); \ +- case 4: l1 =((unsigned long)(*(--(c))))<<24; \ +- case 3: l1|=((unsigned long)(*(--(c))))<<16; \ +- case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ +- case 1: l1|=((unsigned long)(*(--(c)))); \ +- } \ +- } +- +-/* NOTE - c is not incremented as per l2c */ +-#define l2cn(l1,l2,c,n) { \ +- c+=n; \ +- switch (n) { \ +- case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ +- case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ +- case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ +- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ +- case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ +- case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ +- case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ +- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ +- } \ +- } +- +-#undef c2s +-#define c2s(c,l) (l =((unsigned long)(*((c)++))) , \ +- l|=((unsigned long)(*((c)++)))<< 8L) +- +-#undef s2c +-#define s2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) +- +-#undef c2l +-#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ +- l|=((unsigned long)(*((c)++)))<< 8L, \ +- l|=((unsigned long)(*((c)++)))<<16L, \ +- l|=((unsigned long)(*((c)++)))<<24L) +- +-#undef l2c +-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +-#endif +- +-#define E_IDEA(num) \ +- x1&=0xffff; \ +- idea_mul(x1,x1,*p,ul); p++; \ +- x2+= *(p++); \ +- x3+= *(p++); \ +- x4&=0xffff; \ +- idea_mul(x4,x4,*p,ul); p++; \ +- t0=(x1^x3)&0xffff; \ +- idea_mul(t0,t0,*p,ul); p++; \ +- t1=(t0+(x2^x4))&0xffff; \ +- idea_mul(t1,t1,*p,ul); p++; \ +- t0+=t1; \ +- x1^=t1; \ +- x4^=t0; \ +- ul=x2^t0; /* do the swap to x3 */ \ +- x2=x3^t1; \ +- x3=ul; +- +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c +index 2e87a46..0bfec23 100644 +--- a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c ++++ b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c +@@ -138,7 +138,7 @@ void lh_node_usage_stats(LHASH *lh, FILE *out) + #else + + # ifndef OPENSSL_NO_FP_API +-void lh_stats(const LHASH *lh, FILE *fp) ++void lh_stats(const _LHASH *lh, FILE *fp) + { + BIO *bp; + +@@ -151,7 +151,7 @@ void lh_stats(const LHASH *lh, FILE *fp) + end:; + } + +-void lh_node_stats(const LHASH *lh, FILE *fp) ++void lh_node_stats(const _LHASH *lh, FILE *fp) + { + BIO *bp; + +@@ -164,7 +164,7 @@ void lh_node_stats(const LHASH *lh, FILE *fp) + end:; + } + +-void lh_node_usage_stats(const LHASH *lh, FILE *fp) ++void lh_node_usage_stats(const _LHASH *lh, FILE *fp) + { + BIO *bp; + +@@ -179,7 +179,7 @@ void lh_node_usage_stats(const LHASH *lh, FILE *fp) + + # endif + +-void lh_stats_bio(const LHASH *lh, BIO *out) ++void lh_stats_bio(const _LHASH *lh, BIO *out) + { + BIO_printf(out, "num_items = %lu\n", lh->num_items); + BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); +@@ -206,7 +206,7 @@ void lh_stats_bio(const LHASH *lh, BIO *out) + # endif + } + +-void lh_node_stats_bio(const LHASH *lh, BIO *out) ++void lh_node_stats_bio(const _LHASH *lh, BIO *out) + { + LHASH_NODE *n; + unsigned int i, num; +@@ -218,7 +218,7 @@ void lh_node_stats_bio(const LHASH *lh, BIO *out) + } + } + +-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) ++void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out) + { + LHASH_NODE *n; + unsigned long num; +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c +index d48fe56..53c5c13 100644 +--- a/Cryptlib/OpenSSL/crypto/lhash/lhash.c ++++ b/Cryptlib/OpenSSL/crypto/lhash/lhash.c +@@ -108,20 +108,18 @@ const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; + #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ + #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ + +-static void expand(LHASH *lh); +-static void contract(LHASH *lh); +-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash); ++static void expand(_LHASH *lh); ++static void contract(_LHASH *lh); ++static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); + +-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) ++_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) + { +- LHASH *ret; ++ _LHASH *ret; + int i; + +- if ((ret = (LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL) ++ if ((ret = OPENSSL_malloc(sizeof(_LHASH))) == NULL) + goto err0; +- if ((ret->b = +- (LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == +- NULL) ++ if ((ret->b = OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == NULL) + goto err1; + for (i = 0; i < MIN_NODES; i++) + ret->b[i] = NULL; +@@ -157,7 +155,7 @@ LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) + return (NULL); + } + +-void lh_free(LHASH *lh) ++void lh_free(_LHASH *lh) + { + unsigned int i; + LHASH_NODE *n, *nn; +@@ -177,7 +175,7 @@ void lh_free(LHASH *lh) + OPENSSL_free(lh); + } + +-void *lh_insert(LHASH *lh, void *data) ++void *lh_insert(_LHASH *lh, void *data) + { + unsigned long hash; + LHASH_NODE *nn, **rn; +@@ -212,7 +210,7 @@ void *lh_insert(LHASH *lh, void *data) + return (ret); + } + +-void *lh_delete(LHASH *lh, const void *data) ++void *lh_delete(_LHASH *lh, const void *data) + { + unsigned long hash; + LHASH_NODE *nn, **rn; +@@ -240,7 +238,7 @@ void *lh_delete(LHASH *lh, const void *data) + return (ret); + } + +-void *lh_retrieve(LHASH *lh, const void *data) ++void *lh_retrieve(_LHASH *lh, const void *data) + { + unsigned long hash; + LHASH_NODE **rn; +@@ -259,12 +257,15 @@ void *lh_retrieve(LHASH *lh, const void *data) + return (ret); + } + +-static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, ++static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, + LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) + { + int i; + LHASH_NODE *a, *n; + ++ if (lh == NULL) ++ return; ++ + /* + * reverse the order so we search from 'top to bottom' We were having + * memory leaks otherwise +@@ -275,6 +276,10 @@ static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, + /* + * 28/05/91 - eay - n added so items can be deleted via lh_doall + */ ++ /* ++ * 22/05/08 - ben - eh? since a is not passed, this should not be ++ * needed ++ */ + n = a->next; + if (use_arg) + func_arg(a->data, arg); +@@ -285,51 +290,29 @@ static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, + } + } + +-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func) ++void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func) + { + doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); + } + +-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) ++void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) + { + doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); + } + +-static void expand(LHASH *lh) ++static void expand(_LHASH *lh) + { + LHASH_NODE **n, **n1, **n2, *np; +- unsigned int p, i, j, pmax; ++ unsigned int p, i, j; + unsigned long hash, nni; + +- p = (int)lh->p++; +- nni = lh->num_alloc_nodes; +- pmax = lh->pmax; +- +- if ((lh->p) >= lh->pmax) { +- j = (int)lh->num_alloc_nodes * 2; +- n = (LHASH_NODE **)OPENSSL_realloc(lh->b, +- (int)sizeof(LHASH_NODE *) * j); +- if (n == NULL) { +-/* fputs("realloc error in lhash",stderr); */ +- lh->error++; +- lh->p = 0; +- return; +- } +- /* else */ +- for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */ +- n[i] = NULL; /* 02/03/92 eay */ +- lh->pmax = lh->num_alloc_nodes; +- lh->num_alloc_nodes = j; +- lh->num_expand_reallocs++; +- lh->p = 0; +- lh->b = n; +- } +- + lh->num_nodes++; + lh->num_expands++; ++ p = (int)lh->p++; + n1 = &(lh->b[p]); +- n2 = &(lh->b[p + pmax]); ++ n2 = &(lh->b[p + (int)lh->pmax]); + *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */ ++ nni = lh->num_alloc_nodes; + + for (np = *n1; np != NULL;) { + #ifndef OPENSSL_NO_HASH_COMP +@@ -347,14 +330,33 @@ static void expand(LHASH *lh) + np = *n1; + } + ++ if ((lh->p) >= lh->pmax) { ++ j = (int)lh->num_alloc_nodes * 2; ++ n = (LHASH_NODE **)OPENSSL_realloc(lh->b, ++ (int)(sizeof(LHASH_NODE *) * j)); ++ if (n == NULL) { ++/* fputs("realloc error in lhash",stderr); */ ++ lh->error++; ++ lh->p = 0; ++ return; ++ } ++ /* else */ ++ for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */ ++ n[i] = NULL; /* 02/03/92 eay */ ++ lh->pmax = lh->num_alloc_nodes; ++ lh->num_alloc_nodes = j; ++ lh->num_expand_reallocs++; ++ lh->p = 0; ++ lh->b = n; ++ } + } + +-static void contract(LHASH *lh) ++static void contract(_LHASH *lh) + { + LHASH_NODE **n, *n1, *np; +- int idx = lh->p + lh->pmax - 1; + +- np = lh->b[idx]; ++ np = lh->b[lh->p + lh->pmax - 1]; ++ lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */ + if (lh->p == 0) { + n = (LHASH_NODE **)OPENSSL_realloc(lh->b, + (unsigned int)(sizeof(LHASH_NODE *) +@@ -372,7 +374,6 @@ static void contract(LHASH *lh) + } else + lh->p--; + +- lh->b[idx] = NULL; + lh->num_nodes--; + lh->num_contracts++; + +@@ -386,7 +387,7 @@ static void contract(LHASH *lh) + } + } + +-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash) ++static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash) + { + LHASH_NODE **ret, *n1; + unsigned long hash, nn; +@@ -451,7 +452,7 @@ unsigned long lh_strhash(const char *c) + return ((ret >> 16) ^ ret); + } + +-unsigned long lh_num_items(const LHASH *lh) ++unsigned long lh_num_items(const _LHASH *lh) + { + return lh ? lh->num_items : 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c +deleted file mode 100644 +index 75e7417..0000000 +--- a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c ++++ /dev/null +@@ -1,229 +0,0 @@ +-/* crypto/md2/md2_dgst.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-#include +- +-const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT; +- +-/* +- * Implemented from RFC1319 The MD2 Message-Digest Algorithm +- */ +- +-#define UCHAR unsigned char +- +-static void md2_block(MD2_CTX *c, const unsigned char *d); +-/* +- * The magic S table - I have converted it to hex since it is basically just +- * a random byte string. +- */ +-static MD2_INT S[256] = { +- 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, +- 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, +- 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, +- 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, +- 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, +- 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, +- 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, +- 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, +- 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, +- 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, +- 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, +- 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, +- 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, +- 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, +- 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, +- 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, +- 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, +- 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, +- 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, +- 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, +- 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, +- 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, +- 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, +- 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, +- 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, +- 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, +- 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, +- 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, +- 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, +- 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, +- 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, +- 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, +-}; +- +-const char *MD2_options(void) +-{ +- if (sizeof(MD2_INT) == 1) +- return ("md2(char)"); +- else +- return ("md2(int)"); +-} +- +-FIPS_NON_FIPS_MD_Init(MD2) +-{ +- c->num = 0; +- memset(c->state, 0, sizeof c->state); +- memset(c->cksm, 0, sizeof c->cksm); +- memset(c->data, 0, sizeof c->data); +- return 1; +-} +- +-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len) +-{ +- register UCHAR *p; +- +- if (len == 0) +- return 1; +- +- p = c->data; +- if (c->num != 0) { +- if ((c->num + len) >= MD2_BLOCK) { +- memcpy(&(p[c->num]), data, MD2_BLOCK - c->num); +- md2_block(c, c->data); +- data += (MD2_BLOCK - c->num); +- len -= (MD2_BLOCK - c->num); +- c->num = 0; +- /* drop through and do the rest */ +- } else { +- memcpy(&(p[c->num]), data, len); +- /* data+=len; */ +- c->num += (int)len; +- return 1; +- } +- } +- /* +- * we now can process the input data in blocks of MD2_BLOCK chars and +- * save the leftovers to c->data. +- */ +- while (len >= MD2_BLOCK) { +- md2_block(c, data); +- data += MD2_BLOCK; +- len -= MD2_BLOCK; +- } +- memcpy(p, data, len); +- c->num = (int)len; +- return 1; +-} +- +-static void md2_block(MD2_CTX *c, const unsigned char *d) +-{ +- register MD2_INT t, *sp1, *sp2; +- register int i, j; +- MD2_INT state[48]; +- +- sp1 = c->state; +- sp2 = c->cksm; +- j = sp2[MD2_BLOCK - 1]; +- for (i = 0; i < 16; i++) { +- state[i] = sp1[i]; +- state[i + 16] = t = d[i]; +- state[i + 32] = (t ^ sp1[i]); +- j = sp2[i] ^= S[t ^ j]; +- } +- t = 0; +- for (i = 0; i < 18; i++) { +- for (j = 0; j < 48; j += 8) { +- t = state[j + 0] ^= S[t]; +- t = state[j + 1] ^= S[t]; +- t = state[j + 2] ^= S[t]; +- t = state[j + 3] ^= S[t]; +- t = state[j + 4] ^= S[t]; +- t = state[j + 5] ^= S[t]; +- t = state[j + 6] ^= S[t]; +- t = state[j + 7] ^= S[t]; +- } +- t = (t + i) & 0xff; +- } +- memcpy(sp1, state, 16 * sizeof(MD2_INT)); +- OPENSSL_cleanse(state, 48 * sizeof(MD2_INT)); +-} +- +-int MD2_Final(unsigned char *md, MD2_CTX *c) +-{ +- int i, v; +- register UCHAR *cp; +- register MD2_INT *p1, *p2; +- +- cp = c->data; +- p1 = c->state; +- p2 = c->cksm; +- v = MD2_BLOCK - c->num; +- for (i = c->num; i < MD2_BLOCK; i++) +- cp[i] = (UCHAR) v; +- +- md2_block(c, cp); +- +- for (i = 0; i < MD2_BLOCK; i++) +- cp[i] = (UCHAR) p2[i]; +- md2_block(c, cp); +- +- for (i = 0; i < 16; i++) +- md[i] = (UCHAR) (p1[i] & 0xff); +- memset((char *)&c, 0, sizeof(c)); +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_one.c b/Cryptlib/OpenSSL/crypto/md2/md2_one.c +deleted file mode 100644 +index cd2631b..0000000 +--- a/Cryptlib/OpenSSL/crypto/md2/md2_one.c ++++ /dev/null +@@ -1,96 +0,0 @@ +-/* crypto/md2/md2_one.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "cryptlib.h" +-#include +- +-/* +- * This is a separate file so that #defines in cryptlib.h can map my MD +- * functions to different names +- */ +- +-unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md) +-{ +- MD2_CTX c; +- static unsigned char m[MD2_DIGEST_LENGTH]; +- +- if (md == NULL) +- md = m; +- if (!MD2_Init(&c)) +- return NULL; +-#ifndef CHARSET_EBCDIC +- MD2_Update(&c, d, n); +-#else +- { +- char temp[1024]; +- unsigned long chunk; +- +- while (n > 0) { +- chunk = (n > sizeof(temp)) ? sizeof(temp) : n; +- ebcdic2ascii(temp, d, chunk); +- MD2_Update(&c, temp, chunk); +- n -= chunk; +- d += chunk; +- } +- } +-#endif +- MD2_Final(md, &c); +- OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */ +- return (md); +-} +diff --git a/Cryptlib/OpenSSL/crypto/md32_common.h b/Cryptlib/OpenSSL/crypto/md32_common.h +index 61bcd97..96828d2 100644 +--- a/Cryptlib/OpenSSL/crypto/md32_common.h ++++ b/Cryptlib/OpenSSL/crypto/md32_common.h +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -49,7 +49,7 @@ + * + */ + +-/* ++/*- + * This is a generic 32 bit "collector" for message digest algorithms. + * Whenever needed it collects input character stream into chunks of + * 32 bit values and invokes a block function that performs actual hash +@@ -60,81 +60,81 @@ + * Obligatory macros: + * + * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN +- * this macro defines byte order of input stream. ++ * this macro defines byte order of input stream. + * HASH_CBLOCK +- * size of a unit chunk HASH_BLOCK operates on. ++ * size of a unit chunk HASH_BLOCK operates on. + * HASH_LONG +- * has to be at lest 32 bit wide, if it's wider, then +- * HASH_LONG_LOG2 *has to* be defined along ++ * has to be at lest 32 bit wide, if it's wider, then ++ * HASH_LONG_LOG2 *has to* be defined along + * HASH_CTX +- * context structure that at least contains following +- * members: +- * typedef struct { +- * ... +- * HASH_LONG Nl,Nh; +- * either { +- * HASH_LONG data[HASH_LBLOCK]; +- * unsigned char data[HASH_CBLOCK]; +- * }; +- * unsigned int num; +- * ... +- * } HASH_CTX; +- * data[] vector is expected to be zeroed upon first call to +- * HASH_UPDATE. ++ * context structure that at least contains following ++ * members: ++ * typedef struct { ++ * ... ++ * HASH_LONG Nl,Nh; ++ * either { ++ * HASH_LONG data[HASH_LBLOCK]; ++ * unsigned char data[HASH_CBLOCK]; ++ * }; ++ * unsigned int num; ++ * ... ++ * } HASH_CTX; ++ * data[] vector is expected to be zeroed upon first call to ++ * HASH_UPDATE. + * HASH_UPDATE +- * name of "Update" function, implemented here. ++ * name of "Update" function, implemented here. + * HASH_TRANSFORM +- * name of "Transform" function, implemented here. ++ * name of "Transform" function, implemented here. + * HASH_FINAL +- * name of "Final" function, implemented here. ++ * name of "Final" function, implemented here. + * HASH_BLOCK_DATA_ORDER +- * name of "block" function capable of treating *unaligned* input +- * message in original (data) byte order, implemented externally. ++ * name of "block" function capable of treating *unaligned* input ++ * message in original (data) byte order, implemented externally. + * HASH_MAKE_STRING +- * macro convering context variables to an ASCII hash string. ++ * macro convering context variables to an ASCII hash string. + * + * MD5 example: + * +- * #define DATA_ORDER_IS_LITTLE_ENDIAN ++ * #define DATA_ORDER_IS_LITTLE_ENDIAN + * +- * #define HASH_LONG MD5_LONG +- * #define HASH_LONG_LOG2 MD5_LONG_LOG2 +- * #define HASH_CTX MD5_CTX +- * #define HASH_CBLOCK MD5_CBLOCK +- * #define HASH_UPDATE MD5_Update +- * #define HASH_TRANSFORM MD5_Transform +- * #define HASH_FINAL MD5_Final +- * #define HASH_BLOCK_DATA_ORDER md5_block_data_order ++ * #define HASH_LONG MD5_LONG ++ * #define HASH_LONG_LOG2 MD5_LONG_LOG2 ++ * #define HASH_CTX MD5_CTX ++ * #define HASH_CBLOCK MD5_CBLOCK ++ * #define HASH_UPDATE MD5_Update ++ * #define HASH_TRANSFORM MD5_Transform ++ * #define HASH_FINAL MD5_Final ++ * #define HASH_BLOCK_DATA_ORDER md5_block_data_order + * +- * ++ * + */ + + #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) +-#error "DATA_ORDER must be defined!" ++# error "DATA_ORDER must be defined!" + #endif + + #ifndef HASH_CBLOCK +-#error "HASH_CBLOCK must be defined!" ++# error "HASH_CBLOCK must be defined!" + #endif + #ifndef HASH_LONG +-#error "HASH_LONG must be defined!" ++# error "HASH_LONG must be defined!" + #endif + #ifndef HASH_CTX +-#error "HASH_CTX must be defined!" ++# error "HASH_CTX must be defined!" + #endif + + #ifndef HASH_UPDATE +-#error "HASH_UPDATE must be defined!" ++# error "HASH_UPDATE must be defined!" + #endif + #ifndef HASH_TRANSFORM +-#error "HASH_TRANSFORM must be defined!" ++# error "HASH_TRANSFORM must be defined!" + #endif + #ifndef HASH_FINAL +-#error "HASH_FINAL must be defined!" ++# error "HASH_FINAL must be defined!" + #endif + + #ifndef HASH_BLOCK_DATA_ORDER +-#error "HASH_BLOCK_DATA_ORDER must be defined!" ++# error "HASH_BLOCK_DATA_ORDER must be defined!" + #endif + + /* +@@ -142,136 +142,154 @@ + */ + #undef ROTATE + #ifndef PEDANTIC +-# if defined(_MSC_VER) || defined(__ICC) +-# define ROTATE(a,n) _lrotl(a,n) ++# if defined(_MSC_VER) ++# define ROTATE(a,n) _lrotl(a,n) ++# elif defined(__ICC) ++# define ROTATE(a,n) _rotl(a,n) + # elif defined(__MWERKS__) + # if defined(__POWERPC__) +-# define ROTATE(a,n) __rlwinm(a,n,0,31) ++# define ROTATE(a,n) __rlwinm(a,n,0,31) + # elif defined(__MC68K__) + /* Motorola specific tweak. */ +-# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) ++# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) + # else +-# define ROTATE(a,n) __rol(a,n) ++# define ROTATE(a,n) __rol(a,n) + # endif + # elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) + /* + * Some GNU C inline assembler templates. Note that these are + * rotates by *constant* number of bits! But that's exactly + * what we need here... +- * ++ * + */ + # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +-# define ROTATE(a,n) ({ register unsigned int ret; \ +- asm ( \ +- "roll %1,%0" \ +- : "=r"(ret) \ +- : "I"(n), "0"(a) \ +- : "cc"); \ +- ret; \ +- }) ++# define ROTATE(a,n) ({ register unsigned int ret; \ ++ asm ( \ ++ "roll %1,%0" \ ++ : "=r"(ret) \ ++ : "I"(n), "0"((unsigned int)(a)) \ ++ : "cc"); \ ++ ret; \ ++ }) + # elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ +- defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) +-# define ROTATE(a,n) ({ register unsigned int ret; \ +- asm ( \ +- "rlwinm %0,%1,%2,0,31" \ +- : "=r"(ret) \ +- : "r"(a), "I"(n)); \ +- ret; \ +- }) ++ defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) ++# define ROTATE(a,n) ({ register unsigned int ret; \ ++ asm ( \ ++ "rlwinm %0,%1,%2,0,31" \ ++ : "=r"(ret) \ ++ : "r"(a), "I"(n)); \ ++ ret; \ ++ }) + # elif defined(__s390x__) +-# define ROTATE(a,n) ({ register unsigned int ret; \ +- asm ("rll %0,%1,%2" \ +- : "=r"(ret) \ +- : "r"(a), "I"(n)); \ +- ret; \ +- }) ++# define ROTATE(a,n) ({ register unsigned int ret; \ ++ asm ("rll %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a), "I"(n)); \ ++ ret; \ ++ }) + # endif + # endif +-#endif /* PEDANTIC */ ++#endif /* PEDANTIC */ + + #ifndef ROTATE +-#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) ++# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) + #endif + + #if defined(DATA_ORDER_IS_BIG_ENDIAN) + +-#ifndef PEDANTIC +-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +-# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ ++# ifndef PEDANTIC ++# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ + (defined(__x86_64) || defined(__x86_64__)) +-# if !defined(B_ENDIAN) ++# if !defined(B_ENDIAN) + /* + * This gives ~30-40% performance improvement in SHA-256 compiled + * with gcc [on P4]. Well, first macro to be frank. We can pull + * this trick on x86* platforms only, because these CPUs can fetch + * unaligned data without raising an exception. + */ +-# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ +- asm ("bswapl %0":"=r"(r):"0"(r)); \ +- (c)+=4; (l)=r; }) +-# define HOST_l2c(l,c) ({ unsigned int r=(l); \ +- asm ("bswapl %0":"=r"(r):"0"(r)); \ +- *((unsigned int *)(c))=r; (c)+=4; r; }) ++# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ ++ asm ("bswapl %0":"=r"(r):"0"(r)); \ ++ (c)+=4; (l)=r; }) ++# define HOST_l2c(l,c) ({ unsigned int r=(l); \ ++ asm ("bswapl %0":"=r"(r):"0"(r)); \ ++ *((unsigned int *)(c))=r; (c)+=4; r; }) ++# endif ++# elif defined(__aarch64__) ++# if defined(__BYTE_ORDER__) ++# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ ++# define HOST_c2l(c,l) ({ unsigned int r; \ ++ asm ("rev %w0,%w1" \ ++ :"=r"(r) \ ++ :"r"(*((const unsigned int *)(c))));\ ++ (c)+=4; (l)=r; }) ++# define HOST_l2c(l,c) ({ unsigned int r; \ ++ asm ("rev %w0,%w1" \ ++ :"=r"(r) \ ++ :"r"((unsigned int)(l)));\ ++ *((unsigned int *)(c))=r; (c)+=4; r; }) ++# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ ++# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) ++# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) ++# endif ++# endif + # endif + # endif ++# if defined(__s390__) || defined(__s390x__) ++# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) ++# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) ++# endif + # endif +-#endif +-#if defined(__s390__) || defined(__s390x__) +-# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) +-# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) +-#endif + +-#ifndef HOST_c2l +-#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ +- l|=(((unsigned long)(*((c)++)))<<16), \ +- l|=(((unsigned long)(*((c)++)))<< 8), \ +- l|=(((unsigned long)(*((c)++))) ), \ +- l) +-#endif +-#ifndef HOST_l2c +-#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16)&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ +- *((c)++)=(unsigned char)(((l) )&0xff), \ +- l) +-#endif ++# ifndef HOST_c2l ++# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ ++ l|=(((unsigned long)(*((c)++)))<<16), \ ++ l|=(((unsigned long)(*((c)++)))<< 8), \ ++ l|=(((unsigned long)(*((c)++))) ) ) ++# endif ++# ifndef HOST_l2c ++# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ ++ *((c)++)=(unsigned char)(((l) )&0xff), \ ++ l) ++# endif + + #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + +-#ifndef PEDANTIC +-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +-# if defined(__s390x__) +-# define HOST_c2l(c,l) ({ asm ("lrv %0,0(%1)" \ +- :"=r"(l) : "r"(c)); \ +- (c)+=4; (l); }) +-# define HOST_l2c(l,c) ({ asm ("strv %0,0(%1)" \ +- : : "r"(l),"r"(c) : "memory"); \ +- (c)+=4; (l); }) ++# ifndef PEDANTIC ++# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++# if defined(__s390x__) ++# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \ ++ :"=d"(l) :"m"(*(const unsigned int *)(c)));\ ++ (c)+=4; (l); }) ++# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \ ++ :"=m"(*(unsigned int *)(c)) :"d"(l));\ ++ (c)+=4; (l); }) ++# endif ++# endif ++# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) ++# ifndef B_ENDIAN ++ /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ ++# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) ++# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) ++# endif + # endif + # endif +-#endif +-#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +-# ifndef B_ENDIAN +- /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ +-# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) +-# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) +-# endif +-#endif + +-#ifndef HOST_c2l +-#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ +- l|=(((unsigned long)(*((c)++)))<< 8), \ +- l|=(((unsigned long)(*((c)++)))<<16), \ +- l|=(((unsigned long)(*((c)++)))<<24), \ +- l) +-#endif +-#ifndef HOST_l2c +-#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>24)&0xff), \ +- l) +-#endif ++# ifndef HOST_c2l ++# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ ++ l|=(((unsigned long)(*((c)++)))<< 8), \ ++ l|=(((unsigned long)(*((c)++)))<<16), \ ++ l|=(((unsigned long)(*((c)++)))<<24) ) ++# endif ++# ifndef HOST_l2c ++# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ ++ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ ++ l) ++# endif + + #endif + +@@ -279,111 +297,107 @@ + * Time for some action:-) + */ + +-int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) +- { +- const unsigned char *data=data_; +- unsigned char *p; +- HASH_LONG l; +- size_t n; +- +- if (len==0) return 1; +- +- l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL; +- /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to +- * Wei Dai for pointing it out. */ +- if (l < c->Nl) /* overflow */ +- c->Nh++; +- c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */ +- c->Nl=l; +- +- n = c->num; +- if (n != 0) +- { +- p=(unsigned char *)c->data; +- +- if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK) +- { +- memcpy (p+n,data,HASH_CBLOCK-n); +- HASH_BLOCK_DATA_ORDER (c,p,1); +- n = HASH_CBLOCK-n; +- data += n; +- len -= n; +- c->num = 0; +- memset (p,0,HASH_CBLOCK); /* keep it zeroed */ +- } +- else +- { +- memcpy (p+n,data,len); +- c->num += (unsigned int)len; +- return 1; +- } +- } +- +- n = len/HASH_CBLOCK; +- if (n > 0) +- { +- HASH_BLOCK_DATA_ORDER (c,data,n); +- n *= HASH_CBLOCK; +- data += n; +- len -= n; +- } +- +- if (len != 0) +- { +- p = (unsigned char *)c->data; +- c->num = len; +- memcpy (p,data,len); +- } +- return 1; +- } +- ++int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) ++{ ++ const unsigned char *data = data_; ++ unsigned char *p; ++ HASH_LONG l; ++ size_t n; + +-void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) +- { +- HASH_BLOCK_DATA_ORDER (c,data,1); +- } ++ if (len == 0) ++ return 1; + +- +-int HASH_FINAL (unsigned char *md, HASH_CTX *c) +- { +- unsigned char *p = (unsigned char *)c->data; +- size_t n = c->num; +- +- p[n] = 0x80; /* there is always room for one */ +- n++; +- +- if (n > (HASH_CBLOCK-8)) +- { +- memset (p+n,0,HASH_CBLOCK-n); +- n=0; +- HASH_BLOCK_DATA_ORDER (c,p,1); +- } +- memset (p+n,0,HASH_CBLOCK-8-n); +- +- p += HASH_CBLOCK-8; ++ l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; ++ /* ++ * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai ++ * for pointing it out. ++ */ ++ if (l < c->Nl) /* overflow */ ++ c->Nh++; ++ c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on ++ * 16-bit */ ++ c->Nl = l; ++ ++ n = c->num; ++ if (n != 0) { ++ p = (unsigned char *)c->data; ++ ++ if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { ++ memcpy(p + n, data, HASH_CBLOCK - n); ++ HASH_BLOCK_DATA_ORDER(c, p, 1); ++ n = HASH_CBLOCK - n; ++ data += n; ++ len -= n; ++ c->num = 0; ++ memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ ++ } else { ++ memcpy(p + n, data, len); ++ c->num += (unsigned int)len; ++ return 1; ++ } ++ } ++ ++ n = len / HASH_CBLOCK; ++ if (n > 0) { ++ HASH_BLOCK_DATA_ORDER(c, data, n); ++ n *= HASH_CBLOCK; ++ data += n; ++ len -= n; ++ } ++ ++ if (len != 0) { ++ p = (unsigned char *)c->data; ++ c->num = (unsigned int)len; ++ memcpy(p, data, len); ++ } ++ return 1; ++} ++ ++void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) ++{ ++ HASH_BLOCK_DATA_ORDER(c, data, 1); ++} ++ ++int HASH_FINAL(unsigned char *md, HASH_CTX *c) ++{ ++ unsigned char *p = (unsigned char *)c->data; ++ size_t n = c->num; ++ ++ p[n] = 0x80; /* there is always room for one */ ++ n++; ++ ++ if (n > (HASH_CBLOCK - 8)) { ++ memset(p + n, 0, HASH_CBLOCK - n); ++ n = 0; ++ HASH_BLOCK_DATA_ORDER(c, p, 1); ++ } ++ memset(p + n, 0, HASH_CBLOCK - 8 - n); ++ ++ p += HASH_CBLOCK - 8; + #if defined(DATA_ORDER_IS_BIG_ENDIAN) +- (void)HOST_l2c(c->Nh,p); +- (void)HOST_l2c(c->Nl,p); ++ (void)HOST_l2c(c->Nh, p); ++ (void)HOST_l2c(c->Nl, p); + #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +- (void)HOST_l2c(c->Nl,p); +- (void)HOST_l2c(c->Nh,p); ++ (void)HOST_l2c(c->Nl, p); ++ (void)HOST_l2c(c->Nh, p); + #endif +- p -= HASH_CBLOCK; +- HASH_BLOCK_DATA_ORDER (c,p,1); +- c->num=0; +- memset (p,0,HASH_CBLOCK); ++ p -= HASH_CBLOCK; ++ HASH_BLOCK_DATA_ORDER(c, p, 1); ++ c->num = 0; ++ memset(p, 0, HASH_CBLOCK); + + #ifndef HASH_MAKE_STRING +-#error "HASH_MAKE_STRING must be defined!" ++# error "HASH_MAKE_STRING must be defined!" + #else +- HASH_MAKE_STRING(c,md); ++ HASH_MAKE_STRING(c, md); + #endif + +- return 1; +- } ++ return 1; ++} + + #ifndef MD32_REG_T +-#define MD32_REG_T long ++# if defined(__alpha) || defined(__sparcv9) || defined(__mips) ++# define MD32_REG_T long + /* + * This comment was originaly written for MD5, which is why it + * discusses A-D. But it basically applies to all 32-bit digests, +@@ -397,12 +411,18 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) + * *either* case. Now declaring 'em long excuses the compiler + * from keeping 32 MSBs zeroed resulting in 13% performance + * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. +- * Well, to be honest it should say that this *prevents* ++ * Well, to be honest it should say that this *prevents* + * performance degradation. +- * +- * Apparently there're LP64 compilers that generate better +- * code if A-D are declared int. Most notably GCC-x86_64 +- * generates better code. +- * ++ * ++ */ ++# else ++/* ++ * Above is not absolute and there are LP64 compilers that ++ * generate better code if MD32_REG_T is defined int. The above ++ * pre-processor condition reflects the circumstances under which ++ * the conclusion was made and is subject to further extension. ++ * + */ ++# define MD32_REG_T int ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c +index 584d9b8..614fca0 100644 +--- a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c ++++ b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c +@@ -57,12 +57,9 @@ + */ + + #include +-#include "md4_locl.h" + #include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif ++#include ++#include "md4_locl.h" + + const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT; + +@@ -75,15 +72,13 @@ const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT; + #define INIT_DATA_C (unsigned long)0x98badcfeL + #define INIT_DATA_D (unsigned long)0x10325476L + +-FIPS_NON_FIPS_MD_Init(MD4) ++fips_md_init(MD4) + { ++ memset(c, 0, sizeof(*c)); + c->A = INIT_DATA_A; + c->B = INIT_DATA_B; + c->C = INIT_DATA_C; + c->D = INIT_DATA_D; +- c->Nl = 0; +- c->Nh = 0; +- c->num = 0; + return 1; + } + +@@ -111,52 +106,52 @@ void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) + D = c->D; + + for (; num--;) { +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(0) = l; +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(1) = l; + /* Round 0 */ + R0(A, B, C, D, X(0), 3, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(2) = l; + R0(D, A, B, C, X(1), 7, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(3) = l; + R0(C, D, A, B, X(2), 11, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(4) = l; + R0(B, C, D, A, X(3), 19, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(5) = l; + R0(A, B, C, D, X(4), 3, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(6) = l; + R0(D, A, B, C, X(5), 7, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(7) = l; + R0(C, D, A, B, X(6), 11, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(8) = l; + R0(B, C, D, A, X(7), 19, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(9) = l; + R0(A, B, C, D, X(8), 3, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(10) = l; + R0(D, A, B, C, X(9), 7, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(11) = l; + R0(C, D, A, B, X(10), 11, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(12) = l; + R0(B, C, D, A, X(11), 19, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(13) = l; + R0(A, B, C, D, X(12), 3, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(14) = l; + R0(D, A, B, C, X(13), 7, 0); +- HOST_c2l(data, l); ++ (void)HOST_c2l(data, l); + X(15) = l; + R0(C, D, A, B, X(14), 11, 0); + R0(B, C, D, A, X(15), 19, 0); +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_locl.h b/Cryptlib/OpenSSL/crypto/md4/md4_locl.h +index c8085b0..dc86a86 100644 +--- a/Cryptlib/OpenSSL/crypto/md4/md4_locl.h ++++ b/Cryptlib/OpenSSL/crypto/md4/md4_locl.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,51 +62,52 @@ + #include + + #ifndef MD4_LONG_LOG2 +-#define MD4_LONG_LOG2 2 /* default to 32 bits */ ++# define MD4_LONG_LOG2 2 /* default to 32 bits */ + #endif + +-void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); ++void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); + + #define DATA_ORDER_IS_LITTLE_ENDIAN + +-#define HASH_LONG MD4_LONG +-#define HASH_CTX MD4_CTX +-#define HASH_CBLOCK MD4_CBLOCK +-#define HASH_UPDATE MD4_Update +-#define HASH_TRANSFORM MD4_Transform +-#define HASH_FINAL MD4_Final +-#define HASH_MAKE_STRING(c,s) do { \ +- unsigned long ll; \ +- ll=(c)->A; HOST_l2c(ll,(s)); \ +- ll=(c)->B; HOST_l2c(ll,(s)); \ +- ll=(c)->C; HOST_l2c(ll,(s)); \ +- ll=(c)->D; HOST_l2c(ll,(s)); \ +- } while (0) +-#define HASH_BLOCK_DATA_ORDER md4_block_data_order ++#define HASH_LONG MD4_LONG ++#define HASH_CTX MD4_CTX ++#define HASH_CBLOCK MD4_CBLOCK ++#define HASH_UPDATE MD4_Update ++#define HASH_TRANSFORM MD4_Transform ++#define HASH_FINAL MD4_Final ++#define HASH_MAKE_STRING(c,s) do { \ ++ unsigned long ll; \ ++ ll=(c)->A; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->B; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->C; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->D; (void)HOST_l2c(ll,(s)); \ ++ } while (0) ++#define HASH_BLOCK_DATA_ORDER md4_block_data_order + + #include "md32_common.h" + +-/* +-#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) +-#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z)))) ++/*- ++#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) ++#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z)))) + */ + +-/* As pointed out by Wei Dai , the above can be +- * simplified to the code below. Wei attributes these optimizations +- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. ++/* ++ * As pointed out by Wei Dai , the above can be simplified ++ * to the code below. Wei attributes these optimizations to Peter Gutmann's ++ * SHS code, and he attributes it to Rich Schroeppel. + */ +-#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +-#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) +-#define H(b,c,d) ((b) ^ (c) ^ (d)) ++#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) ++#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) ++#define H(b,c,d) ((b) ^ (c) ^ (d)) + + #define R0(a,b,c,d,k,s,t) { \ +- a+=((k)+(t)+F((b),(c),(d))); \ +- a=ROTATE(a,s); }; ++ a+=((k)+(t)+F((b),(c),(d))); \ ++ a=ROTATE(a,s); }; + + #define R1(a,b,c,d,k,s,t) { \ +- a+=((k)+(t)+G((b),(c),(d))); \ +- a=ROTATE(a,s); };\ ++ a+=((k)+(t)+G((b),(c),(d))); \ ++ a=ROTATE(a,s); };\ + + #define R2(a,b,c,d,k,s,t) { \ +- a+=((k)+(t)+H((b),(c),(d))); \ +- a=ROTATE(a,s); }; ++ a+=((k)+(t)+H((b),(c),(d))); \ ++ a=ROTATE(a,s); }; +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c +index efebf9e..2b51946 100644 +--- a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c ++++ b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c +@@ -59,10 +59,7 @@ + #include + #include "md5_locl.h" + #include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif ++#include + + const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT; + +@@ -75,15 +72,13 @@ const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT; + #define INIT_DATA_C (unsigned long)0x98badcfeL + #define INIT_DATA_D (unsigned long)0x10325476L + +-FIPS_NON_FIPS_MD_Init(MD5) ++fips_md_init(MD5) + { ++ memset(c, 0, sizeof(*c)); + c->A = INIT_DATA_A; + c->B = INIT_DATA_B; + c->C = INIT_DATA_C; + c->D = INIT_DATA_D; +- c->Nl = 0; +- c->Nh = 0; +- c->num = 0; + return 1; + } + +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_locl.h b/Cryptlib/OpenSSL/crypto/md5/md5_locl.h +index 84e81b9..82e6921 100644 +--- a/Cryptlib/OpenSSL/crypto/md5/md5_locl.h ++++ b/Cryptlib/OpenSSL/crypto/md5/md5_locl.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,67 +62,72 @@ + #include + + #ifndef MD5_LONG_LOG2 +-#define MD5_LONG_LOG2 2 /* default to 32 bits */ ++# define MD5_LONG_LOG2 2 /* default to 32 bits */ + #endif + + #ifdef MD5_ASM + # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) + # define md5_block_data_order md5_block_asm_data_order ++# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) ++# define md5_block_data_order md5_block_asm_data_order ++# elif defined(__sparc) || defined(__sparc__) ++# define md5_block_data_order md5_block_asm_data_order + # endif + #endif + +-void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); ++void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); + + #define DATA_ORDER_IS_LITTLE_ENDIAN + +-#define HASH_LONG MD5_LONG +-#define HASH_CTX MD5_CTX +-#define HASH_CBLOCK MD5_CBLOCK +-#define HASH_UPDATE MD5_Update +-#define HASH_TRANSFORM MD5_Transform +-#define HASH_FINAL MD5_Final +-#define HASH_MAKE_STRING(c,s) do { \ +- unsigned long ll; \ +- ll=(c)->A; HOST_l2c(ll,(s)); \ +- ll=(c)->B; HOST_l2c(ll,(s)); \ +- ll=(c)->C; HOST_l2c(ll,(s)); \ +- ll=(c)->D; HOST_l2c(ll,(s)); \ +- } while (0) +-#define HASH_BLOCK_DATA_ORDER md5_block_data_order ++#define HASH_LONG MD5_LONG ++#define HASH_CTX MD5_CTX ++#define HASH_CBLOCK MD5_CBLOCK ++#define HASH_UPDATE MD5_Update ++#define HASH_TRANSFORM MD5_Transform ++#define HASH_FINAL MD5_Final ++#define HASH_MAKE_STRING(c,s) do { \ ++ unsigned long ll; \ ++ ll=(c)->A; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->B; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->C; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->D; (void)HOST_l2c(ll,(s)); \ ++ } while (0) ++#define HASH_BLOCK_DATA_ORDER md5_block_data_order + + #include "md32_common.h" + +-/* +-#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) +-#define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) ++/*- ++#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) ++#define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) + */ + +-/* As pointed out by Wei Dai , the above can be +- * simplified to the code below. Wei attributes these optimizations +- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. ++/* ++ * As pointed out by Wei Dai , the above can be simplified ++ * to the code below. Wei attributes these optimizations to Peter Gutmann's ++ * SHS code, and he attributes it to Rich Schroeppel. + */ +-#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +-#define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c)) +-#define H(b,c,d) ((b) ^ (c) ^ (d)) +-#define I(b,c,d) (((~(d)) | (b)) ^ (c)) ++#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) ++#define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c)) ++#define H(b,c,d) ((b) ^ (c) ^ (d)) ++#define I(b,c,d) (((~(d)) | (b)) ^ (c)) + + #define R0(a,b,c,d,k,s,t) { \ +- a+=((k)+(t)+F((b),(c),(d))); \ +- a=ROTATE(a,s); \ +- a+=b; };\ ++ a+=((k)+(t)+F((b),(c),(d))); \ ++ a=ROTATE(a,s); \ ++ a+=b; };\ + + #define R1(a,b,c,d,k,s,t) { \ +- a+=((k)+(t)+G((b),(c),(d))); \ +- a=ROTATE(a,s); \ +- a+=b; }; ++ a+=((k)+(t)+G((b),(c),(d))); \ ++ a=ROTATE(a,s); \ ++ a+=b; }; + + #define R2(a,b,c,d,k,s,t) { \ +- a+=((k)+(t)+H((b),(c),(d))); \ +- a=ROTATE(a,s); \ +- a+=b; }; ++ a+=((k)+(t)+H((b),(c),(d))); \ ++ a=ROTATE(a,s); \ ++ a+=b; }; + + #define R3(a,b,c,d,k,s,t) { \ +- a+=((k)+(t)+I((b),(c),(d))); \ +- a=ROTATE(a,s); \ +- a+=b; }; ++ a+=((k)+(t)+I((b),(c),(d))); \ ++ a=ROTATE(a,s); \ ++ a+=b; }; +diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c +index 0620a51..fdad49b 100644 +--- a/Cryptlib/OpenSSL/crypto/mem.c ++++ b/Cryptlib/OpenSSL/crypto/mem.c +@@ -107,7 +107,7 @@ static void (*free_locked_func) (void *) = free; + + /* may be changed as long as 'allow_customize_debug' is set */ + /* XXX use correct function pointer types */ +-#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS) ++#ifdef CRYPTO_MDEBUG + /* use default functions from mem_dbg.c */ + static void (*malloc_debug_func) (void *, int, const char *, int, int) + = CRYPTO_dbg_malloc; +@@ -117,14 +117,6 @@ static void (*realloc_debug_func) (void *, void *, int, const char *, int, + static void (*free_debug_func) (void *, int) = CRYPTO_dbg_free; + static void (*set_debug_options_func) (long) = CRYPTO_dbg_set_options; + static long (*get_debug_options_func) (void) = CRYPTO_dbg_get_options; +- +-static int (*push_info_func) (const char *info, const char *file, int line) +- = CRYPTO_dbg_push_info; +-static int (*pop_info_func) (void) +- = CRYPTO_dbg_pop_info; +-static int (*remove_all_info_func) (void) +- = CRYPTO_dbg_remove_all_info; +- + #else + /* + * applications can use CRYPTO_malloc_debug_init() to select above case at +@@ -137,17 +129,13 @@ static void (*realloc_debug_func) (void *, void *, int, const char *, int, + static void (*free_debug_func) (void *, int) = NULL; + static void (*set_debug_options_func) (long) = NULL; + static long (*get_debug_options_func) (void) = NULL; +- +-static int (*push_info_func) (const char *info, const char *file, int line) +- = NULL; +-static int (*pop_info_func) (void) = NULL; +-static int (*remove_all_info_func) (void) = NULL; +- + #endif + + int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), + void (*f) (void *)) + { ++ /* Dummy call just to ensure OPENSSL_init() gets linked in */ ++ OPENSSL_init(); + if (!allow_customize) + return 0; + if ((m == 0) || (r == 0) || (f == 0)) +@@ -216,6 +204,7 @@ int CRYPTO_set_mem_debug_functions(void (*m) + { + if (!allow_customize_debug) + return 0; ++ OPENSSL_init(); + malloc_debug_func = m; + realloc_debug_func = r; + free_debug_func = f; +@@ -224,16 +213,6 @@ int CRYPTO_set_mem_debug_functions(void (*m) + return 1; + } + +-void CRYPTO_set_mem_info_functions(int (*push_info_fn) +- (const char *info, const char *file, +- int line), int (*pop_info_fn) (void), +- int (*remove_all_info_fn) (void)) +-{ +- push_info_func = push_info_fn; +- pop_info_func = pop_info_fn; +- remove_all_info_func = remove_all_info_fn; +-} +- + void CRYPTO_get_mem_functions(void *(**m) (size_t), + void *(**r) (void *, size_t), + void (**f) (void *)) +@@ -301,14 +280,15 @@ void CRYPTO_get_mem_debug_functions(void (**m) + void *CRYPTO_malloc_locked(int num, const char *file, int line) + { + void *ret = NULL; +- extern unsigned char cleanse_ctr; + + if (num <= 0) + return NULL; + +- allow_customize = 0; ++ if (allow_customize) ++ allow_customize = 0; + if (malloc_debug_func != NULL) { +- allow_customize_debug = 0; ++ if (allow_customize_debug) ++ allow_customize_debug = 0; + malloc_debug_func(NULL, num, file, line, 0); + } + ret = malloc_locked_ex_func(num, file, line); +@@ -318,13 +298,17 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) + if (malloc_debug_func != NULL) + malloc_debug_func(ret, num, file, line, 1); + ++#ifndef OPENSSL_CPUID_OBJ + /* + * Create a dependency on the value of 'cleanse_ctr' so our memory + * sanitisation function can't be optimised out. NB: We only do this for + * >2Kb so the overhead doesn't bother us. + */ +- if (ret && (num > 2048)) ++ if (ret && (num > 2048)) { ++ extern unsigned char cleanse_ctr; + ((unsigned char *)ret)[0] = cleanse_ctr; ++ } ++#endif + + return ret; + } +@@ -344,14 +328,15 @@ void CRYPTO_free_locked(void *str) + void *CRYPTO_malloc(int num, const char *file, int line) + { + void *ret = NULL; +- extern unsigned char cleanse_ctr; + + if (num <= 0) + return NULL; + +- allow_customize = 0; ++ if (allow_customize) ++ allow_customize = 0; + if (malloc_debug_func != NULL) { +- allow_customize_debug = 0; ++ if (allow_customize_debug) ++ allow_customize_debug = 0; + malloc_debug_func(NULL, num, file, line, 0); + } + ret = malloc_ex_func(num, file, line); +@@ -361,17 +346,32 @@ void *CRYPTO_malloc(int num, const char *file, int line) + if (malloc_debug_func != NULL) + malloc_debug_func(ret, num, file, line, 1); + ++#ifndef OPENSSL_CPUID_OBJ + /* + * Create a dependency on the value of 'cleanse_ctr' so our memory + * sanitisation function can't be optimised out. NB: We only do this for + * >2Kb so the overhead doesn't bother us. + */ +- if (ret && (num > 2048)) ++ if (ret && (num > 2048)) { ++ extern unsigned char cleanse_ctr; + ((unsigned char *)ret)[0] = cleanse_ctr; ++ } ++#endif + + return ret; + } + ++char *CRYPTO_strdup(const char *str, const char *file, int line) ++{ ++ char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); ++ ++ if (ret == NULL) ++ return NULL; ++ ++ strcpy(ret, str); ++ return ret; ++} ++ + void *CRYPTO_realloc(void *str, int num, const char *file, int line) + { + void *ret = NULL; +@@ -464,24 +464,3 @@ long CRYPTO_get_mem_debug_options(void) + return get_debug_options_func(); + return 0; + } +- +-int CRYPTO_push_info_(const char *info, const char *file, int line) +-{ +- if (push_info_func) +- return push_info_func(info, file, line); +- return 1; +-} +- +-int CRYPTO_pop_info(void) +-{ +- if (pop_info_func) +- return pop_info_func(); +- return 1; +-} +- +-int CRYPTO_remove_all_info(void) +-{ +- if (remove_all_info_func) +- return remove_all_info_func(); +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c +index e506e6b..8525ded 100644 +--- a/Cryptlib/OpenSSL/crypto/mem_dbg.c ++++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c +@@ -55,6 +55,59 @@ + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ + + #include + #include +@@ -79,8 +132,10 @@ static int mh_mode = CRYPTO_MEM_CHECK_OFF; + */ + + static unsigned long order = 0; /* number of memory requests */ +-static LHASH *mh = NULL; /* hash-table of memory requests (address as +- * key); access requires MALLOC2 lock */ ++ ++DECLARE_LHASH_OF(MEM); ++static LHASH_OF(MEM) *mh = NULL; /* hash-table of memory requests (address as ++ * key); access requires MALLOC2 lock */ + + typedef struct app_mem_info_st + /*- +@@ -92,7 +147,7 @@ typedef struct app_mem_info_st + * CRYPTO_remove_all_info() to pop all entries. + */ + { +- unsigned long thread; ++ CRYPTO_THREADID threadid; + const char *file; + int line; + const char *info; +@@ -102,10 +157,12 @@ typedef struct app_mem_info_st + + static void app_info_free(APP_INFO *); + +-static LHASH *amih = NULL; /* hash-table with those app_mem_info_st's +- * that are at the top of their thread's +- * stack (with `thread' as key); access +- * requires MALLOC2 lock */ ++DECLARE_LHASH_OF(APP_INFO); ++static LHASH_OF(APP_INFO) *amih = NULL; /* hash-table with those ++ * app_mem_info_st's that are at the ++ * top of their thread's stack (with ++ * `thread' as key); access requires ++ * MALLOC2 lock */ + + typedef struct mem_st + /* memory-block description */ +@@ -114,7 +171,7 @@ typedef struct mem_st + int num; + const char *file; + int line; +- unsigned long thread; ++ CRYPTO_THREADID threadid; + unsigned long order; + time_t time; + APP_INFO *app_info; +@@ -131,11 +188,12 @@ static long options = /* extra information to be recorded */ + + static unsigned int num_disable = 0; /* num_disable > 0 iff mh_mode == + * CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ +-static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0. +- * CRYPTO_LOCK_MALLOC2 is locked +- * exactly in this case (by the +- * thread named in +- * disabling_thread). */ ++ ++/* ++ * Valid iff num_disable > 0. CRYPTO_LOCK_MALLOC2 is locked exactly in this ++ * case (by the thread named in disabling_thread). ++ */ ++static CRYPTO_THREADID disabling_threadid; + + static void app_info_free(APP_INFO *inf) + { +@@ -170,8 +228,11 @@ int CRYPTO_mem_ctrl(int mode) + /* switch off temporarily (for library-internal use): */ + case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ + if (mh_mode & CRYPTO_MEM_CHECK_ON) { +- /* otherwise we already have the MALLOC2 lock */ +- if (!num_disable || (disabling_thread != CRYPTO_thread_id())) { ++ CRYPTO_THREADID cur; ++ CRYPTO_THREADID_current(&cur); ++ /* see if we don't have the MALLOC2 lock already */ ++ if (!num_disable ++ || CRYPTO_THREADID_cmp(&disabling_threadid, &cur)) { + /* + * Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed + * while we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock +@@ -190,7 +251,7 @@ int CRYPTO_mem_ctrl(int mode) + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; +- disabling_thread = CRYPTO_thread_id(); ++ CRYPTO_THREADID_cpy(&disabling_threadid, &cur); + } + num_disable++; + } +@@ -219,10 +280,12 @@ int CRYPTO_is_mem_check_on(void) + int ret = 0; + + if (mh_mode & CRYPTO_MEM_CHECK_ON) { ++ CRYPTO_THREADID cur; ++ CRYPTO_THREADID_current(&cur); + CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); + + ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) +- || (disabling_thread != CRYPTO_thread_id()); ++ || CRYPTO_THREADID_cmp(&disabling_threadid, &cur); + + CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); + } +@@ -239,72 +302,76 @@ long CRYPTO_dbg_get_options(void) + return options; + } + +-/* static int mem_cmp(MEM *a, MEM *b) */ +-static int mem_cmp(const void *a_void, const void *b_void) ++static int mem_cmp(const MEM *a, const MEM *b) + { + #ifdef _WIN64 +- const char *a = (const char *)((const MEM *)a_void)->addr, +- *b = (const char *)((const MEM *)b_void)->addr; +- if (a == b) ++ const char *ap = (const char *)a->addr, *bp = (const char *)b->addr; ++ if (ap == bp) + return 0; +- else if (a > b) ++ else if (ap > bp) + return 1; + else + return -1; + #else +- return ((const char *)((const MEM *)a_void)->addr +- - (const char *)((const MEM *)b_void)->addr); ++ return (const char *)a->addr - (const char *)b->addr; + #endif + } + +-/* static unsigned long mem_hash(MEM *a) */ +-static unsigned long mem_hash(const void *a_void) ++static IMPLEMENT_LHASH_COMP_FN(mem, MEM) ++ ++static unsigned long mem_hash(const MEM *a) + { + unsigned long ret; + +- ret = (unsigned long)((const MEM *)a_void)->addr; ++ ret = (unsigned long)a->addr; + + ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; + return (ret); + } + ++static IMPLEMENT_LHASH_HASH_FN(mem, MEM) ++ + /* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */ + static int app_info_cmp(const void *a_void, const void *b_void) + { +- return (((const APP_INFO *)a_void)->thread +- != ((const APP_INFO *)b_void)->thread); ++ return CRYPTO_THREADID_cmp(&((const APP_INFO *)a_void)->threadid, ++ &((const APP_INFO *)b_void)->threadid); + } + +-/* static unsigned long app_info_hash(APP_INFO *a) */ +-static unsigned long app_info_hash(const void *a_void) ++static IMPLEMENT_LHASH_COMP_FN(app_info, APP_INFO) ++ ++static unsigned long app_info_hash(const APP_INFO *a) + { + unsigned long ret; + +- ret = (unsigned long)((const APP_INFO *)a_void)->thread; +- ++ ret = CRYPTO_THREADID_hash(&a->threadid); ++ /* This is left in as a "who am I to question legacy?" measure */ + ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; + return (ret); + } + ++static IMPLEMENT_LHASH_HASH_FN(app_info, APP_INFO) ++ + static APP_INFO *pop_info(void) + { + APP_INFO tmp; + APP_INFO *ret = NULL; + + if (amih != NULL) { +- tmp.thread = CRYPTO_thread_id(); +- if ((ret = (APP_INFO *)lh_delete(amih, &tmp)) != NULL) { ++ CRYPTO_THREADID_current(&tmp.threadid); ++ if ((ret = lh_APP_INFO_delete(amih, &tmp)) != NULL) { + APP_INFO *next = ret->next; + + if (next != NULL) { + next->references++; +- lh_insert(amih, (char *)next); ++ (void)lh_APP_INFO_insert(amih, next); + } + #ifdef LEVITTE_DEBUG_MEM +- if (ret->thread != tmp.thread) { ++ if (CRYPTO_THREADID_cmp(&ret->threadid, &tmp.threadid)) { + fprintf(stderr, + "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", +- ret->thread, tmp.thread); ++ CRYPTO_THREADID_hash(&ret->threadid), ++ CRYPTO_THREADID_hash(&tmp.threadid)); + abort(); + } + #endif +@@ -319,7 +386,7 @@ static APP_INFO *pop_info(void) + return (ret); + } + +-int CRYPTO_dbg_push_info(const char *info, const char *file, int line) ++int CRYPTO_push_info_(const char *info, const char *file, int line) + { + APP_INFO *ami, *amim; + int ret = 0; +@@ -332,26 +399,27 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line) + goto err; + } + if (amih == NULL) { +- if ((amih = lh_new(app_info_hash, app_info_cmp)) == NULL) { ++ if ((amih = lh_APP_INFO_new()) == NULL) { + OPENSSL_free(ami); + ret = 0; + goto err; + } + } + +- ami->thread = CRYPTO_thread_id(); ++ CRYPTO_THREADID_current(&ami->threadid); + ami->file = file; + ami->line = line; + ami->info = info; + ami->references = 1; + ami->next = NULL; + +- if ((amim = (APP_INFO *)lh_insert(amih, (char *)ami)) != NULL) { ++ if ((amim = lh_APP_INFO_insert(amih, ami)) != NULL) { + #ifdef LEVITTE_DEBUG_MEM +- if (ami->thread != amim->thread) { ++ if (CRYPTO_THREADID_cmp(&ami->threadid, &amim->threadid)) { + fprintf(stderr, + "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", +- amim->thread, ami->thread); ++ CRYPTO_THREADID_hash(&amim->threadid), ++ CRYPTO_THREADID_hash(&ami->threadid)); + abort(); + } + #endif +@@ -364,7 +432,7 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line) + return (ret); + } + +-int CRYPTO_dbg_pop_info(void) ++int CRYPTO_pop_info(void) + { + int ret = 0; + +@@ -379,7 +447,7 @@ int CRYPTO_dbg_pop_info(void) + return (ret); + } + +-int CRYPTO_dbg_remove_all_info(void) ++int CRYPTO_remove_all_info(void) + { + int ret = 0; + +@@ -417,7 +485,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, + return; + } + if (mh == NULL) { +- if ((mh = lh_new(mem_hash, mem_cmp)) == NULL) { ++ if ((mh = lh_MEM_new()) == NULL) { + OPENSSL_free(addr); + OPENSSL_free(m); + addr = NULL; +@@ -430,9 +498,9 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, + m->line = line; + m->num = num; + if (options & V_CRYPTO_MDEBUG_THREAD) +- m->thread = CRYPTO_thread_id(); ++ CRYPTO_THREADID_current(&m->threadid); + else +- m->thread = 0; ++ memset(&m->threadid, 0, sizeof(m->threadid)); + + if (order == break_order_num) { + /* BREAK HERE */ +@@ -440,7 +508,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, + } + m->order = order++; + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n", ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] %c 0x%p (%d)\n", + m->order, (before_p & 128) ? '*' : '+', m->addr, m->num); + #endif + if (options & V_CRYPTO_MDEBUG_TIME) +@@ -448,16 +516,15 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, + else + m->time = 0; + +- tmp.thread = CRYPTO_thread_id(); ++ CRYPTO_THREADID_current(&tmp.threadid); + m->app_info = NULL; + if (amih != NULL +- && (amim = +- (APP_INFO *)lh_retrieve(amih, (char *)&tmp)) != NULL) { ++ && (amim = lh_APP_INFO_retrieve(amih, &tmp)) != NULL) { + m->app_info = amim; + amim->references++; + } + +- if ((mm = (MEM *)lh_insert(mh, (char *)m)) != NULL) { ++ if ((mm = lh_MEM_insert(mh, m)) != NULL) { + /* Not good, but don't sweat it */ + if (mm->app_info != NULL) { + mm->app_info->references--; +@@ -486,10 +553,10 @@ void CRYPTO_dbg_free(void *addr, int before_p) + MemCheck_off(); /* make sure we hold MALLOC2 lock */ + + m.addr = addr; +- mp = (MEM *)lh_delete(mh, (char *)&m); ++ mp = lh_MEM_delete(mh, &m); + if (mp != NULL) { + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n", ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] - 0x%p (%d)\n", + mp->order, mp->addr, mp->num); + #endif + if (mp->app_info != NULL) +@@ -533,16 +600,16 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, + MemCheck_off(); /* make sure we hold MALLOC2 lock */ + + m.addr = addr1; +- mp = (MEM *)lh_delete(mh, (char *)&m); ++ mp = lh_MEM_delete(mh, &m); + if (mp != NULL) { + #ifdef LEVITTE_DEBUG_MEM + fprintf(stderr, +- "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", ++ "LEVITTE_DEBUG_MEM: [%5ld] * 0x%p (%d) -> 0x%p (%d)\n", + mp->order, mp->addr, mp->num, addr2, num); + #endif + mp->addr = addr2; + mp->num = num; +- lh_insert(mh, (char *)mp); ++ (void)lh_MEM_insert(mh, mp); + } + + MemCheck_on(); /* release MALLOC2 lock if num_disabled drops +@@ -559,14 +626,14 @@ typedef struct mem_leak_st { + long bytes; + } MEM_LEAK; + +-static void print_leak(const MEM *m, MEM_LEAK *l) ++static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) + { + char buf[1024]; + char *bufp = buf; + APP_INFO *amip; + int ami_cnt; + struct tm *lcl = NULL; +- unsigned long ti; ++ CRYPTO_THREADID ti; + + #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) + +@@ -586,7 +653,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) + bufp += strlen(bufp); + + if (options & V_CRYPTO_MDEBUG_THREAD) { +- BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); ++ BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", ++ CRYPTO_THREADID_hash(&m->threadid)); + bufp += strlen(bufp); + } + +@@ -603,7 +671,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l) + ami_cnt = 0; + if (!amip) + return; +- ti = amip->thread; ++ CRYPTO_THREADID_cpy(&ti, &amip->threadid); + + do { + int buf_len; +@@ -613,7 +681,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) + memset(buf, '>', ami_cnt); + BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, + " thread=%lu, file=%s, line=%d, info=\"", +- amip->thread, amip->file, amip->line); ++ CRYPTO_THREADID_hash(&amip->threadid), amip->file, ++ amip->line); + buf_len = strlen(buf); + info_len = strlen(amip->info); + if (128 - buf_len - 3 < info_len) { +@@ -629,7 +698,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l) + + amip = amip->next; + } +- while (amip && amip->thread == ti); ++ while (amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti)); + + #ifdef LEVITTE_DEBUG_MEM + if (amip) { +@@ -639,7 +708,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l) + #endif + } + +-static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *) ++static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM, MEM_LEAK) + + void CRYPTO_mem_leaks(BIO *b) + { +@@ -654,9 +723,12 @@ void CRYPTO_mem_leaks(BIO *b) + ml.bytes = 0; + ml.chunks = 0; + if (mh != NULL) +- lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), (char *)&ml); ++ lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), MEM_LEAK, &ml); + if (ml.chunks != 0) { + BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks); ++#ifdef CRYPTO_MDEBUG_ABORT ++ abort(); ++#endif + } else { + /* + * Make sure that, if we found no leaks, memory-leak debugging itself +@@ -664,7 +736,7 @@ void CRYPTO_mem_leaks(BIO *b) + * debugging tools). (When someone enables leak checking, but does not + * call this function, we declare it to be their fault.) XXX This + * should be in CRYPTO_mem_leaks_cb, and CRYPTO_mem_leaks should be +- * implemented by using CRYPTO_mem_leaks_cb. (Also their should be a ++ * implemented by using CRYPTO_mem_leaks_cb. (Also there should be a + * variant of lh_doall_arg that takes a function pointer instead of a + * void *; this would obviate the ugly and illegal void_fn_to_char + * kludge in CRYPTO_mem_leaks_cb. Otherwise the code police will come +@@ -682,12 +754,12 @@ void CRYPTO_mem_leaks(BIO *b) + mh_mode = CRYPTO_MEM_CHECK_OFF; + + if (mh != NULL) { +- lh_free(mh); ++ lh_MEM_free(mh); + mh = NULL; + } + if (amih != NULL) { +- if (lh_num_items(amih) == 0) { +- lh_free(amih); ++ if (lh_APP_INFO_num_items(amih) == 0) { ++ lh_APP_INFO_free(amih); + amih = NULL; + } + } +@@ -731,39 +803,28 @@ void CRYPTO_mem_leaks_fp(FILE *fp) + * crypto.h If this code is restructured, remove the callback type if it is + * no longer needed. -- Geoff Thorpe + */ +-static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb) ++ ++/* ++ * Can't pass CRYPTO_MEM_LEAK_CB directly to lh_MEM_doall_arg because it is a ++ * function pointer and conversion to void * is prohibited. Instead pass its ++ * address ++ */ ++ ++typedef CRYPTO_MEM_LEAK_CB *PCRYPTO_MEM_LEAK_CB; ++ ++static void cb_leak_doall_arg(const MEM *m, PCRYPTO_MEM_LEAK_CB *cb) + { +- (**cb) (m->order, m->file, m->line, m->num, m->addr); ++ (*cb) (m->order, m->file, m->line, m->num, m->addr); + } + +-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, +- CRYPTO_MEM_LEAK_CB **) ++static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM, PCRYPTO_MEM_LEAK_CB) + + void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) + { + if (mh == NULL) + return; + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); +- lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); ++ lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), PCRYPTO_MEM_LEAK_CB, ++ &cb); + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + } +- +-void CRYPTO_malloc_debug_init(void) +-{ +- CRYPTO_set_mem_debug_functions(CRYPTO_dbg_malloc, +- CRYPTO_dbg_realloc, +- CRYPTO_dbg_free, +- CRYPTO_dbg_set_options, +- CRYPTO_dbg_get_options); +- CRYPTO_set_mem_info_functions(CRYPTO_dbg_push_info, +- CRYPTO_dbg_pop_info, +- CRYPTO_dbg_remove_all_info); +-} +- +-char *CRYPTO_strdup(const char *str, const char *file, int line) +-{ +- char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); +- +- strcpy(ret, str); +- return ret; +-} +diff --git a/Cryptlib/OpenSSL/crypto/modes/cbc128.c b/Cryptlib/OpenSSL/crypto/modes/cbc128.c +new file mode 100644 +index 0000000..c13caea +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/cbc128.c +@@ -0,0 +1,207 @@ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#include ++#include "modes_lcl.h" ++#include ++ ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ ++#if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC) ++# define STRICT_ALIGNMENT 0 ++#endif ++ ++void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], block128_f block) ++{ ++ size_t n; ++ const unsigned char *iv = ivec; ++ ++ assert(in && out && key && ivec); ++ ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++ if (STRICT_ALIGNMENT && ++ ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { ++ while (len >= 16) { ++ for (n = 0; n < 16; ++n) ++ out[n] = in[n] ^ iv[n]; ++ (*block) (out, out, key); ++ iv = out; ++ len -= 16; ++ in += 16; ++ out += 16; ++ } ++ } else { ++ while (len >= 16) { ++ for (n = 0; n < 16; n += sizeof(size_t)) ++ *(size_t *)(out + n) = ++ *(size_t *)(in + n) ^ *(size_t *)(iv + n); ++ (*block) (out, out, key); ++ iv = out; ++ len -= 16; ++ in += 16; ++ out += 16; ++ } ++ } ++#endif ++ while (len) { ++ for (n = 0; n < 16 && n < len; ++n) ++ out[n] = in[n] ^ iv[n]; ++ for (; n < 16; ++n) ++ out[n] = iv[n]; ++ (*block) (out, out, key); ++ iv = out; ++ if (len <= 16) ++ break; ++ len -= 16; ++ in += 16; ++ out += 16; ++ } ++ memcpy(ivec, iv, 16); ++} ++ ++void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], block128_f block) ++{ ++ size_t n; ++ union { ++ size_t t[16 / sizeof(size_t)]; ++ unsigned char c[16]; ++ } tmp; ++ ++ assert(in && out && key && ivec); ++ ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++ if (in != out) { ++ const unsigned char *iv = ivec; ++ ++ if (STRICT_ALIGNMENT && ++ ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { ++ while (len >= 16) { ++ (*block) (in, out, key); ++ for (n = 0; n < 16; ++n) ++ out[n] ^= iv[n]; ++ iv = in; ++ len -= 16; ++ in += 16; ++ out += 16; ++ } ++ } else if (16 % sizeof(size_t) == 0) { /* always true */ ++ while (len >= 16) { ++ size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv; ++ ++ (*block) (in, out, key); ++ for (n = 0; n < 16 / sizeof(size_t); n++) ++ out_t[n] ^= iv_t[n]; ++ iv = in; ++ len -= 16; ++ in += 16; ++ out += 16; ++ } ++ } ++ memcpy(ivec, iv, 16); ++ } else { ++ if (STRICT_ALIGNMENT && ++ ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { ++ unsigned char c; ++ while (len >= 16) { ++ (*block) (in, tmp.c, key); ++ for (n = 0; n < 16; ++n) { ++ c = in[n]; ++ out[n] = tmp.c[n] ^ ivec[n]; ++ ivec[n] = c; ++ } ++ len -= 16; ++ in += 16; ++ out += 16; ++ } ++ } else if (16 % sizeof(size_t) == 0) { /* always true */ ++ while (len >= 16) { ++ size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec; ++ const size_t *in_t = (const size_t *)in; ++ ++ (*block) (in, tmp.c, key); ++ for (n = 0; n < 16 / sizeof(size_t); n++) { ++ c = in_t[n]; ++ out_t[n] = tmp.t[n] ^ ivec_t[n]; ++ ivec_t[n] = c; ++ } ++ len -= 16; ++ in += 16; ++ out += 16; ++ } ++ } ++ } ++#endif ++ while (len) { ++ unsigned char c; ++ (*block) (in, tmp.c, key); ++ for (n = 0; n < 16 && n < len; ++n) { ++ c = in[n]; ++ out[n] = tmp.c[n] ^ ivec[n]; ++ ivec[n] = c; ++ } ++ if (len <= 16) { ++ for (; n < 16; ++n) ++ ivec[n] = in[n]; ++ break; ++ } ++ len -= 16; ++ in += 16; ++ out += 16; ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/modes/ccm128.c b/Cryptlib/OpenSSL/crypto/modes/ccm128.c +new file mode 100644 +index 0000000..c1ded0f +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/ccm128.c +@@ -0,0 +1,479 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include "modes_lcl.h" ++#include ++ ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ ++/* ++ * First you setup M and L parameters and pass the key schedule. This is ++ * called once per session setup... ++ */ ++void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, ++ unsigned int M, unsigned int L, void *key, ++ block128_f block) ++{ ++ memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c)); ++ ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2) / 2) & 7) << 3; ++ ctx->blocks = 0; ++ ctx->block = block; ++ ctx->key = key; ++} ++ ++/* !!! Following interfaces are to be called *once* per packet !!! */ ++ ++/* Then you setup per-message nonce and pass the length of the message */ ++int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, ++ const unsigned char *nonce, size_t nlen, size_t mlen) ++{ ++ unsigned int L = ctx->nonce.c[0] & 7; /* the L parameter */ ++ ++ if (nlen < (14 - L)) ++ return -1; /* nonce is too short */ ++ ++ if (sizeof(mlen) == 8 && L >= 3) { ++ ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen) * 8))); ++ ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen) * 8))); ++ ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen) * 8))); ++ ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen) * 8))); ++ } else ++ ctx->nonce.u[1] = 0; ++ ++ ctx->nonce.c[12] = (u8)(mlen >> 24); ++ ctx->nonce.c[13] = (u8)(mlen >> 16); ++ ctx->nonce.c[14] = (u8)(mlen >> 8); ++ ctx->nonce.c[15] = (u8)mlen; ++ ++ ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */ ++ memcpy(&ctx->nonce.c[1], nonce, 14 - L); ++ ++ return 0; ++} ++ ++/* Then you pass additional authentication data, this is optional */ ++void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, ++ const unsigned char *aad, size_t alen) ++{ ++ unsigned int i; ++ block128_f block = ctx->block; ++ ++ if (alen == 0) ++ return; ++ ++ ctx->nonce.c[0] |= 0x40; /* set Adata flag */ ++ (*block) (ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++; ++ ++ if (alen < (0x10000 - 0x100)) { ++ ctx->cmac.c[0] ^= (u8)(alen >> 8); ++ ctx->cmac.c[1] ^= (u8)alen; ++ i = 2; ++ } else if (sizeof(alen) == 8 ++ && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) { ++ ctx->cmac.c[0] ^= 0xFF; ++ ctx->cmac.c[1] ^= 0xFF; ++ ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen) * 8))); ++ ctx->cmac.c[3] ^= (u8)(alen >> (48 % (sizeof(alen) * 8))); ++ ctx->cmac.c[4] ^= (u8)(alen >> (40 % (sizeof(alen) * 8))); ++ ctx->cmac.c[5] ^= (u8)(alen >> (32 % (sizeof(alen) * 8))); ++ ctx->cmac.c[6] ^= (u8)(alen >> 24); ++ ctx->cmac.c[7] ^= (u8)(alen >> 16); ++ ctx->cmac.c[8] ^= (u8)(alen >> 8); ++ ctx->cmac.c[9] ^= (u8)alen; ++ i = 10; ++ } else { ++ ctx->cmac.c[0] ^= 0xFF; ++ ctx->cmac.c[1] ^= 0xFE; ++ ctx->cmac.c[2] ^= (u8)(alen >> 24); ++ ctx->cmac.c[3] ^= (u8)(alen >> 16); ++ ctx->cmac.c[4] ^= (u8)(alen >> 8); ++ ctx->cmac.c[5] ^= (u8)alen; ++ i = 6; ++ } ++ ++ do { ++ for (; i < 16 && alen; ++i, ++aad, --alen) ++ ctx->cmac.c[i] ^= *aad; ++ (*block) (ctx->cmac.c, ctx->cmac.c, ctx->key), ctx->blocks++; ++ i = 0; ++ } while (alen); ++} ++ ++/* Finally you encrypt or decrypt the message */ ++ ++/* ++ * counter part of nonce may not be larger than L*8 bits, L is not larger ++ * than 8, therefore 64-bit counter... ++ */ ++static void ctr64_inc(unsigned char *counter) ++{ ++ unsigned int n = 8; ++ u8 c; ++ ++ counter += 8; ++ do { ++ --n; ++ c = counter[n]; ++ ++c; ++ counter[n] = c; ++ if (c) ++ return; ++ } while (n); ++} ++ ++int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, ++ const unsigned char *inp, unsigned char *out, ++ size_t len) ++{ ++ size_t n; ++ unsigned int i, L; ++ unsigned char flags0 = ctx->nonce.c[0]; ++ block128_f block = ctx->block; ++ void *key = ctx->key; ++ union { ++ u64 u[2]; ++ u8 c[16]; ++ } scratch; ++ ++ if (!(flags0 & 0x40)) ++ (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; ++ ++ ctx->nonce.c[0] = L = flags0 & 7; ++ for (n = 0, i = 15 - L; i < 15; ++i) { ++ n |= ctx->nonce.c[i]; ++ ctx->nonce.c[i] = 0; ++ n <<= 8; ++ } ++ n |= ctx->nonce.c[15]; /* reconstructed length */ ++ ctx->nonce.c[15] = 1; ++ ++ if (n != len) ++ return -1; /* length mismatch */ ++ ++ ctx->blocks += ((len + 15) >> 3) | 1; ++ if (ctx->blocks > (U64(1) << 61)) ++ return -2; /* too much data */ ++ ++ while (len >= 16) { ++#if defined(STRICT_ALIGNMENT) ++ union { ++ u64 u[2]; ++ u8 c[16]; ++ } temp; ++ ++ memcpy(temp.c, inp, 16); ++ ctx->cmac.u[0] ^= temp.u[0]; ++ ctx->cmac.u[1] ^= temp.u[1]; ++#else ++ ctx->cmac.u[0] ^= ((u64 *)inp)[0]; ++ ctx->cmac.u[1] ^= ((u64 *)inp)[1]; ++#endif ++ (*block) (ctx->cmac.c, ctx->cmac.c, key); ++ (*block) (ctx->nonce.c, scratch.c, key); ++ ctr64_inc(ctx->nonce.c); ++#if defined(STRICT_ALIGNMENT) ++ temp.u[0] ^= scratch.u[0]; ++ temp.u[1] ^= scratch.u[1]; ++ memcpy(out, temp.c, 16); ++#else ++ ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]; ++ ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]; ++#endif ++ inp += 16; ++ out += 16; ++ len -= 16; ++ } ++ ++ if (len) { ++ for (i = 0; i < len; ++i) ++ ctx->cmac.c[i] ^= inp[i]; ++ (*block) (ctx->cmac.c, ctx->cmac.c, key); ++ (*block) (ctx->nonce.c, scratch.c, key); ++ for (i = 0; i < len; ++i) ++ out[i] = scratch.c[i] ^ inp[i]; ++ } ++ ++ for (i = 15 - L; i < 16; ++i) ++ ctx->nonce.c[i] = 0; ++ ++ (*block) (ctx->nonce.c, scratch.c, key); ++ ctx->cmac.u[0] ^= scratch.u[0]; ++ ctx->cmac.u[1] ^= scratch.u[1]; ++ ++ ctx->nonce.c[0] = flags0; ++ ++ return 0; ++} ++ ++int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, ++ const unsigned char *inp, unsigned char *out, ++ size_t len) ++{ ++ size_t n; ++ unsigned int i, L; ++ unsigned char flags0 = ctx->nonce.c[0]; ++ block128_f block = ctx->block; ++ void *key = ctx->key; ++ union { ++ u64 u[2]; ++ u8 c[16]; ++ } scratch; ++ ++ if (!(flags0 & 0x40)) ++ (*block) (ctx->nonce.c, ctx->cmac.c, key); ++ ++ ctx->nonce.c[0] = L = flags0 & 7; ++ for (n = 0, i = 15 - L; i < 15; ++i) { ++ n |= ctx->nonce.c[i]; ++ ctx->nonce.c[i] = 0; ++ n <<= 8; ++ } ++ n |= ctx->nonce.c[15]; /* reconstructed length */ ++ ctx->nonce.c[15] = 1; ++ ++ if (n != len) ++ return -1; ++ ++ while (len >= 16) { ++#if defined(STRICT_ALIGNMENT) ++ union { ++ u64 u[2]; ++ u8 c[16]; ++ } temp; ++#endif ++ (*block) (ctx->nonce.c, scratch.c, key); ++ ctr64_inc(ctx->nonce.c); ++#if defined(STRICT_ALIGNMENT) ++ memcpy(temp.c, inp, 16); ++ ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]); ++ ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); ++ memcpy(out, scratch.c, 16); ++#else ++ ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]); ++ ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]); ++#endif ++ (*block) (ctx->cmac.c, ctx->cmac.c, key); ++ ++ inp += 16; ++ out += 16; ++ len -= 16; ++ } ++ ++ if (len) { ++ (*block) (ctx->nonce.c, scratch.c, key); ++ for (i = 0; i < len; ++i) ++ ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]); ++ (*block) (ctx->cmac.c, ctx->cmac.c, key); ++ } ++ ++ for (i = 15 - L; i < 16; ++i) ++ ctx->nonce.c[i] = 0; ++ ++ (*block) (ctx->nonce.c, scratch.c, key); ++ ctx->cmac.u[0] ^= scratch.u[0]; ++ ctx->cmac.u[1] ^= scratch.u[1]; ++ ++ ctx->nonce.c[0] = flags0; ++ ++ return 0; ++} ++ ++static void ctr64_add(unsigned char *counter, size_t inc) ++{ ++ size_t n = 8, val = 0; ++ ++ counter += 8; ++ do { ++ --n; ++ val += counter[n] + (inc & 0xff); ++ counter[n] = (unsigned char)val; ++ val >>= 8; /* carry bit */ ++ inc >>= 8; ++ } while (n && (inc || val)); ++} ++ ++int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, ++ const unsigned char *inp, unsigned char *out, ++ size_t len, ccm128_f stream) ++{ ++ size_t n; ++ unsigned int i, L; ++ unsigned char flags0 = ctx->nonce.c[0]; ++ block128_f block = ctx->block; ++ void *key = ctx->key; ++ union { ++ u64 u[2]; ++ u8 c[16]; ++ } scratch; ++ ++ if (!(flags0 & 0x40)) ++ (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; ++ ++ ctx->nonce.c[0] = L = flags0 & 7; ++ for (n = 0, i = 15 - L; i < 15; ++i) { ++ n |= ctx->nonce.c[i]; ++ ctx->nonce.c[i] = 0; ++ n <<= 8; ++ } ++ n |= ctx->nonce.c[15]; /* reconstructed length */ ++ ctx->nonce.c[15] = 1; ++ ++ if (n != len) ++ return -1; /* length mismatch */ ++ ++ ctx->blocks += ((len + 15) >> 3) | 1; ++ if (ctx->blocks > (U64(1) << 61)) ++ return -2; /* too much data */ ++ ++ if ((n = len / 16)) { ++ (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c); ++ n *= 16; ++ inp += n; ++ out += n; ++ len -= n; ++ if (len) ++ ctr64_add(ctx->nonce.c, n / 16); ++ } ++ ++ if (len) { ++ for (i = 0; i < len; ++i) ++ ctx->cmac.c[i] ^= inp[i]; ++ (*block) (ctx->cmac.c, ctx->cmac.c, key); ++ (*block) (ctx->nonce.c, scratch.c, key); ++ for (i = 0; i < len; ++i) ++ out[i] = scratch.c[i] ^ inp[i]; ++ } ++ ++ for (i = 15 - L; i < 16; ++i) ++ ctx->nonce.c[i] = 0; ++ ++ (*block) (ctx->nonce.c, scratch.c, key); ++ ctx->cmac.u[0] ^= scratch.u[0]; ++ ctx->cmac.u[1] ^= scratch.u[1]; ++ ++ ctx->nonce.c[0] = flags0; ++ ++ return 0; ++} ++ ++int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, ++ const unsigned char *inp, unsigned char *out, ++ size_t len, ccm128_f stream) ++{ ++ size_t n; ++ unsigned int i, L; ++ unsigned char flags0 = ctx->nonce.c[0]; ++ block128_f block = ctx->block; ++ void *key = ctx->key; ++ union { ++ u64 u[2]; ++ u8 c[16]; ++ } scratch; ++ ++ if (!(flags0 & 0x40)) ++ (*block) (ctx->nonce.c, ctx->cmac.c, key); ++ ++ ctx->nonce.c[0] = L = flags0 & 7; ++ for (n = 0, i = 15 - L; i < 15; ++i) { ++ n |= ctx->nonce.c[i]; ++ ctx->nonce.c[i] = 0; ++ n <<= 8; ++ } ++ n |= ctx->nonce.c[15]; /* reconstructed length */ ++ ctx->nonce.c[15] = 1; ++ ++ if (n != len) ++ return -1; ++ ++ if ((n = len / 16)) { ++ (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c); ++ n *= 16; ++ inp += n; ++ out += n; ++ len -= n; ++ if (len) ++ ctr64_add(ctx->nonce.c, n / 16); ++ } ++ ++ if (len) { ++ (*block) (ctx->nonce.c, scratch.c, key); ++ for (i = 0; i < len; ++i) ++ ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]); ++ (*block) (ctx->cmac.c, ctx->cmac.c, key); ++ } ++ ++ for (i = 15 - L; i < 16; ++i) ++ ctx->nonce.c[i] = 0; ++ ++ (*block) (ctx->nonce.c, scratch.c, key); ++ ctx->cmac.u[0] ^= scratch.u[0]; ++ ctx->cmac.u[1] ^= scratch.u[1]; ++ ++ ctx->nonce.c[0] = flags0; ++ ++ return 0; ++} ++ ++size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len) ++{ ++ unsigned int M = (ctx->nonce.c[0] >> 3) & 7; /* the M parameter */ ++ ++ M *= 2; ++ M += 2; ++ if (len < M) ++ return 0; ++ memcpy(tag, ctx->cmac.c, M); ++ return M; ++} +diff --git a/Cryptlib/OpenSSL/crypto/modes/cfb128.c b/Cryptlib/OpenSSL/crypto/modes/cfb128.c +new file mode 100644 +index 0000000..d4ecbd0 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/cfb128.c +@@ -0,0 +1,254 @@ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#include ++#include "modes_lcl.h" ++#include ++ ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ ++/* ++ * The input and output encrypted as though 128bit cfb mode is being used. ++ * The extra state information to record how much of the 128bit block we have ++ * used is contained in *num; ++ */ ++void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], int *num, ++ int enc, block128_f block) ++{ ++ unsigned int n; ++ size_t l = 0; ++ ++ assert(in && out && key && ivec && num); ++ ++ n = *num; ++ ++ if (enc) { ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++ if (16 % sizeof(size_t) == 0) { /* always true actually */ ++ do { ++ while (n && len) { ++ *(out++) = ivec[n] ^= *(in++); ++ --len; ++ n = (n + 1) % 16; ++ } ++# if defined(STRICT_ALIGNMENT) ++ if (((size_t)in | (size_t)out | (size_t)ivec) % ++ sizeof(size_t) != 0) ++ break; ++# endif ++ while (len >= 16) { ++ (*block) (ivec, ivec, key); ++ for (; n < 16; n += sizeof(size_t)) { ++ *(size_t *)(out + n) = ++ *(size_t *)(ivec + n) ^= *(size_t *)(in + n); ++ } ++ len -= 16; ++ out += 16; ++ in += 16; ++ n = 0; ++ } ++ if (len) { ++ (*block) (ivec, ivec, key); ++ while (len--) { ++ out[n] = ivec[n] ^= in[n]; ++ ++n; ++ } ++ } ++ *num = n; ++ return; ++ } while (0); ++ } ++ /* the rest would be commonly eliminated by x86* compiler */ ++#endif ++ while (l < len) { ++ if (n == 0) { ++ (*block) (ivec, ivec, key); ++ } ++ out[l] = ivec[n] ^= in[l]; ++ ++l; ++ n = (n + 1) % 16; ++ } ++ *num = n; ++ } else { ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++ if (16 % sizeof(size_t) == 0) { /* always true actually */ ++ do { ++ while (n && len) { ++ unsigned char c; ++ *(out++) = ivec[n] ^ (c = *(in++)); ++ ivec[n] = c; ++ --len; ++ n = (n + 1) % 16; ++ } ++# if defined(STRICT_ALIGNMENT) ++ if (((size_t)in | (size_t)out | (size_t)ivec) % ++ sizeof(size_t) != 0) ++ break; ++# endif ++ while (len >= 16) { ++ (*block) (ivec, ivec, key); ++ for (; n < 16; n += sizeof(size_t)) { ++ size_t t = *(size_t *)(in + n); ++ *(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t; ++ *(size_t *)(ivec + n) = t; ++ } ++ len -= 16; ++ out += 16; ++ in += 16; ++ n = 0; ++ } ++ if (len) { ++ (*block) (ivec, ivec, key); ++ while (len--) { ++ unsigned char c; ++ out[n] = ivec[n] ^ (c = in[n]); ++ ivec[n] = c; ++ ++n; ++ } ++ } ++ *num = n; ++ return; ++ } while (0); ++ } ++ /* the rest would be commonly eliminated by x86* compiler */ ++#endif ++ while (l < len) { ++ unsigned char c; ++ if (n == 0) { ++ (*block) (ivec, ivec, key); ++ } ++ out[l] = ivec[n] ^ (c = in[l]); ++ ivec[n] = c; ++ ++l; ++ n = (n + 1) % 16; ++ } ++ *num = n; ++ } ++} ++ ++/* ++ * This expects a single block of size nbits for both in and out. Note that ++ * it corrupts any extra bits in the last byte of out ++ */ ++static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out, ++ int nbits, const void *key, ++ unsigned char ivec[16], int enc, ++ block128_f block) ++{ ++ int n, rem, num; ++ unsigned char ovec[16 * 2 + 1]; /* +1 because we dererefence (but don't ++ * use) one byte off the end */ ++ ++ if (nbits <= 0 || nbits > 128) ++ return; ++ ++ /* fill in the first half of the new IV with the current IV */ ++ memcpy(ovec, ivec, 16); ++ /* construct the new IV */ ++ (*block) (ivec, ivec, key); ++ num = (nbits + 7) / 8; ++ if (enc) /* encrypt the input */ ++ for (n = 0; n < num; ++n) ++ out[n] = (ovec[16 + n] = in[n] ^ ivec[n]); ++ else /* decrypt the input */ ++ for (n = 0; n < num; ++n) ++ out[n] = (ovec[16 + n] = in[n]) ^ ivec[n]; ++ /* shift ovec left... */ ++ rem = nbits % 8; ++ num = nbits / 8; ++ if (rem == 0) ++ memcpy(ivec, ovec + num, 16); ++ else ++ for (n = 0; n < 16; ++n) ++ ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem); ++ ++ /* it is not necessary to cleanse ovec, since the IV is not secret */ ++} ++ ++/* N.B. This expects the input to be packed, MS bit first */ ++void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, ++ size_t bits, const void *key, ++ unsigned char ivec[16], int *num, ++ int enc, block128_f block) ++{ ++ size_t n; ++ unsigned char c[1], d[1]; ++ ++ assert(in && out && key && ivec && num); ++ assert(*num == 0); ++ ++ for (n = 0; n < bits; ++n) { ++ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; ++ cfbr_encrypt_block(c, d, 1, key, ivec, enc, block); ++ out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) | ++ ((d[0] & 0x80) >> (unsigned int)(n % 8)); ++ } ++} ++ ++void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const void *key, ++ unsigned char ivec[16], int *num, ++ int enc, block128_f block) ++{ ++ size_t n; ++ ++ assert(in && out && key && ivec && num); ++ assert(*num == 0); ++ ++ for (n = 0; n < length; ++n) ++ cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block); ++} +diff --git a/Cryptlib/OpenSSL/crypto/modes/ctr128.c b/Cryptlib/OpenSSL/crypto/modes/ctr128.c +new file mode 100644 +index 0000000..f3bbcbf +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/ctr128.c +@@ -0,0 +1,270 @@ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#include ++#include "modes_lcl.h" ++#include ++ ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ ++/* ++ * NOTE: the IV/counter CTR mode is big-endian. The code itself is ++ * endian-neutral. ++ */ ++ ++/* increment counter (128-bit int) by 1 */ ++static void ctr128_inc(unsigned char *counter) ++{ ++ u32 n = 16; ++ u8 c; ++ ++ do { ++ --n; ++ c = counter[n]; ++ ++c; ++ counter[n] = c; ++ if (c) ++ return; ++ } while (n); ++} ++ ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++static void ctr128_inc_aligned(unsigned char *counter) ++{ ++ size_t *data, c, n; ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++ if (is_endian.little) { ++ ctr128_inc(counter); ++ return; ++ } ++ ++ data = (size_t *)counter; ++ n = 16 / sizeof(size_t); ++ do { ++ --n; ++ c = data[n]; ++ ++c; ++ data[n] = c; ++ if (c) ++ return; ++ } while (n); ++} ++#endif ++ ++/* ++ * The input encrypted as though 128bit counter mode is being used. The ++ * extra state information to record how much of the 128bit block we have ++ * used is contained in *num, and the encrypted counter is kept in ++ * ecount_buf. Both *num and ecount_buf must be initialised with zeros ++ * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes ++ * that the counter is in the x lower bits of the IV (ivec), and that the ++ * application has full control over overflow and the rest of the IV. This ++ * implementation takes NO responsability for checking that the counter ++ * doesn't overflow into the rest of the IV when incremented. ++ */ ++void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], ++ unsigned char ecount_buf[16], unsigned int *num, ++ block128_f block) ++{ ++ unsigned int n; ++ size_t l = 0; ++ ++ assert(in && out && key && ecount_buf && num); ++ assert(*num < 16); ++ ++ n = *num; ++ ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++ if (16 % sizeof(size_t) == 0) { /* always true actually */ ++ do { ++ while (n && len) { ++ *(out++) = *(in++) ^ ecount_buf[n]; ++ --len; ++ n = (n + 1) % 16; ++ } ++ ++# if defined(STRICT_ALIGNMENT) ++ if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != ++ 0) ++ break; ++# endif ++ while (len >= 16) { ++ (*block) (ivec, ecount_buf, key); ++ ctr128_inc_aligned(ivec); ++ for (; n < 16; n += sizeof(size_t)) ++ *(size_t *)(out + n) = ++ *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n); ++ len -= 16; ++ out += 16; ++ in += 16; ++ n = 0; ++ } ++ if (len) { ++ (*block) (ivec, ecount_buf, key); ++ ctr128_inc_aligned(ivec); ++ while (len--) { ++ out[n] = in[n] ^ ecount_buf[n]; ++ ++n; ++ } ++ } ++ *num = n; ++ return; ++ } while (0); ++ } ++ /* the rest would be commonly eliminated by x86* compiler */ ++#endif ++ while (l < len) { ++ if (n == 0) { ++ (*block) (ivec, ecount_buf, key); ++ ctr128_inc(ivec); ++ } ++ out[l] = in[l] ^ ecount_buf[n]; ++ ++l; ++ n = (n + 1) % 16; ++ } ++ ++ *num = n; ++} ++ ++/* increment upper 96 bits of 128-bit counter by 1 */ ++static void ctr96_inc(unsigned char *counter) ++{ ++ u32 n = 12; ++ u8 c; ++ ++ do { ++ --n; ++ c = counter[n]; ++ ++c; ++ counter[n] = c; ++ if (c) ++ return; ++ } while (n); ++} ++ ++void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], ++ unsigned char ecount_buf[16], ++ unsigned int *num, ctr128_f func) ++{ ++ unsigned int n, ctr32; ++ ++ assert(in && out && key && ecount_buf && num); ++ assert(*num < 16); ++ ++ n = *num; ++ ++ while (n && len) { ++ *(out++) = *(in++) ^ ecount_buf[n]; ++ --len; ++ n = (n + 1) % 16; ++ } ++ ++ ctr32 = GETU32(ivec + 12); ++ while (len >= 16) { ++ size_t blocks = len / 16; ++ /* ++ * 1<<28 is just a not-so-small yet not-so-large number... ++ * Below condition is practically never met, but it has to ++ * be checked for code correctness. ++ */ ++ if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28)) ++ blocks = (1U << 28); ++ /* ++ * As (*func) operates on 32-bit counter, caller ++ * has to handle overflow. 'if' below detects the ++ * overflow, which is then handled by limiting the ++ * amount of blocks to the exact overflow point... ++ */ ++ ctr32 += (u32)blocks; ++ if (ctr32 < blocks) { ++ blocks -= ctr32; ++ ctr32 = 0; ++ } ++ (*func) (in, out, blocks, key, ivec); ++ /* (*ctr) does not update ivec, caller does: */ ++ PUTU32(ivec + 12, ctr32); ++ /* ... overflow was detected, propogate carry. */ ++ if (ctr32 == 0) ++ ctr96_inc(ivec); ++ blocks *= 16; ++ len -= blocks; ++ out += blocks; ++ in += blocks; ++ } ++ if (len) { ++ memset(ecount_buf, 0, 16); ++ (*func) (ecount_buf, ecount_buf, 1, key, ivec); ++ ++ctr32; ++ PUTU32(ivec + 12, ctr32); ++ if (ctr32 == 0) ++ ctr96_inc(ivec); ++ while (len--) { ++ out[n] = in[n] ^ ecount_buf[n]; ++ ++n; ++ } ++ } ++ ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/modes/cts128.c b/Cryptlib/OpenSSL/crypto/modes/cts128.c +new file mode 100644 +index 0000000..137be59 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/cts128.c +@@ -0,0 +1,544 @@ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Rights for redistribution and usage in source and binary ++ * forms are granted according to the OpenSSL license. ++ */ ++ ++#include ++#include "modes_lcl.h" ++#include ++ ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ ++/* ++ * Trouble with Ciphertext Stealing, CTS, mode is that there is no ++ * common official specification, but couple of cipher/application ++ * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to ++ * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which ++ * deviates from mentioned RFCs. Most notably it allows input to be ++ * of block length and it doesn't flip the order of the last two ++ * blocks. CTS is being discussed even in ECB context, but it's not ++ * adopted for any known application. This implementation provides ++ * two interfaces: one compliant with above mentioned RFCs and one ++ * compliant with the NIST proposal, both extending CBC mode. ++ */ ++ ++size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, ++ unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], ++ block128_f block) ++{ ++ size_t residue, n; ++ ++ assert(in && out && key && ivec); ++ ++ if (len <= 16) ++ return 0; ++ ++ if ((residue = len % 16) == 0) ++ residue = 16; ++ ++ len -= residue; ++ ++ CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block); ++ ++ in += len; ++ out += len; ++ ++ for (n = 0; n < residue; ++n) ++ ivec[n] ^= in[n]; ++ (*block) (ivec, ivec, key); ++ memcpy(out, out - 16, residue); ++ memcpy(out - 16, ivec, 16); ++ ++ return len + residue; ++} ++ ++size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, ++ unsigned char *out, size_t len, ++ const void *key, ++ unsigned char ivec[16], ++ block128_f block) ++{ ++ size_t residue, n; ++ ++ assert(in && out && key && ivec); ++ ++ if (len < 16) ++ return 0; ++ ++ residue = len % 16; ++ ++ len -= residue; ++ ++ CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block); ++ ++ if (residue == 0) ++ return len; ++ ++ in += len; ++ out += len; ++ ++ for (n = 0; n < residue; ++n) ++ ivec[n] ^= in[n]; ++ (*block) (ivec, ivec, key); ++ memcpy(out - 16 + residue, ivec, 16); ++ ++ return len + residue; ++} ++ ++size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], cbc128_f cbc) ++{ ++ size_t residue; ++ union { ++ size_t align; ++ unsigned char c[16]; ++ } tmp; ++ ++ assert(in && out && key && ivec); ++ ++ if (len <= 16) ++ return 0; ++ ++ if ((residue = len % 16) == 0) ++ residue = 16; ++ ++ len -= residue; ++ ++ (*cbc) (in, out, len, key, ivec, 1); ++ ++ in += len; ++ out += len; ++ ++#if defined(CBC_HANDLES_TRUNCATED_IO) ++ memcpy(tmp.c, out - 16, 16); ++ (*cbc) (in, out - 16, residue, key, ivec, 1); ++ memcpy(out, tmp.c, residue); ++#else ++ memset(tmp.c, 0, sizeof(tmp)); ++ memcpy(tmp.c, in, residue); ++ memcpy(out, out - 16, residue); ++ (*cbc) (tmp.c, out - 16, 16, key, ivec, 1); ++#endif ++ return len + residue; ++} ++ ++size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], cbc128_f cbc) ++{ ++ size_t residue; ++ union { ++ size_t align; ++ unsigned char c[16]; ++ } tmp; ++ ++ assert(in && out && key && ivec); ++ ++ if (len < 16) ++ return 0; ++ ++ residue = len % 16; ++ ++ len -= residue; ++ ++ (*cbc) (in, out, len, key, ivec, 1); ++ ++ if (residue == 0) ++ return len; ++ ++ in += len; ++ out += len; ++ ++#if defined(CBC_HANDLES_TRUNCATED_IO) ++ (*cbc) (in, out - 16 + residue, residue, key, ivec, 1); ++#else ++ memset(tmp.c, 0, sizeof(tmp)); ++ memcpy(tmp.c, in, residue); ++ (*cbc) (tmp.c, out - 16 + residue, 16, key, ivec, 1); ++#endif ++ return len + residue; ++} ++ ++size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, ++ unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], ++ block128_f block) ++{ ++ size_t residue, n; ++ union { ++ size_t align; ++ unsigned char c[32]; ++ } tmp; ++ ++ assert(in && out && key && ivec); ++ ++ if (len <= 16) ++ return 0; ++ ++ if ((residue = len % 16) == 0) ++ residue = 16; ++ ++ len -= 16 + residue; ++ ++ if (len) { ++ CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block); ++ in += len; ++ out += len; ++ } ++ ++ (*block) (in, tmp.c + 16, key); ++ ++ memcpy(tmp.c, tmp.c + 16, 16); ++ memcpy(tmp.c, in + 16, residue); ++ (*block) (tmp.c, tmp.c, key); ++ ++ for (n = 0; n < 16; ++n) { ++ unsigned char c = in[n]; ++ out[n] = tmp.c[n] ^ ivec[n]; ++ ivec[n] = c; ++ } ++ for (residue += 16; n < residue; ++n) ++ out[n] = tmp.c[n] ^ in[n]; ++ ++ return 16 + len + residue; ++} ++ ++size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, ++ unsigned char *out, size_t len, ++ const void *key, ++ unsigned char ivec[16], ++ block128_f block) ++{ ++ size_t residue, n; ++ union { ++ size_t align; ++ unsigned char c[32]; ++ } tmp; ++ ++ assert(in && out && key && ivec); ++ ++ if (len < 16) ++ return 0; ++ ++ residue = len % 16; ++ ++ if (residue == 0) { ++ CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block); ++ return len; ++ } ++ ++ len -= 16 + residue; ++ ++ if (len) { ++ CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block); ++ in += len; ++ out += len; ++ } ++ ++ (*block) (in + residue, tmp.c + 16, key); ++ ++ memcpy(tmp.c, tmp.c + 16, 16); ++ memcpy(tmp.c, in, residue); ++ (*block) (tmp.c, tmp.c, key); ++ ++ for (n = 0; n < 16; ++n) { ++ unsigned char c = in[n]; ++ out[n] = tmp.c[n] ^ ivec[n]; ++ ivec[n] = in[n + residue]; ++ tmp.c[n] = c; ++ } ++ for (residue += 16; n < residue; ++n) ++ out[n] = tmp.c[n] ^ tmp.c[n - 16]; ++ ++ return 16 + len + residue; ++} ++ ++size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], cbc128_f cbc) ++{ ++ size_t residue; ++ union { ++ size_t align; ++ unsigned char c[32]; ++ } tmp; ++ ++ assert(in && out && key && ivec); ++ ++ if (len <= 16) ++ return 0; ++ ++ if ((residue = len % 16) == 0) ++ residue = 16; ++ ++ len -= 16 + residue; ++ ++ if (len) { ++ (*cbc) (in, out, len, key, ivec, 0); ++ in += len; ++ out += len; ++ } ++ ++ memset(tmp.c, 0, sizeof(tmp)); ++ /* ++ * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] ++ */ ++ (*cbc) (in, tmp.c, 16, key, tmp.c + 16, 0); ++ ++ memcpy(tmp.c, in + 16, residue); ++#if defined(CBC_HANDLES_TRUNCATED_IO) ++ (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0); ++#else ++ (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0); ++ memcpy(out, tmp.c, 16 + residue); ++#endif ++ return 16 + len + residue; ++} ++ ++size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], cbc128_f cbc) ++{ ++ size_t residue; ++ union { ++ size_t align; ++ unsigned char c[32]; ++ } tmp; ++ ++ assert(in && out && key && ivec); ++ ++ if (len < 16) ++ return 0; ++ ++ residue = len % 16; ++ ++ if (residue == 0) { ++ (*cbc) (in, out, len, key, ivec, 0); ++ return len; ++ } ++ ++ len -= 16 + residue; ++ ++ if (len) { ++ (*cbc) (in, out, len, key, ivec, 0); ++ in += len; ++ out += len; ++ } ++ ++ memset(tmp.c, 0, sizeof(tmp)); ++ /* ++ * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] ++ */ ++ (*cbc) (in + residue, tmp.c, 16, key, tmp.c + 16, 0); ++ ++ memcpy(tmp.c, in, residue); ++#if defined(CBC_HANDLES_TRUNCATED_IO) ++ (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0); ++#else ++ (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0); ++ memcpy(out, tmp.c, 16 + residue); ++#endif ++ return 16 + len + residue; ++} ++ ++#if defined(SELFTEST) ++# include ++# include ++ ++/* test vectors from RFC 3962 */ ++static const unsigned char test_key[16] = "chicken teriyaki"; ++static const unsigned char test_input[64] = ++ "I would like the" " General Gau's C" ++ "hicken, please, " "and wonton soup."; ++static const unsigned char test_iv[16] = ++ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; ++ ++static const unsigned char vector_17[17] = { ++ 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, ++ 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, ++ 0x97 ++}; ++ ++static const unsigned char vector_31[31] = { ++ 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, ++ 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, ++ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, ++ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 ++}; ++ ++static const unsigned char vector_32[32] = { ++ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, ++ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, ++ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, ++ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 ++}; ++ ++static const unsigned char vector_47[47] = { ++ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, ++ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, ++ 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, ++ 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, ++ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, ++ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 ++}; ++ ++static const unsigned char vector_48[48] = { ++ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, ++ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, ++ 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, ++ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, ++ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, ++ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 ++}; ++ ++static const unsigned char vector_64[64] = { ++ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, ++ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, ++ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, ++ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, ++ 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, ++ 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, ++ 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, ++ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 ++}; ++ ++static AES_KEY encks, decks; ++ ++void test_vector(const unsigned char *vector, size_t len) ++{ ++ unsigned char iv[sizeof(test_iv)]; ++ unsigned char cleartext[64], ciphertext[64]; ++ size_t tail; ++ ++ printf("vector_%d\n", len); ++ fflush(stdout); ++ ++ if ((tail = len % 16) == 0) ++ tail = 16; ++ tail += 16; ++ ++ /* test block-based encryption */ ++ memcpy(iv, test_iv, sizeof(test_iv)); ++ CRYPTO_cts128_encrypt_block(test_input, ciphertext, len, &encks, iv, ++ (block128_f) AES_encrypt); ++ if (memcmp(ciphertext, vector, len)) ++ fprintf(stderr, "output_%d mismatch\n", len), exit(1); ++ if (memcmp(iv, vector + len - tail, sizeof(iv))) ++ fprintf(stderr, "iv_%d mismatch\n", len), exit(1); ++ ++ /* test block-based decryption */ ++ memcpy(iv, test_iv, sizeof(test_iv)); ++ CRYPTO_cts128_decrypt_block(ciphertext, cleartext, len, &decks, iv, ++ (block128_f) AES_decrypt); ++ if (memcmp(cleartext, test_input, len)) ++ fprintf(stderr, "input_%d mismatch\n", len), exit(2); ++ if (memcmp(iv, vector + len - tail, sizeof(iv))) ++ fprintf(stderr, "iv_%d mismatch\n", len), exit(2); ++ ++ /* test streamed encryption */ ++ memcpy(iv, test_iv, sizeof(test_iv)); ++ CRYPTO_cts128_encrypt(test_input, ciphertext, len, &encks, iv, ++ (cbc128_f) AES_cbc_encrypt); ++ if (memcmp(ciphertext, vector, len)) ++ fprintf(stderr, "output_%d mismatch\n", len), exit(3); ++ if (memcmp(iv, vector + len - tail, sizeof(iv))) ++ fprintf(stderr, "iv_%d mismatch\n", len), exit(3); ++ ++ /* test streamed decryption */ ++ memcpy(iv, test_iv, sizeof(test_iv)); ++ CRYPTO_cts128_decrypt(ciphertext, cleartext, len, &decks, iv, ++ (cbc128_f) AES_cbc_encrypt); ++ if (memcmp(cleartext, test_input, len)) ++ fprintf(stderr, "input_%d mismatch\n", len), exit(4); ++ if (memcmp(iv, vector + len - tail, sizeof(iv))) ++ fprintf(stderr, "iv_%d mismatch\n", len), exit(4); ++} ++ ++void test_nistvector(const unsigned char *vector, size_t len) ++{ ++ unsigned char iv[sizeof(test_iv)]; ++ unsigned char cleartext[64], ciphertext[64], nistvector[64]; ++ size_t tail; ++ ++ printf("nistvector_%d\n", len); ++ fflush(stdout); ++ ++ if ((tail = len % 16) == 0) ++ tail = 16; ++ ++ len -= 16 + tail; ++ memcpy(nistvector, vector, len); ++ /* flip two last blocks */ ++ memcpy(nistvector + len, vector + len + 16, tail); ++ memcpy(nistvector + len + tail, vector + len, 16); ++ len += 16 + tail; ++ tail = 16; ++ ++ /* test block-based encryption */ ++ memcpy(iv, test_iv, sizeof(test_iv)); ++ CRYPTO_nistcts128_encrypt_block(test_input, ciphertext, len, &encks, iv, ++ (block128_f) AES_encrypt); ++ if (memcmp(ciphertext, nistvector, len)) ++ fprintf(stderr, "output_%d mismatch\n", len), exit(1); ++ if (memcmp(iv, nistvector + len - tail, sizeof(iv))) ++ fprintf(stderr, "iv_%d mismatch\n", len), exit(1); ++ ++ /* test block-based decryption */ ++ memcpy(iv, test_iv, sizeof(test_iv)); ++ CRYPTO_nistcts128_decrypt_block(ciphertext, cleartext, len, &decks, iv, ++ (block128_f) AES_decrypt); ++ if (memcmp(cleartext, test_input, len)) ++ fprintf(stderr, "input_%d mismatch\n", len), exit(2); ++ if (memcmp(iv, nistvector + len - tail, sizeof(iv))) ++ fprintf(stderr, "iv_%d mismatch\n", len), exit(2); ++ ++ /* test streamed encryption */ ++ memcpy(iv, test_iv, sizeof(test_iv)); ++ CRYPTO_nistcts128_encrypt(test_input, ciphertext, len, &encks, iv, ++ (cbc128_f) AES_cbc_encrypt); ++ if (memcmp(ciphertext, nistvector, len)) ++ fprintf(stderr, "output_%d mismatch\n", len), exit(3); ++ if (memcmp(iv, nistvector + len - tail, sizeof(iv))) ++ fprintf(stderr, "iv_%d mismatch\n", len), exit(3); ++ ++ /* test streamed decryption */ ++ memcpy(iv, test_iv, sizeof(test_iv)); ++ CRYPTO_nistcts128_decrypt(ciphertext, cleartext, len, &decks, iv, ++ (cbc128_f) AES_cbc_encrypt); ++ if (memcmp(cleartext, test_input, len)) ++ fprintf(stderr, "input_%d mismatch\n", len), exit(4); ++ if (memcmp(iv, nistvector + len - tail, sizeof(iv))) ++ fprintf(stderr, "iv_%d mismatch\n", len), exit(4); ++} ++ ++int main() ++{ ++ AES_set_encrypt_key(test_key, 128, &encks); ++ AES_set_decrypt_key(test_key, 128, &decks); ++ ++ test_vector(vector_17, sizeof(vector_17)); ++ test_vector(vector_31, sizeof(vector_31)); ++ test_vector(vector_32, sizeof(vector_32)); ++ test_vector(vector_47, sizeof(vector_47)); ++ test_vector(vector_48, sizeof(vector_48)); ++ test_vector(vector_64, sizeof(vector_64)); ++ ++ test_nistvector(vector_17, sizeof(vector_17)); ++ test_nistvector(vector_31, sizeof(vector_31)); ++ test_nistvector(vector_32, sizeof(vector_32)); ++ test_nistvector(vector_47, sizeof(vector_47)); ++ test_nistvector(vector_48, sizeof(vector_48)); ++ test_nistvector(vector_64, sizeof(vector_64)); ++ ++ return 0; ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/modes/gcm128.c b/Cryptlib/OpenSSL/crypto/modes/gcm128.c +new file mode 100644 +index 0000000..e299131 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/gcm128.c +@@ -0,0 +1,2371 @@ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#define OPENSSL_FIPSAPI ++ ++#include ++#include "modes_lcl.h" ++#include ++ ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ ++#if defined(BSWAP4) && defined(STRICT_ALIGNMENT) ++/* redefine, because alignment is ensured */ ++# undef GETU32 ++# define GETU32(p) BSWAP4(*(const u32 *)(p)) ++# undef PUTU32 ++# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) ++#endif ++ ++#define PACK(s) ((size_t)(s)<<(sizeof(size_t)*8-16)) ++#define REDUCE1BIT(V) do { \ ++ if (sizeof(size_t)==8) { \ ++ u64 T = U64(0xe100000000000000) & (0-(V.lo&1)); \ ++ V.lo = (V.hi<<63)|(V.lo>>1); \ ++ V.hi = (V.hi>>1 )^T; \ ++ } \ ++ else { \ ++ u32 T = 0xe1000000U & (0-(u32)(V.lo&1)); \ ++ V.lo = (V.hi<<63)|(V.lo>>1); \ ++ V.hi = (V.hi>>1 )^((u64)T<<32); \ ++ } \ ++} while(0) ++ ++/*- ++ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should ++ * never be set to 8. 8 is effectively reserved for testing purposes. ++ * TABLE_BITS>1 are lookup-table-driven implementations referred to as ++ * "Shoup's" in GCM specification. In other words OpenSSL does not cover ++ * whole spectrum of possible table driven implementations. Why? In ++ * non-"Shoup's" case memory access pattern is segmented in such manner, ++ * that it's trivial to see that cache timing information can reveal ++ * fair portion of intermediate hash value. Given that ciphertext is ++ * always available to attacker, it's possible for him to attempt to ++ * deduce secret parameter H and if successful, tamper with messages ++ * [which is nothing but trivial in CTR mode]. In "Shoup's" case it's ++ * not as trivial, but there is no reason to believe that it's resistant ++ * to cache-timing attack. And the thing about "8-bit" implementation is ++ * that it consumes 16 (sixteen) times more memory, 4KB per individual ++ * key + 1KB shared. Well, on pros side it should be twice as fast as ++ * "4-bit" version. And for gcc-generated x86[_64] code, "8-bit" version ++ * was observed to run ~75% faster, closer to 100% for commercial ++ * compilers... Yet "4-bit" procedure is preferred, because it's ++ * believed to provide better security-performance balance and adequate ++ * all-round performance. "All-round" refers to things like: ++ * ++ * - shorter setup time effectively improves overall timing for ++ * handling short messages; ++ * - larger table allocation can become unbearable because of VM ++ * subsystem penalties (for example on Windows large enough free ++ * results in VM working set trimming, meaning that consequent ++ * malloc would immediately incur working set expansion); ++ * - larger table has larger cache footprint, which can affect ++ * performance of other code paths (not necessarily even from same ++ * thread in Hyper-Threading world); ++ * ++ * Value of 1 is not appropriate for performance reasons. ++ */ ++#if TABLE_BITS==8 ++ ++static void gcm_init_8bit(u128 Htable[256], u64 H[2]) ++{ ++ int i, j; ++ u128 V; ++ ++ Htable[0].hi = 0; ++ Htable[0].lo = 0; ++ V.hi = H[0]; ++ V.lo = H[1]; ++ ++ for (Htable[128] = V, i = 64; i > 0; i >>= 1) { ++ REDUCE1BIT(V); ++ Htable[i] = V; ++ } ++ ++ for (i = 2; i < 256; i <<= 1) { ++ u128 *Hi = Htable + i, H0 = *Hi; ++ for (j = 1; j < i; ++j) { ++ Hi[j].hi = H0.hi ^ Htable[j].hi; ++ Hi[j].lo = H0.lo ^ Htable[j].lo; ++ } ++ } ++} ++ ++static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) ++{ ++ u128 Z = { 0, 0 }; ++ const u8 *xi = (const u8 *)Xi + 15; ++ size_t rem, n = *xi; ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ static const size_t rem_8bit[256] = { ++ PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246), ++ PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E), ++ PACK(0x0E10), PACK(0x0FD2), PACK(0x0D94), PACK(0x0C56), ++ PACK(0x0918), PACK(0x08DA), PACK(0x0A9C), PACK(0x0B5E), ++ PACK(0x1C20), PACK(0x1DE2), PACK(0x1FA4), PACK(0x1E66), ++ PACK(0x1B28), PACK(0x1AEA), PACK(0x18AC), PACK(0x196E), ++ PACK(0x1230), PACK(0x13F2), PACK(0x11B4), PACK(0x1076), ++ PACK(0x1538), PACK(0x14FA), PACK(0x16BC), PACK(0x177E), ++ PACK(0x3840), PACK(0x3982), PACK(0x3BC4), PACK(0x3A06), ++ PACK(0x3F48), PACK(0x3E8A), PACK(0x3CCC), PACK(0x3D0E), ++ PACK(0x3650), PACK(0x3792), PACK(0x35D4), PACK(0x3416), ++ PACK(0x3158), PACK(0x309A), PACK(0x32DC), PACK(0x331E), ++ PACK(0x2460), PACK(0x25A2), PACK(0x27E4), PACK(0x2626), ++ PACK(0x2368), PACK(0x22AA), PACK(0x20EC), PACK(0x212E), ++ PACK(0x2A70), PACK(0x2BB2), PACK(0x29F4), PACK(0x2836), ++ PACK(0x2D78), PACK(0x2CBA), PACK(0x2EFC), PACK(0x2F3E), ++ PACK(0x7080), PACK(0x7142), PACK(0x7304), PACK(0x72C6), ++ PACK(0x7788), PACK(0x764A), PACK(0x740C), PACK(0x75CE), ++ PACK(0x7E90), PACK(0x7F52), PACK(0x7D14), PACK(0x7CD6), ++ PACK(0x7998), PACK(0x785A), PACK(0x7A1C), PACK(0x7BDE), ++ PACK(0x6CA0), PACK(0x6D62), PACK(0x6F24), PACK(0x6EE6), ++ PACK(0x6BA8), PACK(0x6A6A), PACK(0x682C), PACK(0x69EE), ++ PACK(0x62B0), PACK(0x6372), PACK(0x6134), PACK(0x60F6), ++ PACK(0x65B8), PACK(0x647A), PACK(0x663C), PACK(0x67FE), ++ PACK(0x48C0), PACK(0x4902), PACK(0x4B44), PACK(0x4A86), ++ PACK(0x4FC8), PACK(0x4E0A), PACK(0x4C4C), PACK(0x4D8E), ++ PACK(0x46D0), PACK(0x4712), PACK(0x4554), PACK(0x4496), ++ PACK(0x41D8), PACK(0x401A), PACK(0x425C), PACK(0x439E), ++ PACK(0x54E0), PACK(0x5522), PACK(0x5764), PACK(0x56A6), ++ PACK(0x53E8), PACK(0x522A), PACK(0x506C), PACK(0x51AE), ++ PACK(0x5AF0), PACK(0x5B32), PACK(0x5974), PACK(0x58B6), ++ PACK(0x5DF8), PACK(0x5C3A), PACK(0x5E7C), PACK(0x5FBE), ++ PACK(0xE100), PACK(0xE0C2), PACK(0xE284), PACK(0xE346), ++ PACK(0xE608), PACK(0xE7CA), PACK(0xE58C), PACK(0xE44E), ++ PACK(0xEF10), PACK(0xEED2), PACK(0xEC94), PACK(0xED56), ++ PACK(0xE818), PACK(0xE9DA), PACK(0xEB9C), PACK(0xEA5E), ++ PACK(0xFD20), PACK(0xFCE2), PACK(0xFEA4), PACK(0xFF66), ++ PACK(0xFA28), PACK(0xFBEA), PACK(0xF9AC), PACK(0xF86E), ++ PACK(0xF330), PACK(0xF2F2), PACK(0xF0B4), PACK(0xF176), ++ PACK(0xF438), PACK(0xF5FA), PACK(0xF7BC), PACK(0xF67E), ++ PACK(0xD940), PACK(0xD882), PACK(0xDAC4), PACK(0xDB06), ++ PACK(0xDE48), PACK(0xDF8A), PACK(0xDDCC), PACK(0xDC0E), ++ PACK(0xD750), PACK(0xD692), PACK(0xD4D4), PACK(0xD516), ++ PACK(0xD058), PACK(0xD19A), PACK(0xD3DC), PACK(0xD21E), ++ PACK(0xC560), PACK(0xC4A2), PACK(0xC6E4), PACK(0xC726), ++ PACK(0xC268), PACK(0xC3AA), PACK(0xC1EC), PACK(0xC02E), ++ PACK(0xCB70), PACK(0xCAB2), PACK(0xC8F4), PACK(0xC936), ++ PACK(0xCC78), PACK(0xCDBA), PACK(0xCFFC), PACK(0xCE3E), ++ PACK(0x9180), PACK(0x9042), PACK(0x9204), PACK(0x93C6), ++ PACK(0x9688), PACK(0x974A), PACK(0x950C), PACK(0x94CE), ++ PACK(0x9F90), PACK(0x9E52), PACK(0x9C14), PACK(0x9DD6), ++ PACK(0x9898), PACK(0x995A), PACK(0x9B1C), PACK(0x9ADE), ++ PACK(0x8DA0), PACK(0x8C62), PACK(0x8E24), PACK(0x8FE6), ++ PACK(0x8AA8), PACK(0x8B6A), PACK(0x892C), PACK(0x88EE), ++ PACK(0x83B0), PACK(0x8272), PACK(0x8034), PACK(0x81F6), ++ PACK(0x84B8), PACK(0x857A), PACK(0x873C), PACK(0x86FE), ++ PACK(0xA9C0), PACK(0xA802), PACK(0xAA44), PACK(0xAB86), ++ PACK(0xAEC8), PACK(0xAF0A), PACK(0xAD4C), PACK(0xAC8E), ++ PACK(0xA7D0), PACK(0xA612), PACK(0xA454), PACK(0xA596), ++ PACK(0xA0D8), PACK(0xA11A), PACK(0xA35C), PACK(0xA29E), ++ PACK(0xB5E0), PACK(0xB422), PACK(0xB664), PACK(0xB7A6), ++ PACK(0xB2E8), PACK(0xB32A), PACK(0xB16C), PACK(0xB0AE), ++ PACK(0xBBF0), PACK(0xBA32), PACK(0xB874), PACK(0xB9B6), ++ PACK(0xBCF8), PACK(0xBD3A), PACK(0xBF7C), PACK(0xBEBE) ++ }; ++ ++ while (1) { ++ Z.hi ^= Htable[n].hi; ++ Z.lo ^= Htable[n].lo; ++ ++ if ((u8 *)Xi == xi) ++ break; ++ ++ n = *(--xi); ++ ++ rem = (size_t)Z.lo & 0xff; ++ Z.lo = (Z.hi << 56) | (Z.lo >> 8); ++ Z.hi = (Z.hi >> 8); ++ if (sizeof(size_t) == 8) ++ Z.hi ^= rem_8bit[rem]; ++ else ++ Z.hi ^= (u64)rem_8bit[rem] << 32; ++ } ++ ++ if (is_endian.little) { ++# ifdef BSWAP8 ++ Xi[0] = BSWAP8(Z.hi); ++ Xi[1] = BSWAP8(Z.lo); ++# else ++ u8 *p = (u8 *)Xi; ++ u32 v; ++ v = (u32)(Z.hi >> 32); ++ PUTU32(p, v); ++ v = (u32)(Z.hi); ++ PUTU32(p + 4, v); ++ v = (u32)(Z.lo >> 32); ++ PUTU32(p + 8, v); ++ v = (u32)(Z.lo); ++ PUTU32(p + 12, v); ++# endif ++ } else { ++ Xi[0] = Z.hi; ++ Xi[1] = Z.lo; ++ } ++} ++ ++# define GCM_MUL(ctx,Xi) gcm_gmult_8bit(ctx->Xi.u,ctx->Htable) ++ ++#elif TABLE_BITS==4 ++ ++static void gcm_init_4bit(u128 Htable[16], u64 H[2]) ++{ ++ u128 V; ++# if defined(OPENSSL_SMALL_FOOTPRINT) ++ int i; ++# endif ++ ++ Htable[0].hi = 0; ++ Htable[0].lo = 0; ++ V.hi = H[0]; ++ V.lo = H[1]; ++ ++# if defined(OPENSSL_SMALL_FOOTPRINT) ++ for (Htable[8] = V, i = 4; i > 0; i >>= 1) { ++ REDUCE1BIT(V); ++ Htable[i] = V; ++ } ++ ++ for (i = 2; i < 16; i <<= 1) { ++ u128 *Hi = Htable + i; ++ int j; ++ for (V = *Hi, j = 1; j < i; ++j) { ++ Hi[j].hi = V.hi ^ Htable[j].hi; ++ Hi[j].lo = V.lo ^ Htable[j].lo; ++ } ++ } ++# else ++ Htable[8] = V; ++ REDUCE1BIT(V); ++ Htable[4] = V; ++ REDUCE1BIT(V); ++ Htable[2] = V; ++ REDUCE1BIT(V); ++ Htable[1] = V; ++ Htable[3].hi = V.hi ^ Htable[2].hi, Htable[3].lo = V.lo ^ Htable[2].lo; ++ V = Htable[4]; ++ Htable[5].hi = V.hi ^ Htable[1].hi, Htable[5].lo = V.lo ^ Htable[1].lo; ++ Htable[6].hi = V.hi ^ Htable[2].hi, Htable[6].lo = V.lo ^ Htable[2].lo; ++ Htable[7].hi = V.hi ^ Htable[3].hi, Htable[7].lo = V.lo ^ Htable[3].lo; ++ V = Htable[8]; ++ Htable[9].hi = V.hi ^ Htable[1].hi, Htable[9].lo = V.lo ^ Htable[1].lo; ++ Htable[10].hi = V.hi ^ Htable[2].hi, Htable[10].lo = V.lo ^ Htable[2].lo; ++ Htable[11].hi = V.hi ^ Htable[3].hi, Htable[11].lo = V.lo ^ Htable[3].lo; ++ Htable[12].hi = V.hi ^ Htable[4].hi, Htable[12].lo = V.lo ^ Htable[4].lo; ++ Htable[13].hi = V.hi ^ Htable[5].hi, Htable[13].lo = V.lo ^ Htable[5].lo; ++ Htable[14].hi = V.hi ^ Htable[6].hi, Htable[14].lo = V.lo ^ Htable[6].lo; ++ Htable[15].hi = V.hi ^ Htable[7].hi, Htable[15].lo = V.lo ^ Htable[7].lo; ++# endif ++# if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm)) ++ /* ++ * ARM assembler expects specific dword order in Htable. ++ */ ++ { ++ int j; ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++ if (is_endian.little) ++ for (j = 0; j < 16; ++j) { ++ V = Htable[j]; ++ Htable[j].hi = V.lo; ++ Htable[j].lo = V.hi; ++ } else ++ for (j = 0; j < 16; ++j) { ++ V = Htable[j]; ++ Htable[j].hi = V.lo << 32 | V.lo >> 32; ++ Htable[j].lo = V.hi << 32 | V.hi >> 32; ++ } ++ } ++# endif ++} ++ ++# ifndef GHASH_ASM ++static const size_t rem_4bit[16] = { ++ PACK(0x0000), PACK(0x1C20), PACK(0x3840), PACK(0x2460), ++ PACK(0x7080), PACK(0x6CA0), PACK(0x48C0), PACK(0x54E0), ++ PACK(0xE100), PACK(0xFD20), PACK(0xD940), PACK(0xC560), ++ PACK(0x9180), PACK(0x8DA0), PACK(0xA9C0), PACK(0xB5E0) ++}; ++ ++static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) ++{ ++ u128 Z; ++ int cnt = 15; ++ size_t rem, nlo, nhi; ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++ nlo = ((const u8 *)Xi)[15]; ++ nhi = nlo >> 4; ++ nlo &= 0xf; ++ ++ Z.hi = Htable[nlo].hi; ++ Z.lo = Htable[nlo].lo; ++ ++ while (1) { ++ rem = (size_t)Z.lo & 0xf; ++ Z.lo = (Z.hi << 60) | (Z.lo >> 4); ++ Z.hi = (Z.hi >> 4); ++ if (sizeof(size_t) == 8) ++ Z.hi ^= rem_4bit[rem]; ++ else ++ Z.hi ^= (u64)rem_4bit[rem] << 32; ++ ++ Z.hi ^= Htable[nhi].hi; ++ Z.lo ^= Htable[nhi].lo; ++ ++ if (--cnt < 0) ++ break; ++ ++ nlo = ((const u8 *)Xi)[cnt]; ++ nhi = nlo >> 4; ++ nlo &= 0xf; ++ ++ rem = (size_t)Z.lo & 0xf; ++ Z.lo = (Z.hi << 60) | (Z.lo >> 4); ++ Z.hi = (Z.hi >> 4); ++ if (sizeof(size_t) == 8) ++ Z.hi ^= rem_4bit[rem]; ++ else ++ Z.hi ^= (u64)rem_4bit[rem] << 32; ++ ++ Z.hi ^= Htable[nlo].hi; ++ Z.lo ^= Htable[nlo].lo; ++ } ++ ++ if (is_endian.little) { ++# ifdef BSWAP8 ++ Xi[0] = BSWAP8(Z.hi); ++ Xi[1] = BSWAP8(Z.lo); ++# else ++ u8 *p = (u8 *)Xi; ++ u32 v; ++ v = (u32)(Z.hi >> 32); ++ PUTU32(p, v); ++ v = (u32)(Z.hi); ++ PUTU32(p + 4, v); ++ v = (u32)(Z.lo >> 32); ++ PUTU32(p + 8, v); ++ v = (u32)(Z.lo); ++ PUTU32(p + 12, v); ++# endif ++ } else { ++ Xi[0] = Z.hi; ++ Xi[1] = Z.lo; ++ } ++} ++ ++# if !defined(OPENSSL_SMALL_FOOTPRINT) ++/* ++ * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for ++ * details... Compiler-generated code doesn't seem to give any ++ * performance improvement, at least not on x86[_64]. It's here ++ * mostly as reference and a placeholder for possible future ++ * non-trivial optimization[s]... ++ */ ++static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], ++ const u8 *inp, size_t len) ++{ ++ u128 Z; ++ int cnt; ++ size_t rem, nlo, nhi; ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++# if 1 ++ do { ++ cnt = 15; ++ nlo = ((const u8 *)Xi)[15]; ++ nlo ^= inp[15]; ++ nhi = nlo >> 4; ++ nlo &= 0xf; ++ ++ Z.hi = Htable[nlo].hi; ++ Z.lo = Htable[nlo].lo; ++ ++ while (1) { ++ rem = (size_t)Z.lo & 0xf; ++ Z.lo = (Z.hi << 60) | (Z.lo >> 4); ++ Z.hi = (Z.hi >> 4); ++ if (sizeof(size_t) == 8) ++ Z.hi ^= rem_4bit[rem]; ++ else ++ Z.hi ^= (u64)rem_4bit[rem] << 32; ++ ++ Z.hi ^= Htable[nhi].hi; ++ Z.lo ^= Htable[nhi].lo; ++ ++ if (--cnt < 0) ++ break; ++ ++ nlo = ((const u8 *)Xi)[cnt]; ++ nlo ^= inp[cnt]; ++ nhi = nlo >> 4; ++ nlo &= 0xf; ++ ++ rem = (size_t)Z.lo & 0xf; ++ Z.lo = (Z.hi << 60) | (Z.lo >> 4); ++ Z.hi = (Z.hi >> 4); ++ if (sizeof(size_t) == 8) ++ Z.hi ^= rem_4bit[rem]; ++ else ++ Z.hi ^= (u64)rem_4bit[rem] << 32; ++ ++ Z.hi ^= Htable[nlo].hi; ++ Z.lo ^= Htable[nlo].lo; ++ } ++# else ++ /* ++ * Extra 256+16 bytes per-key plus 512 bytes shared tables ++ * [should] give ~50% improvement... One could have PACK()-ed ++ * the rem_8bit even here, but the priority is to minimize ++ * cache footprint... ++ */ ++ u128 Hshr4[16]; /* Htable shifted right by 4 bits */ ++ u8 Hshl4[16]; /* Htable shifted left by 4 bits */ ++ static const unsigned short rem_8bit[256] = { ++ 0x0000, 0x01C2, 0x0384, 0x0246, 0x0708, 0x06CA, 0x048C, 0x054E, ++ 0x0E10, 0x0FD2, 0x0D94, 0x0C56, 0x0918, 0x08DA, 0x0A9C, 0x0B5E, ++ 0x1C20, 0x1DE2, 0x1FA4, 0x1E66, 0x1B28, 0x1AEA, 0x18AC, 0x196E, ++ 0x1230, 0x13F2, 0x11B4, 0x1076, 0x1538, 0x14FA, 0x16BC, 0x177E, ++ 0x3840, 0x3982, 0x3BC4, 0x3A06, 0x3F48, 0x3E8A, 0x3CCC, 0x3D0E, ++ 0x3650, 0x3792, 0x35D4, 0x3416, 0x3158, 0x309A, 0x32DC, 0x331E, ++ 0x2460, 0x25A2, 0x27E4, 0x2626, 0x2368, 0x22AA, 0x20EC, 0x212E, ++ 0x2A70, 0x2BB2, 0x29F4, 0x2836, 0x2D78, 0x2CBA, 0x2EFC, 0x2F3E, ++ 0x7080, 0x7142, 0x7304, 0x72C6, 0x7788, 0x764A, 0x740C, 0x75CE, ++ 0x7E90, 0x7F52, 0x7D14, 0x7CD6, 0x7998, 0x785A, 0x7A1C, 0x7BDE, ++ 0x6CA0, 0x6D62, 0x6F24, 0x6EE6, 0x6BA8, 0x6A6A, 0x682C, 0x69EE, ++ 0x62B0, 0x6372, 0x6134, 0x60F6, 0x65B8, 0x647A, 0x663C, 0x67FE, ++ 0x48C0, 0x4902, 0x4B44, 0x4A86, 0x4FC8, 0x4E0A, 0x4C4C, 0x4D8E, ++ 0x46D0, 0x4712, 0x4554, 0x4496, 0x41D8, 0x401A, 0x425C, 0x439E, ++ 0x54E0, 0x5522, 0x5764, 0x56A6, 0x53E8, 0x522A, 0x506C, 0x51AE, ++ 0x5AF0, 0x5B32, 0x5974, 0x58B6, 0x5DF8, 0x5C3A, 0x5E7C, 0x5FBE, ++ 0xE100, 0xE0C2, 0xE284, 0xE346, 0xE608, 0xE7CA, 0xE58C, 0xE44E, ++ 0xEF10, 0xEED2, 0xEC94, 0xED56, 0xE818, 0xE9DA, 0xEB9C, 0xEA5E, ++ 0xFD20, 0xFCE2, 0xFEA4, 0xFF66, 0xFA28, 0xFBEA, 0xF9AC, 0xF86E, ++ 0xF330, 0xF2F2, 0xF0B4, 0xF176, 0xF438, 0xF5FA, 0xF7BC, 0xF67E, ++ 0xD940, 0xD882, 0xDAC4, 0xDB06, 0xDE48, 0xDF8A, 0xDDCC, 0xDC0E, ++ 0xD750, 0xD692, 0xD4D4, 0xD516, 0xD058, 0xD19A, 0xD3DC, 0xD21E, ++ 0xC560, 0xC4A2, 0xC6E4, 0xC726, 0xC268, 0xC3AA, 0xC1EC, 0xC02E, ++ 0xCB70, 0xCAB2, 0xC8F4, 0xC936, 0xCC78, 0xCDBA, 0xCFFC, 0xCE3E, ++ 0x9180, 0x9042, 0x9204, 0x93C6, 0x9688, 0x974A, 0x950C, 0x94CE, ++ 0x9F90, 0x9E52, 0x9C14, 0x9DD6, 0x9898, 0x995A, 0x9B1C, 0x9ADE, ++ 0x8DA0, 0x8C62, 0x8E24, 0x8FE6, 0x8AA8, 0x8B6A, 0x892C, 0x88EE, ++ 0x83B0, 0x8272, 0x8034, 0x81F6, 0x84B8, 0x857A, 0x873C, 0x86FE, ++ 0xA9C0, 0xA802, 0xAA44, 0xAB86, 0xAEC8, 0xAF0A, 0xAD4C, 0xAC8E, ++ 0xA7D0, 0xA612, 0xA454, 0xA596, 0xA0D8, 0xA11A, 0xA35C, 0xA29E, ++ 0xB5E0, 0xB422, 0xB664, 0xB7A6, 0xB2E8, 0xB32A, 0xB16C, 0xB0AE, ++ 0xBBF0, 0xBA32, 0xB874, 0xB9B6, 0xBCF8, 0xBD3A, 0xBF7C, 0xBEBE ++ }; ++ /* ++ * This pre-processing phase slows down procedure by approximately ++ * same time as it makes each loop spin faster. In other words ++ * single block performance is approximately same as straightforward ++ * "4-bit" implementation, and then it goes only faster... ++ */ ++ for (cnt = 0; cnt < 16; ++cnt) { ++ Z.hi = Htable[cnt].hi; ++ Z.lo = Htable[cnt].lo; ++ Hshr4[cnt].lo = (Z.hi << 60) | (Z.lo >> 4); ++ Hshr4[cnt].hi = (Z.hi >> 4); ++ Hshl4[cnt] = (u8)(Z.lo << 4); ++ } ++ ++ do { ++ for (Z.lo = 0, Z.hi = 0, cnt = 15; cnt; --cnt) { ++ nlo = ((const u8 *)Xi)[cnt]; ++ nlo ^= inp[cnt]; ++ nhi = nlo >> 4; ++ nlo &= 0xf; ++ ++ Z.hi ^= Htable[nlo].hi; ++ Z.lo ^= Htable[nlo].lo; ++ ++ rem = (size_t)Z.lo & 0xff; ++ ++ Z.lo = (Z.hi << 56) | (Z.lo >> 8); ++ Z.hi = (Z.hi >> 8); ++ ++ Z.hi ^= Hshr4[nhi].hi; ++ Z.lo ^= Hshr4[nhi].lo; ++ Z.hi ^= (u64)rem_8bit[rem ^ Hshl4[nhi]] << 48; ++ } ++ ++ nlo = ((const u8 *)Xi)[0]; ++ nlo ^= inp[0]; ++ nhi = nlo >> 4; ++ nlo &= 0xf; ++ ++ Z.hi ^= Htable[nlo].hi; ++ Z.lo ^= Htable[nlo].lo; ++ ++ rem = (size_t)Z.lo & 0xf; ++ ++ Z.lo = (Z.hi << 60) | (Z.lo >> 4); ++ Z.hi = (Z.hi >> 4); ++ ++ Z.hi ^= Htable[nhi].hi; ++ Z.lo ^= Htable[nhi].lo; ++ Z.hi ^= ((u64)rem_8bit[rem << 4]) << 48; ++# endif ++ ++ if (is_endian.little) { ++# ifdef BSWAP8 ++ Xi[0] = BSWAP8(Z.hi); ++ Xi[1] = BSWAP8(Z.lo); ++# else ++ u8 *p = (u8 *)Xi; ++ u32 v; ++ v = (u32)(Z.hi >> 32); ++ PUTU32(p, v); ++ v = (u32)(Z.hi); ++ PUTU32(p + 4, v); ++ v = (u32)(Z.lo >> 32); ++ PUTU32(p + 8, v); ++ v = (u32)(Z.lo); ++ PUTU32(p + 12, v); ++# endif ++ } else { ++ Xi[0] = Z.hi; ++ Xi[1] = Z.lo; ++ } ++ } while (inp += 16, len -= 16); ++} ++# endif ++# else ++void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]); ++void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++# endif ++ ++# define GCM_MUL(ctx,Xi) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable) ++# if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT) ++# define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len) ++/* ++ * GHASH_CHUNK is "stride parameter" missioned to mitigate cache trashing ++ * effect. In other words idea is to hash data while it's still in L1 cache ++ * after encryption pass... ++ */ ++# define GHASH_CHUNK (3*1024) ++# endif ++ ++#else /* TABLE_BITS */ ++ ++static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) ++{ ++ u128 V, Z = { 0, 0 }; ++ long X; ++ int i, j; ++ const long *xi = (const long *)Xi; ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++ V.hi = H[0]; /* H is in host byte order, no byte swapping */ ++ V.lo = H[1]; ++ ++ for (j = 0; j < 16 / sizeof(long); ++j) { ++ if (is_endian.little) { ++ if (sizeof(long) == 8) { ++# ifdef BSWAP8 ++ X = (long)(BSWAP8(xi[j])); ++# else ++ const u8 *p = (const u8 *)(xi + j); ++ X = (long)((u64)GETU32(p) << 32 | GETU32(p + 4)); ++# endif ++ } else { ++ const u8 *p = (const u8 *)(xi + j); ++ X = (long)GETU32(p); ++ } ++ } else ++ X = xi[j]; ++ ++ for (i = 0; i < 8 * sizeof(long); ++i, X <<= 1) { ++ u64 M = (u64)(X >> (8 * sizeof(long) - 1)); ++ Z.hi ^= V.hi & M; ++ Z.lo ^= V.lo & M; ++ ++ REDUCE1BIT(V); ++ } ++ } ++ ++ if (is_endian.little) { ++# ifdef BSWAP8 ++ Xi[0] = BSWAP8(Z.hi); ++ Xi[1] = BSWAP8(Z.lo); ++# else ++ u8 *p = (u8 *)Xi; ++ u32 v; ++ v = (u32)(Z.hi >> 32); ++ PUTU32(p, v); ++ v = (u32)(Z.hi); ++ PUTU32(p + 4, v); ++ v = (u32)(Z.lo >> 32); ++ PUTU32(p + 8, v); ++ v = (u32)(Z.lo); ++ PUTU32(p + 12, v); ++# endif ++ } else { ++ Xi[0] = Z.hi; ++ Xi[1] = Z.lo; ++ } ++} ++ ++# define GCM_MUL(ctx,Xi) gcm_gmult_1bit(ctx->Xi.u,ctx->H.u) ++ ++#endif ++ ++#if TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ)) ++# if !defined(I386_ONLY) && \ ++ (defined(__i386) || defined(__i386__) || \ ++ defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) ++# define GHASH_ASM_X86_OR_64 ++# define GCM_FUNCREF_4BIT ++extern unsigned int OPENSSL_ia32cap_P[]; ++ ++void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]); ++void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]); ++void gcm_ghash_clmul(u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++ ++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) ++# define gcm_init_avx gcm_init_clmul ++# define gcm_gmult_avx gcm_gmult_clmul ++# define gcm_ghash_avx gcm_ghash_clmul ++# else ++void gcm_init_avx(u128 Htable[16], const u64 Xi[2]); ++void gcm_gmult_avx(u64 Xi[2], const u128 Htable[16]); ++void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++# endif ++ ++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) ++# define GHASH_ASM_X86 ++void gcm_gmult_4bit_mmx(u64 Xi[2], const u128 Htable[16]); ++void gcm_ghash_4bit_mmx(u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++ ++void gcm_gmult_4bit_x86(u64 Xi[2], const u128 Htable[16]); ++void gcm_ghash_4bit_x86(u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++# endif ++# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) ++# include "arm_arch.h" ++# if __ARM_MAX_ARCH__>=7 ++# define GHASH_ASM_ARM ++# define GCM_FUNCREF_4BIT ++# define PMULL_CAPABLE (OPENSSL_armcap_P & ARMV8_PMULL) ++# if defined(__arm__) || defined(__arm) ++# define NEON_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) ++# endif ++void gcm_init_neon(u128 Htable[16], const u64 Xi[2]); ++void gcm_gmult_neon(u64 Xi[2], const u128 Htable[16]); ++void gcm_ghash_neon(u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++void gcm_init_v8(u128 Htable[16], const u64 Xi[2]); ++void gcm_gmult_v8(u64 Xi[2], const u128 Htable[16]); ++void gcm_ghash_v8(u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++# endif ++# elif defined(__sparc__) || defined(__sparc) ++# include "sparc_arch.h" ++# define GHASH_ASM_SPARC ++# define GCM_FUNCREF_4BIT ++extern unsigned int OPENSSL_sparcv9cap_P[]; ++void gcm_init_vis3(u128 Htable[16], const u64 Xi[2]); ++void gcm_gmult_vis3(u64 Xi[2], const u128 Htable[16]); ++void gcm_ghash_vis3(u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++# elif defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) ++# include "ppc_arch.h" ++# define GHASH_ASM_PPC ++# define GCM_FUNCREF_4BIT ++void gcm_init_p8(u128 Htable[16], const u64 Xi[2]); ++void gcm_gmult_p8(u64 Xi[2], const u128 Htable[16]); ++void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++# endif ++#endif ++ ++#ifdef GCM_FUNCREF_4BIT ++# undef GCM_MUL ++# define GCM_MUL(ctx,Xi) (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable) ++# ifdef GHASH ++# undef GHASH ++# define GHASH(ctx,in,len) (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len) ++# endif ++#endif ++ ++void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++ memset(ctx, 0, sizeof(*ctx)); ++ ctx->block = block; ++ ctx->key = key; ++ ++ (*block) (ctx->H.c, ctx->H.c, key); ++ ++ if (is_endian.little) { ++ /* H is stored in host byte order */ ++#ifdef BSWAP8 ++ ctx->H.u[0] = BSWAP8(ctx->H.u[0]); ++ ctx->H.u[1] = BSWAP8(ctx->H.u[1]); ++#else ++ u8 *p = ctx->H.c; ++ u64 hi, lo; ++ hi = (u64)GETU32(p) << 32 | GETU32(p + 4); ++ lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12); ++ ctx->H.u[0] = hi; ++ ctx->H.u[1] = lo; ++#endif ++ } ++#if TABLE_BITS==8 ++ gcm_init_8bit(ctx->Htable, ctx->H.u); ++#elif TABLE_BITS==4 ++# if defined(GHASH_ASM_X86_OR_64) ++# if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) ++ if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */ ++ OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */ ++ if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */ ++ gcm_init_avx(ctx->Htable, ctx->H.u); ++ ctx->gmult = gcm_gmult_avx; ++ ctx->ghash = gcm_ghash_avx; ++ } else { ++ gcm_init_clmul(ctx->Htable, ctx->H.u); ++ ctx->gmult = gcm_gmult_clmul; ++ ctx->ghash = gcm_ghash_clmul; ++ } ++ return; ++ } ++# endif ++ gcm_init_4bit(ctx->Htable, ctx->H.u); ++# if defined(GHASH_ASM_X86) /* x86 only */ ++# if defined(OPENSSL_IA32_SSE2) ++ if (OPENSSL_ia32cap_P[0] & (1 << 25)) { /* check SSE bit */ ++# else ++ if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */ ++# endif ++ ctx->gmult = gcm_gmult_4bit_mmx; ++ ctx->ghash = gcm_ghash_4bit_mmx; ++ } else { ++ ctx->gmult = gcm_gmult_4bit_x86; ++ ctx->ghash = gcm_ghash_4bit_x86; ++ } ++# else ++ ctx->gmult = gcm_gmult_4bit; ++ ctx->ghash = gcm_ghash_4bit; ++# endif ++# elif defined(GHASH_ASM_ARM) ++# ifdef PMULL_CAPABLE ++ if (PMULL_CAPABLE) { ++ gcm_init_v8(ctx->Htable, ctx->H.u); ++ ctx->gmult = gcm_gmult_v8; ++ ctx->ghash = gcm_ghash_v8; ++ } else ++# endif ++# ifdef NEON_CAPABLE ++ if (NEON_CAPABLE) { ++ gcm_init_neon(ctx->Htable, ctx->H.u); ++ ctx->gmult = gcm_gmult_neon; ++ ctx->ghash = gcm_ghash_neon; ++ } else ++# endif ++ { ++ gcm_init_4bit(ctx->Htable, ctx->H.u); ++ ctx->gmult = gcm_gmult_4bit; ++# if defined(GHASH) ++ ctx->ghash = gcm_ghash_4bit; ++# else ++ ctx->ghash = NULL; ++# endif ++ } ++# elif defined(GHASH_ASM_SPARC) ++ if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) { ++ gcm_init_vis3(ctx->Htable, ctx->H.u); ++ ctx->gmult = gcm_gmult_vis3; ++ ctx->ghash = gcm_ghash_vis3; ++ } else { ++ gcm_init_4bit(ctx->Htable, ctx->H.u); ++ ctx->gmult = gcm_gmult_4bit; ++ ctx->ghash = gcm_ghash_4bit; ++ } ++# elif defined(GHASH_ASM_PPC) ++ if (OPENSSL_ppccap_P & PPC_CRYPTO207) { ++ gcm_init_p8(ctx->Htable, ctx->H.u); ++ ctx->gmult = gcm_gmult_p8; ++ ctx->ghash = gcm_ghash_p8; ++ } else { ++ gcm_init_4bit(ctx->Htable, ctx->H.u); ++ ctx->gmult = gcm_gmult_4bit; ++# if defined(GHASH) ++ ctx->ghash = gcm_ghash_4bit; ++# else ++ ctx->ghash = NULL; ++# endif ++ } ++# else ++ gcm_init_4bit(ctx->Htable, ctx->H.u); ++# endif ++#endif ++} ++ ++void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, ++ size_t len) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ unsigned int ctr; ++#ifdef GCM_FUNCREF_4BIT ++ void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; ++#endif ++ ++ ctx->Yi.u[0] = 0; ++ ctx->Yi.u[1] = 0; ++ ctx->Xi.u[0] = 0; ++ ctx->Xi.u[1] = 0; ++ ctx->len.u[0] = 0; /* AAD length */ ++ ctx->len.u[1] = 0; /* message length */ ++ ctx->ares = 0; ++ ctx->mres = 0; ++ ++ if (len == 12) { ++ memcpy(ctx->Yi.c, iv, 12); ++ ctx->Yi.c[15] = 1; ++ ctr = 1; ++ } else { ++ size_t i; ++ u64 len0 = len; ++ ++ while (len >= 16) { ++ for (i = 0; i < 16; ++i) ++ ctx->Yi.c[i] ^= iv[i]; ++ GCM_MUL(ctx, Yi); ++ iv += 16; ++ len -= 16; ++ } ++ if (len) { ++ for (i = 0; i < len; ++i) ++ ctx->Yi.c[i] ^= iv[i]; ++ GCM_MUL(ctx, Yi); ++ } ++ len0 <<= 3; ++ if (is_endian.little) { ++#ifdef BSWAP8 ++ ctx->Yi.u[1] ^= BSWAP8(len0); ++#else ++ ctx->Yi.c[8] ^= (u8)(len0 >> 56); ++ ctx->Yi.c[9] ^= (u8)(len0 >> 48); ++ ctx->Yi.c[10] ^= (u8)(len0 >> 40); ++ ctx->Yi.c[11] ^= (u8)(len0 >> 32); ++ ctx->Yi.c[12] ^= (u8)(len0 >> 24); ++ ctx->Yi.c[13] ^= (u8)(len0 >> 16); ++ ctx->Yi.c[14] ^= (u8)(len0 >> 8); ++ ctx->Yi.c[15] ^= (u8)(len0); ++#endif ++ } else ++ ctx->Yi.u[1] ^= len0; ++ ++ GCM_MUL(ctx, Yi); ++ ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctr = BSWAP4(ctx->Yi.d[3]); ++#else ++ ctr = GETU32(ctx->Yi.c + 12); ++#endif ++ else ++ ctr = ctx->Yi.d[3]; ++ } ++ ++ (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key); ++ ++ctr; ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++#else ++ PUTU32(ctx->Yi.c + 12, ctr); ++#endif ++ else ++ ctx->Yi.d[3] = ctr; ++} ++ ++int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, ++ size_t len) ++{ ++ size_t i; ++ unsigned int n; ++ u64 alen = ctx->len.u[0]; ++#ifdef GCM_FUNCREF_4BIT ++ void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; ++# ifdef GHASH ++ void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], ++ const u8 *inp, size_t len) = ctx->ghash; ++# endif ++#endif ++ ++ if (ctx->len.u[1]) ++ return -2; ++ ++ alen += len; ++ if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len)) ++ return -1; ++ ctx->len.u[0] = alen; ++ ++ n = ctx->ares; ++ if (n) { ++ while (n && len) { ++ ctx->Xi.c[n] ^= *(aad++); ++ --len; ++ n = (n + 1) % 16; ++ } ++ if (n == 0) ++ GCM_MUL(ctx, Xi); ++ else { ++ ctx->ares = n; ++ return 0; ++ } ++ } ++#ifdef GHASH ++ if ((i = (len & (size_t)-16))) { ++ GHASH(ctx, aad, i); ++ aad += i; ++ len -= i; ++ } ++#else ++ while (len >= 16) { ++ for (i = 0; i < 16; ++i) ++ ctx->Xi.c[i] ^= aad[i]; ++ GCM_MUL(ctx, Xi); ++ aad += 16; ++ len -= 16; ++ } ++#endif ++ if (len) { ++ n = (unsigned int)len; ++ for (i = 0; i < len; ++i) ++ ctx->Xi.c[i] ^= aad[i]; ++ } ++ ++ ctx->ares = n; ++ return 0; ++} ++ ++int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, ++ const unsigned char *in, unsigned char *out, ++ size_t len) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ unsigned int n, ctr; ++ size_t i; ++ u64 mlen = ctx->len.u[1]; ++ block128_f block = ctx->block; ++ void *key = ctx->key; ++#ifdef GCM_FUNCREF_4BIT ++ void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; ++# ifdef GHASH ++ void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], ++ const u8 *inp, size_t len) = ctx->ghash; ++# endif ++#endif ++ ++#if 0 ++ n = (unsigned int)mlen % 16; /* alternative to ctx->mres */ ++#endif ++ mlen += len; ++ if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) ++ return -1; ++ ctx->len.u[1] = mlen; ++ ++ if (ctx->ares) { ++ /* First call to encrypt finalizes GHASH(AAD) */ ++ GCM_MUL(ctx, Xi); ++ ctx->ares = 0; ++ } ++ ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctr = BSWAP4(ctx->Yi.d[3]); ++#else ++ ctr = GETU32(ctx->Yi.c + 12); ++#endif ++ else ++ ctr = ctx->Yi.d[3]; ++ ++ n = ctx->mres; ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++ if (16 % sizeof(size_t) == 0) { /* always true actually */ ++ do { ++ if (n) { ++ while (n && len) { ++ ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; ++ --len; ++ n = (n + 1) % 16; ++ } ++ if (n == 0) ++ GCM_MUL(ctx, Xi); ++ else { ++ ctx->mres = n; ++ return 0; ++ } ++ } ++# if defined(STRICT_ALIGNMENT) ++ if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) ++ break; ++# endif ++# if defined(GHASH) && defined(GHASH_CHUNK) ++ while (len >= GHASH_CHUNK) { ++ size_t j = GHASH_CHUNK; ++ ++ while (j) { ++ size_t *out_t = (size_t *)out; ++ const size_t *in_t = (const size_t *)in; ++ ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ for (i = 0; i < 16 / sizeof(size_t); ++i) ++ out_t[i] = in_t[i] ^ ctx->EKi.t[i]; ++ out += 16; ++ in += 16; ++ j -= 16; ++ } ++ GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK); ++ len -= GHASH_CHUNK; ++ } ++ if ((i = (len & (size_t)-16))) { ++ size_t j = i; ++ ++ while (len >= 16) { ++ size_t *out_t = (size_t *)out; ++ const size_t *in_t = (const size_t *)in; ++ ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ for (i = 0; i < 16 / sizeof(size_t); ++i) ++ out_t[i] = in_t[i] ^ ctx->EKi.t[i]; ++ out += 16; ++ in += 16; ++ len -= 16; ++ } ++ GHASH(ctx, out - j, j); ++ } ++# else ++ while (len >= 16) { ++ size_t *out_t = (size_t *)out; ++ const size_t *in_t = (const size_t *)in; ++ ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ for (i = 0; i < 16 / sizeof(size_t); ++i) ++ ctx->Xi.t[i] ^= out_t[i] = in_t[i] ^ ctx->EKi.t[i]; ++ GCM_MUL(ctx, Xi); ++ out += 16; ++ in += 16; ++ len -= 16; ++ } ++# endif ++ if (len) { ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ while (len--) { ++ ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n]; ++ ++n; ++ } ++ } ++ ++ ctx->mres = n; ++ return 0; ++ } while (0); ++ } ++#endif ++ for (i = 0; i < len; ++i) { ++ if (n == 0) { ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++#else ++ PUTU32(ctx->Yi.c + 12, ctr); ++#endif ++ else ++ ctx->Yi.d[3] = ctr; ++ } ++ ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n]; ++ n = (n + 1) % 16; ++ if (n == 0) ++ GCM_MUL(ctx, Xi); ++ } ++ ++ ctx->mres = n; ++ return 0; ++} ++ ++int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, ++ const unsigned char *in, unsigned char *out, ++ size_t len) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ unsigned int n, ctr; ++ size_t i; ++ u64 mlen = ctx->len.u[1]; ++ block128_f block = ctx->block; ++ void *key = ctx->key; ++#ifdef GCM_FUNCREF_4BIT ++ void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; ++# ifdef GHASH ++ void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], ++ const u8 *inp, size_t len) = ctx->ghash; ++# endif ++#endif ++ ++ mlen += len; ++ if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) ++ return -1; ++ ctx->len.u[1] = mlen; ++ ++ if (ctx->ares) { ++ /* First call to decrypt finalizes GHASH(AAD) */ ++ GCM_MUL(ctx, Xi); ++ ctx->ares = 0; ++ } ++ ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctr = BSWAP4(ctx->Yi.d[3]); ++#else ++ ctr = GETU32(ctx->Yi.c + 12); ++#endif ++ else ++ ctr = ctx->Yi.d[3]; ++ ++ n = ctx->mres; ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++ if (16 % sizeof(size_t) == 0) { /* always true actually */ ++ do { ++ if (n) { ++ while (n && len) { ++ u8 c = *(in++); ++ *(out++) = c ^ ctx->EKi.c[n]; ++ ctx->Xi.c[n] ^= c; ++ --len; ++ n = (n + 1) % 16; ++ } ++ if (n == 0) ++ GCM_MUL(ctx, Xi); ++ else { ++ ctx->mres = n; ++ return 0; ++ } ++ } ++# if defined(STRICT_ALIGNMENT) ++ if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) ++ break; ++# endif ++# if defined(GHASH) && defined(GHASH_CHUNK) ++ while (len >= GHASH_CHUNK) { ++ size_t j = GHASH_CHUNK; ++ ++ GHASH(ctx, in, GHASH_CHUNK); ++ while (j) { ++ size_t *out_t = (size_t *)out; ++ const size_t *in_t = (const size_t *)in; ++ ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ for (i = 0; i < 16 / sizeof(size_t); ++i) ++ out_t[i] = in_t[i] ^ ctx->EKi.t[i]; ++ out += 16; ++ in += 16; ++ j -= 16; ++ } ++ len -= GHASH_CHUNK; ++ } ++ if ((i = (len & (size_t)-16))) { ++ GHASH(ctx, in, i); ++ while (len >= 16) { ++ size_t *out_t = (size_t *)out; ++ const size_t *in_t = (const size_t *)in; ++ ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ for (i = 0; i < 16 / sizeof(size_t); ++i) ++ out_t[i] = in_t[i] ^ ctx->EKi.t[i]; ++ out += 16; ++ in += 16; ++ len -= 16; ++ } ++ } ++# else ++ while (len >= 16) { ++ size_t *out_t = (size_t *)out; ++ const size_t *in_t = (const size_t *)in; ++ ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ for (i = 0; i < 16 / sizeof(size_t); ++i) { ++ size_t c = in[i]; ++ out[i] = c ^ ctx->EKi.t[i]; ++ ctx->Xi.t[i] ^= c; ++ } ++ GCM_MUL(ctx, Xi); ++ out += 16; ++ in += 16; ++ len -= 16; ++ } ++# endif ++ if (len) { ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ while (len--) { ++ u8 c = in[n]; ++ ctx->Xi.c[n] ^= c; ++ out[n] = c ^ ctx->EKi.c[n]; ++ ++n; ++ } ++ } ++ ++ ctx->mres = n; ++ return 0; ++ } while (0); ++ } ++#endif ++ for (i = 0; i < len; ++i) { ++ u8 c; ++ if (n == 0) { ++ (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++#else ++ PUTU32(ctx->Yi.c + 12, ctr); ++#endif ++ else ++ ctx->Yi.d[3] = ctr; ++ } ++ c = in[i]; ++ out[i] = c ^ ctx->EKi.c[n]; ++ ctx->Xi.c[n] ^= c; ++ n = (n + 1) % 16; ++ if (n == 0) ++ GCM_MUL(ctx, Xi); ++ } ++ ++ ctx->mres = n; ++ return 0; ++} ++ ++int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, ++ const unsigned char *in, unsigned char *out, ++ size_t len, ctr128_f stream) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ unsigned int n, ctr; ++ size_t i; ++ u64 mlen = ctx->len.u[1]; ++ void *key = ctx->key; ++#ifdef GCM_FUNCREF_4BIT ++ void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; ++# ifdef GHASH ++ void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], ++ const u8 *inp, size_t len) = ctx->ghash; ++# endif ++#endif ++ ++ mlen += len; ++ if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) ++ return -1; ++ ctx->len.u[1] = mlen; ++ ++ if (ctx->ares) { ++ /* First call to encrypt finalizes GHASH(AAD) */ ++ GCM_MUL(ctx, Xi); ++ ctx->ares = 0; ++ } ++ ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctr = BSWAP4(ctx->Yi.d[3]); ++#else ++ ctr = GETU32(ctx->Yi.c + 12); ++#endif ++ else ++ ctr = ctx->Yi.d[3]; ++ ++ n = ctx->mres; ++ if (n) { ++ while (n && len) { ++ ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; ++ --len; ++ n = (n + 1) % 16; ++ } ++ if (n == 0) ++ GCM_MUL(ctx, Xi); ++ else { ++ ctx->mres = n; ++ return 0; ++ } ++ } ++#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) ++ while (len >= GHASH_CHUNK) { ++ (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ++ ctr += GHASH_CHUNK / 16; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ GHASH(ctx, out, GHASH_CHUNK); ++ out += GHASH_CHUNK; ++ in += GHASH_CHUNK; ++ len -= GHASH_CHUNK; ++ } ++#endif ++ if ((i = (len & (size_t)-16))) { ++ size_t j = i / 16; ++ ++ (*stream) (in, out, j, key, ctx->Yi.c); ++ ctr += (unsigned int)j; ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++#else ++ PUTU32(ctx->Yi.c + 12, ctr); ++#endif ++ else ++ ctx->Yi.d[3] = ctr; ++ in += i; ++ len -= i; ++#if defined(GHASH) ++ GHASH(ctx, out, i); ++ out += i; ++#else ++ while (j--) { ++ for (i = 0; i < 16; ++i) ++ ctx->Xi.c[i] ^= out[i]; ++ GCM_MUL(ctx, Xi); ++ out += 16; ++ } ++#endif ++ } ++ if (len) { ++ (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++#else ++ PUTU32(ctx->Yi.c + 12, ctr); ++#endif ++ else ++ ctx->Yi.d[3] = ctr; ++ while (len--) { ++ ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n]; ++ ++n; ++ } ++ } ++ ++ ctx->mres = n; ++ return 0; ++} ++ ++int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, ++ const unsigned char *in, unsigned char *out, ++ size_t len, ctr128_f stream) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ unsigned int n, ctr; ++ size_t i; ++ u64 mlen = ctx->len.u[1]; ++ void *key = ctx->key; ++#ifdef GCM_FUNCREF_4BIT ++ void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; ++# ifdef GHASH ++ void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], ++ const u8 *inp, size_t len) = ctx->ghash; ++# endif ++#endif ++ ++ mlen += len; ++ if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) ++ return -1; ++ ctx->len.u[1] = mlen; ++ ++ if (ctx->ares) { ++ /* First call to decrypt finalizes GHASH(AAD) */ ++ GCM_MUL(ctx, Xi); ++ ctx->ares = 0; ++ } ++ ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctr = BSWAP4(ctx->Yi.d[3]); ++#else ++ ctr = GETU32(ctx->Yi.c + 12); ++#endif ++ else ++ ctr = ctx->Yi.d[3]; ++ ++ n = ctx->mres; ++ if (n) { ++ while (n && len) { ++ u8 c = *(in++); ++ *(out++) = c ^ ctx->EKi.c[n]; ++ ctx->Xi.c[n] ^= c; ++ --len; ++ n = (n + 1) % 16; ++ } ++ if (n == 0) ++ GCM_MUL(ctx, Xi); ++ else { ++ ctx->mres = n; ++ return 0; ++ } ++ } ++#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) ++ while (len >= GHASH_CHUNK) { ++ GHASH(ctx, in, GHASH_CHUNK); ++ (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ++ ctr += GHASH_CHUNK / 16; ++ if (is_endian.little) ++# ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++# else ++ PUTU32(ctx->Yi.c + 12, ctr); ++# endif ++ else ++ ctx->Yi.d[3] = ctr; ++ out += GHASH_CHUNK; ++ in += GHASH_CHUNK; ++ len -= GHASH_CHUNK; ++ } ++#endif ++ if ((i = (len & (size_t)-16))) { ++ size_t j = i / 16; ++ ++#if defined(GHASH) ++ GHASH(ctx, in, i); ++#else ++ while (j--) { ++ size_t k; ++ for (k = 0; k < 16; ++k) ++ ctx->Xi.c[k] ^= in[k]; ++ GCM_MUL(ctx, Xi); ++ in += 16; ++ } ++ j = i / 16; ++ in -= i; ++#endif ++ (*stream) (in, out, j, key, ctx->Yi.c); ++ ctr += (unsigned int)j; ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++#else ++ PUTU32(ctx->Yi.c + 12, ctr); ++#endif ++ else ++ ctx->Yi.d[3] = ctr; ++ out += i; ++ in += i; ++ len -= i; ++ } ++ if (len) { ++ (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); ++ ++ctr; ++ if (is_endian.little) ++#ifdef BSWAP4 ++ ctx->Yi.d[3] = BSWAP4(ctr); ++#else ++ PUTU32(ctx->Yi.c + 12, ctr); ++#endif ++ else ++ ctx->Yi.d[3] = ctr; ++ while (len--) { ++ u8 c = in[n]; ++ ctx->Xi.c[n] ^= c; ++ out[n] = c ^ ctx->EKi.c[n]; ++ ++n; ++ } ++ } ++ ++ ctx->mres = n; ++ return 0; ++} ++ ++int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, ++ size_t len) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ u64 alen = ctx->len.u[0] << 3; ++ u64 clen = ctx->len.u[1] << 3; ++#ifdef GCM_FUNCREF_4BIT ++ void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; ++#endif ++ ++ if (ctx->mres || ctx->ares) ++ GCM_MUL(ctx, Xi); ++ ++ if (is_endian.little) { ++#ifdef BSWAP8 ++ alen = BSWAP8(alen); ++ clen = BSWAP8(clen); ++#else ++ u8 *p = ctx->len.c; ++ ++ ctx->len.u[0] = alen; ++ ctx->len.u[1] = clen; ++ ++ alen = (u64)GETU32(p) << 32 | GETU32(p + 4); ++ clen = (u64)GETU32(p + 8) << 32 | GETU32(p + 12); ++#endif ++ } ++ ++ ctx->Xi.u[0] ^= alen; ++ ctx->Xi.u[1] ^= clen; ++ GCM_MUL(ctx, Xi); ++ ++ ctx->Xi.u[0] ^= ctx->EK0.u[0]; ++ ctx->Xi.u[1] ^= ctx->EK0.u[1]; ++ ++ if (tag && len <= sizeof(ctx->Xi)) ++ return CRYPTO_memcmp(ctx->Xi.c, tag, len); ++ else ++ return -1; ++} ++ ++void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len) ++{ ++ CRYPTO_gcm128_finish(ctx, NULL, 0); ++ memcpy(tag, ctx->Xi.c, ++ len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c)); ++} ++ ++GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) ++{ ++ GCM128_CONTEXT *ret; ++ ++ if ((ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT)))) ++ CRYPTO_gcm128_init(ret, key, block); ++ ++ return ret; ++} ++ ++void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) ++{ ++ if (ctx) { ++ OPENSSL_cleanse(ctx, sizeof(*ctx)); ++ OPENSSL_free(ctx); ++ } ++} ++ ++#if defined(SELFTEST) ++# include ++# include ++ ++/* Test Case 1 */ ++static const u8 K1[16], *P1 = NULL, *A1 = NULL, IV1[12], *C1 = NULL; ++static const u8 T1[] = { ++ 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, ++ 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a ++}; ++ ++/* Test Case 2 */ ++# define K2 K1 ++# define A2 A1 ++# define IV2 IV1 ++static const u8 P2[16]; ++static const u8 C2[] = { ++ 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, ++ 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 ++}; ++ ++static const u8 T2[] = { ++ 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, ++ 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf ++}; ++ ++/* Test Case 3 */ ++# define A3 A2 ++static const u8 K3[] = { ++ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, ++ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 ++}; ++ ++static const u8 P3[] = { ++ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, ++ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, ++ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, ++ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, ++ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, ++ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, ++ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, ++ 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 ++}; ++ ++static const u8 IV3[] = { ++ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, ++ 0xde, 0xca, 0xf8, 0x88 ++}; ++ ++static const u8 C3[] = { ++ 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, ++ 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, ++ 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, ++ 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, ++ 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, ++ 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, ++ 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, ++ 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 ++}; ++ ++static const u8 T3[] = { ++ 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, ++ 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 ++}; ++ ++/* Test Case 4 */ ++# define K4 K3 ++# define IV4 IV3 ++static const u8 P4[] = { ++ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, ++ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, ++ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, ++ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, ++ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, ++ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, ++ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, ++ 0xba, 0x63, 0x7b, 0x39 ++}; ++ ++static const u8 A4[] = { ++ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, ++ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, ++ 0xab, 0xad, 0xda, 0xd2 ++}; ++ ++static const u8 C4[] = { ++ 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, ++ 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, ++ 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, ++ 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, ++ 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, ++ 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, ++ 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, ++ 0x3d, 0x58, 0xe0, 0x91 ++}; ++ ++static const u8 T4[] = { ++ 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, ++ 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 ++}; ++ ++/* Test Case 5 */ ++# define K5 K4 ++# define P5 P4 ++# define A5 A4 ++static const u8 IV5[] = { ++ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad ++}; ++ ++static const u8 C5[] = { ++ 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, ++ 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, ++ 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, ++ 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, ++ 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, ++ 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, ++ 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, ++ 0xc2, 0x3f, 0x45, 0x98 ++}; ++ ++static const u8 T5[] = { ++ 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, ++ 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb ++}; ++ ++/* Test Case 6 */ ++# define K6 K5 ++# define P6 P5 ++# define A6 A5 ++static const u8 IV6[] = { ++ 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, ++ 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, ++ 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, ++ 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, ++ 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, ++ 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, ++ 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, ++ 0xa6, 0x37, 0xb3, 0x9b ++}; ++ ++static const u8 C6[] = { ++ 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, ++ 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, ++ 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, ++ 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, ++ 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, ++ 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, ++ 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, ++ 0x4c, 0x34, 0xae, 0xe5 ++}; ++ ++static const u8 T6[] = { ++ 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, ++ 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 ++}; ++ ++/* Test Case 7 */ ++static const u8 K7[24], *P7 = NULL, *A7 = NULL, IV7[12], *C7 = NULL; ++static const u8 T7[] = { ++ 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, ++ 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 ++}; ++ ++/* Test Case 8 */ ++# define K8 K7 ++# define IV8 IV7 ++# define A8 A7 ++static const u8 P8[16]; ++static const u8 C8[] = { ++ 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, ++ 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 ++}; ++ ++static const u8 T8[] = { ++ 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, ++ 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb ++}; ++ ++/* Test Case 9 */ ++# define A9 A8 ++static const u8 K9[] = { ++ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, ++ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, ++ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c ++}; ++ ++static const u8 P9[] = { ++ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, ++ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, ++ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, ++ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, ++ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, ++ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, ++ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, ++ 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 ++}; ++ ++static const u8 IV9[] = { ++ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, ++ 0xde, 0xca, 0xf8, 0x88 ++}; ++ ++static const u8 C9[] = { ++ 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, ++ 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, ++ 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, ++ 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, ++ 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, ++ 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, ++ 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, ++ 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 ++}; ++ ++static const u8 T9[] = { ++ 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, ++ 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 ++}; ++ ++/* Test Case 10 */ ++# define K10 K9 ++# define IV10 IV9 ++static const u8 P10[] = { ++ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, ++ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, ++ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, ++ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, ++ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, ++ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, ++ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, ++ 0xba, 0x63, 0x7b, 0x39 ++}; ++ ++static const u8 A10[] = { ++ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, ++ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, ++ 0xab, 0xad, 0xda, 0xd2 ++}; ++ ++static const u8 C10[] = { ++ 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, ++ 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, ++ 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, ++ 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, ++ 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, ++ 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, ++ 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, ++ 0xcc, 0xda, 0x27, 0x10 ++}; ++ ++static const u8 T10[] = { ++ 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, ++ 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c ++}; ++ ++/* Test Case 11 */ ++# define K11 K10 ++# define P11 P10 ++# define A11 A10 ++static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; ++ ++static const u8 C11[] = { ++ 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, ++ 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, ++ 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, ++ 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, ++ 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, ++ 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, ++ 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, ++ 0xa0, 0xf0, 0x62, 0xf7 ++}; ++ ++static const u8 T11[] = { ++ 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, ++ 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 ++}; ++ ++/* Test Case 12 */ ++# define K12 K11 ++# define P12 P11 ++# define A12 A11 ++static const u8 IV12[] = { ++ 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, ++ 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, ++ 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, ++ 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, ++ 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, ++ 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, ++ 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, ++ 0xa6, 0x37, 0xb3, 0x9b ++}; ++ ++static const u8 C12[] = { ++ 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, ++ 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, ++ 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, ++ 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, ++ 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, ++ 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, ++ 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, ++ 0xe9, 0xb7, 0x37, 0x3b ++}; ++ ++static const u8 T12[] = { ++ 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, ++ 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 ++}; ++ ++/* Test Case 13 */ ++static const u8 K13[32], *P13 = NULL, *A13 = NULL, IV13[12], *C13 = NULL; ++static const u8 T13[] = { ++ 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, ++ 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b ++}; ++ ++/* Test Case 14 */ ++# define K14 K13 ++# define A14 A13 ++static const u8 P14[16], IV14[12]; ++static const u8 C14[] = { ++ 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, ++ 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 ++}; ++ ++static const u8 T14[] = { ++ 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, ++ 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 ++}; ++ ++/* Test Case 15 */ ++# define A15 A14 ++static const u8 K15[] = { ++ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, ++ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, ++ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, ++ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 ++}; ++ ++static const u8 P15[] = { ++ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, ++ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, ++ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, ++ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, ++ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, ++ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, ++ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, ++ 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 ++}; ++ ++static const u8 IV15[] = { ++ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, ++ 0xde, 0xca, 0xf8, 0x88 ++}; ++ ++static const u8 C15[] = { ++ 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, ++ 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, ++ 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, ++ 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, ++ 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, ++ 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, ++ 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, ++ 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad ++}; ++ ++static const u8 T15[] = { ++ 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, ++ 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c ++}; ++ ++/* Test Case 16 */ ++# define K16 K15 ++# define IV16 IV15 ++static const u8 P16[] = { ++ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, ++ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, ++ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, ++ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, ++ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, ++ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, ++ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, ++ 0xba, 0x63, 0x7b, 0x39 ++}; ++ ++static const u8 A16[] = { ++ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, ++ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, ++ 0xab, 0xad, 0xda, 0xd2 ++}; ++ ++static const u8 C16[] = { ++ 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, ++ 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, ++ 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, ++ 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, ++ 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, ++ 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, ++ 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, ++ 0xbc, 0xc9, 0xf6, 0x62 ++}; ++ ++static const u8 T16[] = { ++ 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, ++ 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b ++}; ++ ++/* Test Case 17 */ ++# define K17 K16 ++# define P17 P16 ++# define A17 A16 ++static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; ++ ++static const u8 C17[] = { ++ 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, ++ 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, ++ 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, ++ 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, ++ 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, ++ 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, ++ 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, ++ 0xf4, 0x7c, 0x9b, 0x1f ++}; ++ ++static const u8 T17[] = { ++ 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, ++ 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 ++}; ++ ++/* Test Case 18 */ ++# define K18 K17 ++# define P18 P17 ++# define A18 A17 ++static const u8 IV18[] = { ++ 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, ++ 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, ++ 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, ++ 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, ++ 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, ++ 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, ++ 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, ++ 0xa6, 0x37, 0xb3, 0x9b ++}; ++ ++static const u8 C18[] = { ++ 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, ++ 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, ++ 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, ++ 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, ++ 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, ++ 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, ++ 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, ++ 0x44, 0xae, 0x7e, 0x3f ++}; ++ ++static const u8 T18[] = { ++ 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, ++ 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a ++}; ++ ++/* Test Case 19 */ ++# define K19 K1 ++# define P19 P1 ++# define IV19 IV1 ++# define C19 C1 ++static const u8 A19[] = { ++ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, ++ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, ++ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, ++ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, ++ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, ++ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, ++ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, ++ 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, ++ 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, ++ 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, ++ 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, ++ 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, ++ 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, ++ 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, ++ 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, ++ 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad ++}; ++ ++static const u8 T19[] = { ++ 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d, ++ 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92 ++}; ++ ++/* Test Case 20 */ ++# define K20 K1 ++# define A20 A1 ++/* this results in 0xff in counter LSB */ ++static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff }; ++ ++static const u8 P20[288]; ++static const u8 C20[] = { ++ 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a, ++ 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14, ++ 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce, ++ 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f, ++ 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70, ++ 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18, ++ 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf, ++ 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49, ++ 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab, ++ 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c, ++ 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c, ++ 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29, ++ 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1, ++ 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76, ++ 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2, ++ 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce, ++ 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f, ++ 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86, ++ 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb, ++ 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18, ++ 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65, ++ 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42, ++ 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b, ++ 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06, ++ 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24, ++ 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c, ++ 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4, ++ 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64, ++ 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03, ++ 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6, ++ 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90, ++ 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74, ++ 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67, ++ 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46, ++ 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78, ++ 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c ++}; ++ ++static const u8 T20[] = { ++ 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a, ++ 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f ++}; ++ ++# define TEST_CASE(n) do { \ ++ u8 out[sizeof(P##n)]; \ ++ AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key); \ ++ CRYPTO_gcm128_init(&ctx,&key,(block128_f)AES_encrypt); \ ++ CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ ++ memset(out,0,sizeof(out)); \ ++ if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ ++ if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out)); \ ++ if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ ++ (C##n && memcmp(out,C##n,sizeof(out)))) \ ++ ret++, printf ("encrypt test#%d failed.\n",n); \ ++ CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ ++ memset(out,0,sizeof(out)); \ ++ if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ ++ if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out)); \ ++ if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ ++ (P##n && memcmp(out,P##n,sizeof(out)))) \ ++ ret++, printf ("decrypt test#%d failed.\n",n); \ ++ } while(0) ++ ++int main() ++{ ++ GCM128_CONTEXT ctx; ++ AES_KEY key; ++ int ret = 0; ++ ++ TEST_CASE(1); ++ TEST_CASE(2); ++ TEST_CASE(3); ++ TEST_CASE(4); ++ TEST_CASE(5); ++ TEST_CASE(6); ++ TEST_CASE(7); ++ TEST_CASE(8); ++ TEST_CASE(9); ++ TEST_CASE(10); ++ TEST_CASE(11); ++ TEST_CASE(12); ++ TEST_CASE(13); ++ TEST_CASE(14); ++ TEST_CASE(15); ++ TEST_CASE(16); ++ TEST_CASE(17); ++ TEST_CASE(18); ++ TEST_CASE(19); ++ TEST_CASE(20); ++ ++# ifdef OPENSSL_CPUID_OBJ ++ { ++ size_t start, stop, gcm_t, ctr_t, OPENSSL_rdtsc(); ++ union { ++ u64 u; ++ u8 c[1024]; ++ } buf; ++ int i; ++ ++ AES_set_encrypt_key(K1, sizeof(K1) * 8, &key); ++ CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt); ++ CRYPTO_gcm128_setiv(&ctx, IV1, sizeof(IV1)); ++ ++ CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); ++ start = OPENSSL_rdtsc(); ++ CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); ++ gcm_t = OPENSSL_rdtsc() - start; ++ ++ CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), ++ &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, ++ (block128_f) AES_encrypt); ++ start = OPENSSL_rdtsc(); ++ CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), ++ &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, ++ (block128_f) AES_encrypt); ++ ctr_t = OPENSSL_rdtsc() - start; ++ ++ printf("%.2f-%.2f=%.2f\n", ++ gcm_t / (double)sizeof(buf), ++ ctr_t / (double)sizeof(buf), ++ (gcm_t - ctr_t) / (double)sizeof(buf)); ++# ifdef GHASH ++ { ++ void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], ++ const u8 *inp, size_t len) = ctx.ghash; ++ ++ GHASH((&ctx), buf.c, sizeof(buf)); ++ start = OPENSSL_rdtsc(); ++ for (i = 0; i < 100; ++i) ++ GHASH((&ctx), buf.c, sizeof(buf)); ++ gcm_t = OPENSSL_rdtsc() - start; ++ printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i); ++ } ++# endif ++ } ++# endif ++ ++ return ret; ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h b/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h +new file mode 100644 +index 0000000..fe14ec7 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h +@@ -0,0 +1,143 @@ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use is governed by OpenSSL license. ++ * ==================================================================== ++ */ ++ ++#include ++ ++#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) ++typedef __int64 i64; ++typedef unsigned __int64 u64; ++# define U64(C) C##UI64 ++#elif defined(__arch64__) ++typedef long i64; ++typedef unsigned long u64; ++# define U64(C) C##UL ++#else ++typedef long long i64; ++typedef unsigned long long u64; ++# define U64(C) C##ULL ++#endif ++ ++typedef unsigned int u32; ++typedef unsigned char u8; ++ ++#define STRICT_ALIGNMENT 1 ++#ifndef PEDANTIC ++# if defined(__i386) || defined(__i386__) || \ ++ defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__aarch64__) || \ ++ defined(__s390__) || defined(__s390x__) ++# undef STRICT_ALIGNMENT ++# endif ++#endif ++ ++#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++# if defined(__GNUC__) && __GNUC__>=2 ++# if defined(__x86_64) || defined(__x86_64__) ++# define BSWAP8(x) ({ u64 ret_=(x); \ ++ asm ("bswapq %0" \ ++ : "+r"(ret_)); ret_; }) ++# define BSWAP4(x) ({ u32 ret_=(x); \ ++ asm ("bswapl %0" \ ++ : "+r"(ret_)); ret_; }) ++# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) ++# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ ++ asm ("bswapl %0; bswapl %1" \ ++ : "+r"(hi_),"+r"(lo_)); \ ++ (u64)hi_<<32|lo_; }) ++# define BSWAP4(x) ({ u32 ret_=(x); \ ++ asm ("bswapl %0" \ ++ : "+r"(ret_)); ret_; }) ++# elif defined(__aarch64__) ++# define BSWAP8(x) ({ u64 ret_; \ ++ asm ("rev %0,%1" \ ++ : "=r"(ret_) : "r"(x)); ret_; }) ++# define BSWAP4(x) ({ u32 ret_; \ ++ asm ("rev %w0,%w1" \ ++ : "=r"(ret_) : "r"(x)); ret_; }) ++# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) ++# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ ++ asm ("rev %0,%0; rev %1,%1" \ ++ : "+r"(hi_),"+r"(lo_)); \ ++ (u64)hi_<<32|lo_; }) ++# define BSWAP4(x) ({ u32 ret_; \ ++ asm ("rev %0,%1" \ ++ : "=r"(ret_) : "r"((u32)(x))); \ ++ ret_; }) ++# endif ++# elif defined(_MSC_VER) ++# if _MSC_VER>=1300 ++# pragma intrinsic(_byteswap_uint64,_byteswap_ulong) ++# define BSWAP8(x) _byteswap_uint64((u64)(x)) ++# define BSWAP4(x) _byteswap_ulong((u32)(x)) ++# elif defined(_M_IX86) ++__inline u32 _bswap4(u32 val) ++{ ++_asm mov eax, val _asm bswap eax} ++# define BSWAP4(x) _bswap4(x) ++# endif ++# endif ++#endif ++#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) ++# define GETU32(p) BSWAP4(*(const u32 *)(p)) ++# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) ++#else ++# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) ++# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) ++#endif ++/*- GCM definitions */ typedef struct { ++ u64 hi, lo; ++} u128; ++ ++#ifdef TABLE_BITS ++# undef TABLE_BITS ++#endif ++/* ++ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should ++ * never be set to 8 [or 1]. For further information see gcm128.c. ++ */ ++#define TABLE_BITS 4 ++ ++struct gcm128_context { ++ /* Following 6 names follow names in GCM specification */ ++ union { ++ u64 u[2]; ++ u32 d[4]; ++ u8 c[16]; ++ size_t t[16 / sizeof(size_t)]; ++ } Yi, EKi, EK0, len, Xi, H; ++ /* ++ * Relative position of Xi, H and pre-computed Htable is used in some ++ * assembler modules, i.e. don't change the order! ++ */ ++#if TABLE_BITS==8 ++ u128 Htable[256]; ++#else ++ u128 Htable[16]; ++ void (*gmult) (u64 Xi[2], const u128 Htable[16]); ++ void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp, ++ size_t len); ++#endif ++ unsigned int mres, ares; ++ block128_f block; ++ void *key; ++}; ++ ++struct xts128_context { ++ void *key1, *key2; ++ block128_f block1, block2; ++}; ++ ++struct ccm128_context { ++ union { ++ u64 u[2]; ++ u8 c[16]; ++ } nonce, cmac; ++ u64 blocks; ++ block128_f block; ++ void *key; ++}; +diff --git a/Cryptlib/OpenSSL/crypto/modes/ofb128.c b/Cryptlib/OpenSSL/crypto/modes/ofb128.c +new file mode 100644 +index 0000000..4dbaccd +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/ofb128.c +@@ -0,0 +1,124 @@ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#include ++#include "modes_lcl.h" ++#include ++ ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ ++/* ++ * The input and output encrypted as though 128bit ofb mode is being used. ++ * The extra state information to record how much of the 128bit block we have ++ * used is contained in *num; ++ */ ++void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], int *num, block128_f block) ++{ ++ unsigned int n; ++ size_t l = 0; ++ ++ assert(in && out && key && ivec && num); ++ ++ n = *num; ++ ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++ if (16 % sizeof(size_t) == 0) { /* always true actually */ ++ do { ++ while (n && len) { ++ *(out++) = *(in++) ^ ivec[n]; ++ --len; ++ n = (n + 1) % 16; ++ } ++# if defined(STRICT_ALIGNMENT) ++ if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != ++ 0) ++ break; ++# endif ++ while (len >= 16) { ++ (*block) (ivec, ivec, key); ++ for (; n < 16; n += sizeof(size_t)) ++ *(size_t *)(out + n) = ++ *(size_t *)(in + n) ^ *(size_t *)(ivec + n); ++ len -= 16; ++ out += 16; ++ in += 16; ++ n = 0; ++ } ++ if (len) { ++ (*block) (ivec, ivec, key); ++ while (len--) { ++ out[n] = in[n] ^ ivec[n]; ++ ++n; ++ } ++ } ++ *num = n; ++ return; ++ } while (0); ++ } ++ /* the rest would be commonly eliminated by x86* compiler */ ++#endif ++ while (l < len) { ++ if (n == 0) { ++ (*block) (ivec, ivec, key); ++ } ++ out[l] = in[l] ^ ivec[n]; ++ ++l; ++ n = (n + 1) % 16; ++ } ++ ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/modes/wrap128.c b/Cryptlib/OpenSSL/crypto/modes/wrap128.c +new file mode 100644 +index 0000000..4dcaf03 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/wrap128.c +@@ -0,0 +1,138 @@ ++/* crypto/modes/wrap128.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2013 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include "cryptlib.h" ++#include ++ ++static const unsigned char default_iv[] = { ++ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, ++}; ++ ++/* ++ * Input size limit: lower than maximum of standards but far larger than ++ * anything that will be used in practice. ++ */ ++#define CRYPTO128_WRAP_MAX (1UL << 31) ++ ++size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, ++ block128_f block) ++{ ++ unsigned char *A, B[16], *R; ++ size_t i, j, t; ++ if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX)) ++ return 0; ++ A = B; ++ t = 1; ++ memcpy(out + 8, in, inlen); ++ if (!iv) ++ iv = default_iv; ++ ++ memcpy(A, iv, 8); ++ ++ for (j = 0; j < 6; j++) { ++ R = out + 8; ++ for (i = 0; i < inlen; i += 8, t++, R += 8) { ++ memcpy(B + 8, R, 8); ++ block(B, B, key); ++ A[7] ^= (unsigned char)(t & 0xff); ++ if (t > 0xff) { ++ A[6] ^= (unsigned char)((t >> 8) & 0xff); ++ A[5] ^= (unsigned char)((t >> 16) & 0xff); ++ A[4] ^= (unsigned char)((t >> 24) & 0xff); ++ } ++ memcpy(R, B + 8, 8); ++ } ++ } ++ memcpy(out, A, 8); ++ return inlen + 8; ++} ++ ++size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, ++ block128_f block) ++{ ++ unsigned char *A, B[16], *R; ++ size_t i, j, t; ++ inlen -= 8; ++ if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX)) ++ return 0; ++ A = B; ++ t = 6 * (inlen >> 3); ++ memcpy(A, in, 8); ++ memcpy(out, in + 8, inlen); ++ for (j = 0; j < 6; j++) { ++ R = out + inlen - 8; ++ for (i = 0; i < inlen; i += 8, t--, R -= 8) { ++ A[7] ^= (unsigned char)(t & 0xff); ++ if (t > 0xff) { ++ A[6] ^= (unsigned char)((t >> 8) & 0xff); ++ A[5] ^= (unsigned char)((t >> 16) & 0xff); ++ A[4] ^= (unsigned char)((t >> 24) & 0xff); ++ } ++ memcpy(B + 8, R, 8); ++ block(B, B, key); ++ memcpy(R, B + 8, 8); ++ } ++ } ++ if (!iv) ++ iv = default_iv; ++ if (memcmp(A, iv, 8)) { ++ OPENSSL_cleanse(out, inlen); ++ return 0; ++ } ++ return inlen; ++} +diff --git a/Cryptlib/OpenSSL/crypto/modes/xts128.c b/Cryptlib/OpenSSL/crypto/modes/xts128.c +new file mode 100644 +index 0000000..8f2af58 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/modes/xts128.c +@@ -0,0 +1,204 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include "modes_lcl.h" ++#include ++ ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ ++int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, ++ const unsigned char iv[16], ++ const unsigned char *inp, unsigned char *out, ++ size_t len, int enc) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ union { ++ u64 u[2]; ++ u32 d[4]; ++ u8 c[16]; ++ } tweak, scratch; ++ unsigned int i; ++ ++ if (len < 16) ++ return -1; ++ ++ memcpy(tweak.c, iv, 16); ++ ++ (*ctx->block2) (tweak.c, tweak.c, ctx->key2); ++ ++ if (!enc && (len % 16)) ++ len -= 16; ++ ++ while (len >= 16) { ++#if defined(STRICT_ALIGNMENT) ++ memcpy(scratch.c, inp, 16); ++ scratch.u[0] ^= tweak.u[0]; ++ scratch.u[1] ^= tweak.u[1]; ++#else ++ scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0]; ++ scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1]; ++#endif ++ (*ctx->block1) (scratch.c, scratch.c, ctx->key1); ++#if defined(STRICT_ALIGNMENT) ++ scratch.u[0] ^= tweak.u[0]; ++ scratch.u[1] ^= tweak.u[1]; ++ memcpy(out, scratch.c, 16); ++#else ++ ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0]; ++ ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1]; ++#endif ++ inp += 16; ++ out += 16; ++ len -= 16; ++ ++ if (len == 0) ++ return 0; ++ ++ if (is_endian.little) { ++ unsigned int carry, res; ++ ++ res = 0x87 & (((int)tweak.d[3]) >> 31); ++ carry = (unsigned int)(tweak.u[0] >> 63); ++ tweak.u[0] = (tweak.u[0] << 1) ^ res; ++ tweak.u[1] = (tweak.u[1] << 1) | carry; ++ } else { ++ size_t c; ++ ++ for (c = 0, i = 0; i < 16; ++i) { ++ /* ++ * + substitutes for |, because c is 1 bit ++ */ ++ c += ((size_t)tweak.c[i]) << 1; ++ tweak.c[i] = (u8)c; ++ c = c >> 8; ++ } ++ tweak.c[0] ^= (u8)(0x87 & (0 - c)); ++ } ++ } ++ if (enc) { ++ for (i = 0; i < len; ++i) { ++ u8 c = inp[i]; ++ out[i] = scratch.c[i]; ++ scratch.c[i] = c; ++ } ++ scratch.u[0] ^= tweak.u[0]; ++ scratch.u[1] ^= tweak.u[1]; ++ (*ctx->block1) (scratch.c, scratch.c, ctx->key1); ++ scratch.u[0] ^= tweak.u[0]; ++ scratch.u[1] ^= tweak.u[1]; ++ memcpy(out - 16, scratch.c, 16); ++ } else { ++ union { ++ u64 u[2]; ++ u8 c[16]; ++ } tweak1; ++ ++ if (is_endian.little) { ++ unsigned int carry, res; ++ ++ res = 0x87 & (((int)tweak.d[3]) >> 31); ++ carry = (unsigned int)(tweak.u[0] >> 63); ++ tweak1.u[0] = (tweak.u[0] << 1) ^ res; ++ tweak1.u[1] = (tweak.u[1] << 1) | carry; ++ } else { ++ size_t c; ++ ++ for (c = 0, i = 0; i < 16; ++i) { ++ /* ++ * + substitutes for |, because c is 1 bit ++ */ ++ c += ((size_t)tweak.c[i]) << 1; ++ tweak1.c[i] = (u8)c; ++ c = c >> 8; ++ } ++ tweak1.c[0] ^= (u8)(0x87 & (0 - c)); ++ } ++#if defined(STRICT_ALIGNMENT) ++ memcpy(scratch.c, inp, 16); ++ scratch.u[0] ^= tweak1.u[0]; ++ scratch.u[1] ^= tweak1.u[1]; ++#else ++ scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0]; ++ scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1]; ++#endif ++ (*ctx->block1) (scratch.c, scratch.c, ctx->key1); ++ scratch.u[0] ^= tweak1.u[0]; ++ scratch.u[1] ^= tweak1.u[1]; ++ ++ for (i = 0; i < len; ++i) { ++ u8 c = inp[16 + i]; ++ out[16 + i] = scratch.c[i]; ++ scratch.c[i] = c; ++ } ++ scratch.u[0] ^= tweak.u[0]; ++ scratch.u[1] ^= tweak.u[1]; ++ (*ctx->block1) (scratch.c, scratch.c, ctx->key1); ++#if defined(STRICT_ALIGNMENT) ++ scratch.u[0] ^= tweak.u[0]; ++ scratch.u[1] ^= tweak.u[1]; ++ memcpy(out, scratch.c, 16); ++#else ++ ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0]; ++ ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1]; ++#endif ++ } ++ ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/o_dir.h b/Cryptlib/OpenSSL/crypto/o_dir.h +index 4b725c0..d554311 100644 +--- a/Cryptlib/OpenSSL/crypto/o_dir.h ++++ b/Cryptlib/OpenSSL/crypto/o_dir.h +@@ -1,5 +1,6 @@ + /* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */ +-/* Copied from Richard Levitte's (richard@levitte.org) LP library. All ++/* ++ * Copied from Richard Levitte's (richard@levitte.org) LP library. All + * symbol names have been changed, with permission from the author. + */ + +@@ -30,24 +31,25 @@ + * SUCH DAMAGE. + */ + +- + #ifndef O_DIR_H +-#define O_DIR_H ++# define O_DIR_H + + #ifdef __cplusplus + extern "C" { + #endif + +- typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; ++typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; + +- /* returns NULL on error or end-of-directory. +- If it is end-of-directory, errno will be zero */ +- const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); ++ /* ++ * returns NULL on error or end-of-directory. If it is end-of-directory, ++ * errno will be zero ++ */ ++const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); + /* returns 1 on success, 0 on error */ +- int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); ++int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); + + #ifdef __cplusplus + } + #endif + +-#endif /* LPDIR_H */ ++#endif /* LPDIR_H */ +diff --git a/Cryptlib/OpenSSL/crypto/o_fips.c b/Cryptlib/OpenSSL/crypto/o_fips.c +new file mode 100644 +index 0000000..f56d5bb +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/o_fips.c +@@ -0,0 +1,96 @@ ++/* ++ * Written by Stephen henson (steve@openssl.org) for the OpenSSL project ++ * 2011. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include "cryptlib.h" ++#ifdef OPENSSL_FIPS ++# include ++# include ++# include ++#endif ++ ++int FIPS_mode(void) ++{ ++ OPENSSL_init(); ++#ifdef OPENSSL_FIPS ++ return FIPS_module_mode(); ++#else ++ return 0; ++#endif ++} ++ ++int FIPS_mode_set(int r) ++{ ++ OPENSSL_init(); ++#ifdef OPENSSL_FIPS ++# ifndef FIPS_AUTH_USER_PASS ++# define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" ++# endif ++ if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) ++ return 0; ++ if (r) ++ RAND_set_rand_method(FIPS_rand_get_method()); ++ else ++ RAND_set_rand_method(NULL); ++ return 1; ++#else ++ if (r == 0) ++ return 1; ++ CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); ++ return 0; ++#endif ++} +diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c +index 6f5103e..2088388 100644 +--- a/Cryptlib/OpenSSL/crypto/o_init.c ++++ b/Cryptlib/OpenSSL/crypto/o_init.c +@@ -4,7 +4,7 @@ + * project. + */ + /* ==================================================================== +- * Copyright (c) 2007 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -51,23 +51,13 @@ + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * + */ + + #include + #include +- +-/* Internal only functions: only ever used here */ + #ifdef OPENSSL_FIPS +-extern void int_ERR_lib_init(void); +-# ifndef OPENSSL_NO_ENGINE +-extern void int_EVP_MD_init_engine_callbacks(void); +-extern void int_EVP_CIPHER_init_engine_callbacks(void); +-extern void int_RAND_init_engine_callbacks(void); +-# endif ++# include ++# include + #endif + + /* +@@ -77,35 +67,17 @@ extern void int_RAND_init_engine_callbacks(void); + + void OPENSSL_init(void) + { +-#ifdef OPENSSL_FIPS + static int done = 0; +- if (!done) { +- int_ERR_lib_init(); +-# ifdef CRYPTO_MDEBUG +- CRYPTO_malloc_debug_init(); +-# endif +-# ifndef OPENSSL_NO_ENGINE +- int_EVP_MD_init_engine_callbacks(); +- int_EVP_CIPHER_init_engine_callbacks(); +- int_RAND_init_engine_callbacks(); +-# endif +- done = 1; +- } +-#endif +-} +- ++ if (done) ++ return; ++ done = 1; + #ifdef OPENSSL_FIPS +- +-int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) +-{ +- size_t i; +- const unsigned char *a = in_a; +- const unsigned char *b = in_b; +- unsigned char x = 0; +- +- for (i = 0; i < len; i++) +- x |= a[i] ^ b[i]; +- +- return x; +-} ++ FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); ++ FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); ++ FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); ++ RAND_init_fips(); ++#endif ++#if 0 ++ fprintf(stderr, "Called OPENSSL_init\n"); + #endif ++} +diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c +index b23ef32..4e2d096 100644 +--- a/Cryptlib/OpenSSL/crypto/o_str.c ++++ b/Cryptlib/OpenSSL/crypto/o_str.c +@@ -62,7 +62,7 @@ + #include "o_str.h" + + #if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \ +- !defined(OPENSSL_SYSNAME_WIN32) && \ ++ !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && \ + !defined(NETWARE_CLIB) + # include + #endif +diff --git a/Cryptlib/OpenSSL/crypto/o_str.h b/Cryptlib/OpenSSL/crypto/o_str.h +index dfc9849..5313528 100644 +--- a/Cryptlib/OpenSSL/crypto/o_str.h ++++ b/Cryptlib/OpenSSL/crypto/o_str.h +@@ -1,6 +1,7 @@ + /* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2003. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2003. + */ + /* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,12 +58,12 @@ + */ + + #ifndef HEADER_O_STR_H +-#define HEADER_O_STR_H ++# define HEADER_O_STR_H + +-#include /* to get size_t */ ++# include /* to get size_t */ + + int OPENSSL_strcasecmp(const char *str1, const char *str2); + int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n); +-int OPENSSL_memcmp(const void *p1,const void *p2,size_t n); ++int OPENSSL_memcmp(const void *p1, const void *p2, size_t n); + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c +index 504e313..58413fe 100644 +--- a/Cryptlib/OpenSSL/crypto/o_time.c ++++ b/Cryptlib/OpenSSL/crypto/o_time.c +@@ -3,6 +3,10 @@ + * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project + * 2001. + */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2008. ++ */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * +@@ -62,26 +66,32 @@ + #include "o_time.h" + + #ifdef OPENSSL_SYS_VMS +-# include +-# include +-# include +-# include +-# include +-# include ++# if __CRTL_VER >= 70000000 && \ ++ (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE) ++# define VMS_GMTIME_OK ++# endif ++# ifndef VMS_GMTIME_OK ++# include ++# include ++# include ++# include ++# include ++# include ++# endif /* ndef VMS_GMTIME_OK */ + #endif + + struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) + { + struct tm *ts = NULL; + +-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) ++#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) + /* + * should return &data, but doesn't on some systems, so we don't even + * look at the return value + */ + gmtime_r(timer, result); + ts = result; +-#elif !defined(OPENSSL_SYS_VMS) ++#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) + ts = gmtime(timer); + if (ts == NULL) + return NULL; +@@ -89,7 +99,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) + memcpy(result, ts, sizeof(struct tm)); + ts = result; + #endif +-#ifdef OPENSSL_SYS_VMS ++#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK) + if (ts == NULL) { + static $DESCRIPTOR(tabnam, "LNM$DCL_LOGICAL"); + static $DESCRIPTOR(lognam, "SYS$TIMEZONE_DIFFERENTIAL"); +@@ -225,3 +235,206 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) + #endif + return ts; + } ++ ++/* ++ * Take a tm structure and add an offset to it. This avoids any OS issues ++ * with restricted date types and overflows which cause the year 2038 ++ * problem. ++ */ ++ ++#define SECS_PER_DAY (24 * 60 * 60) ++ ++static long date_to_julian(int y, int m, int d); ++static void julian_to_date(long jd, int *y, int *m, int *d); ++static int julian_adj(const struct tm *tm, int off_day, long offset_sec, ++ long *pday, int *psec); ++ ++int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) ++{ ++ int time_sec, time_year, time_month, time_day; ++ long time_jd; ++ ++ /* Convert time and offset into julian day and seconds */ ++ if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec)) ++ return 0; ++ ++ /* Convert Julian day back to date */ ++ ++ julian_to_date(time_jd, &time_year, &time_month, &time_day); ++ ++ if (time_year < 1900 || time_year > 9999) ++ return 0; ++ ++ /* Update tm structure */ ++ ++ tm->tm_year = time_year - 1900; ++ tm->tm_mon = time_month - 1; ++ tm->tm_mday = time_day; ++ ++ tm->tm_hour = time_sec / 3600; ++ tm->tm_min = (time_sec / 60) % 60; ++ tm->tm_sec = time_sec % 60; ++ ++ return 1; ++ ++} ++ ++int OPENSSL_gmtime_diff(int *pday, int *psec, ++ const struct tm *from, const struct tm *to) ++{ ++ int from_sec, to_sec, diff_sec; ++ long from_jd, to_jd, diff_day; ++ if (!julian_adj(from, 0, 0, &from_jd, &from_sec)) ++ return 0; ++ if (!julian_adj(to, 0, 0, &to_jd, &to_sec)) ++ return 0; ++ diff_day = to_jd - from_jd; ++ diff_sec = to_sec - from_sec; ++ /* Adjust differences so both positive or both negative */ ++ if (diff_day > 0 && diff_sec < 0) { ++ diff_day--; ++ diff_sec += SECS_PER_DAY; ++ } ++ if (diff_day < 0 && diff_sec > 0) { ++ diff_day++; ++ diff_sec -= SECS_PER_DAY; ++ } ++ ++ if (pday) ++ *pday = (int)diff_day; ++ if (psec) ++ *psec = diff_sec; ++ ++ return 1; ++ ++} ++ ++/* Convert tm structure and offset into julian day and seconds */ ++static int julian_adj(const struct tm *tm, int off_day, long offset_sec, ++ long *pday, int *psec) ++{ ++ int offset_hms, offset_day; ++ long time_jd; ++ int time_year, time_month, time_day; ++ /* split offset into days and day seconds */ ++ offset_day = offset_sec / SECS_PER_DAY; ++ /* Avoid sign issues with % operator */ ++ offset_hms = offset_sec - (offset_day * SECS_PER_DAY); ++ offset_day += off_day; ++ /* Add current time seconds to offset */ ++ offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec; ++ /* Adjust day seconds if overflow */ ++ if (offset_hms >= SECS_PER_DAY) { ++ offset_day++; ++ offset_hms -= SECS_PER_DAY; ++ } else if (offset_hms < 0) { ++ offset_day--; ++ offset_hms += SECS_PER_DAY; ++ } ++ ++ /* ++ * Convert date of time structure into a Julian day number. ++ */ ++ ++ time_year = tm->tm_year + 1900; ++ time_month = tm->tm_mon + 1; ++ time_day = tm->tm_mday; ++ ++ time_jd = date_to_julian(time_year, time_month, time_day); ++ ++ /* Work out Julian day of new date */ ++ time_jd += offset_day; ++ ++ if (time_jd < 0) ++ return 0; ++ ++ *pday = time_jd; ++ *psec = offset_hms; ++ return 1; ++} ++ ++/* ++ * Convert date to and from julian day Uses Fliegel & Van Flandern algorithm ++ */ ++static long date_to_julian(int y, int m, int d) ++{ ++ return (1461 * (y + 4800 + (m - 14) / 12)) / 4 + ++ (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 - ++ (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075; ++} ++ ++static void julian_to_date(long jd, int *y, int *m, int *d) ++{ ++ long L = jd + 68569; ++ long n = (4 * L) / 146097; ++ long i, j; ++ ++ L = L - (146097 * n + 3) / 4; ++ i = (4000 * (L + 1)) / 1461001; ++ L = L - (1461 * i) / 4 + 31; ++ j = (80 * L) / 2447; ++ *d = L - (2447 * j) / 80; ++ L = j / 11; ++ *m = j + 2 - (12 * L); ++ *y = 100 * (n - 49) + i + L; ++} ++ ++#ifdef OPENSSL_TIME_TEST ++ ++# include ++ ++/* ++ * Time checking test code. Check times are identical for a wide range of ++ * offsets. This should be run on a machine with 64 bit time_t or it will ++ * trigger the very errors the routines fix. ++ */ ++ ++int main(int argc, char **argv) ++{ ++ long offset; ++ for (offset = 0; offset < 1000000; offset++) { ++ check_time(offset); ++ check_time(-offset); ++ check_time(offset * 1000); ++ check_time(-offset * 1000); ++ } ++} ++ ++int check_time(long offset) ++{ ++ struct tm tm1, tm2, o1; ++ int off_day, off_sec; ++ long toffset; ++ time_t t1, t2; ++ time(&t1); ++ t2 = t1 + offset; ++ OPENSSL_gmtime(&t2, &tm2); ++ OPENSSL_gmtime(&t1, &tm1); ++ o1 = tm1; ++ OPENSSL_gmtime_adj(&tm1, 0, offset); ++ if ((tm1.tm_year != tm2.tm_year) || ++ (tm1.tm_mon != tm2.tm_mon) || ++ (tm1.tm_mday != tm2.tm_mday) || ++ (tm1.tm_hour != tm2.tm_hour) || ++ (tm1.tm_min != tm2.tm_min) || (tm1.tm_sec != tm2.tm_sec)) { ++ fprintf(stderr, "TIME ERROR!!\n"); ++ fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n", ++ tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900, ++ tm2.tm_hour, tm2.tm_min, tm2.tm_sec); ++ fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n", ++ tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900, ++ tm1.tm_hour, tm1.tm_min, tm1.tm_sec); ++ return 0; ++ } ++ OPENSSL_gmtime_diff(&o1, &tm1, &off_day, &off_sec); ++ toffset = (long)off_day *SECS_PER_DAY + off_sec; ++ if (offset != toffset) { ++ fprintf(stderr, "TIME OFFSET ERROR!!\n"); ++ fprintf(stderr, "Expected %ld, Got %ld (%d:%d)\n", ++ offset, toffset, off_day, off_sec); ++ return 0; ++ } ++ return 1; ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/o_time.h b/Cryptlib/OpenSSL/crypto/o_time.h +index e660446..a83a3d2 100644 +--- a/Cryptlib/OpenSSL/crypto/o_time.h ++++ b/Cryptlib/OpenSSL/crypto/o_time.h +@@ -1,6 +1,7 @@ + /* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,10 +58,13 @@ + */ + + #ifndef HEADER_O_TIME_H +-#define HEADER_O_TIME_H ++# define HEADER_O_TIME_H + +-#include ++# include + + struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); ++int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); ++int OPENSSL_gmtime_diff(int *pday, int *psec, ++ const struct tm *from, const struct tm *to); + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c +index 1c41c08..2485992 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/o_names.c ++++ b/Cryptlib/OpenSSL/crypto/objects/o_names.c +@@ -24,7 +24,8 @@ + * I use the ex_data stuff to manage the identifiers for the obj_name_types + * that applications may define. I only really use the free function field. + */ +-static LHASH *names_lh = NULL; ++DECLARE_LHASH_OF(OBJ_NAME); ++static LHASH_OF(OBJ_NAME) *names_lh = NULL; + static int names_type_num = OBJ_NAME_TYPE_NUM; + + typedef struct name_funcs_st { +@@ -49,12 +50,15 @@ static unsigned long obj_name_hash(const void *a_void); + /* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */ + static int obj_name_cmp(const void *a_void, const void *b_void); + ++static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME) ++static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME) ++ + int OBJ_NAME_init(void) + { + if (names_lh != NULL) + return (1); + MemCheck_off(); +- names_lh = lh_new(obj_name_hash, obj_name_cmp); ++ names_lh = lh_OBJ_NAME_new(); + MemCheck_on(); + return (names_lh != NULL); + } +@@ -72,7 +76,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + name_funcs_stack = sk_NAME_FUNCS_new_null(); + MemCheck_on(); + } +- if ((name_funcs_stack == NULL)) { ++ if (name_funcs_stack == NULL) { + /* ERROR */ + return (0); + } +@@ -160,7 +164,7 @@ const char *OBJ_NAME_get(const char *name, int type) + on.type = type; + + for (;;) { +- ret = (OBJ_NAME *)lh_retrieve(names_lh, &on); ++ ret = lh_OBJ_NAME_retrieve(names_lh, &on); + if (ret == NULL) + return (NULL); + if ((ret->alias) && !alias) { +@@ -195,7 +199,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) + onp->type = type; + onp->data = data; + +- ret = (OBJ_NAME *)lh_insert(names_lh, onp); ++ ret = lh_OBJ_NAME_insert(names_lh, onp); + if (ret != NULL) { + /* free things */ + if ((name_funcs_stack != NULL) +@@ -210,7 +214,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) + } + OPENSSL_free(ret); + } else { +- if (lh_error(names_lh)) { ++ if (lh_OBJ_NAME_error(names_lh)) { + /* ERROR */ + return (0); + } +@@ -228,7 +232,7 @@ int OBJ_NAME_remove(const char *name, int type) + type &= ~OBJ_NAME_ALIAS; + on.name = name; + on.type = type; +- ret = (OBJ_NAME *)lh_delete(names_lh, &on); ++ ret = lh_OBJ_NAME_delete(names_lh, &on); + if (ret != NULL) { + /* free things */ + if ((name_funcs_stack != NULL) +@@ -253,14 +257,13 @@ struct doall { + void *arg; + }; + +-static void do_all_fn(const OBJ_NAME *name, struct doall *d) ++static void do_all_fn_doall_arg(const OBJ_NAME *name, struct doall *d) + { + if (name->type == d->type) + d->fn(name, d->arg); + } + +-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, +- struct doall *) ++static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall) + + void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg) +@@ -271,7 +274,8 @@ void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + d.fn = fn; + d.arg = arg; + +- lh_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), &d); ++ lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), ++ struct doall, &d); + } + + struct doall_sorted { +@@ -306,31 +310,34 @@ void OBJ_NAME_do_all_sorted(int type, + int n; + + d.type = type; +- d.names = OPENSSL_malloc(lh_num_items(names_lh) * sizeof *d.names); +- d.n = 0; +- OBJ_NAME_do_all(type, do_all_sorted_fn, &d); ++ d.names = ++ OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); ++ /* Really should return an error if !d.names...but its a void function! */ ++ if (d.names) { ++ d.n = 0; ++ OBJ_NAME_do_all(type, do_all_sorted_fn, &d); + +- qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); ++ qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + +- for (n = 0; n < d.n; ++n) +- fn(d.names[n], arg); ++ for (n = 0; n < d.n; ++n) ++ fn(d.names[n], arg); + +- OPENSSL_free((void *)d.names); ++ OPENSSL_free((void *)d.names); ++ } + } + + static int free_type; + +-static void names_lh_free(OBJ_NAME *onp) ++static void names_lh_free_doall(OBJ_NAME *onp) + { + if (onp == NULL) + return; + +- if ((free_type < 0) || (free_type == onp->type)) { ++ if (free_type < 0 || free_type == onp->type) + OBJ_NAME_remove(onp->name, onp->type); +- } + } + +-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *) ++static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME) + + static void name_funcs_free(NAME_FUNCS *ptr) + { +@@ -345,15 +352,15 @@ void OBJ_NAME_cleanup(int type) + return; + + free_type = type; +- down_load = names_lh->down_load; +- names_lh->down_load = 0; ++ down_load = lh_OBJ_NAME_down_load(names_lh); ++ lh_OBJ_NAME_down_load(names_lh) = 0; + +- lh_doall(names_lh, LHASH_DOALL_FN(names_lh_free)); ++ lh_OBJ_NAME_doall(names_lh, LHASH_DOALL_FN(names_lh_free)); + if (type < 0) { +- lh_free(names_lh); ++ lh_OBJ_NAME_free(names_lh); + sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); + names_lh = NULL; + name_funcs_stack = NULL; + } else +- names_lh->down_load = down_load; ++ lh_OBJ_NAME_down_load(names_lh) = down_load; + } +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +index 9654775..aca382a 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +@@ -74,16 +74,17 @@ + # define NUM_SN 0 + # define NUM_LN 0 + # define NUM_OBJ 0 +-static unsigned char lvalues[1]; +-static ASN1_OBJECT nid_objs[1]; +-static ASN1_OBJECT *sn_objs[1]; +-static ASN1_OBJECT *ln_objs[1]; +-static ASN1_OBJECT *obj_objs[1]; ++static const unsigned char lvalues[1]; ++static const ASN1_OBJECT nid_objs[1]; ++static const unsigned int sn_objs[1]; ++static const unsigned int ln_objs[1]; ++static const unsigned int obj_objs[1]; + #endif + +-static int sn_cmp(const void *a, const void *b); +-static int ln_cmp(const void *a, const void *b); +-static int obj_cmp(const void *a, const void *b); ++DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn); ++DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln); ++DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj); ++ + #define ADDED_DATA 0 + #define ADDED_SNAME 1 + #define ADDED_LNAME 2 +@@ -93,30 +94,31 @@ typedef struct added_obj_st { + int type; + ASN1_OBJECT *obj; + } ADDED_OBJ; ++DECLARE_LHASH_OF(ADDED_OBJ); + + static int new_nid = NUM_NID; +-static LHASH *added = NULL; ++static LHASH_OF(ADDED_OBJ) *added = NULL; + +-static int sn_cmp(const void *a, const void *b) ++static int sn_cmp(const ASN1_OBJECT *const *a, const unsigned int *b) + { +- const ASN1_OBJECT *const *ap = a, *const *bp = b; +- return (strcmp((*ap)->sn, (*bp)->sn)); ++ return (strcmp((*a)->sn, nid_objs[*b].sn)); + } + +-static int ln_cmp(const void *a, const void *b) ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn); ++ ++static int ln_cmp(const ASN1_OBJECT *const *a, const unsigned int *b) + { +- const ASN1_OBJECT *const *ap = a, *const *bp = b; +- return (strcmp((*ap)->ln, (*bp)->ln)); ++ return (strcmp((*a)->ln, nid_objs[*b].ln)); + } + +-/* static unsigned long add_hash(ADDED_OBJ *ca) */ +-static unsigned long add_hash(const void *ca_void) ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln); ++ ++static unsigned long added_obj_hash(const ADDED_OBJ *ca) + { + const ASN1_OBJECT *a; + int i; + unsigned long ret = 0; + unsigned char *p; +- const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; + + a = ca->obj; + switch (ca->type) { +@@ -140,17 +142,16 @@ static unsigned long add_hash(const void *ca_void) + return 0; + } + ret &= 0x3fffffffL; +- ret |= ca->type << 30L; ++ ret |= ((unsigned long)ca->type) << 30L; + return (ret); + } + +-/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */ +-static int add_cmp(const void *ca_void, const void *cb_void) ++static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ) ++ ++static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) + { + ASN1_OBJECT *a, *b; + int i; +- const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; +- const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void; + + i = ca->type - cb->type; + if (i) +@@ -185,46 +186,64 @@ static int add_cmp(const void *ca_void, const void *cb_void) + } + } + ++static IMPLEMENT_LHASH_COMP_FN(added_obj, ADDED_OBJ) ++ + static int init_added(void) + { + if (added != NULL) + return (1); +- added = lh_new(add_hash, add_cmp); ++ added = lh_ADDED_OBJ_new(); + return (added != NULL); + } + +-static void cleanup1(ADDED_OBJ *a) ++static void cleanup1_doall(ADDED_OBJ *a) + { + a->obj->nid = 0; + a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC | + ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA; + } + +-static void cleanup2(ADDED_OBJ *a) ++static void cleanup2_doall(ADDED_OBJ *a) + { + a->obj->nid++; + } + +-static void cleanup3(ADDED_OBJ *a) ++static void cleanup3_doall(ADDED_OBJ *a) + { + if (--a->obj->nid == 0) + ASN1_OBJECT_free(a->obj); + OPENSSL_free(a); + } + +-static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *) +-static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *) +-static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *) ++static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ) ++static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ) ++static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ) ++ ++/* ++ * The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting to ++ * use freed up OIDs. If neccessary the actual freeing up of OIDs is delayed. ++ */ ++int obj_cleanup_defer = 0; ++ ++void check_defer(int nid) ++{ ++ if (!obj_cleanup_defer && nid >= NUM_NID) ++ obj_cleanup_defer = 1; ++} + + void OBJ_cleanup(void) + { ++ if (obj_cleanup_defer) { ++ obj_cleanup_defer = 2; ++ return; ++ } + if (added == NULL) + return; +- added->down_load = 0; +- lh_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */ +- lh_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */ +- lh_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */ +- lh_free(added); ++ lh_ADDED_OBJ_down_load(added) = 0; ++ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */ ++ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */ ++ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */ ++ lh_ADDED_OBJ_free(added); + added = NULL; + } + +@@ -269,7 +288,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj) + if (ao[i] != NULL) { + ao[i]->type = i; + ao[i]->obj = o; +- aop = (ADDED_OBJ *)lh_insert(added, ao[i]); ++ aop = lh_ADDED_OBJ_insert(added, ao[i]); + /* memory leak, buit should not normally matter */ + if (aop != NULL) + OPENSSL_free(aop); +@@ -308,7 +327,7 @@ ASN1_OBJECT *OBJ_nid2obj(int n) + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; +- adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return (adp->obj); + else { +@@ -335,7 +354,7 @@ const char *OBJ_nid2sn(int n) + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; +- adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return (adp->obj->sn); + else { +@@ -362,7 +381,7 @@ const char *OBJ_nid2ln(int n) + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; +- adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return (adp->obj->ln); + else { +@@ -372,9 +391,25 @@ const char *OBJ_nid2ln(int n) + } + } + ++static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp) ++{ ++ int j; ++ const ASN1_OBJECT *a = *ap; ++ const ASN1_OBJECT *b = &nid_objs[*bp]; ++ ++ j = (a->length - b->length); ++ if (j) ++ return (j); ++ if (a->length == 0) ++ return 0; ++ return (memcmp(a->data, b->data, a->length)); ++} ++ ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj); ++ + int OBJ_obj2nid(const ASN1_OBJECT *a) + { +- ASN1_OBJECT **op; ++ const unsigned int *op; + ADDED_OBJ ad, *adp; + + if (a == NULL) +@@ -382,18 +417,20 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) + if (a->nid != 0) + return (a->nid); + ++ if (a->length == 0) ++ return NID_undef; ++ + if (added != NULL) { + ad.type = ADDED_DATA; + ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ +- adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return (adp->obj->nid); + } +- op = (ASN1_OBJECT **)OBJ_bsearch((const char *)&a, (const char *)obj_objs, +- NUM_OBJ, sizeof(ASN1_OBJECT *), obj_cmp); ++ op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ); + if (op == NULL) + return (NID_undef); +- return ((*op)->nid); ++ return (nid_objs[*op].nid); + } + + /* +@@ -450,7 +487,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + int i, n = 0, len, nid, first, use_bn; + BIGNUM *bl; + unsigned long l; +- unsigned char *p; ++ const unsigned char *p; + char tbuf[DECIMAL_SIZE(i) + DECIMAL_SIZE(l) + 2]; + + /* Ensure that, at every state, |buf| is NUL-terminated. */ +@@ -593,66 +630,58 @@ int OBJ_txt2nid(const char *s) + + int OBJ_ln2nid(const char *s) + { +- ASN1_OBJECT o, *oo = &o, **op; ++ ASN1_OBJECT o; ++ const ASN1_OBJECT *oo = &o; + ADDED_OBJ ad, *adp; ++ const unsigned int *op; + + o.ln = s; + if (added != NULL) { + ad.type = ADDED_LNAME; + ad.obj = &o; +- adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return (adp->obj->nid); + } +- op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)ln_objs, NUM_LN, +- sizeof(ASN1_OBJECT *), ln_cmp); ++ op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN); + if (op == NULL) + return (NID_undef); +- return ((*op)->nid); ++ return (nid_objs[*op].nid); + } + + int OBJ_sn2nid(const char *s) + { +- ASN1_OBJECT o, *oo = &o, **op; ++ ASN1_OBJECT o; ++ const ASN1_OBJECT *oo = &o; + ADDED_OBJ ad, *adp; ++ const unsigned int *op; + + o.sn = s; + if (added != NULL) { + ad.type = ADDED_SNAME; + ad.obj = &o; +- adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return (adp->obj->nid); + } +- op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)sn_objs, NUM_SN, +- sizeof(ASN1_OBJECT *), sn_cmp); ++ op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN); + if (op == NULL) + return (NID_undef); +- return ((*op)->nid); +-} +- +-static int obj_cmp(const void *ap, const void *bp) +-{ +- int j; +- const ASN1_OBJECT *a = *(ASN1_OBJECT *const *)ap; +- const ASN1_OBJECT *b = *(ASN1_OBJECT *const *)bp; +- +- j = (a->length - b->length); +- if (j) +- return (j); +- return (memcmp(a->data, b->data, a->length)); ++ return (nid_objs[*op].nid); + } + +-const char *OBJ_bsearch(const char *key, const char *base, int num, int size, +- int (*cmp) (const void *, const void *)) ++const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, ++ int (*cmp) (const void *, const void *)) + { +- return OBJ_bsearch_ex(key, base, num, size, cmp, 0); ++ return OBJ_bsearch_ex_(key, base, num, size, cmp, 0); + } + +-const char *OBJ_bsearch_ex(const char *key, const char *base, int num, +- int size, int (*cmp) (const void *, const void *), +- int flags) ++const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, ++ int size, ++ int (*cmp) (const void *, const void *), ++ int flags) + { ++ const char *base = base_; + int l, h, i = 0, c = 0; + const char *p = NULL; + +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.h b/Cryptlib/OpenSSL/crypto/objects/obj_dat.h +index dccc15e..b7e3cf2 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.h ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.h +@@ -62,1862 +62,1939 @@ + * [including the GNU Public Licence.] + */ + +-#define NUM_NID 859 +-#define NUM_SN 852 +-#define NUM_LN 852 +-#define NUM_OBJ 806 ++#define NUM_NID 958 ++#define NUM_SN 951 ++#define NUM_LN 951 ++#define NUM_OBJ 890 + +-static unsigned char lvalues[5722]={ +-0x00, /* [ 0] OBJ_undef */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 14] OBJ_md2 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 22] OBJ_md5 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 30] OBJ_rc4 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 38] OBJ_rsaEncryption */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 47] OBJ_md2WithRSAEncryption */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 56] OBJ_md5WithRSAEncryption */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 65] OBJ_pbeWithMD2AndDES_CBC */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 74] OBJ_pbeWithMD5AndDES_CBC */ +-0x55, /* [ 83] OBJ_X500 */ +-0x55,0x04, /* [ 84] OBJ_X509 */ +-0x55,0x04,0x03, /* [ 86] OBJ_commonName */ +-0x55,0x04,0x06, /* [ 89] OBJ_countryName */ +-0x55,0x04,0x07, /* [ 92] OBJ_localityName */ +-0x55,0x04,0x08, /* [ 95] OBJ_stateOrProvinceName */ +-0x55,0x04,0x0A, /* [ 98] OBJ_organizationName */ +-0x55,0x04,0x0B, /* [101] OBJ_organizationalUnitName */ +-0x55,0x08,0x01,0x01, /* [104] OBJ_rsa */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [108] OBJ_pkcs7 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [116] OBJ_pkcs7_data */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [125] OBJ_pkcs7_signed */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [134] OBJ_pkcs7_enveloped */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [143] OBJ_pkcs7_signedAndEnveloped */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [152] OBJ_pkcs7_digest */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [161] OBJ_pkcs7_encrypted */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [170] OBJ_pkcs3 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [178] OBJ_dhKeyAgreement */ +-0x2B,0x0E,0x03,0x02,0x06, /* [187] OBJ_des_ecb */ +-0x2B,0x0E,0x03,0x02,0x09, /* [192] OBJ_des_cfb64 */ +-0x2B,0x0E,0x03,0x02,0x07, /* [197] OBJ_des_cbc */ +-0x2B,0x0E,0x03,0x02,0x11, /* [202] OBJ_des_ede_ecb */ +-0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [218] OBJ_rc2_cbc */ +-0x2B,0x0E,0x03,0x02,0x12, /* [226] OBJ_sha */ +-0x2B,0x0E,0x03,0x02,0x0F, /* [231] OBJ_shaWithRSAEncryption */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [236] OBJ_des_ede3_cbc */ +-0x2B,0x0E,0x03,0x02,0x08, /* [244] OBJ_des_ofb64 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [249] OBJ_pkcs9 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [257] OBJ_pkcs9_emailAddress */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [266] OBJ_pkcs9_unstructuredName */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [275] OBJ_pkcs9_contentType */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [284] OBJ_pkcs9_messageDigest */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [293] OBJ_pkcs9_signingTime */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [302] OBJ_pkcs9_countersignature */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [311] OBJ_pkcs9_challengePassword */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [320] OBJ_pkcs9_unstructuredAddress */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [329] OBJ_pkcs9_extCertAttributes */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [338] OBJ_netscape */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [345] OBJ_netscape_cert_extension */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [353] OBJ_netscape_data_type */ +-0x2B,0x0E,0x03,0x02,0x1A, /* [361] OBJ_sha1 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [366] OBJ_sha1WithRSAEncryption */ +-0x2B,0x0E,0x03,0x02,0x0D, /* [375] OBJ_dsaWithSHA */ +-0x2B,0x0E,0x03,0x02,0x0C, /* [380] OBJ_dsa_2 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [385] OBJ_pbeWithSHA1AndRC2_CBC */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [394] OBJ_id_pbkdf2 */ +-0x2B,0x0E,0x03,0x02,0x1B, /* [403] OBJ_dsaWithSHA1_2 */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [408] OBJ_netscape_cert_type */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [417] OBJ_netscape_base_url */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [426] OBJ_netscape_revocation_url */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [435] OBJ_netscape_ca_revocation_url */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [444] OBJ_netscape_renewal_url */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [453] OBJ_netscape_ca_policy_url */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [462] OBJ_netscape_ssl_server_name */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [471] OBJ_netscape_comment */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [480] OBJ_netscape_cert_sequence */ +-0x55,0x1D, /* [489] OBJ_id_ce */ +-0x55,0x1D,0x0E, /* [491] OBJ_subject_key_identifier */ +-0x55,0x1D,0x0F, /* [494] OBJ_key_usage */ +-0x55,0x1D,0x10, /* [497] OBJ_private_key_usage_period */ +-0x55,0x1D,0x11, /* [500] OBJ_subject_alt_name */ +-0x55,0x1D,0x12, /* [503] OBJ_issuer_alt_name */ +-0x55,0x1D,0x13, /* [506] OBJ_basic_constraints */ +-0x55,0x1D,0x14, /* [509] OBJ_crl_number */ +-0x55,0x1D,0x20, /* [512] OBJ_certificate_policies */ +-0x55,0x1D,0x23, /* [515] OBJ_authority_key_identifier */ +-0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [518] OBJ_bf_cbc */ +-0x55,0x08,0x03,0x65, /* [527] OBJ_mdc2 */ +-0x55,0x08,0x03,0x64, /* [531] OBJ_mdc2WithRSA */ +-0x55,0x04,0x2A, /* [535] OBJ_givenName */ +-0x55,0x04,0x04, /* [538] OBJ_surname */ +-0x55,0x04,0x2B, /* [541] OBJ_initials */ +-0x55,0x1D,0x1F, /* [544] OBJ_crl_distribution_points */ +-0x2B,0x0E,0x03,0x02,0x03, /* [547] OBJ_md5WithRSA */ +-0x55,0x04,0x05, /* [552] OBJ_serialNumber */ +-0x55,0x04,0x0C, /* [555] OBJ_title */ +-0x55,0x04,0x0D, /* [558] OBJ_description */ +-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [561] OBJ_cast5_cbc */ +-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [570] OBJ_pbeWithMD5AndCast5_CBC */ +-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [579] OBJ_dsaWithSHA1 */ +-0x2B,0x0E,0x03,0x02,0x1D, /* [586] OBJ_sha1WithRSA */ +-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [591] OBJ_dsa */ +-0x2B,0x24,0x03,0x02,0x01, /* [598] OBJ_ripemd160 */ +-0x2B,0x24,0x03,0x03,0x01,0x02, /* [603] OBJ_ripemd160WithRSA */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [609] OBJ_rc5_cbc */ +-0x29,0x01,0x01,0x85,0x1A,0x01, /* [617] OBJ_rle_compression */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [623] OBJ_zlib_compression */ +-0x55,0x1D,0x25, /* [634] OBJ_ext_key_usage */ +-0x2B,0x06,0x01,0x05,0x05,0x07, /* [637] OBJ_id_pkix */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [643] OBJ_id_kp */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [650] OBJ_server_auth */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [658] OBJ_client_auth */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [666] OBJ_code_sign */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [674] OBJ_email_protect */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [682] OBJ_time_stamp */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [690] OBJ_ms_code_ind */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [700] OBJ_ms_code_com */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [710] OBJ_ms_ctl_sign */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [720] OBJ_ms_sgc */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [730] OBJ_ms_efs */ +-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [740] OBJ_ns_sgc */ +-0x55,0x1D,0x1B, /* [749] OBJ_delta_crl */ +-0x55,0x1D,0x15, /* [752] OBJ_crl_reason */ +-0x55,0x1D,0x18, /* [755] OBJ_invalidity_date */ +-0x2B,0x65,0x01,0x04,0x01, /* [758] OBJ_sxnet */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [763] OBJ_pbe_WithSHA1And128BitRC4 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [773] OBJ_pbe_WithSHA1And40BitRC4 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [783] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [793] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [803] OBJ_pbe_WithSHA1And128BitRC2_CBC */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [813] OBJ_pbe_WithSHA1And40BitRC2_CBC */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [823] OBJ_keyBag */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [834] OBJ_pkcs8ShroudedKeyBag */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [845] OBJ_certBag */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [856] OBJ_crlBag */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [867] OBJ_secretBag */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [878] OBJ_safeContentsBag */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [889] OBJ_friendlyName */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [898] OBJ_localKeyID */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [907] OBJ_x509Certificate */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [917] OBJ_sdsiCertificate */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [927] OBJ_x509Crl */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [937] OBJ_pbes2 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [946] OBJ_pbmac1 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [955] OBJ_hmacWithSHA1 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [963] OBJ_id_qt_cps */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [971] OBJ_id_qt_unotice */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [979] OBJ_SMIMECapabilities */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [988] OBJ_pbeWithMD2AndRC2_CBC */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [997] OBJ_pbeWithMD5AndRC2_CBC */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1006] OBJ_pbeWithSHA1AndDES_CBC */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1015] OBJ_ms_ext_req */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1025] OBJ_ext_req */ +-0x55,0x04,0x29, /* [1034] OBJ_name */ +-0x55,0x04,0x2E, /* [1037] OBJ_dnQualifier */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1040] OBJ_id_pe */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1047] OBJ_id_ad */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1054] OBJ_info_access */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1062] OBJ_ad_OCSP */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1070] OBJ_ad_ca_issuers */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1078] OBJ_OCSP_sign */ +-0x28, /* [1086] OBJ_iso */ +-0x2A, /* [1087] OBJ_member_body */ +-0x2A,0x86,0x48, /* [1088] OBJ_ISO_US */ +-0x2A,0x86,0x48,0xCE,0x38, /* [1091] OBJ_X9_57 */ +-0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1096] OBJ_X9cm */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1102] OBJ_pkcs1 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1110] OBJ_pkcs5 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1118] OBJ_SMIME */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1127] OBJ_id_smime_mod */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1137] OBJ_id_smime_ct */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1147] OBJ_id_smime_aa */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1157] OBJ_id_smime_alg */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1167] OBJ_id_smime_cd */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1177] OBJ_id_smime_spq */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1187] OBJ_id_smime_cti */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1197] OBJ_id_smime_mod_cms */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1208] OBJ_id_smime_mod_ess */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1219] OBJ_id_smime_mod_oid */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1230] OBJ_id_smime_mod_msg_v3 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1241] OBJ_id_smime_mod_ets_eSignature_88 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1252] OBJ_id_smime_mod_ets_eSignature_97 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1263] OBJ_id_smime_mod_ets_eSigPolicy_88 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1274] OBJ_id_smime_mod_ets_eSigPolicy_97 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1285] OBJ_id_smime_ct_receipt */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1296] OBJ_id_smime_ct_authData */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1307] OBJ_id_smime_ct_publishCert */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1318] OBJ_id_smime_ct_TSTInfo */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1329] OBJ_id_smime_ct_TDTInfo */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1340] OBJ_id_smime_ct_contentInfo */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1351] OBJ_id_smime_ct_DVCSRequestData */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1362] OBJ_id_smime_ct_DVCSResponseData */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1373] OBJ_id_smime_aa_receiptRequest */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1384] OBJ_id_smime_aa_securityLabel */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1395] OBJ_id_smime_aa_mlExpandHistory */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1406] OBJ_id_smime_aa_contentHint */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1417] OBJ_id_smime_aa_msgSigDigest */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1428] OBJ_id_smime_aa_encapContentType */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1439] OBJ_id_smime_aa_contentIdentifier */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1450] OBJ_id_smime_aa_macValue */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1461] OBJ_id_smime_aa_equivalentLabels */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1472] OBJ_id_smime_aa_contentReference */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1483] OBJ_id_smime_aa_encrypKeyPref */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1494] OBJ_id_smime_aa_signingCertificate */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1505] OBJ_id_smime_aa_smimeEncryptCerts */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1516] OBJ_id_smime_aa_timeStampToken */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1527] OBJ_id_smime_aa_ets_sigPolicyId */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1538] OBJ_id_smime_aa_ets_commitmentType */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1549] OBJ_id_smime_aa_ets_signerLocation */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1560] OBJ_id_smime_aa_ets_signerAttr */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1571] OBJ_id_smime_aa_ets_otherSigCert */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1582] OBJ_id_smime_aa_ets_contentTimestamp */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1593] OBJ_id_smime_aa_ets_CertificateRefs */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1604] OBJ_id_smime_aa_ets_RevocationRefs */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1615] OBJ_id_smime_aa_ets_certValues */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1626] OBJ_id_smime_aa_ets_revocationValues */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1637] OBJ_id_smime_aa_ets_escTimeStamp */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1648] OBJ_id_smime_aa_ets_certCRLTimestamp */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1659] OBJ_id_smime_aa_ets_archiveTimeStamp */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1670] OBJ_id_smime_aa_signatureType */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1681] OBJ_id_smime_aa_dvcs_dvc */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1692] OBJ_id_smime_alg_ESDHwith3DES */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1703] OBJ_id_smime_alg_ESDHwithRC2 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1714] OBJ_id_smime_alg_3DESwrap */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1725] OBJ_id_smime_alg_RC2wrap */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1736] OBJ_id_smime_alg_ESDH */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1747] OBJ_id_smime_alg_CMS3DESwrap */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1758] OBJ_id_smime_alg_CMSRC2wrap */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1769] OBJ_id_smime_cd_ldap */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1780] OBJ_id_smime_spq_ets_sqt_uri */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1791] OBJ_id_smime_spq_ets_sqt_unotice */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1802] OBJ_id_smime_cti_ets_proofOfOrigin */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1813] OBJ_id_smime_cti_ets_proofOfReceipt */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1824] OBJ_id_smime_cti_ets_proofOfDelivery */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1835] OBJ_id_smime_cti_ets_proofOfSender */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1846] OBJ_id_smime_cti_ets_proofOfApproval */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1857] OBJ_id_smime_cti_ets_proofOfCreation */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1868] OBJ_md4 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1876] OBJ_id_pkix_mod */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1883] OBJ_id_qt */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1890] OBJ_id_it */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1897] OBJ_id_pkip */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1904] OBJ_id_alg */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1911] OBJ_id_cmc */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1918] OBJ_id_on */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1925] OBJ_id_pda */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1932] OBJ_id_aca */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1939] OBJ_id_qcs */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1946] OBJ_id_cct */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1953] OBJ_id_pkix1_explicit_88 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1961] OBJ_id_pkix1_implicit_88 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1969] OBJ_id_pkix1_explicit_93 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1977] OBJ_id_pkix1_implicit_93 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1985] OBJ_id_mod_crmf */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1993] OBJ_id_mod_cmc */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [2001] OBJ_id_mod_kea_profile_88 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2009] OBJ_id_mod_kea_profile_93 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2017] OBJ_id_mod_cmp */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2025] OBJ_id_mod_qualified_cert_88 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2033] OBJ_id_mod_qualified_cert_93 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2041] OBJ_id_mod_attribute_cert */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2049] OBJ_id_mod_timestamp_protocol */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2057] OBJ_id_mod_ocsp */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2065] OBJ_id_mod_dvcs */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2073] OBJ_id_mod_cmp2000 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2081] OBJ_biometricInfo */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2089] OBJ_qcStatements */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2097] OBJ_ac_auditEntity */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2105] OBJ_ac_targeting */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2113] OBJ_aaControls */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2121] OBJ_sbgp_ipAddrBlock */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2129] OBJ_sbgp_autonomousSysNum */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2137] OBJ_sbgp_routerIdentifier */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2145] OBJ_textNotice */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2153] OBJ_ipsecEndSystem */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2161] OBJ_ipsecTunnel */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2169] OBJ_ipsecUser */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2177] OBJ_dvcs */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2185] OBJ_id_it_caProtEncCert */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2193] OBJ_id_it_signKeyPairTypes */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2201] OBJ_id_it_encKeyPairTypes */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2209] OBJ_id_it_preferredSymmAlg */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2217] OBJ_id_it_caKeyUpdateInfo */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2225] OBJ_id_it_currentCRL */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2233] OBJ_id_it_unsupportedOIDs */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2241] OBJ_id_it_subscriptionRequest */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2249] OBJ_id_it_subscriptionResponse */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2257] OBJ_id_it_keyPairParamReq */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2265] OBJ_id_it_keyPairParamRep */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2273] OBJ_id_it_revPassphrase */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2281] OBJ_id_it_implicitConfirm */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2289] OBJ_id_it_confirmWaitTime */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2297] OBJ_id_it_origPKIMessage */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2305] OBJ_id_regCtrl */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2313] OBJ_id_regInfo */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2321] OBJ_id_regCtrl_regToken */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2330] OBJ_id_regCtrl_authenticator */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2339] OBJ_id_regCtrl_pkiPublicationInfo */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2348] OBJ_id_regCtrl_pkiArchiveOptions */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2357] OBJ_id_regCtrl_oldCertID */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2366] OBJ_id_regCtrl_protocolEncrKey */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2375] OBJ_id_regInfo_utf8Pairs */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2384] OBJ_id_regInfo_certReq */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2393] OBJ_id_alg_des40 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2401] OBJ_id_alg_noSignature */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2409] OBJ_id_alg_dh_sig_hmac_sha1 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2417] OBJ_id_alg_dh_pop */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2425] OBJ_id_cmc_statusInfo */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2433] OBJ_id_cmc_identification */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2441] OBJ_id_cmc_identityProof */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2449] OBJ_id_cmc_dataReturn */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2457] OBJ_id_cmc_transactionId */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2465] OBJ_id_cmc_senderNonce */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2473] OBJ_id_cmc_recipientNonce */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2481] OBJ_id_cmc_addExtensions */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2489] OBJ_id_cmc_encryptedPOP */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2497] OBJ_id_cmc_decryptedPOP */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2505] OBJ_id_cmc_lraPOPWitness */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2513] OBJ_id_cmc_getCert */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2521] OBJ_id_cmc_getCRL */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2529] OBJ_id_cmc_revokeRequest */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2537] OBJ_id_cmc_regInfo */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2545] OBJ_id_cmc_responseInfo */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2553] OBJ_id_cmc_queryPending */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2561] OBJ_id_cmc_popLinkRandom */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2569] OBJ_id_cmc_popLinkWitness */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2577] OBJ_id_cmc_confirmCertAcceptance */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2585] OBJ_id_on_personalData */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2593] OBJ_id_pda_dateOfBirth */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2601] OBJ_id_pda_placeOfBirth */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2609] OBJ_id_pda_gender */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2617] OBJ_id_pda_countryOfCitizenship */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2625] OBJ_id_pda_countryOfResidence */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2633] OBJ_id_aca_authenticationInfo */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2641] OBJ_id_aca_accessIdentity */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2649] OBJ_id_aca_chargingIdentity */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2657] OBJ_id_aca_group */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2665] OBJ_id_aca_role */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2673] OBJ_id_qcs_pkixQCSyntax_v1 */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2681] OBJ_id_cct_crs */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2689] OBJ_id_cct_PKIData */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2697] OBJ_id_cct_PKIResponse */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2705] OBJ_ad_timeStamping */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2713] OBJ_ad_dvcs */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2721] OBJ_id_pkix_OCSP_basic */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2730] OBJ_id_pkix_OCSP_Nonce */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2739] OBJ_id_pkix_OCSP_CrlID */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2748] OBJ_id_pkix_OCSP_acceptableResponses */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2757] OBJ_id_pkix_OCSP_noCheck */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2766] OBJ_id_pkix_OCSP_archiveCutoff */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2775] OBJ_id_pkix_OCSP_serviceLocator */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2784] OBJ_id_pkix_OCSP_extendedStatus */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2793] OBJ_id_pkix_OCSP_valid */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2802] OBJ_id_pkix_OCSP_path */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2811] OBJ_id_pkix_OCSP_trustRoot */ +-0x2B,0x0E,0x03,0x02, /* [2820] OBJ_algorithm */ +-0x2B,0x0E,0x03,0x02,0x0B, /* [2824] OBJ_rsaSignature */ +-0x55,0x08, /* [2829] OBJ_X500algorithms */ +-0x2B, /* [2831] OBJ_org */ +-0x2B,0x06, /* [2832] OBJ_dod */ +-0x2B,0x06,0x01, /* [2834] OBJ_iana */ +-0x2B,0x06,0x01,0x01, /* [2837] OBJ_Directory */ +-0x2B,0x06,0x01,0x02, /* [2841] OBJ_Management */ +-0x2B,0x06,0x01,0x03, /* [2845] OBJ_Experimental */ +-0x2B,0x06,0x01,0x04, /* [2849] OBJ_Private */ +-0x2B,0x06,0x01,0x05, /* [2853] OBJ_Security */ +-0x2B,0x06,0x01,0x06, /* [2857] OBJ_SNMPv2 */ +-0x2B,0x06,0x01,0x07, /* [2861] OBJ_Mail */ +-0x2B,0x06,0x01,0x04,0x01, /* [2865] OBJ_Enterprises */ +-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2870] OBJ_dcObject */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2879] OBJ_domainComponent */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2889] OBJ_Domain */ +-0x00, /* [2899] OBJ_joint_iso_ccitt */ +-0x55,0x01,0x05, /* [2900] OBJ_selected_attribute_types */ +-0x55,0x01,0x05,0x37, /* [2903] OBJ_clearance */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2907] OBJ_md4WithRSAEncryption */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2916] OBJ_ac_proxying */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2924] OBJ_sinfo_access */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2932] OBJ_id_aca_encAttrs */ +-0x55,0x04,0x48, /* [2940] OBJ_role */ +-0x55,0x1D,0x24, /* [2943] OBJ_policy_constraints */ +-0x55,0x1D,0x37, /* [2946] OBJ_target_information */ +-0x55,0x1D,0x38, /* [2949] OBJ_no_rev_avail */ +-0x00, /* [2952] OBJ_ccitt */ +-0x2A,0x86,0x48,0xCE,0x3D, /* [2953] OBJ_ansi_X9_62 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2958] OBJ_X9_62_prime_field */ +-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2965] OBJ_X9_62_characteristic_two_field */ +-0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2972] OBJ_X9_62_id_ecPublicKey */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2979] OBJ_X9_62_prime192v1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2987] OBJ_X9_62_prime192v2 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2995] OBJ_X9_62_prime192v3 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3003] OBJ_X9_62_prime239v1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3011] OBJ_X9_62_prime239v2 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3019] OBJ_X9_62_prime239v3 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3027] OBJ_X9_62_prime256v1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3035] OBJ_ecdsa_with_SHA1 */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3042] OBJ_ms_csp_name */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3051] OBJ_aes_128_ecb */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3060] OBJ_aes_128_cbc */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3069] OBJ_aes_128_ofb128 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3078] OBJ_aes_128_cfb128 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3087] OBJ_aes_192_ecb */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3096] OBJ_aes_192_cbc */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3105] OBJ_aes_192_ofb128 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3114] OBJ_aes_192_cfb128 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3123] OBJ_aes_256_ecb */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3132] OBJ_aes_256_cbc */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3141] OBJ_aes_256_ofb128 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3150] OBJ_aes_256_cfb128 */ +-0x55,0x1D,0x17, /* [3159] OBJ_hold_instruction_code */ +-0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3162] OBJ_hold_instruction_none */ +-0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3169] OBJ_hold_instruction_call_issuer */ +-0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3176] OBJ_hold_instruction_reject */ +-0x09, /* [3183] OBJ_data */ +-0x09,0x92,0x26, /* [3184] OBJ_pss */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3187] OBJ_ucl */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3194] OBJ_pilot */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3202] OBJ_pilotAttributeType */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3211] OBJ_pilotAttributeSyntax */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3220] OBJ_pilotObjectClass */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3229] OBJ_pilotGroups */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3238] OBJ_iA5StringSyntax */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3248] OBJ_caseIgnoreIA5StringSyntax */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3258] OBJ_pilotObject */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3268] OBJ_pilotPerson */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3278] OBJ_account */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3288] OBJ_document */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3298] OBJ_room */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3308] OBJ_documentSeries */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3318] OBJ_rFC822localPart */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3328] OBJ_dNSDomain */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3338] OBJ_domainRelatedObject */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3348] OBJ_friendlyCountry */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3358] OBJ_simpleSecurityObject */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3368] OBJ_pilotOrganization */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3378] OBJ_pilotDSA */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3388] OBJ_qualityLabelledData */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3398] OBJ_userId */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3408] OBJ_textEncodedORAddress */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3418] OBJ_rfc822Mailbox */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3428] OBJ_info */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3438] OBJ_favouriteDrink */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3448] OBJ_roomNumber */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3458] OBJ_photo */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3468] OBJ_userClass */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3478] OBJ_host */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3488] OBJ_manager */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3498] OBJ_documentIdentifier */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3508] OBJ_documentTitle */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3518] OBJ_documentVersion */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3528] OBJ_documentAuthor */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3538] OBJ_documentLocation */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3548] OBJ_homeTelephoneNumber */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3558] OBJ_secretary */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3568] OBJ_otherMailbox */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3578] OBJ_lastModifiedTime */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3588] OBJ_lastModifiedBy */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3598] OBJ_aRecord */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3608] OBJ_pilotAttributeType27 */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3618] OBJ_mXRecord */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3628] OBJ_nSRecord */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3638] OBJ_sOARecord */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3648] OBJ_cNAMERecord */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3658] OBJ_associatedDomain */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3668] OBJ_associatedName */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3678] OBJ_homePostalAddress */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3688] OBJ_personalTitle */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3698] OBJ_mobileTelephoneNumber */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3708] OBJ_pagerTelephoneNumber */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3718] OBJ_friendlyCountryName */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3728] OBJ_organizationalStatus */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3738] OBJ_janetMailbox */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3748] OBJ_mailPreferenceOption */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3758] OBJ_buildingName */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3768] OBJ_dSAQuality */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3778] OBJ_singleLevelQuality */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3788] OBJ_subtreeMinimumQuality */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3798] OBJ_subtreeMaximumQuality */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3808] OBJ_personalSignature */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3818] OBJ_dITRedirect */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3828] OBJ_audio */ +-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3838] OBJ_documentPublisher */ +-0x55,0x04,0x2D, /* [3848] OBJ_x500UniqueIdentifier */ +-0x2B,0x06,0x01,0x07,0x01, /* [3851] OBJ_mime_mhs */ +-0x2B,0x06,0x01,0x07,0x01,0x01, /* [3856] OBJ_mime_mhs_headings */ +-0x2B,0x06,0x01,0x07,0x01,0x02, /* [3862] OBJ_mime_mhs_bodies */ +-0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3868] OBJ_id_hex_partial_message */ +-0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3875] OBJ_id_hex_multipart_message */ +-0x55,0x04,0x2C, /* [3882] OBJ_generationQualifier */ +-0x55,0x04,0x41, /* [3885] OBJ_pseudonym */ +-0x67,0x2A, /* [3888] OBJ_id_set */ +-0x67,0x2A,0x00, /* [3890] OBJ_set_ctype */ +-0x67,0x2A,0x01, /* [3893] OBJ_set_msgExt */ +-0x67,0x2A,0x03, /* [3896] OBJ_set_attr */ +-0x67,0x2A,0x05, /* [3899] OBJ_set_policy */ +-0x67,0x2A,0x07, /* [3902] OBJ_set_certExt */ +-0x67,0x2A,0x08, /* [3905] OBJ_set_brand */ +-0x67,0x2A,0x00,0x00, /* [3908] OBJ_setct_PANData */ +-0x67,0x2A,0x00,0x01, /* [3912] OBJ_setct_PANToken */ +-0x67,0x2A,0x00,0x02, /* [3916] OBJ_setct_PANOnly */ +-0x67,0x2A,0x00,0x03, /* [3920] OBJ_setct_OIData */ +-0x67,0x2A,0x00,0x04, /* [3924] OBJ_setct_PI */ +-0x67,0x2A,0x00,0x05, /* [3928] OBJ_setct_PIData */ +-0x67,0x2A,0x00,0x06, /* [3932] OBJ_setct_PIDataUnsigned */ +-0x67,0x2A,0x00,0x07, /* [3936] OBJ_setct_HODInput */ +-0x67,0x2A,0x00,0x08, /* [3940] OBJ_setct_AuthResBaggage */ +-0x67,0x2A,0x00,0x09, /* [3944] OBJ_setct_AuthRevReqBaggage */ +-0x67,0x2A,0x00,0x0A, /* [3948] OBJ_setct_AuthRevResBaggage */ +-0x67,0x2A,0x00,0x0B, /* [3952] OBJ_setct_CapTokenSeq */ +-0x67,0x2A,0x00,0x0C, /* [3956] OBJ_setct_PInitResData */ +-0x67,0x2A,0x00,0x0D, /* [3960] OBJ_setct_PI_TBS */ +-0x67,0x2A,0x00,0x0E, /* [3964] OBJ_setct_PResData */ +-0x67,0x2A,0x00,0x10, /* [3968] OBJ_setct_AuthReqTBS */ +-0x67,0x2A,0x00,0x11, /* [3972] OBJ_setct_AuthResTBS */ +-0x67,0x2A,0x00,0x12, /* [3976] OBJ_setct_AuthResTBSX */ +-0x67,0x2A,0x00,0x13, /* [3980] OBJ_setct_AuthTokenTBS */ +-0x67,0x2A,0x00,0x14, /* [3984] OBJ_setct_CapTokenData */ +-0x67,0x2A,0x00,0x15, /* [3988] OBJ_setct_CapTokenTBS */ +-0x67,0x2A,0x00,0x16, /* [3992] OBJ_setct_AcqCardCodeMsg */ +-0x67,0x2A,0x00,0x17, /* [3996] OBJ_setct_AuthRevReqTBS */ +-0x67,0x2A,0x00,0x18, /* [4000] OBJ_setct_AuthRevResData */ +-0x67,0x2A,0x00,0x19, /* [4004] OBJ_setct_AuthRevResTBS */ +-0x67,0x2A,0x00,0x1A, /* [4008] OBJ_setct_CapReqTBS */ +-0x67,0x2A,0x00,0x1B, /* [4012] OBJ_setct_CapReqTBSX */ +-0x67,0x2A,0x00,0x1C, /* [4016] OBJ_setct_CapResData */ +-0x67,0x2A,0x00,0x1D, /* [4020] OBJ_setct_CapRevReqTBS */ +-0x67,0x2A,0x00,0x1E, /* [4024] OBJ_setct_CapRevReqTBSX */ +-0x67,0x2A,0x00,0x1F, /* [4028] OBJ_setct_CapRevResData */ +-0x67,0x2A,0x00,0x20, /* [4032] OBJ_setct_CredReqTBS */ +-0x67,0x2A,0x00,0x21, /* [4036] OBJ_setct_CredReqTBSX */ +-0x67,0x2A,0x00,0x22, /* [4040] OBJ_setct_CredResData */ +-0x67,0x2A,0x00,0x23, /* [4044] OBJ_setct_CredRevReqTBS */ +-0x67,0x2A,0x00,0x24, /* [4048] OBJ_setct_CredRevReqTBSX */ +-0x67,0x2A,0x00,0x25, /* [4052] OBJ_setct_CredRevResData */ +-0x67,0x2A,0x00,0x26, /* [4056] OBJ_setct_PCertReqData */ +-0x67,0x2A,0x00,0x27, /* [4060] OBJ_setct_PCertResTBS */ +-0x67,0x2A,0x00,0x28, /* [4064] OBJ_setct_BatchAdminReqData */ +-0x67,0x2A,0x00,0x29, /* [4068] OBJ_setct_BatchAdminResData */ +-0x67,0x2A,0x00,0x2A, /* [4072] OBJ_setct_CardCInitResTBS */ +-0x67,0x2A,0x00,0x2B, /* [4076] OBJ_setct_MeAqCInitResTBS */ +-0x67,0x2A,0x00,0x2C, /* [4080] OBJ_setct_RegFormResTBS */ +-0x67,0x2A,0x00,0x2D, /* [4084] OBJ_setct_CertReqData */ +-0x67,0x2A,0x00,0x2E, /* [4088] OBJ_setct_CertReqTBS */ +-0x67,0x2A,0x00,0x2F, /* [4092] OBJ_setct_CertResData */ +-0x67,0x2A,0x00,0x30, /* [4096] OBJ_setct_CertInqReqTBS */ +-0x67,0x2A,0x00,0x31, /* [4100] OBJ_setct_ErrorTBS */ +-0x67,0x2A,0x00,0x32, /* [4104] OBJ_setct_PIDualSignedTBE */ +-0x67,0x2A,0x00,0x33, /* [4108] OBJ_setct_PIUnsignedTBE */ +-0x67,0x2A,0x00,0x34, /* [4112] OBJ_setct_AuthReqTBE */ +-0x67,0x2A,0x00,0x35, /* [4116] OBJ_setct_AuthResTBE */ +-0x67,0x2A,0x00,0x36, /* [4120] OBJ_setct_AuthResTBEX */ +-0x67,0x2A,0x00,0x37, /* [4124] OBJ_setct_AuthTokenTBE */ +-0x67,0x2A,0x00,0x38, /* [4128] OBJ_setct_CapTokenTBE */ +-0x67,0x2A,0x00,0x39, /* [4132] OBJ_setct_CapTokenTBEX */ +-0x67,0x2A,0x00,0x3A, /* [4136] OBJ_setct_AcqCardCodeMsgTBE */ +-0x67,0x2A,0x00,0x3B, /* [4140] OBJ_setct_AuthRevReqTBE */ +-0x67,0x2A,0x00,0x3C, /* [4144] OBJ_setct_AuthRevResTBE */ +-0x67,0x2A,0x00,0x3D, /* [4148] OBJ_setct_AuthRevResTBEB */ +-0x67,0x2A,0x00,0x3E, /* [4152] OBJ_setct_CapReqTBE */ +-0x67,0x2A,0x00,0x3F, /* [4156] OBJ_setct_CapReqTBEX */ +-0x67,0x2A,0x00,0x40, /* [4160] OBJ_setct_CapResTBE */ +-0x67,0x2A,0x00,0x41, /* [4164] OBJ_setct_CapRevReqTBE */ +-0x67,0x2A,0x00,0x42, /* [4168] OBJ_setct_CapRevReqTBEX */ +-0x67,0x2A,0x00,0x43, /* [4172] OBJ_setct_CapRevResTBE */ +-0x67,0x2A,0x00,0x44, /* [4176] OBJ_setct_CredReqTBE */ +-0x67,0x2A,0x00,0x45, /* [4180] OBJ_setct_CredReqTBEX */ +-0x67,0x2A,0x00,0x46, /* [4184] OBJ_setct_CredResTBE */ +-0x67,0x2A,0x00,0x47, /* [4188] OBJ_setct_CredRevReqTBE */ +-0x67,0x2A,0x00,0x48, /* [4192] OBJ_setct_CredRevReqTBEX */ +-0x67,0x2A,0x00,0x49, /* [4196] OBJ_setct_CredRevResTBE */ +-0x67,0x2A,0x00,0x4A, /* [4200] OBJ_setct_BatchAdminReqTBE */ +-0x67,0x2A,0x00,0x4B, /* [4204] OBJ_setct_BatchAdminResTBE */ +-0x67,0x2A,0x00,0x4C, /* [4208] OBJ_setct_RegFormReqTBE */ +-0x67,0x2A,0x00,0x4D, /* [4212] OBJ_setct_CertReqTBE */ +-0x67,0x2A,0x00,0x4E, /* [4216] OBJ_setct_CertReqTBEX */ +-0x67,0x2A,0x00,0x4F, /* [4220] OBJ_setct_CertResTBE */ +-0x67,0x2A,0x00,0x50, /* [4224] OBJ_setct_CRLNotificationTBS */ +-0x67,0x2A,0x00,0x51, /* [4228] OBJ_setct_CRLNotificationResTBS */ +-0x67,0x2A,0x00,0x52, /* [4232] OBJ_setct_BCIDistributionTBS */ +-0x67,0x2A,0x01,0x01, /* [4236] OBJ_setext_genCrypt */ +-0x67,0x2A,0x01,0x03, /* [4240] OBJ_setext_miAuth */ +-0x67,0x2A,0x01,0x04, /* [4244] OBJ_setext_pinSecure */ +-0x67,0x2A,0x01,0x05, /* [4248] OBJ_setext_pinAny */ +-0x67,0x2A,0x01,0x07, /* [4252] OBJ_setext_track2 */ +-0x67,0x2A,0x01,0x08, /* [4256] OBJ_setext_cv */ +-0x67,0x2A,0x05,0x00, /* [4260] OBJ_set_policy_root */ +-0x67,0x2A,0x07,0x00, /* [4264] OBJ_setCext_hashedRoot */ +-0x67,0x2A,0x07,0x01, /* [4268] OBJ_setCext_certType */ +-0x67,0x2A,0x07,0x02, /* [4272] OBJ_setCext_merchData */ +-0x67,0x2A,0x07,0x03, /* [4276] OBJ_setCext_cCertRequired */ +-0x67,0x2A,0x07,0x04, /* [4280] OBJ_setCext_tunneling */ +-0x67,0x2A,0x07,0x05, /* [4284] OBJ_setCext_setExt */ +-0x67,0x2A,0x07,0x06, /* [4288] OBJ_setCext_setQualf */ +-0x67,0x2A,0x07,0x07, /* [4292] OBJ_setCext_PGWYcapabilities */ +-0x67,0x2A,0x07,0x08, /* [4296] OBJ_setCext_TokenIdentifier */ +-0x67,0x2A,0x07,0x09, /* [4300] OBJ_setCext_Track2Data */ +-0x67,0x2A,0x07,0x0A, /* [4304] OBJ_setCext_TokenType */ +-0x67,0x2A,0x07,0x0B, /* [4308] OBJ_setCext_IssuerCapabilities */ +-0x67,0x2A,0x03,0x00, /* [4312] OBJ_setAttr_Cert */ +-0x67,0x2A,0x03,0x01, /* [4316] OBJ_setAttr_PGWYcap */ +-0x67,0x2A,0x03,0x02, /* [4320] OBJ_setAttr_TokenType */ +-0x67,0x2A,0x03,0x03, /* [4324] OBJ_setAttr_IssCap */ +-0x67,0x2A,0x03,0x00,0x00, /* [4328] OBJ_set_rootKeyThumb */ +-0x67,0x2A,0x03,0x00,0x01, /* [4333] OBJ_set_addPolicy */ +-0x67,0x2A,0x03,0x02,0x01, /* [4338] OBJ_setAttr_Token_EMV */ +-0x67,0x2A,0x03,0x02,0x02, /* [4343] OBJ_setAttr_Token_B0Prime */ +-0x67,0x2A,0x03,0x03,0x03, /* [4348] OBJ_setAttr_IssCap_CVM */ +-0x67,0x2A,0x03,0x03,0x04, /* [4353] OBJ_setAttr_IssCap_T2 */ +-0x67,0x2A,0x03,0x03,0x05, /* [4358] OBJ_setAttr_IssCap_Sig */ +-0x67,0x2A,0x03,0x03,0x03,0x01, /* [4363] OBJ_setAttr_GenCryptgrm */ +-0x67,0x2A,0x03,0x03,0x04,0x01, /* [4369] OBJ_setAttr_T2Enc */ +-0x67,0x2A,0x03,0x03,0x04,0x02, /* [4375] OBJ_setAttr_T2cleartxt */ +-0x67,0x2A,0x03,0x03,0x05,0x01, /* [4381] OBJ_setAttr_TokICCsig */ +-0x67,0x2A,0x03,0x03,0x05,0x02, /* [4387] OBJ_setAttr_SecDevSig */ +-0x67,0x2A,0x08,0x01, /* [4393] OBJ_set_brand_IATA_ATA */ +-0x67,0x2A,0x08,0x1E, /* [4397] OBJ_set_brand_Diners */ +-0x67,0x2A,0x08,0x22, /* [4401] OBJ_set_brand_AmericanExpress */ +-0x67,0x2A,0x08,0x23, /* [4405] OBJ_set_brand_JCB */ +-0x67,0x2A,0x08,0x04, /* [4409] OBJ_set_brand_Visa */ +-0x67,0x2A,0x08,0x05, /* [4413] OBJ_set_brand_MasterCard */ +-0x67,0x2A,0x08,0xAE,0x7B, /* [4417] OBJ_set_brand_Novus */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4422] OBJ_des_cdmf */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4430] OBJ_rsaOAEPEncryptionSET */ +-0x00, /* [4439] OBJ_itu_t */ +-0x50, /* [4440] OBJ_joint_iso_itu_t */ +-0x67, /* [4441] OBJ_international_organizations */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4442] OBJ_ms_smartcard_login */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4452] OBJ_ms_upn */ +-0x55,0x04,0x09, /* [4462] OBJ_streetAddress */ +-0x55,0x04,0x11, /* [4465] OBJ_postalCode */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4468] OBJ_id_ppl */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4475] OBJ_proxyCertInfo */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4483] OBJ_id_ppl_anyLanguage */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4491] OBJ_id_ppl_inheritAll */ +-0x55,0x1D,0x1E, /* [4499] OBJ_name_constraints */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4502] OBJ_Independent */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4510] OBJ_sha256WithRSAEncryption */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4519] OBJ_sha384WithRSAEncryption */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4528] OBJ_sha512WithRSAEncryption */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4537] OBJ_sha224WithRSAEncryption */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4546] OBJ_sha256 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4555] OBJ_sha384 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4564] OBJ_sha512 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4573] OBJ_sha224 */ +-0x2B, /* [4582] OBJ_identified_organization */ +-0x2B,0x81,0x04, /* [4583] OBJ_certicom_arc */ +-0x67,0x2B, /* [4586] OBJ_wap */ +-0x67,0x2B,0x0D, /* [4588] OBJ_wap_wsg */ +-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4591] OBJ_X9_62_id_characteristic_two_basis */ +-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */ +-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */ +-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4617] OBJ_X9_62_ppBasis */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4626] OBJ_X9_62_c2pnb163v1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4634] OBJ_X9_62_c2pnb163v2 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4642] OBJ_X9_62_c2pnb163v3 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4650] OBJ_X9_62_c2pnb176v1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4658] OBJ_X9_62_c2tnb191v1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4666] OBJ_X9_62_c2tnb191v2 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4674] OBJ_X9_62_c2tnb191v3 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4682] OBJ_X9_62_c2onb191v4 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4690] OBJ_X9_62_c2onb191v5 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4698] OBJ_X9_62_c2pnb208w1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4706] OBJ_X9_62_c2tnb239v1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4714] OBJ_X9_62_c2tnb239v2 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4722] OBJ_X9_62_c2tnb239v3 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4730] OBJ_X9_62_c2onb239v4 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4738] OBJ_X9_62_c2onb239v5 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4746] OBJ_X9_62_c2pnb272w1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4754] OBJ_X9_62_c2pnb304w1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4762] OBJ_X9_62_c2tnb359v1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4770] OBJ_X9_62_c2pnb368w1 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4778] OBJ_X9_62_c2tnb431r1 */ +-0x2B,0x81,0x04,0x00,0x06, /* [4786] OBJ_secp112r1 */ +-0x2B,0x81,0x04,0x00,0x07, /* [4791] OBJ_secp112r2 */ +-0x2B,0x81,0x04,0x00,0x1C, /* [4796] OBJ_secp128r1 */ +-0x2B,0x81,0x04,0x00,0x1D, /* [4801] OBJ_secp128r2 */ +-0x2B,0x81,0x04,0x00,0x09, /* [4806] OBJ_secp160k1 */ +-0x2B,0x81,0x04,0x00,0x08, /* [4811] OBJ_secp160r1 */ +-0x2B,0x81,0x04,0x00,0x1E, /* [4816] OBJ_secp160r2 */ +-0x2B,0x81,0x04,0x00,0x1F, /* [4821] OBJ_secp192k1 */ +-0x2B,0x81,0x04,0x00,0x20, /* [4826] OBJ_secp224k1 */ +-0x2B,0x81,0x04,0x00,0x21, /* [4831] OBJ_secp224r1 */ +-0x2B,0x81,0x04,0x00,0x0A, /* [4836] OBJ_secp256k1 */ +-0x2B,0x81,0x04,0x00,0x22, /* [4841] OBJ_secp384r1 */ +-0x2B,0x81,0x04,0x00,0x23, /* [4846] OBJ_secp521r1 */ +-0x2B,0x81,0x04,0x00,0x04, /* [4851] OBJ_sect113r1 */ +-0x2B,0x81,0x04,0x00,0x05, /* [4856] OBJ_sect113r2 */ +-0x2B,0x81,0x04,0x00,0x16, /* [4861] OBJ_sect131r1 */ +-0x2B,0x81,0x04,0x00,0x17, /* [4866] OBJ_sect131r2 */ +-0x2B,0x81,0x04,0x00,0x01, /* [4871] OBJ_sect163k1 */ +-0x2B,0x81,0x04,0x00,0x02, /* [4876] OBJ_sect163r1 */ +-0x2B,0x81,0x04,0x00,0x0F, /* [4881] OBJ_sect163r2 */ +-0x2B,0x81,0x04,0x00,0x18, /* [4886] OBJ_sect193r1 */ +-0x2B,0x81,0x04,0x00,0x19, /* [4891] OBJ_sect193r2 */ +-0x2B,0x81,0x04,0x00,0x1A, /* [4896] OBJ_sect233k1 */ +-0x2B,0x81,0x04,0x00,0x1B, /* [4901] OBJ_sect233r1 */ +-0x2B,0x81,0x04,0x00,0x03, /* [4906] OBJ_sect239k1 */ +-0x2B,0x81,0x04,0x00,0x10, /* [4911] OBJ_sect283k1 */ +-0x2B,0x81,0x04,0x00,0x11, /* [4916] OBJ_sect283r1 */ +-0x2B,0x81,0x04,0x00,0x24, /* [4921] OBJ_sect409k1 */ +-0x2B,0x81,0x04,0x00,0x25, /* [4926] OBJ_sect409r1 */ +-0x2B,0x81,0x04,0x00,0x26, /* [4931] OBJ_sect571k1 */ +-0x2B,0x81,0x04,0x00,0x27, /* [4936] OBJ_sect571r1 */ +-0x67,0x2B,0x0D,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */ +-0x67,0x2B,0x0D,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */ +-0x67,0x2B,0x0D,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */ +-0x67,0x2B,0x0D,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */ +-0x67,0x2B,0x0D,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */ +-0x67,0x2B,0x0D,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */ +-0x67,0x2B,0x0D,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */ +-0x67,0x2B,0x0D,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */ +-0x67,0x2B,0x0D,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */ +-0x67,0x2B,0x0D,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */ +-0x67,0x2B,0x0D,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */ +-0x55,0x1D,0x20,0x00, /* [4996] OBJ_any_policy */ +-0x55,0x1D,0x21, /* [5000] OBJ_policy_mappings */ +-0x55,0x1D,0x36, /* [5003] OBJ_inhibit_any_policy */ +-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5006] OBJ_camellia_128_cbc */ +-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5017] OBJ_camellia_192_cbc */ +-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5028] OBJ_camellia_256_cbc */ +-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5039] OBJ_camellia_128_ecb */ +-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5047] OBJ_camellia_192_ecb */ +-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5055] OBJ_camellia_256_ecb */ +-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5063] OBJ_camellia_128_cfb128 */ +-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5071] OBJ_camellia_192_cfb128 */ +-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5079] OBJ_camellia_256_cfb128 */ +-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5087] OBJ_camellia_128_ofb128 */ +-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5095] OBJ_camellia_192_ofb128 */ +-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5103] OBJ_camellia_256_ofb128 */ +-0x55,0x1D,0x09, /* [5111] OBJ_subject_directory_attributes */ +-0x55,0x1D,0x1C, /* [5114] OBJ_issuing_distribution_point */ +-0x55,0x1D,0x1D, /* [5117] OBJ_certificate_issuer */ +-0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5120] OBJ_kisa */ +-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5126] OBJ_seed_ecb */ +-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5134] OBJ_seed_cbc */ +-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5142] OBJ_seed_ofb128 */ +-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5150] OBJ_seed_cfb128 */ +-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5158] OBJ_hmac_md5 */ +-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5166] OBJ_hmac_sha1 */ +-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5174] OBJ_id_PasswordBasedMAC */ +-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5183] OBJ_id_DHBasedMac */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5192] OBJ_id_it_suppLangTags */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5200] OBJ_caRepository */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5208] OBJ_id_smime_ct_compressedData */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5219] OBJ_id_ct_asciiTextWithCRLF */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5230] OBJ_id_aes128_wrap */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5239] OBJ_id_aes192_wrap */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5248] OBJ_id_aes256_wrap */ +-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5257] OBJ_ecdsa_with_Recommended */ +-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5264] OBJ_ecdsa_with_Specified */ +-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5271] OBJ_ecdsa_with_SHA224 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5279] OBJ_ecdsa_with_SHA256 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5287] OBJ_ecdsa_with_SHA384 */ +-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5295] OBJ_ecdsa_with_SHA512 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5303] OBJ_hmacWithMD5 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5311] OBJ_hmacWithSHA224 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5319] OBJ_hmacWithSHA256 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5327] OBJ_hmacWithSHA384 */ +-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5335] OBJ_hmacWithSHA512 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5343] OBJ_dsa_with_SHA224 */ +-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5352] OBJ_dsa_with_SHA256 */ +-0x28,0xCF,0x06,0x03,0x00,0x37, /* [5361] OBJ_whirlpool */ +-0x2A,0x85,0x03,0x02,0x02, /* [5367] OBJ_cryptopro */ +-0x2A,0x85,0x03,0x02,0x09, /* [5372] OBJ_cryptocom */ +-0x2A,0x85,0x03,0x02,0x02,0x03, /* [5377] OBJ_id_GostR3411_94_with_GostR3410_2001 */ +-0x2A,0x85,0x03,0x02,0x02,0x04, /* [5383] OBJ_id_GostR3411_94_with_GostR3410_94 */ +-0x2A,0x85,0x03,0x02,0x02,0x09, /* [5389] OBJ_id_GostR3411_94 */ +-0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5395] OBJ_id_HMACGostR3411_94 */ +-0x2A,0x85,0x03,0x02,0x02,0x13, /* [5401] OBJ_id_GostR3410_2001 */ +-0x2A,0x85,0x03,0x02,0x02,0x14, /* [5407] OBJ_id_GostR3410_94 */ +-0x2A,0x85,0x03,0x02,0x02,0x15, /* [5413] OBJ_id_Gost28147_89 */ +-0x2A,0x85,0x03,0x02,0x02,0x16, /* [5419] OBJ_id_Gost28147_89_MAC */ +-0x2A,0x85,0x03,0x02,0x02,0x17, /* [5425] OBJ_id_GostR3411_94_prf */ +-0x2A,0x85,0x03,0x02,0x02,0x62, /* [5431] OBJ_id_GostR3410_2001DH */ +-0x2A,0x85,0x03,0x02,0x02,0x63, /* [5437] OBJ_id_GostR3410_94DH */ +-0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5443] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ +-0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5450] OBJ_id_Gost28147_89_None_KeyMeshing */ +-0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5457] OBJ_id_GostR3411_94_TestParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5464] OBJ_id_GostR3411_94_CryptoProParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5471] OBJ_id_Gost28147_89_TestParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5478] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5485] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5492] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5499] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5506] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5513] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5520] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5527] OBJ_id_GostR3410_94_TestParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5534] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5541] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5548] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5555] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5562] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5569] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5576] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5583] OBJ_id_GostR3410_2001_TestParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5590] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5597] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5604] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5611] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5618] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ +-0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5625] OBJ_id_GostR3410_94_a */ +-0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5632] OBJ_id_GostR3410_94_aBis */ +-0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5639] OBJ_id_GostR3410_94_b */ +-0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5646] OBJ_id_GostR3410_94_bBis */ +-0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5653] OBJ_id_Gost28147_89_cc */ +-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5661] OBJ_id_GostR3410_94_cc */ +-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5669] OBJ_id_GostR3410_2001_cc */ +-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5677] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ +-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5685] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ +-0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5693] OBJ_id_GostR3410_2001_ParamSet_cc */ +-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */ +-0x55,0x1D,0x2E, /* [5710] OBJ_freshest_crl */ +-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5713] OBJ_id_on_permanentIdentifier */ ++static const unsigned char lvalues[6255]={ ++0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */ ++0x55, /* [ 82] OBJ_X500 */ ++0x55,0x04, /* [ 83] OBJ_X509 */ ++0x55,0x04,0x03, /* [ 85] OBJ_commonName */ ++0x55,0x04,0x06, /* [ 88] OBJ_countryName */ ++0x55,0x04,0x07, /* [ 91] OBJ_localityName */ ++0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */ ++0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */ ++0x55,0x04,0x0B, /* [100] OBJ_organizationalUnitName */ ++0x55,0x08,0x01,0x01, /* [103] OBJ_rsa */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [107] OBJ_pkcs7 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [169] OBJ_pkcs3 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */ ++0x2B,0x0E,0x03,0x02,0x06, /* [186] OBJ_des_ecb */ ++0x2B,0x0E,0x03,0x02,0x09, /* [191] OBJ_des_cfb64 */ ++0x2B,0x0E,0x03,0x02,0x07, /* [196] OBJ_des_cbc */ ++0x2B,0x0E,0x03,0x02,0x11, /* [201] OBJ_des_ede_ecb */ ++0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [206] OBJ_idea_cbc */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [217] OBJ_rc2_cbc */ ++0x2B,0x0E,0x03,0x02,0x12, /* [225] OBJ_sha */ ++0x2B,0x0E,0x03,0x02,0x0F, /* [230] OBJ_shaWithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [235] OBJ_des_ede3_cbc */ ++0x2B,0x0E,0x03,0x02,0x08, /* [243] OBJ_des_ofb64 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [248] OBJ_pkcs9 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [256] OBJ_pkcs9_emailAddress */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [265] OBJ_pkcs9_unstructuredName */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [274] OBJ_pkcs9_contentType */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [283] OBJ_pkcs9_messageDigest */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [292] OBJ_pkcs9_signingTime */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [301] OBJ_pkcs9_countersignature */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [310] OBJ_pkcs9_challengePassword */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [319] OBJ_pkcs9_unstructuredAddress */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [328] OBJ_pkcs9_extCertAttributes */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [337] OBJ_netscape */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [344] OBJ_netscape_cert_extension */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [352] OBJ_netscape_data_type */ ++0x2B,0x0E,0x03,0x02,0x1A, /* [360] OBJ_sha1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [365] OBJ_sha1WithRSAEncryption */ ++0x2B,0x0E,0x03,0x02,0x0D, /* [374] OBJ_dsaWithSHA */ ++0x2B,0x0E,0x03,0x02,0x0C, /* [379] OBJ_dsa_2 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [384] OBJ_pbeWithSHA1AndRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [393] OBJ_id_pbkdf2 */ ++0x2B,0x0E,0x03,0x02,0x1B, /* [402] OBJ_dsaWithSHA1_2 */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [407] OBJ_netscape_cert_type */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [416] OBJ_netscape_base_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [425] OBJ_netscape_revocation_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [434] OBJ_netscape_ca_revocation_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [443] OBJ_netscape_renewal_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [452] OBJ_netscape_ca_policy_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [461] OBJ_netscape_ssl_server_name */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [470] OBJ_netscape_comment */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [479] OBJ_netscape_cert_sequence */ ++0x55,0x1D, /* [488] OBJ_id_ce */ ++0x55,0x1D,0x0E, /* [490] OBJ_subject_key_identifier */ ++0x55,0x1D,0x0F, /* [493] OBJ_key_usage */ ++0x55,0x1D,0x10, /* [496] OBJ_private_key_usage_period */ ++0x55,0x1D,0x11, /* [499] OBJ_subject_alt_name */ ++0x55,0x1D,0x12, /* [502] OBJ_issuer_alt_name */ ++0x55,0x1D,0x13, /* [505] OBJ_basic_constraints */ ++0x55,0x1D,0x14, /* [508] OBJ_crl_number */ ++0x55,0x1D,0x20, /* [511] OBJ_certificate_policies */ ++0x55,0x1D,0x23, /* [514] OBJ_authority_key_identifier */ ++0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [517] OBJ_bf_cbc */ ++0x55,0x08,0x03,0x65, /* [526] OBJ_mdc2 */ ++0x55,0x08,0x03,0x64, /* [530] OBJ_mdc2WithRSA */ ++0x55,0x04,0x2A, /* [534] OBJ_givenName */ ++0x55,0x04,0x04, /* [537] OBJ_surname */ ++0x55,0x04,0x2B, /* [540] OBJ_initials */ ++0x55,0x1D,0x1F, /* [543] OBJ_crl_distribution_points */ ++0x2B,0x0E,0x03,0x02,0x03, /* [546] OBJ_md5WithRSA */ ++0x55,0x04,0x05, /* [551] OBJ_serialNumber */ ++0x55,0x04,0x0C, /* [554] OBJ_title */ ++0x55,0x04,0x0D, /* [557] OBJ_description */ ++0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [560] OBJ_cast5_cbc */ ++0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [569] OBJ_pbeWithMD5AndCast5_CBC */ ++0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [578] OBJ_dsaWithSHA1 */ ++0x2B,0x0E,0x03,0x02,0x1D, /* [585] OBJ_sha1WithRSA */ ++0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [590] OBJ_dsa */ ++0x2B,0x24,0x03,0x02,0x01, /* [597] OBJ_ripemd160 */ ++0x2B,0x24,0x03,0x03,0x01,0x02, /* [602] OBJ_ripemd160WithRSA */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [608] OBJ_rc5_cbc */ ++0x29,0x01,0x01,0x85,0x1A,0x01, /* [616] OBJ_rle_compression */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [622] OBJ_zlib_compression */ ++0x55,0x1D,0x25, /* [633] OBJ_ext_key_usage */ ++0x2B,0x06,0x01,0x05,0x05,0x07, /* [636] OBJ_id_pkix */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [642] OBJ_id_kp */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [649] OBJ_server_auth */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [657] OBJ_client_auth */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [665] OBJ_code_sign */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [673] OBJ_email_protect */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [681] OBJ_time_stamp */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [689] OBJ_ms_code_ind */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [699] OBJ_ms_code_com */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [709] OBJ_ms_ctl_sign */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [719] OBJ_ms_sgc */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [729] OBJ_ms_efs */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [739] OBJ_ns_sgc */ ++0x55,0x1D,0x1B, /* [748] OBJ_delta_crl */ ++0x55,0x1D,0x15, /* [751] OBJ_crl_reason */ ++0x55,0x1D,0x18, /* [754] OBJ_invalidity_date */ ++0x2B,0x65,0x01,0x04,0x01, /* [757] OBJ_sxnet */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [762] OBJ_pbe_WithSHA1And128BitRC4 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [772] OBJ_pbe_WithSHA1And40BitRC4 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [782] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [792] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [802] OBJ_pbe_WithSHA1And128BitRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [812] OBJ_pbe_WithSHA1And40BitRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [822] OBJ_keyBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [833] OBJ_pkcs8ShroudedKeyBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [844] OBJ_certBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [855] OBJ_crlBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [866] OBJ_secretBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [877] OBJ_safeContentsBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [888] OBJ_friendlyName */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [897] OBJ_localKeyID */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [906] OBJ_x509Certificate */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [916] OBJ_sdsiCertificate */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [926] OBJ_x509Crl */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [936] OBJ_pbes2 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [945] OBJ_pbmac1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [954] OBJ_hmacWithSHA1 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [962] OBJ_id_qt_cps */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [970] OBJ_id_qt_unotice */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [978] OBJ_SMIMECapabilities */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [987] OBJ_pbeWithMD2AndRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [996] OBJ_pbeWithMD5AndRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1005] OBJ_pbeWithSHA1AndDES_CBC */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1014] OBJ_ms_ext_req */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1024] OBJ_ext_req */ ++0x55,0x04,0x29, /* [1033] OBJ_name */ ++0x55,0x04,0x2E, /* [1036] OBJ_dnQualifier */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1039] OBJ_id_pe */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1046] OBJ_id_ad */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1053] OBJ_info_access */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1061] OBJ_ad_OCSP */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1069] OBJ_ad_ca_issuers */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1077] OBJ_OCSP_sign */ ++0x2A, /* [1085] OBJ_member_body */ ++0x2A,0x86,0x48, /* [1086] OBJ_ISO_US */ ++0x2A,0x86,0x48,0xCE,0x38, /* [1089] OBJ_X9_57 */ ++0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1094] OBJ_X9cm */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1100] OBJ_pkcs1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1108] OBJ_pkcs5 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1866] OBJ_md4 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1874] OBJ_id_pkix_mod */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1881] OBJ_id_qt */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1888] OBJ_id_it */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1895] OBJ_id_pkip */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1902] OBJ_id_alg */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1909] OBJ_id_cmc */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1916] OBJ_id_on */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1923] OBJ_id_pda */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1930] OBJ_id_aca */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1937] OBJ_id_qcs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1944] OBJ_id_cct */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1951] OBJ_id_pkix1_explicit_88 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1959] OBJ_id_pkix1_implicit_88 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1967] OBJ_id_pkix1_explicit_93 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1975] OBJ_id_pkix1_implicit_93 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1983] OBJ_id_mod_crmf */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1991] OBJ_id_mod_cmc */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1999] OBJ_id_mod_kea_profile_88 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2007] OBJ_id_mod_kea_profile_93 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2015] OBJ_id_mod_cmp */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2023] OBJ_id_mod_qualified_cert_88 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2031] OBJ_id_mod_qualified_cert_93 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2039] OBJ_id_mod_attribute_cert */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2047] OBJ_id_mod_timestamp_protocol */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2055] OBJ_id_mod_ocsp */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2063] OBJ_id_mod_dvcs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2071] OBJ_id_mod_cmp2000 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2079] OBJ_biometricInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2087] OBJ_qcStatements */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2095] OBJ_ac_auditEntity */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2103] OBJ_ac_targeting */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2111] OBJ_aaControls */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2119] OBJ_sbgp_ipAddrBlock */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2127] OBJ_sbgp_autonomousSysNum */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2135] OBJ_sbgp_routerIdentifier */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2143] OBJ_textNotice */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2151] OBJ_ipsecEndSystem */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2159] OBJ_ipsecTunnel */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2167] OBJ_ipsecUser */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2175] OBJ_dvcs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2183] OBJ_id_it_caProtEncCert */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2191] OBJ_id_it_signKeyPairTypes */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2199] OBJ_id_it_encKeyPairTypes */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2207] OBJ_id_it_preferredSymmAlg */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2215] OBJ_id_it_caKeyUpdateInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2223] OBJ_id_it_currentCRL */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2231] OBJ_id_it_unsupportedOIDs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2239] OBJ_id_it_subscriptionRequest */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2247] OBJ_id_it_subscriptionResponse */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2255] OBJ_id_it_keyPairParamReq */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2263] OBJ_id_it_keyPairParamRep */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2271] OBJ_id_it_revPassphrase */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2279] OBJ_id_it_implicitConfirm */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2287] OBJ_id_it_confirmWaitTime */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2295] OBJ_id_it_origPKIMessage */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2303] OBJ_id_regCtrl */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2311] OBJ_id_regInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2391] OBJ_id_alg_des40 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2399] OBJ_id_alg_noSignature */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2415] OBJ_id_alg_dh_pop */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2423] OBJ_id_cmc_statusInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2431] OBJ_id_cmc_identification */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2439] OBJ_id_cmc_identityProof */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2447] OBJ_id_cmc_dataReturn */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2455] OBJ_id_cmc_transactionId */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2463] OBJ_id_cmc_senderNonce */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2471] OBJ_id_cmc_recipientNonce */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2479] OBJ_id_cmc_addExtensions */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2487] OBJ_id_cmc_encryptedPOP */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2495] OBJ_id_cmc_decryptedPOP */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2503] OBJ_id_cmc_lraPOPWitness */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2511] OBJ_id_cmc_getCert */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2519] OBJ_id_cmc_getCRL */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2527] OBJ_id_cmc_revokeRequest */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2535] OBJ_id_cmc_regInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2543] OBJ_id_cmc_responseInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2551] OBJ_id_cmc_queryPending */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2559] OBJ_id_cmc_popLinkRandom */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2567] OBJ_id_cmc_popLinkWitness */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2575] OBJ_id_cmc_confirmCertAcceptance */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2583] OBJ_id_on_personalData */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2591] OBJ_id_pda_dateOfBirth */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2599] OBJ_id_pda_placeOfBirth */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2607] OBJ_id_pda_gender */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2615] OBJ_id_pda_countryOfCitizenship */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2623] OBJ_id_pda_countryOfResidence */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2631] OBJ_id_aca_authenticationInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2639] OBJ_id_aca_accessIdentity */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2647] OBJ_id_aca_chargingIdentity */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2655] OBJ_id_aca_group */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2663] OBJ_id_aca_role */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2679] OBJ_id_cct_crs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2687] OBJ_id_cct_PKIData */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2695] OBJ_id_cct_PKIResponse */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2703] OBJ_ad_timeStamping */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2711] OBJ_ad_dvcs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */ ++0x2B,0x0E,0x03,0x02, /* [2818] OBJ_algorithm */ ++0x2B,0x0E,0x03,0x02,0x0B, /* [2822] OBJ_rsaSignature */ ++0x55,0x08, /* [2827] OBJ_X500algorithms */ ++0x2B, /* [2829] OBJ_org */ ++0x2B,0x06, /* [2830] OBJ_dod */ ++0x2B,0x06,0x01, /* [2832] OBJ_iana */ ++0x2B,0x06,0x01,0x01, /* [2835] OBJ_Directory */ ++0x2B,0x06,0x01,0x02, /* [2839] OBJ_Management */ ++0x2B,0x06,0x01,0x03, /* [2843] OBJ_Experimental */ ++0x2B,0x06,0x01,0x04, /* [2847] OBJ_Private */ ++0x2B,0x06,0x01,0x05, /* [2851] OBJ_Security */ ++0x2B,0x06,0x01,0x06, /* [2855] OBJ_SNMPv2 */ ++0x2B,0x06,0x01,0x07, /* [2859] OBJ_Mail */ ++0x2B,0x06,0x01,0x04,0x01, /* [2863] OBJ_Enterprises */ ++0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */ ++0x55,0x01,0x05, /* [2897] OBJ_selected_attribute_types */ ++0x55,0x01,0x05,0x37, /* [2900] OBJ_clearance */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2904] OBJ_md4WithRSAEncryption */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2913] OBJ_ac_proxying */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2921] OBJ_sinfo_access */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2929] OBJ_id_aca_encAttrs */ ++0x55,0x04,0x48, /* [2937] OBJ_role */ ++0x55,0x1D,0x24, /* [2940] OBJ_policy_constraints */ ++0x55,0x1D,0x37, /* [2943] OBJ_target_information */ ++0x55,0x1D,0x38, /* [2946] OBJ_no_rev_avail */ ++0x2A,0x86,0x48,0xCE,0x3D, /* [2949] OBJ_ansi_X9_62 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2954] OBJ_X9_62_prime_field */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2961] OBJ_X9_62_characteristic_two_field */ ++0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2968] OBJ_X9_62_id_ecPublicKey */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2975] OBJ_X9_62_prime192v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2983] OBJ_X9_62_prime192v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2991] OBJ_X9_62_prime192v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2999] OBJ_X9_62_prime239v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3007] OBJ_X9_62_prime239v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3015] OBJ_X9_62_prime239v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3023] OBJ_X9_62_prime256v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3031] OBJ_ecdsa_with_SHA1 */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3038] OBJ_ms_csp_name */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3047] OBJ_aes_128_ecb */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3056] OBJ_aes_128_cbc */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3065] OBJ_aes_128_ofb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3074] OBJ_aes_128_cfb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3083] OBJ_aes_192_ecb */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3092] OBJ_aes_192_cbc */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3101] OBJ_aes_192_ofb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3110] OBJ_aes_192_cfb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3119] OBJ_aes_256_ecb */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3128] OBJ_aes_256_cbc */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3137] OBJ_aes_256_ofb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3146] OBJ_aes_256_cfb128 */ ++0x55,0x1D,0x17, /* [3155] OBJ_hold_instruction_code */ ++0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3158] OBJ_hold_instruction_none */ ++0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3165] OBJ_hold_instruction_call_issuer */ ++0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3172] OBJ_hold_instruction_reject */ ++0x09, /* [3179] OBJ_data */ ++0x09,0x92,0x26, /* [3180] OBJ_pss */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3183] OBJ_ucl */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3190] OBJ_pilot */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3198] OBJ_pilotAttributeType */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3207] OBJ_pilotAttributeSyntax */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3216] OBJ_pilotObjectClass */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3225] OBJ_pilotGroups */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3234] OBJ_iA5StringSyntax */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3244] OBJ_caseIgnoreIA5StringSyntax */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3254] OBJ_pilotObject */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3264] OBJ_pilotPerson */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3274] OBJ_account */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3284] OBJ_document */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3294] OBJ_room */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3304] OBJ_documentSeries */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3314] OBJ_rFC822localPart */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3324] OBJ_dNSDomain */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3334] OBJ_domainRelatedObject */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3344] OBJ_friendlyCountry */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3354] OBJ_simpleSecurityObject */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3364] OBJ_pilotOrganization */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3374] OBJ_pilotDSA */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3384] OBJ_qualityLabelledData */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3394] OBJ_userId */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3404] OBJ_textEncodedORAddress */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3414] OBJ_rfc822Mailbox */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3424] OBJ_info */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3434] OBJ_favouriteDrink */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3444] OBJ_roomNumber */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3454] OBJ_photo */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3464] OBJ_userClass */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3474] OBJ_host */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3484] OBJ_manager */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3494] OBJ_documentIdentifier */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3504] OBJ_documentTitle */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3514] OBJ_documentVersion */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3524] OBJ_documentAuthor */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3534] OBJ_documentLocation */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3544] OBJ_homeTelephoneNumber */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3554] OBJ_secretary */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3564] OBJ_otherMailbox */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3574] OBJ_lastModifiedTime */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3584] OBJ_lastModifiedBy */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3594] OBJ_aRecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3604] OBJ_pilotAttributeType27 */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3614] OBJ_mXRecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3624] OBJ_nSRecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3634] OBJ_sOARecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3644] OBJ_cNAMERecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3654] OBJ_associatedDomain */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3664] OBJ_associatedName */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3674] OBJ_homePostalAddress */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3684] OBJ_personalTitle */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3694] OBJ_mobileTelephoneNumber */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3704] OBJ_pagerTelephoneNumber */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3714] OBJ_friendlyCountryName */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3724] OBJ_organizationalStatus */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3734] OBJ_janetMailbox */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3744] OBJ_mailPreferenceOption */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3754] OBJ_buildingName */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3764] OBJ_dSAQuality */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3774] OBJ_singleLevelQuality */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3784] OBJ_subtreeMinimumQuality */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3794] OBJ_subtreeMaximumQuality */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3804] OBJ_personalSignature */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3814] OBJ_dITRedirect */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3824] OBJ_audio */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3834] OBJ_documentPublisher */ ++0x55,0x04,0x2D, /* [3844] OBJ_x500UniqueIdentifier */ ++0x2B,0x06,0x01,0x07,0x01, /* [3847] OBJ_mime_mhs */ ++0x2B,0x06,0x01,0x07,0x01,0x01, /* [3852] OBJ_mime_mhs_headings */ ++0x2B,0x06,0x01,0x07,0x01,0x02, /* [3858] OBJ_mime_mhs_bodies */ ++0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3864] OBJ_id_hex_partial_message */ ++0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3871] OBJ_id_hex_multipart_message */ ++0x55,0x04,0x2C, /* [3878] OBJ_generationQualifier */ ++0x55,0x04,0x41, /* [3881] OBJ_pseudonym */ ++0x67,0x2A, /* [3884] OBJ_id_set */ ++0x67,0x2A,0x00, /* [3886] OBJ_set_ctype */ ++0x67,0x2A,0x01, /* [3889] OBJ_set_msgExt */ ++0x67,0x2A,0x03, /* [3892] OBJ_set_attr */ ++0x67,0x2A,0x05, /* [3895] OBJ_set_policy */ ++0x67,0x2A,0x07, /* [3898] OBJ_set_certExt */ ++0x67,0x2A,0x08, /* [3901] OBJ_set_brand */ ++0x67,0x2A,0x00,0x00, /* [3904] OBJ_setct_PANData */ ++0x67,0x2A,0x00,0x01, /* [3908] OBJ_setct_PANToken */ ++0x67,0x2A,0x00,0x02, /* [3912] OBJ_setct_PANOnly */ ++0x67,0x2A,0x00,0x03, /* [3916] OBJ_setct_OIData */ ++0x67,0x2A,0x00,0x04, /* [3920] OBJ_setct_PI */ ++0x67,0x2A,0x00,0x05, /* [3924] OBJ_setct_PIData */ ++0x67,0x2A,0x00,0x06, /* [3928] OBJ_setct_PIDataUnsigned */ ++0x67,0x2A,0x00,0x07, /* [3932] OBJ_setct_HODInput */ ++0x67,0x2A,0x00,0x08, /* [3936] OBJ_setct_AuthResBaggage */ ++0x67,0x2A,0x00,0x09, /* [3940] OBJ_setct_AuthRevReqBaggage */ ++0x67,0x2A,0x00,0x0A, /* [3944] OBJ_setct_AuthRevResBaggage */ ++0x67,0x2A,0x00,0x0B, /* [3948] OBJ_setct_CapTokenSeq */ ++0x67,0x2A,0x00,0x0C, /* [3952] OBJ_setct_PInitResData */ ++0x67,0x2A,0x00,0x0D, /* [3956] OBJ_setct_PI_TBS */ ++0x67,0x2A,0x00,0x0E, /* [3960] OBJ_setct_PResData */ ++0x67,0x2A,0x00,0x10, /* [3964] OBJ_setct_AuthReqTBS */ ++0x67,0x2A,0x00,0x11, /* [3968] OBJ_setct_AuthResTBS */ ++0x67,0x2A,0x00,0x12, /* [3972] OBJ_setct_AuthResTBSX */ ++0x67,0x2A,0x00,0x13, /* [3976] OBJ_setct_AuthTokenTBS */ ++0x67,0x2A,0x00,0x14, /* [3980] OBJ_setct_CapTokenData */ ++0x67,0x2A,0x00,0x15, /* [3984] OBJ_setct_CapTokenTBS */ ++0x67,0x2A,0x00,0x16, /* [3988] OBJ_setct_AcqCardCodeMsg */ ++0x67,0x2A,0x00,0x17, /* [3992] OBJ_setct_AuthRevReqTBS */ ++0x67,0x2A,0x00,0x18, /* [3996] OBJ_setct_AuthRevResData */ ++0x67,0x2A,0x00,0x19, /* [4000] OBJ_setct_AuthRevResTBS */ ++0x67,0x2A,0x00,0x1A, /* [4004] OBJ_setct_CapReqTBS */ ++0x67,0x2A,0x00,0x1B, /* [4008] OBJ_setct_CapReqTBSX */ ++0x67,0x2A,0x00,0x1C, /* [4012] OBJ_setct_CapResData */ ++0x67,0x2A,0x00,0x1D, /* [4016] OBJ_setct_CapRevReqTBS */ ++0x67,0x2A,0x00,0x1E, /* [4020] OBJ_setct_CapRevReqTBSX */ ++0x67,0x2A,0x00,0x1F, /* [4024] OBJ_setct_CapRevResData */ ++0x67,0x2A,0x00,0x20, /* [4028] OBJ_setct_CredReqTBS */ ++0x67,0x2A,0x00,0x21, /* [4032] OBJ_setct_CredReqTBSX */ ++0x67,0x2A,0x00,0x22, /* [4036] OBJ_setct_CredResData */ ++0x67,0x2A,0x00,0x23, /* [4040] OBJ_setct_CredRevReqTBS */ ++0x67,0x2A,0x00,0x24, /* [4044] OBJ_setct_CredRevReqTBSX */ ++0x67,0x2A,0x00,0x25, /* [4048] OBJ_setct_CredRevResData */ ++0x67,0x2A,0x00,0x26, /* [4052] OBJ_setct_PCertReqData */ ++0x67,0x2A,0x00,0x27, /* [4056] OBJ_setct_PCertResTBS */ ++0x67,0x2A,0x00,0x28, /* [4060] OBJ_setct_BatchAdminReqData */ ++0x67,0x2A,0x00,0x29, /* [4064] OBJ_setct_BatchAdminResData */ ++0x67,0x2A,0x00,0x2A, /* [4068] OBJ_setct_CardCInitResTBS */ ++0x67,0x2A,0x00,0x2B, /* [4072] OBJ_setct_MeAqCInitResTBS */ ++0x67,0x2A,0x00,0x2C, /* [4076] OBJ_setct_RegFormResTBS */ ++0x67,0x2A,0x00,0x2D, /* [4080] OBJ_setct_CertReqData */ ++0x67,0x2A,0x00,0x2E, /* [4084] OBJ_setct_CertReqTBS */ ++0x67,0x2A,0x00,0x2F, /* [4088] OBJ_setct_CertResData */ ++0x67,0x2A,0x00,0x30, /* [4092] OBJ_setct_CertInqReqTBS */ ++0x67,0x2A,0x00,0x31, /* [4096] OBJ_setct_ErrorTBS */ ++0x67,0x2A,0x00,0x32, /* [4100] OBJ_setct_PIDualSignedTBE */ ++0x67,0x2A,0x00,0x33, /* [4104] OBJ_setct_PIUnsignedTBE */ ++0x67,0x2A,0x00,0x34, /* [4108] OBJ_setct_AuthReqTBE */ ++0x67,0x2A,0x00,0x35, /* [4112] OBJ_setct_AuthResTBE */ ++0x67,0x2A,0x00,0x36, /* [4116] OBJ_setct_AuthResTBEX */ ++0x67,0x2A,0x00,0x37, /* [4120] OBJ_setct_AuthTokenTBE */ ++0x67,0x2A,0x00,0x38, /* [4124] OBJ_setct_CapTokenTBE */ ++0x67,0x2A,0x00,0x39, /* [4128] OBJ_setct_CapTokenTBEX */ ++0x67,0x2A,0x00,0x3A, /* [4132] OBJ_setct_AcqCardCodeMsgTBE */ ++0x67,0x2A,0x00,0x3B, /* [4136] OBJ_setct_AuthRevReqTBE */ ++0x67,0x2A,0x00,0x3C, /* [4140] OBJ_setct_AuthRevResTBE */ ++0x67,0x2A,0x00,0x3D, /* [4144] OBJ_setct_AuthRevResTBEB */ ++0x67,0x2A,0x00,0x3E, /* [4148] OBJ_setct_CapReqTBE */ ++0x67,0x2A,0x00,0x3F, /* [4152] OBJ_setct_CapReqTBEX */ ++0x67,0x2A,0x00,0x40, /* [4156] OBJ_setct_CapResTBE */ ++0x67,0x2A,0x00,0x41, /* [4160] OBJ_setct_CapRevReqTBE */ ++0x67,0x2A,0x00,0x42, /* [4164] OBJ_setct_CapRevReqTBEX */ ++0x67,0x2A,0x00,0x43, /* [4168] OBJ_setct_CapRevResTBE */ ++0x67,0x2A,0x00,0x44, /* [4172] OBJ_setct_CredReqTBE */ ++0x67,0x2A,0x00,0x45, /* [4176] OBJ_setct_CredReqTBEX */ ++0x67,0x2A,0x00,0x46, /* [4180] OBJ_setct_CredResTBE */ ++0x67,0x2A,0x00,0x47, /* [4184] OBJ_setct_CredRevReqTBE */ ++0x67,0x2A,0x00,0x48, /* [4188] OBJ_setct_CredRevReqTBEX */ ++0x67,0x2A,0x00,0x49, /* [4192] OBJ_setct_CredRevResTBE */ ++0x67,0x2A,0x00,0x4A, /* [4196] OBJ_setct_BatchAdminReqTBE */ ++0x67,0x2A,0x00,0x4B, /* [4200] OBJ_setct_BatchAdminResTBE */ ++0x67,0x2A,0x00,0x4C, /* [4204] OBJ_setct_RegFormReqTBE */ ++0x67,0x2A,0x00,0x4D, /* [4208] OBJ_setct_CertReqTBE */ ++0x67,0x2A,0x00,0x4E, /* [4212] OBJ_setct_CertReqTBEX */ ++0x67,0x2A,0x00,0x4F, /* [4216] OBJ_setct_CertResTBE */ ++0x67,0x2A,0x00,0x50, /* [4220] OBJ_setct_CRLNotificationTBS */ ++0x67,0x2A,0x00,0x51, /* [4224] OBJ_setct_CRLNotificationResTBS */ ++0x67,0x2A,0x00,0x52, /* [4228] OBJ_setct_BCIDistributionTBS */ ++0x67,0x2A,0x01,0x01, /* [4232] OBJ_setext_genCrypt */ ++0x67,0x2A,0x01,0x03, /* [4236] OBJ_setext_miAuth */ ++0x67,0x2A,0x01,0x04, /* [4240] OBJ_setext_pinSecure */ ++0x67,0x2A,0x01,0x05, /* [4244] OBJ_setext_pinAny */ ++0x67,0x2A,0x01,0x07, /* [4248] OBJ_setext_track2 */ ++0x67,0x2A,0x01,0x08, /* [4252] OBJ_setext_cv */ ++0x67,0x2A,0x05,0x00, /* [4256] OBJ_set_policy_root */ ++0x67,0x2A,0x07,0x00, /* [4260] OBJ_setCext_hashedRoot */ ++0x67,0x2A,0x07,0x01, /* [4264] OBJ_setCext_certType */ ++0x67,0x2A,0x07,0x02, /* [4268] OBJ_setCext_merchData */ ++0x67,0x2A,0x07,0x03, /* [4272] OBJ_setCext_cCertRequired */ ++0x67,0x2A,0x07,0x04, /* [4276] OBJ_setCext_tunneling */ ++0x67,0x2A,0x07,0x05, /* [4280] OBJ_setCext_setExt */ ++0x67,0x2A,0x07,0x06, /* [4284] OBJ_setCext_setQualf */ ++0x67,0x2A,0x07,0x07, /* [4288] OBJ_setCext_PGWYcapabilities */ ++0x67,0x2A,0x07,0x08, /* [4292] OBJ_setCext_TokenIdentifier */ ++0x67,0x2A,0x07,0x09, /* [4296] OBJ_setCext_Track2Data */ ++0x67,0x2A,0x07,0x0A, /* [4300] OBJ_setCext_TokenType */ ++0x67,0x2A,0x07,0x0B, /* [4304] OBJ_setCext_IssuerCapabilities */ ++0x67,0x2A,0x03,0x00, /* [4308] OBJ_setAttr_Cert */ ++0x67,0x2A,0x03,0x01, /* [4312] OBJ_setAttr_PGWYcap */ ++0x67,0x2A,0x03,0x02, /* [4316] OBJ_setAttr_TokenType */ ++0x67,0x2A,0x03,0x03, /* [4320] OBJ_setAttr_IssCap */ ++0x67,0x2A,0x03,0x00,0x00, /* [4324] OBJ_set_rootKeyThumb */ ++0x67,0x2A,0x03,0x00,0x01, /* [4329] OBJ_set_addPolicy */ ++0x67,0x2A,0x03,0x02,0x01, /* [4334] OBJ_setAttr_Token_EMV */ ++0x67,0x2A,0x03,0x02,0x02, /* [4339] OBJ_setAttr_Token_B0Prime */ ++0x67,0x2A,0x03,0x03,0x03, /* [4344] OBJ_setAttr_IssCap_CVM */ ++0x67,0x2A,0x03,0x03,0x04, /* [4349] OBJ_setAttr_IssCap_T2 */ ++0x67,0x2A,0x03,0x03,0x05, /* [4354] OBJ_setAttr_IssCap_Sig */ ++0x67,0x2A,0x03,0x03,0x03,0x01, /* [4359] OBJ_setAttr_GenCryptgrm */ ++0x67,0x2A,0x03,0x03,0x04,0x01, /* [4365] OBJ_setAttr_T2Enc */ ++0x67,0x2A,0x03,0x03,0x04,0x02, /* [4371] OBJ_setAttr_T2cleartxt */ ++0x67,0x2A,0x03,0x03,0x05,0x01, /* [4377] OBJ_setAttr_TokICCsig */ ++0x67,0x2A,0x03,0x03,0x05,0x02, /* [4383] OBJ_setAttr_SecDevSig */ ++0x67,0x2A,0x08,0x01, /* [4389] OBJ_set_brand_IATA_ATA */ ++0x67,0x2A,0x08,0x1E, /* [4393] OBJ_set_brand_Diners */ ++0x67,0x2A,0x08,0x22, /* [4397] OBJ_set_brand_AmericanExpress */ ++0x67,0x2A,0x08,0x23, /* [4401] OBJ_set_brand_JCB */ ++0x67,0x2A,0x08,0x04, /* [4405] OBJ_set_brand_Visa */ ++0x67,0x2A,0x08,0x05, /* [4409] OBJ_set_brand_MasterCard */ ++0x67,0x2A,0x08,0xAE,0x7B, /* [4413] OBJ_set_brand_Novus */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4418] OBJ_des_cdmf */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4426] OBJ_rsaOAEPEncryptionSET */ ++0x67, /* [4435] OBJ_international_organizations */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4436] OBJ_ms_smartcard_login */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4446] OBJ_ms_upn */ ++0x55,0x04,0x09, /* [4456] OBJ_streetAddress */ ++0x55,0x04,0x11, /* [4459] OBJ_postalCode */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4462] OBJ_id_ppl */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4469] OBJ_proxyCertInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4477] OBJ_id_ppl_anyLanguage */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4485] OBJ_id_ppl_inheritAll */ ++0x55,0x1D,0x1E, /* [4493] OBJ_name_constraints */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4496] OBJ_Independent */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4504] OBJ_sha256WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4513] OBJ_sha384WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4522] OBJ_sha512WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4531] OBJ_sha224WithRSAEncryption */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4540] OBJ_sha256 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4549] OBJ_sha384 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4558] OBJ_sha512 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4567] OBJ_sha224 */ ++0x2B, /* [4576] OBJ_identified_organization */ ++0x2B,0x81,0x04, /* [4577] OBJ_certicom_arc */ ++0x67,0x2B, /* [4580] OBJ_wap */ ++0x67,0x2B,0x01, /* [4582] OBJ_wap_wsg */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4585] OBJ_X9_62_id_characteristic_two_basis */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4593] OBJ_X9_62_onBasis */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4602] OBJ_X9_62_tpBasis */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4611] OBJ_X9_62_ppBasis */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4620] OBJ_X9_62_c2pnb163v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4628] OBJ_X9_62_c2pnb163v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4636] OBJ_X9_62_c2pnb163v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4644] OBJ_X9_62_c2pnb176v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4652] OBJ_X9_62_c2tnb191v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4660] OBJ_X9_62_c2tnb191v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4668] OBJ_X9_62_c2tnb191v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4676] OBJ_X9_62_c2onb191v4 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4684] OBJ_X9_62_c2onb191v5 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4692] OBJ_X9_62_c2pnb208w1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4700] OBJ_X9_62_c2tnb239v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4708] OBJ_X9_62_c2tnb239v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4716] OBJ_X9_62_c2tnb239v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4724] OBJ_X9_62_c2onb239v4 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4732] OBJ_X9_62_c2onb239v5 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4740] OBJ_X9_62_c2pnb272w1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4748] OBJ_X9_62_c2pnb304w1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4756] OBJ_X9_62_c2tnb359v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4764] OBJ_X9_62_c2pnb368w1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4772] OBJ_X9_62_c2tnb431r1 */ ++0x2B,0x81,0x04,0x00,0x06, /* [4780] OBJ_secp112r1 */ ++0x2B,0x81,0x04,0x00,0x07, /* [4785] OBJ_secp112r2 */ ++0x2B,0x81,0x04,0x00,0x1C, /* [4790] OBJ_secp128r1 */ ++0x2B,0x81,0x04,0x00,0x1D, /* [4795] OBJ_secp128r2 */ ++0x2B,0x81,0x04,0x00,0x09, /* [4800] OBJ_secp160k1 */ ++0x2B,0x81,0x04,0x00,0x08, /* [4805] OBJ_secp160r1 */ ++0x2B,0x81,0x04,0x00,0x1E, /* [4810] OBJ_secp160r2 */ ++0x2B,0x81,0x04,0x00,0x1F, /* [4815] OBJ_secp192k1 */ ++0x2B,0x81,0x04,0x00,0x20, /* [4820] OBJ_secp224k1 */ ++0x2B,0x81,0x04,0x00,0x21, /* [4825] OBJ_secp224r1 */ ++0x2B,0x81,0x04,0x00,0x0A, /* [4830] OBJ_secp256k1 */ ++0x2B,0x81,0x04,0x00,0x22, /* [4835] OBJ_secp384r1 */ ++0x2B,0x81,0x04,0x00,0x23, /* [4840] OBJ_secp521r1 */ ++0x2B,0x81,0x04,0x00,0x04, /* [4845] OBJ_sect113r1 */ ++0x2B,0x81,0x04,0x00,0x05, /* [4850] OBJ_sect113r2 */ ++0x2B,0x81,0x04,0x00,0x16, /* [4855] OBJ_sect131r1 */ ++0x2B,0x81,0x04,0x00,0x17, /* [4860] OBJ_sect131r2 */ ++0x2B,0x81,0x04,0x00,0x01, /* [4865] OBJ_sect163k1 */ ++0x2B,0x81,0x04,0x00,0x02, /* [4870] OBJ_sect163r1 */ ++0x2B,0x81,0x04,0x00,0x0F, /* [4875] OBJ_sect163r2 */ ++0x2B,0x81,0x04,0x00,0x18, /* [4880] OBJ_sect193r1 */ ++0x2B,0x81,0x04,0x00,0x19, /* [4885] OBJ_sect193r2 */ ++0x2B,0x81,0x04,0x00,0x1A, /* [4890] OBJ_sect233k1 */ ++0x2B,0x81,0x04,0x00,0x1B, /* [4895] OBJ_sect233r1 */ ++0x2B,0x81,0x04,0x00,0x03, /* [4900] OBJ_sect239k1 */ ++0x2B,0x81,0x04,0x00,0x10, /* [4905] OBJ_sect283k1 */ ++0x2B,0x81,0x04,0x00,0x11, /* [4910] OBJ_sect283r1 */ ++0x2B,0x81,0x04,0x00,0x24, /* [4915] OBJ_sect409k1 */ ++0x2B,0x81,0x04,0x00,0x25, /* [4920] OBJ_sect409r1 */ ++0x2B,0x81,0x04,0x00,0x26, /* [4925] OBJ_sect571k1 */ ++0x2B,0x81,0x04,0x00,0x27, /* [4930] OBJ_sect571r1 */ ++0x67,0x2B,0x01,0x04,0x01, /* [4935] OBJ_wap_wsg_idm_ecid_wtls1 */ ++0x67,0x2B,0x01,0x04,0x03, /* [4940] OBJ_wap_wsg_idm_ecid_wtls3 */ ++0x67,0x2B,0x01,0x04,0x04, /* [4945] OBJ_wap_wsg_idm_ecid_wtls4 */ ++0x67,0x2B,0x01,0x04,0x05, /* [4950] OBJ_wap_wsg_idm_ecid_wtls5 */ ++0x67,0x2B,0x01,0x04,0x06, /* [4955] OBJ_wap_wsg_idm_ecid_wtls6 */ ++0x67,0x2B,0x01,0x04,0x07, /* [4960] OBJ_wap_wsg_idm_ecid_wtls7 */ ++0x67,0x2B,0x01,0x04,0x08, /* [4965] OBJ_wap_wsg_idm_ecid_wtls8 */ ++0x67,0x2B,0x01,0x04,0x09, /* [4970] OBJ_wap_wsg_idm_ecid_wtls9 */ ++0x67,0x2B,0x01,0x04,0x0A, /* [4975] OBJ_wap_wsg_idm_ecid_wtls10 */ ++0x67,0x2B,0x01,0x04,0x0B, /* [4980] OBJ_wap_wsg_idm_ecid_wtls11 */ ++0x67,0x2B,0x01,0x04,0x0C, /* [4985] OBJ_wap_wsg_idm_ecid_wtls12 */ ++0x55,0x1D,0x20,0x00, /* [4990] OBJ_any_policy */ ++0x55,0x1D,0x21, /* [4994] OBJ_policy_mappings */ ++0x55,0x1D,0x36, /* [4997] OBJ_inhibit_any_policy */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5000] OBJ_camellia_128_cbc */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5011] OBJ_camellia_192_cbc */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5022] OBJ_camellia_256_cbc */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5033] OBJ_camellia_128_ecb */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5041] OBJ_camellia_192_ecb */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5049] OBJ_camellia_256_ecb */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5057] OBJ_camellia_128_cfb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5065] OBJ_camellia_192_cfb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5073] OBJ_camellia_256_cfb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5081] OBJ_camellia_128_ofb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5089] OBJ_camellia_192_ofb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5097] OBJ_camellia_256_ofb128 */ ++0x55,0x1D,0x09, /* [5105] OBJ_subject_directory_attributes */ ++0x55,0x1D,0x1C, /* [5108] OBJ_issuing_distribution_point */ ++0x55,0x1D,0x1D, /* [5111] OBJ_certificate_issuer */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5114] OBJ_kisa */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5120] OBJ_seed_ecb */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5128] OBJ_seed_cbc */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5136] OBJ_seed_ofb128 */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5144] OBJ_seed_cfb128 */ ++0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5152] OBJ_hmac_md5 */ ++0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5160] OBJ_hmac_sha1 */ ++0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5168] OBJ_id_PasswordBasedMAC */ ++0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5177] OBJ_id_DHBasedMac */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5186] OBJ_id_it_suppLangTags */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5194] OBJ_caRepository */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5202] OBJ_id_smime_ct_compressedData */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5213] OBJ_id_ct_asciiTextWithCRLF */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5224] OBJ_id_aes128_wrap */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5233] OBJ_id_aes192_wrap */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5242] OBJ_id_aes256_wrap */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5251] OBJ_ecdsa_with_Recommended */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5258] OBJ_ecdsa_with_Specified */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5265] OBJ_ecdsa_with_SHA224 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5273] OBJ_ecdsa_with_SHA256 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5281] OBJ_ecdsa_with_SHA384 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5289] OBJ_ecdsa_with_SHA512 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5297] OBJ_hmacWithMD5 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5305] OBJ_hmacWithSHA224 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5313] OBJ_hmacWithSHA256 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5321] OBJ_hmacWithSHA384 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5329] OBJ_hmacWithSHA512 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5337] OBJ_dsa_with_SHA224 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5346] OBJ_dsa_with_SHA256 */ ++0x28,0xCF,0x06,0x03,0x00,0x37, /* [5355] OBJ_whirlpool */ ++0x2A,0x85,0x03,0x02,0x02, /* [5361] OBJ_cryptopro */ ++0x2A,0x85,0x03,0x02,0x09, /* [5366] OBJ_cryptocom */ ++0x2A,0x85,0x03,0x02,0x02,0x03, /* [5371] OBJ_id_GostR3411_94_with_GostR3410_2001 */ ++0x2A,0x85,0x03,0x02,0x02,0x04, /* [5377] OBJ_id_GostR3411_94_with_GostR3410_94 */ ++0x2A,0x85,0x03,0x02,0x02,0x09, /* [5383] OBJ_id_GostR3411_94 */ ++0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5389] OBJ_id_HMACGostR3411_94 */ ++0x2A,0x85,0x03,0x02,0x02,0x13, /* [5395] OBJ_id_GostR3410_2001 */ ++0x2A,0x85,0x03,0x02,0x02,0x14, /* [5401] OBJ_id_GostR3410_94 */ ++0x2A,0x85,0x03,0x02,0x02,0x15, /* [5407] OBJ_id_Gost28147_89 */ ++0x2A,0x85,0x03,0x02,0x02,0x16, /* [5413] OBJ_id_Gost28147_89_MAC */ ++0x2A,0x85,0x03,0x02,0x02,0x17, /* [5419] OBJ_id_GostR3411_94_prf */ ++0x2A,0x85,0x03,0x02,0x02,0x62, /* [5425] OBJ_id_GostR3410_2001DH */ ++0x2A,0x85,0x03,0x02,0x02,0x63, /* [5431] OBJ_id_GostR3410_94DH */ ++0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5437] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ ++0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5444] OBJ_id_Gost28147_89_None_KeyMeshing */ ++0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5451] OBJ_id_GostR3411_94_TestParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5458] OBJ_id_GostR3411_94_CryptoProParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5465] OBJ_id_Gost28147_89_TestParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5472] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5479] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5486] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5493] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5500] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5507] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5514] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5521] OBJ_id_GostR3410_94_TestParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5528] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5535] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5542] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5549] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5556] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5563] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5570] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5577] OBJ_id_GostR3410_2001_TestParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5584] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5591] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5598] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5605] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5612] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5619] OBJ_id_GostR3410_94_a */ ++0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5626] OBJ_id_GostR3410_94_aBis */ ++0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5633] OBJ_id_GostR3410_94_b */ ++0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5640] OBJ_id_GostR3410_94_bBis */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5647] OBJ_id_Gost28147_89_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5655] OBJ_id_GostR3410_94_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5663] OBJ_id_GostR3410_2001_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5671] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5679] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5687] OBJ_id_GostR3410_2001_ParamSet_cc */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5695] OBJ_LocalKeySet */ ++0x55,0x1D,0x2E, /* [5704] OBJ_freshest_crl */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5707] OBJ_id_on_permanentIdentifier */ ++0x55,0x04,0x0E, /* [5715] OBJ_searchGuide */ ++0x55,0x04,0x0F, /* [5718] OBJ_businessCategory */ ++0x55,0x04,0x10, /* [5721] OBJ_postalAddress */ ++0x55,0x04,0x12, /* [5724] OBJ_postOfficeBox */ ++0x55,0x04,0x13, /* [5727] OBJ_physicalDeliveryOfficeName */ ++0x55,0x04,0x14, /* [5730] OBJ_telephoneNumber */ ++0x55,0x04,0x15, /* [5733] OBJ_telexNumber */ ++0x55,0x04,0x16, /* [5736] OBJ_teletexTerminalIdentifier */ ++0x55,0x04,0x17, /* [5739] OBJ_facsimileTelephoneNumber */ ++0x55,0x04,0x18, /* [5742] OBJ_x121Address */ ++0x55,0x04,0x19, /* [5745] OBJ_internationaliSDNNumber */ ++0x55,0x04,0x1A, /* [5748] OBJ_registeredAddress */ ++0x55,0x04,0x1B, /* [5751] OBJ_destinationIndicator */ ++0x55,0x04,0x1C, /* [5754] OBJ_preferredDeliveryMethod */ ++0x55,0x04,0x1D, /* [5757] OBJ_presentationAddress */ ++0x55,0x04,0x1E, /* [5760] OBJ_supportedApplicationContext */ ++0x55,0x04,0x1F, /* [5763] OBJ_member */ ++0x55,0x04,0x20, /* [5766] OBJ_owner */ ++0x55,0x04,0x21, /* [5769] OBJ_roleOccupant */ ++0x55,0x04,0x22, /* [5772] OBJ_seeAlso */ ++0x55,0x04,0x23, /* [5775] OBJ_userPassword */ ++0x55,0x04,0x24, /* [5778] OBJ_userCertificate */ ++0x55,0x04,0x25, /* [5781] OBJ_cACertificate */ ++0x55,0x04,0x26, /* [5784] OBJ_authorityRevocationList */ ++0x55,0x04,0x27, /* [5787] OBJ_certificateRevocationList */ ++0x55,0x04,0x28, /* [5790] OBJ_crossCertificatePair */ ++0x55,0x04,0x2F, /* [5793] OBJ_enhancedSearchGuide */ ++0x55,0x04,0x30, /* [5796] OBJ_protocolInformation */ ++0x55,0x04,0x31, /* [5799] OBJ_distinguishedName */ ++0x55,0x04,0x32, /* [5802] OBJ_uniqueMember */ ++0x55,0x04,0x33, /* [5805] OBJ_houseIdentifier */ ++0x55,0x04,0x34, /* [5808] OBJ_supportedAlgorithms */ ++0x55,0x04,0x35, /* [5811] OBJ_deltaRevocationList */ ++0x55,0x04,0x36, /* [5814] OBJ_dmdName */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5817] OBJ_id_alg_PWRI_KEK */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5828] OBJ_aes_128_gcm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5837] OBJ_aes_128_ccm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5846] OBJ_id_aes128_wrap_pad */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5855] OBJ_aes_192_gcm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5864] OBJ_aes_192_ccm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5873] OBJ_id_aes192_wrap_pad */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5882] OBJ_aes_256_gcm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5891] OBJ_aes_256_ccm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5900] OBJ_id_aes256_wrap_pad */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5909] OBJ_id_camellia128_wrap */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5920] OBJ_id_camellia192_wrap */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5931] OBJ_id_camellia256_wrap */ ++0x55,0x1D,0x25,0x00, /* [5942] OBJ_anyExtendedKeyUsage */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5946] OBJ_mgf1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5955] OBJ_rsassaPss */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5964] OBJ_rsaesOaep */ ++0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5973] OBJ_dhpublicnumber */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5980] OBJ_brainpoolP160r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5989] OBJ_brainpoolP160t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [5998] OBJ_brainpoolP192r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6007] OBJ_brainpoolP192t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6016] OBJ_brainpoolP224r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6025] OBJ_brainpoolP224t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6034] OBJ_brainpoolP256r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6043] OBJ_brainpoolP256t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6052] OBJ_brainpoolP320r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6061] OBJ_brainpoolP320t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6070] OBJ_brainpoolP384r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6079] OBJ_brainpoolP384t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6088] OBJ_brainpoolP512r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6097] OBJ_brainpoolP512t1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6106] OBJ_pSpecified */ ++0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6115] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6124] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6130] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6136] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6142] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ ++0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6148] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6157] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6163] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6169] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6175] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ ++0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6181] OBJ_ct_precert_scts */ ++0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6191] OBJ_ct_precert_poison */ ++0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6201] OBJ_ct_precert_signer */ ++0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6211] OBJ_ct_cert_scts */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */ + }; + +-static ASN1_OBJECT nid_objs[NUM_NID]={ +-{"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0}, +-{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0}, +-{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0}, +-{"MD2","md2",NID_md2,8,&(lvalues[14]),0}, +-{"MD5","md5",NID_md5,8,&(lvalues[22]),0}, +-{"RC4","rc4",NID_rc4,8,&(lvalues[30]),0}, +-{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[38]),0}, ++static const ASN1_OBJECT nid_objs[NUM_NID]={ ++{"UNDEF","undefined",NID_undef,0,NULL,0}, ++{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0}, ++{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0}, ++{"MD2","md2",NID_md2,8,&(lvalues[13]),0}, ++{"MD5","md5",NID_md5,8,&(lvalues[21]),0}, ++{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0}, ++{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0}, + {"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9, +- &(lvalues[47]),0}, ++ &(lvalues[46]),0}, + {"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9, +- &(lvalues[56]),0}, ++ &(lvalues[55]),0}, + {"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9, +- &(lvalues[65]),0}, ++ &(lvalues[64]),0}, + {"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9, +- &(lvalues[74]),0}, +-{"X500","directory services (X.500)",NID_X500,1,&(lvalues[83]),0}, +-{"X509","X509",NID_X509,2,&(lvalues[84]),0}, +-{"CN","commonName",NID_commonName,3,&(lvalues[86]),0}, +-{"C","countryName",NID_countryName,3,&(lvalues[89]),0}, +-{"L","localityName",NID_localityName,3,&(lvalues[92]),0}, +-{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[95]),0}, +-{"O","organizationName",NID_organizationName,3,&(lvalues[98]),0}, ++ &(lvalues[73]),0}, ++{"X500","directory services (X.500)",NID_X500,1,&(lvalues[82]),0}, ++{"X509","X509",NID_X509,2,&(lvalues[83]),0}, ++{"CN","commonName",NID_commonName,3,&(lvalues[85]),0}, ++{"C","countryName",NID_countryName,3,&(lvalues[88]),0}, ++{"L","localityName",NID_localityName,3,&(lvalues[91]),0}, ++{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0}, ++{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0}, + {"OU","organizationalUnitName",NID_organizationalUnitName,3, +- &(lvalues[101]),0}, +-{"RSA","rsa",NID_rsa,4,&(lvalues[104]),0}, +-{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[108]),0}, +-{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[116]),0}, ++ &(lvalues[100]),0}, ++{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0}, ++{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0}, ++{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0}, + {"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9, +- &(lvalues[125]),0}, ++ &(lvalues[124]),0}, + {"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9, +- &(lvalues[134]),0}, ++ &(lvalues[133]),0}, + {"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData", +- NID_pkcs7_signedAndEnveloped,9,&(lvalues[143]),0}, ++ NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0}, + {"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9, +- &(lvalues[152]),0}, ++ &(lvalues[151]),0}, + {"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9, +- &(lvalues[161]),0}, +-{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[170]),0}, ++ &(lvalues[160]),0}, ++{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0}, + {"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9, +- &(lvalues[178]),0}, +-{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0}, +-{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0}, +-{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0}, +-{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0}, ++ &(lvalues[177]),0}, ++{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0}, ++{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0}, ++{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0}, ++{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[201]),0}, + {"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0}, +-{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0}, ++{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[206]),0}, + {"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0}, + {"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0}, +-{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0}, ++{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[217]),0}, + {"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0}, + {"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0}, + {"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0}, +-{"SHA","sha",NID_sha,5,&(lvalues[226]),0}, ++{"SHA","sha",NID_sha,5,&(lvalues[225]),0}, + {"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5, +- &(lvalues[231]),0}, ++ &(lvalues[230]),0}, + {"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0}, +-{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0}, +-{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0}, ++{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0}, ++{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[243]),0}, + {"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0}, +-{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0}, ++{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[248]),0}, + {"emailAddress","emailAddress",NID_pkcs9_emailAddress,9, +- &(lvalues[257]),0}, ++ &(lvalues[256]),0}, + {"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9, +- &(lvalues[266]),0}, +-{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[275]),0}, ++ &(lvalues[265]),0}, ++{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[274]),0}, + {"messageDigest","messageDigest",NID_pkcs9_messageDigest,9, +- &(lvalues[284]),0}, +-{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[293]),0}, ++ &(lvalues[283]),0}, ++{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[292]),0}, + {"countersignature","countersignature",NID_pkcs9_countersignature,9, +- &(lvalues[302]),0}, ++ &(lvalues[301]),0}, + {"challengePassword","challengePassword",NID_pkcs9_challengePassword, +- 9,&(lvalues[311]),0}, ++ 9,&(lvalues[310]),0}, + {"unstructuredAddress","unstructuredAddress", +- NID_pkcs9_unstructuredAddress,9,&(lvalues[320]),0}, ++ NID_pkcs9_unstructuredAddress,9,&(lvalues[319]),0}, + {"extendedCertificateAttributes","extendedCertificateAttributes", +- NID_pkcs9_extCertAttributes,9,&(lvalues[329]),0}, ++ NID_pkcs9_extCertAttributes,9,&(lvalues[328]),0}, + {"Netscape","Netscape Communications Corp.",NID_netscape,7, +- &(lvalues[338]),0}, ++ &(lvalues[337]),0}, + {"nsCertExt","Netscape Certificate Extension", +- NID_netscape_cert_extension,8,&(lvalues[345]),0}, ++ NID_netscape_cert_extension,8,&(lvalues[344]),0}, + {"nsDataType","Netscape Data Type",NID_netscape_data_type,8, +- &(lvalues[353]),0}, ++ &(lvalues[352]),0}, + {"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0}, + {"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0}, + {"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0}, + {"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0}, +-{"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0}, ++{"SHA1","sha1",NID_sha1,5,&(lvalues[360]),0}, + {"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9, +- &(lvalues[366]),0}, +-{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[375]),0}, +-{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[380]),0}, ++ &(lvalues[365]),0}, ++{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[374]),0}, ++{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[379]),0}, + {"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC, +- 9,&(lvalues[385]),0}, +-{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[394]),0}, +-{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[403]),0}, ++ 9,&(lvalues[384]),0}, ++{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[393]),0}, ++{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[402]),0}, + {"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9, +- &(lvalues[408]),0}, ++ &(lvalues[407]),0}, + {"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9, +- &(lvalues[417]),0}, ++ &(lvalues[416]),0}, + {"nsRevocationUrl","Netscape Revocation Url", +- NID_netscape_revocation_url,9,&(lvalues[426]),0}, ++ NID_netscape_revocation_url,9,&(lvalues[425]),0}, + {"nsCaRevocationUrl","Netscape CA Revocation Url", +- NID_netscape_ca_revocation_url,9,&(lvalues[435]),0}, ++ NID_netscape_ca_revocation_url,9,&(lvalues[434]),0}, + {"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9, +- &(lvalues[444]),0}, ++ &(lvalues[443]),0}, + {"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url, +- 9,&(lvalues[453]),0}, ++ 9,&(lvalues[452]),0}, + {"nsSslServerName","Netscape SSL Server Name", +- NID_netscape_ssl_server_name,9,&(lvalues[462]),0}, +-{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0}, ++ NID_netscape_ssl_server_name,9,&(lvalues[461]),0}, ++{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[470]),0}, + {"nsCertSequence","Netscape Certificate Sequence", +- NID_netscape_cert_sequence,9,&(lvalues[480]),0}, ++ NID_netscape_cert_sequence,9,&(lvalues[479]),0}, + {"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0}, +-{"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0}, ++{"id-ce","id-ce",NID_id_ce,2,&(lvalues[488]),0}, + {"subjectKeyIdentifier","X509v3 Subject Key Identifier", +- NID_subject_key_identifier,3,&(lvalues[491]),0}, +-{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[494]),0}, ++ NID_subject_key_identifier,3,&(lvalues[490]),0}, ++{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[493]),0}, + {"privateKeyUsagePeriod","X509v3 Private Key Usage Period", +- NID_private_key_usage_period,3,&(lvalues[497]),0}, ++ NID_private_key_usage_period,3,&(lvalues[496]),0}, + {"subjectAltName","X509v3 Subject Alternative Name", +- NID_subject_alt_name,3,&(lvalues[500]),0}, ++ NID_subject_alt_name,3,&(lvalues[499]),0}, + {"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name, +- 3,&(lvalues[503]),0}, ++ 3,&(lvalues[502]),0}, + {"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints, +- 3,&(lvalues[506]),0}, +-{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[509]),0}, ++ 3,&(lvalues[505]),0}, ++{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[508]),0}, + {"certificatePolicies","X509v3 Certificate Policies", +- NID_certificate_policies,3,&(lvalues[512]),0}, ++ NID_certificate_policies,3,&(lvalues[511]),0}, + {"authorityKeyIdentifier","X509v3 Authority Key Identifier", +- NID_authority_key_identifier,3,&(lvalues[515]),0}, +-{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0}, ++ NID_authority_key_identifier,3,&(lvalues[514]),0}, ++{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[517]),0}, + {"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0}, + {"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0}, + {"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0}, +-{"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0}, +-{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0}, ++{"MDC2","mdc2",NID_mdc2,4,&(lvalues[526]),0}, ++{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[530]),0}, + {"RC4-40","rc4-40",NID_rc4_40,0,NULL,0}, + {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0}, +-{"GN","givenName",NID_givenName,3,&(lvalues[535]),0}, +-{"SN","surname",NID_surname,3,&(lvalues[538]),0}, +-{"initials","initials",NID_initials,3,&(lvalues[541]),0}, ++{"GN","givenName",NID_givenName,3,&(lvalues[534]),0}, ++{"SN","surname",NID_surname,3,&(lvalues[537]),0}, ++{"initials","initials",NID_initials,3,&(lvalues[540]),0}, + {NULL,NULL,NID_undef,0,NULL,0}, + {"crlDistributionPoints","X509v3 CRL Distribution Points", +- NID_crl_distribution_points,3,&(lvalues[544]),0}, +-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0}, +-{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[552]),0}, +-{"title","title",NID_title,3,&(lvalues[555]),0}, +-{"description","description",NID_description,3,&(lvalues[558]),0}, +-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0}, ++ NID_crl_distribution_points,3,&(lvalues[543]),0}, ++{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[546]),0}, ++{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[551]),0}, ++{"title","title",NID_title,3,&(lvalues[554]),0}, ++{"description","description",NID_description,3,&(lvalues[557]),0}, ++{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[560]),0}, + {"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0}, + {"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0}, + {"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0}, + {"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC", +- NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0}, +-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0}, ++ NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[569]),0}, ++{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[578]),0}, + {"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0}, +-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0}, +-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0}, +-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0}, ++{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[585]),0}, ++{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[590]),0}, ++{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[597]),0}, + {NULL,NULL,NID_undef,0,NULL,0}, + {"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6, +- &(lvalues[603]),0}, +-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0}, ++ &(lvalues[602]),0}, ++{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[608]),0}, + {"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0}, + {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, + {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, +-{"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0}, +-{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[623]),0}, ++{"RLE","run length compression",NID_rle_compression,6,&(lvalues[616]),0}, ++{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[622]),0}, + {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, +- &(lvalues[634]),0}, +-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[637]),0}, +-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[643]),0}, ++ &(lvalues[633]),0}, ++{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[636]),0}, ++{"id-kp","id-kp",NID_id_kp,7,&(lvalues[642]),0}, + {"serverAuth","TLS Web Server Authentication",NID_server_auth,8, +- &(lvalues[650]),0}, ++ &(lvalues[649]),0}, + {"clientAuth","TLS Web Client Authentication",NID_client_auth,8, +- &(lvalues[658]),0}, +-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[666]),0}, ++ &(lvalues[657]),0}, ++{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[665]),0}, + {"emailProtection","E-mail Protection",NID_email_protect,8, +- &(lvalues[674]),0}, +-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[682]),0}, ++ &(lvalues[673]),0}, ++{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[681]),0}, + {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, +- &(lvalues[690]),0}, ++ &(lvalues[689]),0}, + {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, +- &(lvalues[700]),0}, ++ &(lvalues[699]),0}, + {"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, +- &(lvalues[710]),0}, +-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[720]),0}, ++ &(lvalues[709]),0}, ++{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[719]),0}, + {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, +- &(lvalues[730]),0}, +-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[740]),0}, ++ &(lvalues[729]),0}, ++{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[739]),0}, + {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, +- &(lvalues[749]),0}, +-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[752]),0}, ++ &(lvalues[748]),0}, ++{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[751]),0}, + {"invalidityDate","Invalidity Date",NID_invalidity_date,3, +- &(lvalues[755]),0}, +-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[758]),0}, ++ &(lvalues[754]),0}, ++{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[757]),0}, + {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", +- NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[763]),0}, ++ NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[762]),0}, + {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", +- NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[773]),0}, ++ NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[772]),0}, + {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", +- NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[783]),0}, ++ NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[782]),0}, + {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", +- NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[793]),0}, ++ NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[792]),0}, + {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", +- NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[803]),0}, ++ NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[802]),0}, + {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", +- NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[813]),0}, +-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[823]),0}, ++ NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[812]),0}, ++{"keyBag","keyBag",NID_keyBag,11,&(lvalues[822]),0}, + {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, +- 11,&(lvalues[834]),0}, +-{"certBag","certBag",NID_certBag,11,&(lvalues[845]),0}, +-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[856]),0}, +-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[867]),0}, ++ 11,&(lvalues[833]),0}, ++{"certBag","certBag",NID_certBag,11,&(lvalues[844]),0}, ++{"crlBag","crlBag",NID_crlBag,11,&(lvalues[855]),0}, ++{"secretBag","secretBag",NID_secretBag,11,&(lvalues[866]),0}, + {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, +- &(lvalues[878]),0}, +-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[889]),0}, +-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[898]),0}, ++ &(lvalues[877]),0}, ++{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[888]),0}, ++{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[897]),0}, + {"x509Certificate","x509Certificate",NID_x509Certificate,10, +- &(lvalues[907]),0}, ++ &(lvalues[906]),0}, + {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, +- &(lvalues[917]),0}, +-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[927]),0}, +-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[937]),0}, +-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[946]),0}, +-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[955]),0}, +-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[963]),0}, ++ &(lvalues[916]),0}, ++{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[926]),0}, ++{"PBES2","PBES2",NID_pbes2,9,&(lvalues[936]),0}, ++{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[945]),0}, ++{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[954]),0}, ++{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[962]),0}, + {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, +- &(lvalues[971]),0}, ++ &(lvalues[970]),0}, + {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, + {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, +- &(lvalues[979]),0}, ++ &(lvalues[978]),0}, + {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, +- &(lvalues[988]),0}, ++ &(lvalues[987]),0}, + {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, +- &(lvalues[997]),0}, ++ &(lvalues[996]),0}, + {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, +- &(lvalues[1006]),0}, ++ &(lvalues[1005]),0}, + {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, +- &(lvalues[1015]),0}, +-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1025]),0}, +-{"name","name",NID_name,3,&(lvalues[1034]),0}, +-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1037]),0}, +-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1040]),0}, +-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1047]),0}, ++ &(lvalues[1014]),0}, ++{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1024]),0}, ++{"name","name",NID_name,3,&(lvalues[1033]),0}, ++{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1036]),0}, ++{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1039]),0}, ++{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1046]),0}, + {"authorityInfoAccess","Authority Information Access",NID_info_access, +- 8,&(lvalues[1054]),0}, +-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1062]),0}, +-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1070]),0}, +-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1078]),0}, +-{"ISO","iso",NID_iso,1,&(lvalues[1086]),0}, +-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1087]),0}, +-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1088]),0}, +-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1091]),0}, +-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1096]),0}, +-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1102]),0}, +-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1110]),0}, +-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1118]),0}, +-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1127]),0}, +-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1137]),0}, +-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1147]),0}, +-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1157]),0}, +-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1167]),0}, +-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1177]),0}, +-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1187]),0}, ++ 8,&(lvalues[1053]),0}, ++{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1061]),0}, ++{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1069]),0}, ++{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1077]),0}, ++{"ISO","iso",NID_iso,0,NULL,0}, ++{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0}, ++{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0}, ++{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0}, ++{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0}, ++{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0}, ++{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0}, ++{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0}, ++{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0}, ++{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0}, ++{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0}, ++{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0}, ++{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0}, ++{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0}, ++{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0}, + {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, +- &(lvalues[1197]),0}, ++ &(lvalues[1195]),0}, + {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, +- &(lvalues[1208]),0}, ++ &(lvalues[1206]),0}, + {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, +- &(lvalues[1219]),0}, ++ &(lvalues[1217]),0}, + {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, +- 11,&(lvalues[1230]),0}, ++ 11,&(lvalues[1228]),0}, + {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", +- NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1241]),0}, ++ NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0}, + {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", +- NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1252]),0}, ++ NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0}, + {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", +- NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1263]),0}, ++ NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0}, + {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", +- NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1274]),0}, ++ NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0}, + {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, +- 11,&(lvalues[1285]),0}, ++ 11,&(lvalues[1283]),0}, + {"id-smime-ct-authData","id-smime-ct-authData", +- NID_id_smime_ct_authData,11,&(lvalues[1296]),0}, ++ NID_id_smime_ct_authData,11,&(lvalues[1294]),0}, + {"id-smime-ct-publishCert","id-smime-ct-publishCert", +- NID_id_smime_ct_publishCert,11,&(lvalues[1307]),0}, ++ NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0}, + {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, +- 11,&(lvalues[1318]),0}, ++ 11,&(lvalues[1316]),0}, + {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, +- 11,&(lvalues[1329]),0}, ++ 11,&(lvalues[1327]),0}, + {"id-smime-ct-contentInfo","id-smime-ct-contentInfo", +- NID_id_smime_ct_contentInfo,11,&(lvalues[1340]),0}, ++ NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0}, + {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", +- NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1351]),0}, ++ NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0}, + {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", +- NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1362]),0}, ++ NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0}, + {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", +- NID_id_smime_aa_receiptRequest,11,&(lvalues[1373]),0}, ++ NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0}, + {"id-smime-aa-securityLabel","id-smime-aa-securityLabel", +- NID_id_smime_aa_securityLabel,11,&(lvalues[1384]),0}, ++ NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0}, + {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", +- NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1395]),0}, ++ NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0}, + {"id-smime-aa-contentHint","id-smime-aa-contentHint", +- NID_id_smime_aa_contentHint,11,&(lvalues[1406]),0}, ++ NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0}, + {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", +- NID_id_smime_aa_msgSigDigest,11,&(lvalues[1417]),0}, ++ NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0}, + {"id-smime-aa-encapContentType","id-smime-aa-encapContentType", +- NID_id_smime_aa_encapContentType,11,&(lvalues[1428]),0}, ++ NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0}, + {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", +- NID_id_smime_aa_contentIdentifier,11,&(lvalues[1439]),0}, ++ NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0}, + {"id-smime-aa-macValue","id-smime-aa-macValue", +- NID_id_smime_aa_macValue,11,&(lvalues[1450]),0}, ++ NID_id_smime_aa_macValue,11,&(lvalues[1448]),0}, + {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", +- NID_id_smime_aa_equivalentLabels,11,&(lvalues[1461]),0}, ++ NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0}, + {"id-smime-aa-contentReference","id-smime-aa-contentReference", +- NID_id_smime_aa_contentReference,11,&(lvalues[1472]),0}, ++ NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0}, + {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", +- NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1483]),0}, ++ NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0}, + {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", +- NID_id_smime_aa_signingCertificate,11,&(lvalues[1494]),0}, ++ NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0}, + {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", +- NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1505]),0}, ++ NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0}, + {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", +- NID_id_smime_aa_timeStampToken,11,&(lvalues[1516]),0}, ++ NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0}, + {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", +- NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1527]),0}, ++ NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0}, + {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", +- NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1538]),0}, ++ NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0}, + {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", +- NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1549]),0}, ++ NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0}, + {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", +- NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1560]),0}, ++ NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0}, + {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", +- NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1571]),0}, ++ NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0}, + {"id-smime-aa-ets-contentTimestamp", + "id-smime-aa-ets-contentTimestamp", +- NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1582]),0}, ++ NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0}, + {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", +- NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1593]),0}, ++ NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0}, + {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", +- NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1604]),0}, ++ NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0}, + {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", +- NID_id_smime_aa_ets_certValues,11,&(lvalues[1615]),0}, ++ NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0}, + {"id-smime-aa-ets-revocationValues", + "id-smime-aa-ets-revocationValues", +- NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1626]),0}, ++ NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0}, + {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", +- NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1637]),0}, ++ NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0}, + {"id-smime-aa-ets-certCRLTimestamp", + "id-smime-aa-ets-certCRLTimestamp", +- NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1648]),0}, ++ NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0}, + {"id-smime-aa-ets-archiveTimeStamp", + "id-smime-aa-ets-archiveTimeStamp", +- NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1659]),0}, ++ NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0}, + {"id-smime-aa-signatureType","id-smime-aa-signatureType", +- NID_id_smime_aa_signatureType,11,&(lvalues[1670]),0}, ++ NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0}, + {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", +- NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1681]),0}, ++ NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0}, + {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", +- NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1692]),0}, ++ NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0}, + {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", +- NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1703]),0}, ++ NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0}, + {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", +- NID_id_smime_alg_3DESwrap,11,&(lvalues[1714]),0}, ++ NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0}, + {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", +- NID_id_smime_alg_RC2wrap,11,&(lvalues[1725]),0}, ++ NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0}, + {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, +- &(lvalues[1736]),0}, ++ &(lvalues[1734]),0}, + {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", +- NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1747]),0}, ++ NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0}, + {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", +- NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1758]),0}, ++ NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0}, + {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, +- &(lvalues[1769]),0}, ++ &(lvalues[1767]),0}, + {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", +- NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1780]),0}, ++ NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0}, + {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", +- NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1791]),0}, ++ NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0}, + {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", +- NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1802]),0}, ++ NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0}, + {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", +- NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1813]),0}, ++ NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0}, + {"id-smime-cti-ets-proofOfDelivery", + "id-smime-cti-ets-proofOfDelivery", +- NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1824]),0}, ++ NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0}, + {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", +- NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1835]),0}, ++ NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0}, + {"id-smime-cti-ets-proofOfApproval", + "id-smime-cti-ets-proofOfApproval", +- NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1846]),0}, ++ NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0}, + {"id-smime-cti-ets-proofOfCreation", + "id-smime-cti-ets-proofOfCreation", +- NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1857]),0}, +-{"MD4","md4",NID_md4,8,&(lvalues[1868]),0}, +-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1876]),0}, +-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1883]),0}, +-{"id-it","id-it",NID_id_it,7,&(lvalues[1890]),0}, +-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1897]),0}, +-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1904]),0}, +-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1911]),0}, +-{"id-on","id-on",NID_id_on,7,&(lvalues[1918]),0}, +-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1925]),0}, +-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1932]),0}, +-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1939]),0}, +-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1946]),0}, ++ NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0}, ++{"MD4","md4",NID_md4,8,&(lvalues[1866]),0}, ++{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0}, ++{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0}, ++{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0}, ++{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0}, ++{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0}, ++{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0}, ++{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0}, ++{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0}, ++{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0}, ++{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0}, ++{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0}, + {"id-pkix1-explicit-88","id-pkix1-explicit-88", +- NID_id_pkix1_explicit_88,8,&(lvalues[1953]),0}, ++ NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0}, + {"id-pkix1-implicit-88","id-pkix1-implicit-88", +- NID_id_pkix1_implicit_88,8,&(lvalues[1961]),0}, ++ NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0}, + {"id-pkix1-explicit-93","id-pkix1-explicit-93", +- NID_id_pkix1_explicit_93,8,&(lvalues[1969]),0}, ++ NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0}, + {"id-pkix1-implicit-93","id-pkix1-implicit-93", +- NID_id_pkix1_implicit_93,8,&(lvalues[1977]),0}, +-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1985]),0}, +-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1993]),0}, ++ NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0}, ++{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0}, ++{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0}, + {"id-mod-kea-profile-88","id-mod-kea-profile-88", +- NID_id_mod_kea_profile_88,8,&(lvalues[2001]),0}, ++ NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0}, + {"id-mod-kea-profile-93","id-mod-kea-profile-93", +- NID_id_mod_kea_profile_93,8,&(lvalues[2009]),0}, +-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2017]),0}, ++ NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0}, ++{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0}, + {"id-mod-qualified-cert-88","id-mod-qualified-cert-88", +- NID_id_mod_qualified_cert_88,8,&(lvalues[2025]),0}, ++ NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0}, + {"id-mod-qualified-cert-93","id-mod-qualified-cert-93", +- NID_id_mod_qualified_cert_93,8,&(lvalues[2033]),0}, ++ NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0}, + {"id-mod-attribute-cert","id-mod-attribute-cert", +- NID_id_mod_attribute_cert,8,&(lvalues[2041]),0}, ++ NID_id_mod_attribute_cert,8,&(lvalues[2039]),0}, + {"id-mod-timestamp-protocol","id-mod-timestamp-protocol", +- NID_id_mod_timestamp_protocol,8,&(lvalues[2049]),0}, +-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2057]),0}, +-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2065]),0}, ++ NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0}, ++{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0}, ++{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0}, + {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, +- &(lvalues[2073]),0}, +-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2081]),0}, +-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2089]),0}, ++ &(lvalues[2071]),0}, ++{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0}, ++{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0}, + {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, +- &(lvalues[2097]),0}, +-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2105]),0}, +-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2113]),0}, ++ &(lvalues[2095]),0}, ++{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0}, ++{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0}, + {"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, +- &(lvalues[2121]),0}, ++ &(lvalues[2119]),0}, + {"sbgp-autonomousSysNum","sbgp-autonomousSysNum", +- NID_sbgp_autonomousSysNum,8,&(lvalues[2129]),0}, ++ NID_sbgp_autonomousSysNum,8,&(lvalues[2127]),0}, + {"sbgp-routerIdentifier","sbgp-routerIdentifier", +- NID_sbgp_routerIdentifier,8,&(lvalues[2137]),0}, +-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2145]),0}, ++ NID_sbgp_routerIdentifier,8,&(lvalues[2135]),0}, ++{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0}, + {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, +- &(lvalues[2153]),0}, +-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2161]),0}, +-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2169]),0}, +-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2177]),0}, ++ &(lvalues[2151]),0}, ++{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0}, ++{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0}, ++{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0}, + {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, +- 8,&(lvalues[2185]),0}, ++ 8,&(lvalues[2183]),0}, + {"id-it-signKeyPairTypes","id-it-signKeyPairTypes", +- NID_id_it_signKeyPairTypes,8,&(lvalues[2193]),0}, ++ NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0}, + {"id-it-encKeyPairTypes","id-it-encKeyPairTypes", +- NID_id_it_encKeyPairTypes,8,&(lvalues[2201]),0}, ++ NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0}, + {"id-it-preferredSymmAlg","id-it-preferredSymmAlg", +- NID_id_it_preferredSymmAlg,8,&(lvalues[2209]),0}, ++ NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0}, + {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", +- NID_id_it_caKeyUpdateInfo,8,&(lvalues[2217]),0}, ++ NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0}, + {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, +- &(lvalues[2225]),0}, ++ &(lvalues[2223]),0}, + {"id-it-unsupportedOIDs","id-it-unsupportedOIDs", +- NID_id_it_unsupportedOIDs,8,&(lvalues[2233]),0}, ++ NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0}, + {"id-it-subscriptionRequest","id-it-subscriptionRequest", +- NID_id_it_subscriptionRequest,8,&(lvalues[2241]),0}, ++ NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0}, + {"id-it-subscriptionResponse","id-it-subscriptionResponse", +- NID_id_it_subscriptionResponse,8,&(lvalues[2249]),0}, ++ NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0}, + {"id-it-keyPairParamReq","id-it-keyPairParamReq", +- NID_id_it_keyPairParamReq,8,&(lvalues[2257]),0}, ++ NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0}, + {"id-it-keyPairParamRep","id-it-keyPairParamRep", +- NID_id_it_keyPairParamRep,8,&(lvalues[2265]),0}, ++ NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0}, + {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, +- 8,&(lvalues[2273]),0}, ++ 8,&(lvalues[2271]),0}, + {"id-it-implicitConfirm","id-it-implicitConfirm", +- NID_id_it_implicitConfirm,8,&(lvalues[2281]),0}, ++ NID_id_it_implicitConfirm,8,&(lvalues[2279]),0}, + {"id-it-confirmWaitTime","id-it-confirmWaitTime", +- NID_id_it_confirmWaitTime,8,&(lvalues[2289]),0}, ++ NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0}, + {"id-it-origPKIMessage","id-it-origPKIMessage", +- NID_id_it_origPKIMessage,8,&(lvalues[2297]),0}, +-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2305]),0}, +-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2313]),0}, ++ NID_id_it_origPKIMessage,8,&(lvalues[2295]),0}, ++{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0}, ++{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0}, + {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, +- 9,&(lvalues[2321]),0}, ++ 9,&(lvalues[2319]),0}, + {"id-regCtrl-authenticator","id-regCtrl-authenticator", +- NID_id_regCtrl_authenticator,9,&(lvalues[2330]),0}, ++ NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0}, + {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", +- NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2339]),0}, ++ NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0}, + {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", +- NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2348]),0}, ++ NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0}, + {"id-regCtrl-oldCertID","id-regCtrl-oldCertID", +- NID_id_regCtrl_oldCertID,9,&(lvalues[2357]),0}, ++ NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0}, + {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", +- NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2366]),0}, ++ NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0}, + {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", +- NID_id_regInfo_utf8Pairs,9,&(lvalues[2375]),0}, ++ NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0}, + {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, +- &(lvalues[2384]),0}, +-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2393]),0}, ++ &(lvalues[2382]),0}, ++{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0}, + {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, +- &(lvalues[2401]),0}, ++ &(lvalues[2399]),0}, + {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", +- NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2409]),0}, +-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2417]),0}, ++ NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0}, ++{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0}, + {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, +- &(lvalues[2425]),0}, ++ &(lvalues[2423]),0}, + {"id-cmc-identification","id-cmc-identification", +- NID_id_cmc_identification,8,&(lvalues[2433]),0}, ++ NID_id_cmc_identification,8,&(lvalues[2431]),0}, + {"id-cmc-identityProof","id-cmc-identityProof", +- NID_id_cmc_identityProof,8,&(lvalues[2441]),0}, ++ NID_id_cmc_identityProof,8,&(lvalues[2439]),0}, + {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, +- &(lvalues[2449]),0}, ++ &(lvalues[2447]),0}, + {"id-cmc-transactionId","id-cmc-transactionId", +- NID_id_cmc_transactionId,8,&(lvalues[2457]),0}, ++ NID_id_cmc_transactionId,8,&(lvalues[2455]),0}, + {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, +- &(lvalues[2465]),0}, ++ &(lvalues[2463]),0}, + {"id-cmc-recipientNonce","id-cmc-recipientNonce", +- NID_id_cmc_recipientNonce,8,&(lvalues[2473]),0}, ++ NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0}, + {"id-cmc-addExtensions","id-cmc-addExtensions", +- NID_id_cmc_addExtensions,8,&(lvalues[2481]),0}, ++ NID_id_cmc_addExtensions,8,&(lvalues[2479]),0}, + {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, +- 8,&(lvalues[2489]),0}, ++ 8,&(lvalues[2487]),0}, + {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, +- 8,&(lvalues[2497]),0}, ++ 8,&(lvalues[2495]),0}, + {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", +- NID_id_cmc_lraPOPWitness,8,&(lvalues[2505]),0}, ++ NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0}, + {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, +- &(lvalues[2513]),0}, +-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2521]),0}, ++ &(lvalues[2511]),0}, ++{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0}, + {"id-cmc-revokeRequest","id-cmc-revokeRequest", +- NID_id_cmc_revokeRequest,8,&(lvalues[2529]),0}, ++ NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0}, + {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, +- &(lvalues[2537]),0}, ++ &(lvalues[2535]),0}, + {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, +- 8,&(lvalues[2545]),0}, ++ 8,&(lvalues[2543]),0}, + {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, +- 8,&(lvalues[2553]),0}, ++ 8,&(lvalues[2551]),0}, + {"id-cmc-popLinkRandom","id-cmc-popLinkRandom", +- NID_id_cmc_popLinkRandom,8,&(lvalues[2561]),0}, ++ NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0}, + {"id-cmc-popLinkWitness","id-cmc-popLinkWitness", +- NID_id_cmc_popLinkWitness,8,&(lvalues[2569]),0}, ++ NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0}, + {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", +- NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2577]),0}, ++ NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0}, + {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, +- &(lvalues[2585]),0}, ++ &(lvalues[2583]),0}, + {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, +- &(lvalues[2593]),0}, ++ &(lvalues[2591]),0}, + {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, +- 8,&(lvalues[2601]),0}, ++ 8,&(lvalues[2599]),0}, + {NULL,NULL,NID_undef,0,NULL,0}, +-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2609]),0}, ++{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0}, + {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", +- NID_id_pda_countryOfCitizenship,8,&(lvalues[2617]),0}, ++ NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0}, + {"id-pda-countryOfResidence","id-pda-countryOfResidence", +- NID_id_pda_countryOfResidence,8,&(lvalues[2625]),0}, ++ NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0}, + {"id-aca-authenticationInfo","id-aca-authenticationInfo", +- NID_id_aca_authenticationInfo,8,&(lvalues[2633]),0}, ++ NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0}, + {"id-aca-accessIdentity","id-aca-accessIdentity", +- NID_id_aca_accessIdentity,8,&(lvalues[2641]),0}, ++ NID_id_aca_accessIdentity,8,&(lvalues[2639]),0}, + {"id-aca-chargingIdentity","id-aca-chargingIdentity", +- NID_id_aca_chargingIdentity,8,&(lvalues[2649]),0}, +-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2657]),0}, +-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2665]),0}, ++ NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0}, ++{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0}, ++{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0}, + {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", +- NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2673]),0}, +-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2681]),0}, ++ NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0}, ++{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0}, + {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, +- &(lvalues[2689]),0}, ++ &(lvalues[2687]),0}, + {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, +- &(lvalues[2697]),0}, ++ &(lvalues[2695]),0}, + {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, +- &(lvalues[2705]),0}, +-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2713]),0}, ++ &(lvalues[2703]),0}, ++{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0}, + {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, +- &(lvalues[2721]),0}, +-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2730]),0}, +-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2739]),0}, ++ &(lvalues[2719]),0}, ++{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0}, ++{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0}, + {"acceptableResponses","Acceptable OCSP Responses", +- NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2748]),0}, +-{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2757]),0}, ++ NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0}, ++{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0}, + {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, +- 9,&(lvalues[2766]),0}, ++ 9,&(lvalues[2764]),0}, + {"serviceLocator","OCSP Service Locator", +- NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2775]),0}, ++ NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0}, + {"extendedStatus","Extended OCSP Status", +- NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2784]),0}, +-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2793]),0}, +-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2802]),0}, ++ NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0}, ++{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0}, ++{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0}, + {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, +- &(lvalues[2811]),0}, +-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2820]),0}, +-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2824]),0}, ++ &(lvalues[2809]),0}, ++{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0}, ++{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0}, + {"X500algorithms","directory services - algorithms", +- NID_X500algorithms,2,&(lvalues[2829]),0}, +-{"ORG","org",NID_org,1,&(lvalues[2831]),0}, +-{"DOD","dod",NID_dod,2,&(lvalues[2832]),0}, +-{"IANA","iana",NID_iana,3,&(lvalues[2834]),0}, +-{"directory","Directory",NID_Directory,4,&(lvalues[2837]),0}, +-{"mgmt","Management",NID_Management,4,&(lvalues[2841]),0}, +-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2845]),0}, +-{"private","Private",NID_Private,4,&(lvalues[2849]),0}, +-{"security","Security",NID_Security,4,&(lvalues[2853]),0}, +-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2857]),0}, +-{"Mail","Mail",NID_Mail,4,&(lvalues[2861]),0}, +-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2865]),0}, +-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2870]),0}, +-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2879]),0}, +-{"domain","Domain",NID_Domain,10,&(lvalues[2889]),0}, +-{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2899]),0}, ++ NID_X500algorithms,2,&(lvalues[2827]),0}, ++{"ORG","org",NID_org,1,&(lvalues[2829]),0}, ++{"DOD","dod",NID_dod,2,&(lvalues[2830]),0}, ++{"IANA","iana",NID_iana,3,&(lvalues[2832]),0}, ++{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0}, ++{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0}, ++{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0}, ++{"private","Private",NID_Private,4,&(lvalues[2847]),0}, ++{"security","Security",NID_Security,4,&(lvalues[2851]),0}, ++{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0}, ++{"Mail","Mail",NID_Mail,4,&(lvalues[2859]),0}, ++{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0}, ++{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0}, ++{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0}, ++{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0}, ++{"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0}, + {"selected-attribute-types","Selected Attribute Types", +- NID_selected_attribute_types,3,&(lvalues[2900]),0}, +-{"clearance","clearance",NID_clearance,4,&(lvalues[2903]),0}, ++ NID_selected_attribute_types,3,&(lvalues[2897]),0}, ++{"clearance","clearance",NID_clearance,4,&(lvalues[2900]),0}, + {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, +- &(lvalues[2907]),0}, +-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2916]),0}, ++ &(lvalues[2904]),0}, ++{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2913]),0}, + {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, +- &(lvalues[2924]),0}, ++ &(lvalues[2921]),0}, + {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, +- &(lvalues[2932]),0}, +-{"role","role",NID_role,3,&(lvalues[2940]),0}, ++ &(lvalues[2929]),0}, ++{"role","role",NID_role,3,&(lvalues[2937]),0}, + {"policyConstraints","X509v3 Policy Constraints", +- NID_policy_constraints,3,&(lvalues[2943]),0}, ++ NID_policy_constraints,3,&(lvalues[2940]),0}, + {"targetInformation","X509v3 AC Targeting",NID_target_information,3, +- &(lvalues[2946]),0}, ++ &(lvalues[2943]),0}, + {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, +- &(lvalues[2949]),0}, +-{"NULL","NULL",NID_ccitt,1,&(lvalues[2952]),0}, +-{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2953]),0}, +-{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2958]),0}, ++ &(lvalues[2946]),0}, ++{"NULL","NULL",NID_ccitt,0,NULL,0}, ++{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2949]),0}, ++{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2954]),0}, + {"characteristic-two-field","characteristic-two-field", +- NID_X9_62_characteristic_two_field,7,&(lvalues[2965]),0}, ++ NID_X9_62_characteristic_two_field,7,&(lvalues[2961]),0}, + {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, +- &(lvalues[2972]),0}, +-{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2979]),0}, +-{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2987]),0}, +-{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2995]),0}, +-{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3003]),0}, +-{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3011]),0}, +-{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3019]),0}, +-{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3027]),0}, ++ &(lvalues[2968]),0}, ++{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2975]),0}, ++{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2983]),0}, ++{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2991]),0}, ++{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2999]),0}, ++{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3007]),0}, ++{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3015]),0}, ++{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3023]),0}, + {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, +- &(lvalues[3035]),0}, +-{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3042]),0}, +-{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3051]),0}, +-{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3060]),0}, +-{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3069]),0}, +-{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3078]),0}, +-{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3087]),0}, +-{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3096]),0}, +-{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3105]),0}, +-{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3114]),0}, +-{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3123]),0}, +-{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3132]),0}, +-{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3141]),0}, +-{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3150]),0}, ++ &(lvalues[3031]),0}, ++{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3038]),0}, ++{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3047]),0}, ++{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3056]),0}, ++{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3065]),0}, ++{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3074]),0}, ++{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3083]),0}, ++{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3092]),0}, ++{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3101]),0}, ++{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3110]),0}, ++{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3119]),0}, ++{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3128]),0}, ++{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3137]),0}, ++{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3146]),0}, + {"holdInstructionCode","Hold Instruction Code", +- NID_hold_instruction_code,3,&(lvalues[3159]),0}, ++ NID_hold_instruction_code,3,&(lvalues[3155]),0}, + {"holdInstructionNone","Hold Instruction None", +- NID_hold_instruction_none,7,&(lvalues[3162]),0}, ++ NID_hold_instruction_none,7,&(lvalues[3158]),0}, + {"holdInstructionCallIssuer","Hold Instruction Call Issuer", +- NID_hold_instruction_call_issuer,7,&(lvalues[3169]),0}, ++ NID_hold_instruction_call_issuer,7,&(lvalues[3165]),0}, + {"holdInstructionReject","Hold Instruction Reject", +- NID_hold_instruction_reject,7,&(lvalues[3176]),0}, +-{"data","data",NID_data,1,&(lvalues[3183]),0}, +-{"pss","pss",NID_pss,3,&(lvalues[3184]),0}, +-{"ucl","ucl",NID_ucl,7,&(lvalues[3187]),0}, +-{"pilot","pilot",NID_pilot,8,&(lvalues[3194]),0}, ++ NID_hold_instruction_reject,7,&(lvalues[3172]),0}, ++{"data","data",NID_data,1,&(lvalues[3179]),0}, ++{"pss","pss",NID_pss,3,&(lvalues[3180]),0}, ++{"ucl","ucl",NID_ucl,7,&(lvalues[3183]),0}, ++{"pilot","pilot",NID_pilot,8,&(lvalues[3190]),0}, + {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, +- &(lvalues[3202]),0}, ++ &(lvalues[3198]),0}, + {"pilotAttributeSyntax","pilotAttributeSyntax", +- NID_pilotAttributeSyntax,9,&(lvalues[3211]),0}, ++ NID_pilotAttributeSyntax,9,&(lvalues[3207]),0}, + {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, +- &(lvalues[3220]),0}, +-{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3229]),0}, ++ &(lvalues[3216]),0}, ++{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3225]),0}, + {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, +- &(lvalues[3238]),0}, ++ &(lvalues[3234]),0}, + {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", +- NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3248]),0}, +-{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3258]),0}, +-{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3268]),0}, +-{"account","account",NID_account,10,&(lvalues[3278]),0}, +-{"document","document",NID_document,10,&(lvalues[3288]),0}, +-{"room","room",NID_room,10,&(lvalues[3298]),0}, ++ NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3244]),0}, ++{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3254]),0}, ++{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3264]),0}, ++{"account","account",NID_account,10,&(lvalues[3274]),0}, ++{"document","document",NID_document,10,&(lvalues[3284]),0}, ++{"room","room",NID_room,10,&(lvalues[3294]),0}, + {"documentSeries","documentSeries",NID_documentSeries,10, +- &(lvalues[3308]),0}, ++ &(lvalues[3304]),0}, + {"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, +- &(lvalues[3318]),0}, +-{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3328]),0}, ++ &(lvalues[3314]),0}, ++{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3324]),0}, + {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, +- 10,&(lvalues[3338]),0}, ++ 10,&(lvalues[3334]),0}, + {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, +- &(lvalues[3348]),0}, ++ &(lvalues[3344]),0}, + {"simpleSecurityObject","simpleSecurityObject", +- NID_simpleSecurityObject,10,&(lvalues[3358]),0}, ++ NID_simpleSecurityObject,10,&(lvalues[3354]),0}, + {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, +- &(lvalues[3368]),0}, +-{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3378]),0}, ++ &(lvalues[3364]),0}, ++{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3374]),0}, + {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, +- 10,&(lvalues[3388]),0}, +-{"UID","userId",NID_userId,10,&(lvalues[3398]),0}, ++ 10,&(lvalues[3384]),0}, ++{"UID","userId",NID_userId,10,&(lvalues[3394]),0}, + {"textEncodedORAddress","textEncodedORAddress", +- NID_textEncodedORAddress,10,&(lvalues[3408]),0}, +-{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3418]),0}, +-{"info","info",NID_info,10,&(lvalues[3428]),0}, ++ NID_textEncodedORAddress,10,&(lvalues[3404]),0}, ++{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3414]),0}, ++{"info","info",NID_info,10,&(lvalues[3424]),0}, + {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, +- &(lvalues[3438]),0}, +-{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3448]),0}, +-{"photo","photo",NID_photo,10,&(lvalues[3458]),0}, +-{"userClass","userClass",NID_userClass,10,&(lvalues[3468]),0}, +-{"host","host",NID_host,10,&(lvalues[3478]),0}, +-{"manager","manager",NID_manager,10,&(lvalues[3488]),0}, ++ &(lvalues[3434]),0}, ++{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3444]),0}, ++{"photo","photo",NID_photo,10,&(lvalues[3454]),0}, ++{"userClass","userClass",NID_userClass,10,&(lvalues[3464]),0}, ++{"host","host",NID_host,10,&(lvalues[3474]),0}, ++{"manager","manager",NID_manager,10,&(lvalues[3484]),0}, + {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, +- &(lvalues[3498]),0}, +-{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3508]),0}, ++ &(lvalues[3494]),0}, ++{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3504]),0}, + {"documentVersion","documentVersion",NID_documentVersion,10, +- &(lvalues[3518]),0}, ++ &(lvalues[3514]),0}, + {"documentAuthor","documentAuthor",NID_documentAuthor,10, +- &(lvalues[3528]),0}, ++ &(lvalues[3524]),0}, + {"documentLocation","documentLocation",NID_documentLocation,10, +- &(lvalues[3538]),0}, ++ &(lvalues[3534]),0}, + {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, +- 10,&(lvalues[3548]),0}, +-{"secretary","secretary",NID_secretary,10,&(lvalues[3558]),0}, +-{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3568]),0}, ++ 10,&(lvalues[3544]),0}, ++{"secretary","secretary",NID_secretary,10,&(lvalues[3554]),0}, ++{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3564]),0}, + {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, +- &(lvalues[3578]),0}, ++ &(lvalues[3574]),0}, + {"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, +- &(lvalues[3588]),0}, +-{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3598]),0}, ++ &(lvalues[3584]),0}, ++{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3594]),0}, + {"pilotAttributeType27","pilotAttributeType27", +- NID_pilotAttributeType27,10,&(lvalues[3608]),0}, +-{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3618]),0}, +-{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3628]),0}, +-{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3638]),0}, +-{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3648]),0}, ++ NID_pilotAttributeType27,10,&(lvalues[3604]),0}, ++{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3614]),0}, ++{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3624]),0}, ++{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3634]),0}, ++{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3644]),0}, + {"associatedDomain","associatedDomain",NID_associatedDomain,10, +- &(lvalues[3658]),0}, ++ &(lvalues[3654]),0}, + {"associatedName","associatedName",NID_associatedName,10, +- &(lvalues[3668]),0}, ++ &(lvalues[3664]),0}, + {"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, +- &(lvalues[3678]),0}, +-{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3688]),0}, ++ &(lvalues[3674]),0}, ++{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3684]),0}, + {"mobileTelephoneNumber","mobileTelephoneNumber", +- NID_mobileTelephoneNumber,10,&(lvalues[3698]),0}, ++ NID_mobileTelephoneNumber,10,&(lvalues[3694]),0}, + {"pagerTelephoneNumber","pagerTelephoneNumber", +- NID_pagerTelephoneNumber,10,&(lvalues[3708]),0}, ++ NID_pagerTelephoneNumber,10,&(lvalues[3704]),0}, + {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, +- 10,&(lvalues[3718]),0}, ++ 10,&(lvalues[3714]),0}, + {"organizationalStatus","organizationalStatus", +- NID_organizationalStatus,10,&(lvalues[3728]),0}, +-{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3738]),0}, ++ NID_organizationalStatus,10,&(lvalues[3724]),0}, ++{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3734]),0}, + {"mailPreferenceOption","mailPreferenceOption", +- NID_mailPreferenceOption,10,&(lvalues[3748]),0}, +-{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3758]),0}, +-{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3768]),0}, ++ NID_mailPreferenceOption,10,&(lvalues[3744]),0}, ++{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3754]),0}, ++{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3764]),0}, + {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, +- &(lvalues[3778]),0}, ++ &(lvalues[3774]),0}, + {"subtreeMinimumQuality","subtreeMinimumQuality", +- NID_subtreeMinimumQuality,10,&(lvalues[3788]),0}, ++ NID_subtreeMinimumQuality,10,&(lvalues[3784]),0}, + {"subtreeMaximumQuality","subtreeMaximumQuality", +- NID_subtreeMaximumQuality,10,&(lvalues[3798]),0}, ++ NID_subtreeMaximumQuality,10,&(lvalues[3794]),0}, + {"personalSignature","personalSignature",NID_personalSignature,10, +- &(lvalues[3808]),0}, +-{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3818]),0}, +-{"audio","audio",NID_audio,10,&(lvalues[3828]),0}, ++ &(lvalues[3804]),0}, ++{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3814]),0}, ++{"audio","audio",NID_audio,10,&(lvalues[3824]),0}, + {"documentPublisher","documentPublisher",NID_documentPublisher,10, +- &(lvalues[3838]),0}, ++ &(lvalues[3834]),0}, + {"x500UniqueIdentifier","x500UniqueIdentifier", +- NID_x500UniqueIdentifier,3,&(lvalues[3848]),0}, +-{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3851]),0}, ++ NID_x500UniqueIdentifier,3,&(lvalues[3844]),0}, ++{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3847]),0}, + {"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, +- &(lvalues[3856]),0}, ++ &(lvalues[3852]),0}, + {"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, +- &(lvalues[3862]),0}, ++ &(lvalues[3858]),0}, + {"id-hex-partial-message","id-hex-partial-message", +- NID_id_hex_partial_message,7,&(lvalues[3868]),0}, ++ NID_id_hex_partial_message,7,&(lvalues[3864]),0}, + {"id-hex-multipart-message","id-hex-multipart-message", +- NID_id_hex_multipart_message,7,&(lvalues[3875]),0}, ++ NID_id_hex_multipart_message,7,&(lvalues[3871]),0}, + {"generationQualifier","generationQualifier",NID_generationQualifier, +- 3,&(lvalues[3882]),0}, +-{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3885]),0}, ++ 3,&(lvalues[3878]),0}, ++{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3881]),0}, + {NULL,NULL,NID_undef,0,NULL,0}, + {"id-set","Secure Electronic Transactions",NID_id_set,2, +- &(lvalues[3888]),0}, +-{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3890]),0}, +-{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3893]),0}, +-{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3896]),0}, +-{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3899]),0}, ++ &(lvalues[3884]),0}, ++{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3886]),0}, ++{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3889]),0}, ++{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3892]),0}, ++{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3895]),0}, + {"set-certExt","certificate extensions",NID_set_certExt,3, +- &(lvalues[3902]),0}, +-{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3905]),0}, +-{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3908]),0}, ++ &(lvalues[3898]),0}, ++{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3901]),0}, ++{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3904]),0}, + {"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, +- &(lvalues[3912]),0}, +-{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3916]),0}, +-{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3920]),0}, +-{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3924]),0}, +-{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3928]),0}, ++ &(lvalues[3908]),0}, ++{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3912]),0}, ++{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3916]),0}, ++{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3920]),0}, ++{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3924]),0}, + {"setct-PIDataUnsigned","setct-PIDataUnsigned", +- NID_setct_PIDataUnsigned,4,&(lvalues[3932]),0}, ++ NID_setct_PIDataUnsigned,4,&(lvalues[3928]),0}, + {"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, +- &(lvalues[3936]),0}, ++ &(lvalues[3932]),0}, + {"setct-AuthResBaggage","setct-AuthResBaggage", +- NID_setct_AuthResBaggage,4,&(lvalues[3940]),0}, ++ NID_setct_AuthResBaggage,4,&(lvalues[3936]),0}, + {"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", +- NID_setct_AuthRevReqBaggage,4,&(lvalues[3944]),0}, ++ NID_setct_AuthRevReqBaggage,4,&(lvalues[3940]),0}, + {"setct-AuthRevResBaggage","setct-AuthRevResBaggage", +- NID_setct_AuthRevResBaggage,4,&(lvalues[3948]),0}, ++ NID_setct_AuthRevResBaggage,4,&(lvalues[3944]),0}, + {"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, +- &(lvalues[3952]),0}, ++ &(lvalues[3948]),0}, + {"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, +- &(lvalues[3956]),0}, +-{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3960]),0}, ++ &(lvalues[3952]),0}, ++{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3956]),0}, + {"setct-PResData","setct-PResData",NID_setct_PResData,4, +- &(lvalues[3964]),0}, ++ &(lvalues[3960]),0}, + {"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, +- &(lvalues[3968]),0}, ++ &(lvalues[3964]),0}, + {"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, +- &(lvalues[3972]),0}, ++ &(lvalues[3968]),0}, + {"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, +- &(lvalues[3976]),0}, ++ &(lvalues[3972]),0}, + {"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, +- &(lvalues[3980]),0}, ++ &(lvalues[3976]),0}, + {"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, +- &(lvalues[3984]),0}, ++ &(lvalues[3980]),0}, + {"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, +- &(lvalues[3988]),0}, ++ &(lvalues[3984]),0}, + {"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", +- NID_setct_AcqCardCodeMsg,4,&(lvalues[3992]),0}, ++ NID_setct_AcqCardCodeMsg,4,&(lvalues[3988]),0}, + {"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, +- 4,&(lvalues[3996]),0}, ++ 4,&(lvalues[3992]),0}, + {"setct-AuthRevResData","setct-AuthRevResData", +- NID_setct_AuthRevResData,4,&(lvalues[4000]),0}, ++ NID_setct_AuthRevResData,4,&(lvalues[3996]),0}, + {"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, +- 4,&(lvalues[4004]),0}, ++ 4,&(lvalues[4000]),0}, + {"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, +- &(lvalues[4008]),0}, ++ &(lvalues[4004]),0}, + {"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, +- &(lvalues[4012]),0}, ++ &(lvalues[4008]),0}, + {"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, +- &(lvalues[4016]),0}, ++ &(lvalues[4012]),0}, + {"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, +- &(lvalues[4020]),0}, ++ &(lvalues[4016]),0}, + {"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, +- 4,&(lvalues[4024]),0}, ++ 4,&(lvalues[4020]),0}, + {"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, +- 4,&(lvalues[4028]),0}, ++ 4,&(lvalues[4024]),0}, + {"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, +- &(lvalues[4032]),0}, ++ &(lvalues[4028]),0}, + {"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, +- &(lvalues[4036]),0}, ++ &(lvalues[4032]),0}, + {"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, +- &(lvalues[4040]),0}, ++ &(lvalues[4036]),0}, + {"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, +- 4,&(lvalues[4044]),0}, ++ 4,&(lvalues[4040]),0}, + {"setct-CredRevReqTBSX","setct-CredRevReqTBSX", +- NID_setct_CredRevReqTBSX,4,&(lvalues[4048]),0}, ++ NID_setct_CredRevReqTBSX,4,&(lvalues[4044]),0}, + {"setct-CredRevResData","setct-CredRevResData", +- NID_setct_CredRevResData,4,&(lvalues[4052]),0}, ++ NID_setct_CredRevResData,4,&(lvalues[4048]),0}, + {"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, +- &(lvalues[4056]),0}, ++ &(lvalues[4052]),0}, + {"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, +- &(lvalues[4060]),0}, ++ &(lvalues[4056]),0}, + {"setct-BatchAdminReqData","setct-BatchAdminReqData", +- NID_setct_BatchAdminReqData,4,&(lvalues[4064]),0}, ++ NID_setct_BatchAdminReqData,4,&(lvalues[4060]),0}, + {"setct-BatchAdminResData","setct-BatchAdminResData", +- NID_setct_BatchAdminResData,4,&(lvalues[4068]),0}, ++ NID_setct_BatchAdminResData,4,&(lvalues[4064]),0}, + {"setct-CardCInitResTBS","setct-CardCInitResTBS", +- NID_setct_CardCInitResTBS,4,&(lvalues[4072]),0}, ++ NID_setct_CardCInitResTBS,4,&(lvalues[4068]),0}, + {"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", +- NID_setct_MeAqCInitResTBS,4,&(lvalues[4076]),0}, ++ NID_setct_MeAqCInitResTBS,4,&(lvalues[4072]),0}, + {"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, +- 4,&(lvalues[4080]),0}, ++ 4,&(lvalues[4076]),0}, + {"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, +- &(lvalues[4084]),0}, ++ &(lvalues[4080]),0}, + {"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, +- &(lvalues[4088]),0}, ++ &(lvalues[4084]),0}, + {"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, +- &(lvalues[4092]),0}, ++ &(lvalues[4088]),0}, + {"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, +- 4,&(lvalues[4096]),0}, ++ 4,&(lvalues[4092]),0}, + {"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, +- &(lvalues[4100]),0}, ++ &(lvalues[4096]),0}, + {"setct-PIDualSignedTBE","setct-PIDualSignedTBE", +- NID_setct_PIDualSignedTBE,4,&(lvalues[4104]),0}, ++ NID_setct_PIDualSignedTBE,4,&(lvalues[4100]),0}, + {"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, +- 4,&(lvalues[4108]),0}, ++ 4,&(lvalues[4104]),0}, + {"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, +- &(lvalues[4112]),0}, ++ &(lvalues[4108]),0}, + {"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, +- &(lvalues[4116]),0}, ++ &(lvalues[4112]),0}, + {"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, +- &(lvalues[4120]),0}, ++ &(lvalues[4116]),0}, + {"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, +- &(lvalues[4124]),0}, ++ &(lvalues[4120]),0}, + {"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, +- &(lvalues[4128]),0}, ++ &(lvalues[4124]),0}, + {"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, +- &(lvalues[4132]),0}, ++ &(lvalues[4128]),0}, + {"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", +- NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4136]),0}, ++ NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4132]),0}, + {"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, +- 4,&(lvalues[4140]),0}, ++ 4,&(lvalues[4136]),0}, + {"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, +- 4,&(lvalues[4144]),0}, ++ 4,&(lvalues[4140]),0}, + {"setct-AuthRevResTBEB","setct-AuthRevResTBEB", +- NID_setct_AuthRevResTBEB,4,&(lvalues[4148]),0}, ++ NID_setct_AuthRevResTBEB,4,&(lvalues[4144]),0}, + {"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, +- &(lvalues[4152]),0}, ++ &(lvalues[4148]),0}, + {"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, +- &(lvalues[4156]),0}, ++ &(lvalues[4152]),0}, + {"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, +- &(lvalues[4160]),0}, ++ &(lvalues[4156]),0}, + {"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, +- &(lvalues[4164]),0}, ++ &(lvalues[4160]),0}, + {"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, +- 4,&(lvalues[4168]),0}, ++ 4,&(lvalues[4164]),0}, + {"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, +- &(lvalues[4172]),0}, ++ &(lvalues[4168]),0}, + {"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, +- &(lvalues[4176]),0}, ++ &(lvalues[4172]),0}, + {"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, +- &(lvalues[4180]),0}, ++ &(lvalues[4176]),0}, + {"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, +- &(lvalues[4184]),0}, ++ &(lvalues[4180]),0}, + {"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, +- 4,&(lvalues[4188]),0}, ++ 4,&(lvalues[4184]),0}, + {"setct-CredRevReqTBEX","setct-CredRevReqTBEX", +- NID_setct_CredRevReqTBEX,4,&(lvalues[4192]),0}, ++ NID_setct_CredRevReqTBEX,4,&(lvalues[4188]),0}, + {"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, +- 4,&(lvalues[4196]),0}, ++ 4,&(lvalues[4192]),0}, + {"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", +- NID_setct_BatchAdminReqTBE,4,&(lvalues[4200]),0}, ++ NID_setct_BatchAdminReqTBE,4,&(lvalues[4196]),0}, + {"setct-BatchAdminResTBE","setct-BatchAdminResTBE", +- NID_setct_BatchAdminResTBE,4,&(lvalues[4204]),0}, ++ NID_setct_BatchAdminResTBE,4,&(lvalues[4200]),0}, + {"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, +- 4,&(lvalues[4208]),0}, ++ 4,&(lvalues[4204]),0}, + {"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, +- &(lvalues[4212]),0}, ++ &(lvalues[4208]),0}, + {"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, +- &(lvalues[4216]),0}, ++ &(lvalues[4212]),0}, + {"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, +- &(lvalues[4220]),0}, ++ &(lvalues[4216]),0}, + {"setct-CRLNotificationTBS","setct-CRLNotificationTBS", +- NID_setct_CRLNotificationTBS,4,&(lvalues[4224]),0}, ++ NID_setct_CRLNotificationTBS,4,&(lvalues[4220]),0}, + {"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", +- NID_setct_CRLNotificationResTBS,4,&(lvalues[4228]),0}, ++ NID_setct_CRLNotificationResTBS,4,&(lvalues[4224]),0}, + {"setct-BCIDistributionTBS","setct-BCIDistributionTBS", +- NID_setct_BCIDistributionTBS,4,&(lvalues[4232]),0}, ++ NID_setct_BCIDistributionTBS,4,&(lvalues[4228]),0}, + {"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, +- &(lvalues[4236]),0}, ++ &(lvalues[4232]),0}, + {"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, +- &(lvalues[4240]),0}, ++ &(lvalues[4236]),0}, + {"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, +- &(lvalues[4244]),0}, +-{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4248]),0}, +-{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4252]),0}, ++ &(lvalues[4240]),0}, ++{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4244]),0}, ++{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4248]),0}, + {"setext-cv","additional verification",NID_setext_cv,4, +- &(lvalues[4256]),0}, ++ &(lvalues[4252]),0}, + {"set-policy-root","set-policy-root",NID_set_policy_root,4, +- &(lvalues[4260]),0}, ++ &(lvalues[4256]),0}, + {"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, +- &(lvalues[4264]),0}, ++ &(lvalues[4260]),0}, + {"setCext-certType","setCext-certType",NID_setCext_certType,4, +- &(lvalues[4268]),0}, ++ &(lvalues[4264]),0}, + {"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, +- &(lvalues[4272]),0}, ++ &(lvalues[4268]),0}, + {"setCext-cCertRequired","setCext-cCertRequired", +- NID_setCext_cCertRequired,4,&(lvalues[4276]),0}, ++ NID_setCext_cCertRequired,4,&(lvalues[4272]),0}, + {"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, +- &(lvalues[4280]),0}, ++ &(lvalues[4276]),0}, + {"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, +- &(lvalues[4284]),0}, ++ &(lvalues[4280]),0}, + {"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, +- &(lvalues[4288]),0}, ++ &(lvalues[4284]),0}, + {"setCext-PGWYcapabilities","setCext-PGWYcapabilities", +- NID_setCext_PGWYcapabilities,4,&(lvalues[4292]),0}, ++ NID_setCext_PGWYcapabilities,4,&(lvalues[4288]),0}, + {"setCext-TokenIdentifier","setCext-TokenIdentifier", +- NID_setCext_TokenIdentifier,4,&(lvalues[4296]),0}, ++ NID_setCext_TokenIdentifier,4,&(lvalues[4292]),0}, + {"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, +- &(lvalues[4300]),0}, ++ &(lvalues[4296]),0}, + {"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, +- &(lvalues[4304]),0}, ++ &(lvalues[4300]),0}, + {"setCext-IssuerCapabilities","setCext-IssuerCapabilities", +- NID_setCext_IssuerCapabilities,4,&(lvalues[4308]),0}, +-{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4312]),0}, ++ NID_setCext_IssuerCapabilities,4,&(lvalues[4304]),0}, ++{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4308]),0}, + {"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, +- 4,&(lvalues[4316]),0}, ++ 4,&(lvalues[4312]),0}, + {"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, +- &(lvalues[4320]),0}, ++ &(lvalues[4316]),0}, + {"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, +- &(lvalues[4324]),0}, ++ &(lvalues[4320]),0}, + {"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, +- &(lvalues[4328]),0}, +-{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4333]),0}, ++ &(lvalues[4324]),0}, ++{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4329]),0}, + {"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, +- &(lvalues[4338]),0}, ++ &(lvalues[4334]),0}, + {"setAttr-Token-B0Prime","setAttr-Token-B0Prime", +- NID_setAttr_Token_B0Prime,5,&(lvalues[4343]),0}, ++ NID_setAttr_Token_B0Prime,5,&(lvalues[4339]),0}, + {"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, +- &(lvalues[4348]),0}, ++ &(lvalues[4344]),0}, + {"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, +- &(lvalues[4353]),0}, ++ &(lvalues[4349]),0}, + {"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, +- &(lvalues[4358]),0}, ++ &(lvalues[4354]),0}, + {"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, +- 6,&(lvalues[4363]),0}, ++ 6,&(lvalues[4359]),0}, + {"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, +- &(lvalues[4369]),0}, ++ &(lvalues[4365]),0}, + {"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, +- &(lvalues[4375]),0}, ++ &(lvalues[4371]),0}, + {"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, +- &(lvalues[4381]),0}, ++ &(lvalues[4377]),0}, + {"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, +- 6,&(lvalues[4387]),0}, ++ 6,&(lvalues[4383]),0}, + {"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, +- &(lvalues[4393]),0}, ++ &(lvalues[4389]),0}, + {"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, +- &(lvalues[4397]),0}, ++ &(lvalues[4393]),0}, + {"set-brand-AmericanExpress","set-brand-AmericanExpress", +- NID_set_brand_AmericanExpress,4,&(lvalues[4401]),0}, +-{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4405]),0}, ++ NID_set_brand_AmericanExpress,4,&(lvalues[4397]),0}, ++{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4401]),0}, + {"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, +- &(lvalues[4409]),0}, ++ &(lvalues[4405]),0}, + {"set-brand-MasterCard","set-brand-MasterCard", +- NID_set_brand_MasterCard,4,&(lvalues[4413]),0}, ++ NID_set_brand_MasterCard,4,&(lvalues[4409]),0}, + {"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, +- &(lvalues[4417]),0}, +-{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4422]),0}, ++ &(lvalues[4413]),0}, ++{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4418]),0}, + {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", +- NID_rsaOAEPEncryptionSET,9,&(lvalues[4430]),0}, +-{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4439]),0}, +-{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1, +- &(lvalues[4440]),0}, ++ NID_rsaOAEPEncryptionSET,9,&(lvalues[4426]),0}, ++{"ITU-T","itu-t",NID_itu_t,0,NULL,0}, ++{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0}, + {"international-organizations","International Organizations", +- NID_international_organizations,1,&(lvalues[4441]),0}, ++ NID_international_organizations,1,&(lvalues[4435]),0}, + {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, +- 10,&(lvalues[4442]),0}, ++ 10,&(lvalues[4436]),0}, + {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, +- &(lvalues[4452]),0}, ++ &(lvalues[4446]),0}, + {"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, + {"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, + {"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, +@@ -1928,138 +2005,138 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ + {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, + {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, + {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, +-{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0}, +-{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0}, +-{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0}, ++{"street","streetAddress",NID_streetAddress,3,&(lvalues[4456]),0}, ++{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4459]),0}, ++{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4462]),0}, + {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, +- &(lvalues[4475]),0}, ++ &(lvalues[4469]),0}, + {"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, +- &(lvalues[4483]),0}, ++ &(lvalues[4477]),0}, + {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, +- &(lvalues[4491]),0}, ++ &(lvalues[4485]),0}, + {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, +- &(lvalues[4499]),0}, +-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4502]),0}, ++ &(lvalues[4493]),0}, ++{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4496]),0}, + {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, +- &(lvalues[4510]),0}, ++ &(lvalues[4504]),0}, + {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, +- &(lvalues[4519]),0}, ++ &(lvalues[4513]),0}, + {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, +- &(lvalues[4528]),0}, ++ &(lvalues[4522]),0}, + {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, +- &(lvalues[4537]),0}, +-{"SHA256","sha256",NID_sha256,9,&(lvalues[4546]),0}, +-{"SHA384","sha384",NID_sha384,9,&(lvalues[4555]),0}, +-{"SHA512","sha512",NID_sha512,9,&(lvalues[4564]),0}, +-{"SHA224","sha224",NID_sha224,9,&(lvalues[4573]),0}, ++ &(lvalues[4531]),0}, ++{"SHA256","sha256",NID_sha256,9,&(lvalues[4540]),0}, ++{"SHA384","sha384",NID_sha384,9,&(lvalues[4549]),0}, ++{"SHA512","sha512",NID_sha512,9,&(lvalues[4558]),0}, ++{"SHA224","sha224",NID_sha224,9,&(lvalues[4567]),0}, + {"identified-organization","identified-organization", +- NID_identified_organization,1,&(lvalues[4582]),0}, +-{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4583]),0}, +-{"wap","wap",NID_wap,2,&(lvalues[4586]),0}, +-{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4588]),0}, ++ NID_identified_organization,1,&(lvalues[4576]),0}, ++{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4577]),0}, ++{"wap","wap",NID_wap,2,&(lvalues[4580]),0}, ++{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4582]),0}, + {"id-characteristic-two-basis","id-characteristic-two-basis", +- NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4591]),0}, +-{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4599]),0}, +-{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4608]),0}, +-{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4617]),0}, +-{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4626]),0}, +-{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4634]),0}, +-{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4642]),0}, +-{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4650]),0}, +-{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4658]),0}, +-{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4666]),0}, +-{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4674]),0}, +-{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4682]),0}, +-{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4690]),0}, +-{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4698]),0}, +-{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4706]),0}, +-{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4714]),0}, +-{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4722]),0}, +-{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4730]),0}, +-{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4738]),0}, +-{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4746]),0}, +-{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4754]),0}, +-{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4762]),0}, +-{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4770]),0}, +-{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4778]),0}, +-{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4786]),0}, +-{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4791]),0}, +-{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4796]),0}, +-{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4801]),0}, +-{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4806]),0}, +-{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4811]),0}, +-{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4816]),0}, +-{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4821]),0}, +-{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4826]),0}, +-{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4831]),0}, +-{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4836]),0}, +-{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4841]),0}, +-{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4846]),0}, +-{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4851]),0}, +-{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4856]),0}, +-{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4861]),0}, +-{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4866]),0}, +-{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4871]),0}, +-{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4876]),0}, +-{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4881]),0}, +-{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4886]),0}, +-{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4891]),0}, +-{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4896]),0}, +-{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4901]),0}, +-{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4906]),0}, +-{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4911]),0}, +-{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4916]),0}, +-{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4921]),0}, +-{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4926]),0}, +-{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4931]),0}, +-{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4936]),0}, ++ NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4585]),0}, ++{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4593]),0}, ++{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4602]),0}, ++{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4611]),0}, ++{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4620]),0}, ++{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4628]),0}, ++{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4636]),0}, ++{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4644]),0}, ++{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4652]),0}, ++{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4660]),0}, ++{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4668]),0}, ++{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4676]),0}, ++{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4684]),0}, ++{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4692]),0}, ++{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4700]),0}, ++{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4708]),0}, ++{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4716]),0}, ++{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4724]),0}, ++{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4732]),0}, ++{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4740]),0}, ++{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4748]),0}, ++{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4756]),0}, ++{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4764]),0}, ++{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4772]),0}, ++{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4780]),0}, ++{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4785]),0}, ++{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4790]),0}, ++{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4795]),0}, ++{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4800]),0}, ++{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4805]),0}, ++{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4810]),0}, ++{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4815]),0}, ++{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4820]),0}, ++{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4825]),0}, ++{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4830]),0}, ++{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4835]),0}, ++{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4840]),0}, ++{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4845]),0}, ++{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4850]),0}, ++{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4855]),0}, ++{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4860]),0}, ++{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4865]),0}, ++{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4870]),0}, ++{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4875]),0}, ++{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4880]),0}, ++{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4885]),0}, ++{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4890]),0}, ++{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4895]),0}, ++{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4900]),0}, ++{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4905]),0}, ++{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4910]),0}, ++{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4915]),0}, ++{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4920]),0}, ++{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4925]),0}, ++{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4930]),0}, + {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", +- NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4941]),0}, ++ NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4935]),0}, + {"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", +- NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4946]),0}, ++ NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4940]),0}, + {"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", +- NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4951]),0}, ++ NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4945]),0}, + {"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", +- NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4956]),0}, ++ NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4950]),0}, + {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", +- NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4961]),0}, ++ NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4955]),0}, + {"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", +- NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4966]),0}, ++ NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4960]),0}, + {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", +- NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4971]),0}, ++ NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4965]),0}, + {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", +- NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4976]),0}, ++ NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4970]),0}, + {"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", +- NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4981]),0}, ++ NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4975]),0}, + {"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", +- NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4986]),0}, ++ NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4980]),0}, + {"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", +- NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4991]),0}, +-{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4996]),0}, ++ NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4985]),0}, ++{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4990]),0}, + {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, +- &(lvalues[5000]),0}, ++ &(lvalues[4994]),0}, + {"inhibitAnyPolicy","X509v3 Inhibit Any Policy", +- NID_inhibit_any_policy,3,&(lvalues[5003]),0}, ++ NID_inhibit_any_policy,3,&(lvalues[4997]),0}, + {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, + {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, + {"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, +- &(lvalues[5006]),0}, ++ &(lvalues[5000]),0}, + {"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, +- &(lvalues[5017]),0}, ++ &(lvalues[5011]),0}, + {"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, +- &(lvalues[5028]),0}, ++ &(lvalues[5022]),0}, + {"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, +- &(lvalues[5039]),0}, ++ &(lvalues[5033]),0}, + {"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, +- &(lvalues[5047]),0}, ++ &(lvalues[5041]),0}, + {"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, +- &(lvalues[5055]),0}, ++ &(lvalues[5049]),0}, + {"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, +- &(lvalues[5063]),0}, ++ &(lvalues[5057]),0}, + {"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, +- &(lvalues[5071]),0}, ++ &(lvalues[5065]),0}, + {"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, +- &(lvalues[5079]),0}, ++ &(lvalues[5073]),0}, + {"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, + {"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, + {"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, +@@ -2067,2719 +2144,3176 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ + {"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, + {"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, + {"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, +- &(lvalues[5087]),0}, ++ &(lvalues[5081]),0}, + {"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, +- &(lvalues[5095]),0}, ++ &(lvalues[5089]),0}, + {"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, +- &(lvalues[5103]),0}, ++ &(lvalues[5097]),0}, + {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", +- NID_subject_directory_attributes,3,&(lvalues[5111]),0}, ++ NID_subject_directory_attributes,3,&(lvalues[5105]),0}, + {"issuingDistributionPoint","X509v3 Issuing Distrubution Point", +- NID_issuing_distribution_point,3,&(lvalues[5114]),0}, ++ NID_issuing_distribution_point,3,&(lvalues[5108]),0}, + {"certificateIssuer","X509v3 Certificate Issuer", +- NID_certificate_issuer,3,&(lvalues[5117]),0}, ++ NID_certificate_issuer,3,&(lvalues[5111]),0}, + {NULL,NULL,NID_undef,0,NULL,0}, +-{"KISA","kisa",NID_kisa,6,&(lvalues[5120]),0}, ++{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0}, + {NULL,NULL,NID_undef,0,NULL,0}, + {NULL,NULL,NID_undef,0,NULL,0}, +-{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5126]),0}, +-{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5134]),0}, +-{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5142]),0}, +-{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5150]),0}, +-{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5158]),0}, +-{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5166]),0}, ++{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5120]),0}, ++{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5128]),0}, ++{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5136]),0}, ++{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5144]),0}, ++{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5152]),0}, ++{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5160]),0}, + {"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9, +- &(lvalues[5174]),0}, ++ &(lvalues[5168]),0}, + {"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9, +- &(lvalues[5183]),0}, ++ &(lvalues[5177]),0}, + {"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8, +- &(lvalues[5192]),0}, +-{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5200]),0}, ++ &(lvalues[5186]),0}, ++{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5194]),0}, + {"id-smime-ct-compressedData","id-smime-ct-compressedData", +- NID_id_smime_ct_compressedData,11,&(lvalues[5208]),0}, ++ NID_id_smime_ct_compressedData,11,&(lvalues[5202]),0}, + {"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", +- NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5219]),0}, ++ NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5213]),0}, + {"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9, +- &(lvalues[5230]),0}, ++ &(lvalues[5224]),0}, + {"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9, +- &(lvalues[5239]),0}, ++ &(lvalues[5233]),0}, + {"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, +- &(lvalues[5248]),0}, ++ &(lvalues[5242]),0}, + {"ecdsa-with-Recommended","ecdsa-with-Recommended", +- NID_ecdsa_with_Recommended,7,&(lvalues[5257]),0}, ++ NID_ecdsa_with_Recommended,7,&(lvalues[5251]),0}, + {"ecdsa-with-Specified","ecdsa-with-Specified", +- NID_ecdsa_with_Specified,7,&(lvalues[5264]),0}, ++ NID_ecdsa_with_Specified,7,&(lvalues[5258]),0}, + {"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8, +- &(lvalues[5271]),0}, ++ &(lvalues[5265]),0}, + {"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8, +- &(lvalues[5279]),0}, ++ &(lvalues[5273]),0}, + {"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8, +- &(lvalues[5287]),0}, ++ &(lvalues[5281]),0}, + {"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8, +- &(lvalues[5295]),0}, +-{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5303]),0}, ++ &(lvalues[5289]),0}, ++{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5297]),0}, + {"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8, +- &(lvalues[5311]),0}, ++ &(lvalues[5305]),0}, + {"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8, +- &(lvalues[5319]),0}, ++ &(lvalues[5313]),0}, + {"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8, +- &(lvalues[5327]),0}, ++ &(lvalues[5321]),0}, + {"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8, +- &(lvalues[5335]),0}, ++ &(lvalues[5329]),0}, + {"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9, +- &(lvalues[5343]),0}, ++ &(lvalues[5337]),0}, + {"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9, +- &(lvalues[5352]),0}, +-{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5361]),0}, +-{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5367]),0}, +-{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5372]),0}, ++ &(lvalues[5346]),0}, ++{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5355]),0}, ++{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5361]),0}, ++{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5366]),0}, + {"id-GostR3411-94-with-GostR3410-2001", + "GOST R 34.11-94 with GOST R 34.10-2001", +- NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5377]),0}, ++ NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5371]),0}, + {"id-GostR3411-94-with-GostR3410-94", + "GOST R 34.11-94 with GOST R 34.10-94", +- NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5383]),0}, +-{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5389]),0}, ++ NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5377]),0}, ++{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5383]),0}, + {"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6, +- &(lvalues[5395]),0}, ++ &(lvalues[5389]),0}, + {"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6, +- &(lvalues[5401]),0}, +-{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5407]),0}, +-{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5413]),0}, ++ &(lvalues[5395]),0}, ++{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5401]),0}, ++{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5407]),0}, + {"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0}, + {"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6, +- &(lvalues[5419]),0}, ++ &(lvalues[5413]),0}, + {"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6, +- &(lvalues[5425]),0}, ++ &(lvalues[5419]),0}, + {"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH, +- 6,&(lvalues[5431]),0}, ++ 6,&(lvalues[5425]),0}, + {"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6, +- &(lvalues[5437]),0}, ++ &(lvalues[5431]),0}, + {"id-Gost28147-89-CryptoPro-KeyMeshing", + "id-Gost28147-89-CryptoPro-KeyMeshing", +- NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5443]),0}, ++ NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5437]),0}, + {"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing", +- NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5450]),0}, ++ NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5444]),0}, + {"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet", +- NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5457]),0}, ++ NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5451]),0}, + {"id-GostR3411-94-CryptoProParamSet", + "id-GostR3411-94-CryptoProParamSet", +- NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5464]),0}, ++ NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5458]),0}, + {"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet", +- NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5471]),0}, ++ NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5465]),0}, + {"id-Gost28147-89-CryptoPro-A-ParamSet", + "id-Gost28147-89-CryptoPro-A-ParamSet", +- NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5478]),0}, ++ NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5472]),0}, + {"id-Gost28147-89-CryptoPro-B-ParamSet", + "id-Gost28147-89-CryptoPro-B-ParamSet", +- NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5485]),0}, ++ NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5479]),0}, + {"id-Gost28147-89-CryptoPro-C-ParamSet", + "id-Gost28147-89-CryptoPro-C-ParamSet", +- NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5492]),0}, ++ NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5486]),0}, + {"id-Gost28147-89-CryptoPro-D-ParamSet", + "id-Gost28147-89-CryptoPro-D-ParamSet", +- NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5499]),0}, ++ NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5493]),0}, + {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", + "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", +- NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5506]), ++ NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5500]), + 0}, + {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", + "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", +- NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5513]), ++ NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5507]), + 0}, + {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", + "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", +- NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5520]),0}, ++ NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5514]),0}, + {"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet", +- NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5527]),0}, ++ NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5521]),0}, + {"id-GostR3410-94-CryptoPro-A-ParamSet", + "id-GostR3410-94-CryptoPro-A-ParamSet", +- NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5534]),0}, ++ NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5528]),0}, + {"id-GostR3410-94-CryptoPro-B-ParamSet", + "id-GostR3410-94-CryptoPro-B-ParamSet", +- NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5541]),0}, ++ NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5535]),0}, + {"id-GostR3410-94-CryptoPro-C-ParamSet", + "id-GostR3410-94-CryptoPro-C-ParamSet", +- NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5548]),0}, ++ NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5542]),0}, + {"id-GostR3410-94-CryptoPro-D-ParamSet", + "id-GostR3410-94-CryptoPro-D-ParamSet", +- NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5555]),0}, ++ NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5549]),0}, + {"id-GostR3410-94-CryptoPro-XchA-ParamSet", + "id-GostR3410-94-CryptoPro-XchA-ParamSet", +- NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5562]),0}, ++ NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5556]),0}, + {"id-GostR3410-94-CryptoPro-XchB-ParamSet", + "id-GostR3410-94-CryptoPro-XchB-ParamSet", +- NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5569]),0}, ++ NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5563]),0}, + {"id-GostR3410-94-CryptoPro-XchC-ParamSet", + "id-GostR3410-94-CryptoPro-XchC-ParamSet", +- NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5576]),0}, ++ NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5570]),0}, + {"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet", +- NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5583]),0}, ++ NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5577]),0}, + {"id-GostR3410-2001-CryptoPro-A-ParamSet", + "id-GostR3410-2001-CryptoPro-A-ParamSet", +- NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5590]),0}, ++ NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5584]),0}, + {"id-GostR3410-2001-CryptoPro-B-ParamSet", + "id-GostR3410-2001-CryptoPro-B-ParamSet", +- NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5597]),0}, ++ NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5591]),0}, + {"id-GostR3410-2001-CryptoPro-C-ParamSet", + "id-GostR3410-2001-CryptoPro-C-ParamSet", +- NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5604]),0}, ++ NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5598]),0}, + {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", + "id-GostR3410-2001-CryptoPro-XchA-ParamSet", +- NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5611]),0}, ++ NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5605]),0}, + + {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", + "id-GostR3410-2001-CryptoPro-XchB-ParamSet", +- NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5618]),0}, ++ NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5612]),0}, + + {"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7, +- &(lvalues[5625]),0}, ++ &(lvalues[5619]),0}, + {"id-GostR3410-94-aBis","id-GostR3410-94-aBis", +- NID_id_GostR3410_94_aBis,7,&(lvalues[5632]),0}, ++ NID_id_GostR3410_94_aBis,7,&(lvalues[5626]),0}, + {"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7, +- &(lvalues[5639]),0}, ++ &(lvalues[5633]),0}, + {"id-GostR3410-94-bBis","id-GostR3410-94-bBis", +- NID_id_GostR3410_94_bBis,7,&(lvalues[5646]),0}, ++ NID_id_GostR3410_94_bBis,7,&(lvalues[5640]),0}, + {"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet", +- NID_id_Gost28147_89_cc,8,&(lvalues[5653]),0}, ++ NID_id_Gost28147_89_cc,8,&(lvalues[5647]),0}, + {"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8, +- &(lvalues[5661]),0}, ++ &(lvalues[5655]),0}, + {"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8, +- &(lvalues[5669]),0}, ++ &(lvalues[5663]),0}, + {"id-GostR3411-94-with-GostR3410-94-cc", + "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", +- NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5677]),0}, ++ NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5671]),0}, + {"id-GostR3411-94-with-GostR3410-2001-cc", + "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", +- NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5685]),0}, ++ NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5679]),0}, + {"id-GostR3410-2001-ParamSet-cc", + "GOST R 3410-2001 Parameter Set Cryptocom", +- NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5693]),0}, ++ NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5687]),0}, + {"HMAC","hmac",NID_hmac,0,NULL,0}, + {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9, +- &(lvalues[5701]),0}, ++ &(lvalues[5695]),0}, + {"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3, +- &(lvalues[5710]),0}, ++ &(lvalues[5704]),0}, + {"id-on-permanentIdentifier","Permanent Identifier", +- NID_id_on_permanentIdentifier,8,&(lvalues[5713]),0}, ++ NID_id_on_permanentIdentifier,8,&(lvalues[5707]),0}, ++{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5715]),0}, ++{"businessCategory","businessCategory",NID_businessCategory,3, ++ &(lvalues[5718]),0}, ++{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5721]),0}, ++{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5724]),0}, ++{"physicalDeliveryOfficeName","physicalDeliveryOfficeName", ++ NID_physicalDeliveryOfficeName,3,&(lvalues[5727]),0}, ++{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, ++ &(lvalues[5730]),0}, ++{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5733]),0}, ++{"teletexTerminalIdentifier","teletexTerminalIdentifier", ++ NID_teletexTerminalIdentifier,3,&(lvalues[5736]),0}, ++{"facsimileTelephoneNumber","facsimileTelephoneNumber", ++ NID_facsimileTelephoneNumber,3,&(lvalues[5739]),0}, ++{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5742]),0}, ++{"internationaliSDNNumber","internationaliSDNNumber", ++ NID_internationaliSDNNumber,3,&(lvalues[5745]),0}, ++{"registeredAddress","registeredAddress",NID_registeredAddress,3, ++ &(lvalues[5748]),0}, ++{"destinationIndicator","destinationIndicator", ++ NID_destinationIndicator,3,&(lvalues[5751]),0}, ++{"preferredDeliveryMethod","preferredDeliveryMethod", ++ NID_preferredDeliveryMethod,3,&(lvalues[5754]),0}, ++{"presentationAddress","presentationAddress",NID_presentationAddress, ++ 3,&(lvalues[5757]),0}, ++{"supportedApplicationContext","supportedApplicationContext", ++ NID_supportedApplicationContext,3,&(lvalues[5760]),0}, ++{"member","member",NID_member,3,&(lvalues[5763]),0}, ++{"owner","owner",NID_owner,3,&(lvalues[5766]),0}, ++{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5769]),0}, ++{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5772]),0}, ++{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5775]),0}, ++{"userCertificate","userCertificate",NID_userCertificate,3, ++ &(lvalues[5778]),0}, ++{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5781]),0}, ++{"authorityRevocationList","authorityRevocationList", ++ NID_authorityRevocationList,3,&(lvalues[5784]),0}, ++{"certificateRevocationList","certificateRevocationList", ++ NID_certificateRevocationList,3,&(lvalues[5787]),0}, ++{"crossCertificatePair","crossCertificatePair", ++ NID_crossCertificatePair,3,&(lvalues[5790]),0}, ++{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, ++ 3,&(lvalues[5793]),0}, ++{"protocolInformation","protocolInformation",NID_protocolInformation, ++ 3,&(lvalues[5796]),0}, ++{"distinguishedName","distinguishedName",NID_distinguishedName,3, ++ &(lvalues[5799]),0}, ++{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5802]),0}, ++{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, ++ &(lvalues[5805]),0}, ++{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, ++ 3,&(lvalues[5808]),0}, ++{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, ++ 3,&(lvalues[5811]),0}, ++{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5814]),0}, ++{"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11, ++ &(lvalues[5817]),0}, ++{"CMAC","cmac",NID_cmac,0,NULL,0}, ++{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5828]),0}, ++{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5837]),0}, ++{"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9, ++ &(lvalues[5846]),0}, ++{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5855]),0}, ++{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5864]),0}, ++{"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9, ++ &(lvalues[5873]),0}, ++{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5882]),0}, ++{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5891]),0}, ++{"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9, ++ &(lvalues[5900]),0}, ++{"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0}, ++{"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0}, ++{"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0}, ++{"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap, ++ 11,&(lvalues[5909]),0}, ++{"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap, ++ 11,&(lvalues[5920]),0}, ++{"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap, ++ 11,&(lvalues[5931]),0}, ++{"anyExtendedKeyUsage","Any Extended Key Usage", ++ NID_anyExtendedKeyUsage,4,&(lvalues[5942]),0}, ++{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5946]),0}, ++{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5955]),0}, ++{"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0}, ++{"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0}, ++{"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0}, ++{"AES-128-CBC-HMAC-SHA1","aes-128-cbc-hmac-sha1", ++ NID_aes_128_cbc_hmac_sha1,0,NULL,0}, ++{"AES-192-CBC-HMAC-SHA1","aes-192-cbc-hmac-sha1", ++ NID_aes_192_cbc_hmac_sha1,0,NULL,0}, ++{"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", ++ NID_aes_256_cbc_hmac_sha1,0,NULL,0}, ++{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, ++{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5973]),0}, ++{"brainpoolP160r1","brainpoolP160r1",NID_brainpoolP160r1,9, ++ &(lvalues[5980]),0}, ++{"brainpoolP160t1","brainpoolP160t1",NID_brainpoolP160t1,9, ++ &(lvalues[5989]),0}, ++{"brainpoolP192r1","brainpoolP192r1",NID_brainpoolP192r1,9, ++ &(lvalues[5998]),0}, ++{"brainpoolP192t1","brainpoolP192t1",NID_brainpoolP192t1,9, ++ &(lvalues[6007]),0}, ++{"brainpoolP224r1","brainpoolP224r1",NID_brainpoolP224r1,9, ++ &(lvalues[6016]),0}, ++{"brainpoolP224t1","brainpoolP224t1",NID_brainpoolP224t1,9, ++ &(lvalues[6025]),0}, ++{"brainpoolP256r1","brainpoolP256r1",NID_brainpoolP256r1,9, ++ &(lvalues[6034]),0}, ++{"brainpoolP256t1","brainpoolP256t1",NID_brainpoolP256t1,9, ++ &(lvalues[6043]),0}, ++{"brainpoolP320r1","brainpoolP320r1",NID_brainpoolP320r1,9, ++ &(lvalues[6052]),0}, ++{"brainpoolP320t1","brainpoolP320t1",NID_brainpoolP320t1,9, ++ &(lvalues[6061]),0}, ++{"brainpoolP384r1","brainpoolP384r1",NID_brainpoolP384r1,9, ++ &(lvalues[6070]),0}, ++{"brainpoolP384t1","brainpoolP384t1",NID_brainpoolP384t1,9, ++ &(lvalues[6079]),0}, ++{"brainpoolP512r1","brainpoolP512r1",NID_brainpoolP512r1,9, ++ &(lvalues[6088]),0}, ++{"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9, ++ &(lvalues[6097]),0}, ++{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6106]),0}, ++{"dhSinglePass-stdDH-sha1kdf-scheme", ++ "dhSinglePass-stdDH-sha1kdf-scheme", ++ NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6115]),0}, ++{"dhSinglePass-stdDH-sha224kdf-scheme", ++ "dhSinglePass-stdDH-sha224kdf-scheme", ++ NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6124]),0}, ++{"dhSinglePass-stdDH-sha256kdf-scheme", ++ "dhSinglePass-stdDH-sha256kdf-scheme", ++ NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6130]),0}, ++{"dhSinglePass-stdDH-sha384kdf-scheme", ++ "dhSinglePass-stdDH-sha384kdf-scheme", ++ NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6136]),0}, ++{"dhSinglePass-stdDH-sha512kdf-scheme", ++ "dhSinglePass-stdDH-sha512kdf-scheme", ++ NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6142]),0}, ++{"dhSinglePass-cofactorDH-sha1kdf-scheme", ++ "dhSinglePass-cofactorDH-sha1kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6148]),0}, ++{"dhSinglePass-cofactorDH-sha224kdf-scheme", ++ "dhSinglePass-cofactorDH-sha224kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6157]),0}, ++{"dhSinglePass-cofactorDH-sha256kdf-scheme", ++ "dhSinglePass-cofactorDH-sha256kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6163]),0}, ++{"dhSinglePass-cofactorDH-sha384kdf-scheme", ++ "dhSinglePass-cofactorDH-sha384kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6169]),0}, ++{"dhSinglePass-cofactorDH-sha512kdf-scheme", ++ "dhSinglePass-cofactorDH-sha512kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6175]),0}, ++{"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0}, ++{"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0}, ++{"AES-128-CBC-HMAC-SHA256","aes-128-cbc-hmac-sha256", ++ NID_aes_128_cbc_hmac_sha256,0,NULL,0}, ++{"AES-192-CBC-HMAC-SHA256","aes-192-cbc-hmac-sha256", ++ NID_aes_192_cbc_hmac_sha256,0,NULL,0}, ++{"AES-256-CBC-HMAC-SHA256","aes-256-cbc-hmac-sha256", ++ NID_aes_256_cbc_hmac_sha256,0,NULL,0}, ++{"ct_precert_scts","CT Precertificate SCTs",NID_ct_precert_scts,10, ++ &(lvalues[6181]),0}, ++{"ct_precert_poison","CT Precertificate Poison",NID_ct_precert_poison, ++ 10,&(lvalues[6191]),0}, ++{"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer, ++ 10,&(lvalues[6201]),0}, ++{"ct_cert_scts","CT Certificate SCTs",NID_ct_cert_scts,10, ++ &(lvalues[6211]),0}, ++{"jurisdictionL","jurisdictionLocalityName", ++ NID_jurisdictionLocalityName,11,&(lvalues[6221]),0}, ++{"jurisdictionST","jurisdictionStateOrProvinceName", ++ NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0}, ++{"jurisdictionC","jurisdictionCountryName", ++ NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, + }; + +-static ASN1_OBJECT *sn_objs[NUM_SN]={ +-&(nid_objs[364]),/* "AD_DVCS" */ +-&(nid_objs[419]),/* "AES-128-CBC" */ +-&(nid_objs[421]),/* "AES-128-CFB" */ +-&(nid_objs[650]),/* "AES-128-CFB1" */ +-&(nid_objs[653]),/* "AES-128-CFB8" */ +-&(nid_objs[418]),/* "AES-128-ECB" */ +-&(nid_objs[420]),/* "AES-128-OFB" */ +-&(nid_objs[423]),/* "AES-192-CBC" */ +-&(nid_objs[425]),/* "AES-192-CFB" */ +-&(nid_objs[651]),/* "AES-192-CFB1" */ +-&(nid_objs[654]),/* "AES-192-CFB8" */ +-&(nid_objs[422]),/* "AES-192-ECB" */ +-&(nid_objs[424]),/* "AES-192-OFB" */ +-&(nid_objs[427]),/* "AES-256-CBC" */ +-&(nid_objs[429]),/* "AES-256-CFB" */ +-&(nid_objs[652]),/* "AES-256-CFB1" */ +-&(nid_objs[655]),/* "AES-256-CFB8" */ +-&(nid_objs[426]),/* "AES-256-ECB" */ +-&(nid_objs[428]),/* "AES-256-OFB" */ +-&(nid_objs[91]),/* "BF-CBC" */ +-&(nid_objs[93]),/* "BF-CFB" */ +-&(nid_objs[92]),/* "BF-ECB" */ +-&(nid_objs[94]),/* "BF-OFB" */ +-&(nid_objs[14]),/* "C" */ +-&(nid_objs[751]),/* "CAMELLIA-128-CBC" */ +-&(nid_objs[757]),/* "CAMELLIA-128-CFB" */ +-&(nid_objs[760]),/* "CAMELLIA-128-CFB1" */ +-&(nid_objs[763]),/* "CAMELLIA-128-CFB8" */ +-&(nid_objs[754]),/* "CAMELLIA-128-ECB" */ +-&(nid_objs[766]),/* "CAMELLIA-128-OFB" */ +-&(nid_objs[752]),/* "CAMELLIA-192-CBC" */ +-&(nid_objs[758]),/* "CAMELLIA-192-CFB" */ +-&(nid_objs[761]),/* "CAMELLIA-192-CFB1" */ +-&(nid_objs[764]),/* "CAMELLIA-192-CFB8" */ +-&(nid_objs[755]),/* "CAMELLIA-192-ECB" */ +-&(nid_objs[767]),/* "CAMELLIA-192-OFB" */ +-&(nid_objs[753]),/* "CAMELLIA-256-CBC" */ +-&(nid_objs[759]),/* "CAMELLIA-256-CFB" */ +-&(nid_objs[762]),/* "CAMELLIA-256-CFB1" */ +-&(nid_objs[765]),/* "CAMELLIA-256-CFB8" */ +-&(nid_objs[756]),/* "CAMELLIA-256-ECB" */ +-&(nid_objs[768]),/* "CAMELLIA-256-OFB" */ +-&(nid_objs[108]),/* "CAST5-CBC" */ +-&(nid_objs[110]),/* "CAST5-CFB" */ +-&(nid_objs[109]),/* "CAST5-ECB" */ +-&(nid_objs[111]),/* "CAST5-OFB" */ +-&(nid_objs[13]),/* "CN" */ +-&(nid_objs[141]),/* "CRLReason" */ +-&(nid_objs[417]),/* "CSPName" */ +-&(nid_objs[367]),/* "CrlID" */ +-&(nid_objs[391]),/* "DC" */ +-&(nid_objs[31]),/* "DES-CBC" */ +-&(nid_objs[643]),/* "DES-CDMF" */ +-&(nid_objs[30]),/* "DES-CFB" */ +-&(nid_objs[656]),/* "DES-CFB1" */ +-&(nid_objs[657]),/* "DES-CFB8" */ +-&(nid_objs[29]),/* "DES-ECB" */ +-&(nid_objs[32]),/* "DES-EDE" */ +-&(nid_objs[43]),/* "DES-EDE-CBC" */ +-&(nid_objs[60]),/* "DES-EDE-CFB" */ +-&(nid_objs[62]),/* "DES-EDE-OFB" */ +-&(nid_objs[33]),/* "DES-EDE3" */ +-&(nid_objs[44]),/* "DES-EDE3-CBC" */ +-&(nid_objs[61]),/* "DES-EDE3-CFB" */ +-&(nid_objs[658]),/* "DES-EDE3-CFB1" */ +-&(nid_objs[659]),/* "DES-EDE3-CFB8" */ +-&(nid_objs[63]),/* "DES-EDE3-OFB" */ +-&(nid_objs[45]),/* "DES-OFB" */ +-&(nid_objs[80]),/* "DESX-CBC" */ +-&(nid_objs[380]),/* "DOD" */ +-&(nid_objs[116]),/* "DSA" */ +-&(nid_objs[66]),/* "DSA-SHA" */ +-&(nid_objs[113]),/* "DSA-SHA1" */ +-&(nid_objs[70]),/* "DSA-SHA1-old" */ +-&(nid_objs[67]),/* "DSA-old" */ +-&(nid_objs[297]),/* "DVCS" */ +-&(nid_objs[99]),/* "GN" */ +-&(nid_objs[855]),/* "HMAC" */ +-&(nid_objs[780]),/* "HMAC-MD5" */ +-&(nid_objs[781]),/* "HMAC-SHA1" */ +-&(nid_objs[381]),/* "IANA" */ +-&(nid_objs[34]),/* "IDEA-CBC" */ +-&(nid_objs[35]),/* "IDEA-CFB" */ +-&(nid_objs[36]),/* "IDEA-ECB" */ +-&(nid_objs[46]),/* "IDEA-OFB" */ +-&(nid_objs[181]),/* "ISO" */ +-&(nid_objs[183]),/* "ISO-US" */ +-&(nid_objs[645]),/* "ITU-T" */ +-&(nid_objs[646]),/* "JOINT-ISO-ITU-T" */ +-&(nid_objs[773]),/* "KISA" */ +-&(nid_objs[15]),/* "L" */ +-&(nid_objs[856]),/* "LocalKeySet" */ +-&(nid_objs[ 3]),/* "MD2" */ +-&(nid_objs[257]),/* "MD4" */ +-&(nid_objs[ 4]),/* "MD5" */ +-&(nid_objs[114]),/* "MD5-SHA1" */ +-&(nid_objs[95]),/* "MDC2" */ +-&(nid_objs[388]),/* "Mail" */ +-&(nid_objs[393]),/* "NULL" */ +-&(nid_objs[404]),/* "NULL" */ +-&(nid_objs[57]),/* "Netscape" */ +-&(nid_objs[366]),/* "Nonce" */ +-&(nid_objs[17]),/* "O" */ +-&(nid_objs[178]),/* "OCSP" */ +-&(nid_objs[180]),/* "OCSPSigning" */ +-&(nid_objs[379]),/* "ORG" */ +-&(nid_objs[18]),/* "OU" */ +-&(nid_objs[749]),/* "Oakley-EC2N-3" */ +-&(nid_objs[750]),/* "Oakley-EC2N-4" */ +-&(nid_objs[ 9]),/* "PBE-MD2-DES" */ +-&(nid_objs[168]),/* "PBE-MD2-RC2-64" */ +-&(nid_objs[10]),/* "PBE-MD5-DES" */ +-&(nid_objs[169]),/* "PBE-MD5-RC2-64" */ +-&(nid_objs[147]),/* "PBE-SHA1-2DES" */ +-&(nid_objs[146]),/* "PBE-SHA1-3DES" */ +-&(nid_objs[170]),/* "PBE-SHA1-DES" */ +-&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */ +-&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */ +-&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */ +-&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */ +-&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */ +-&(nid_objs[161]),/* "PBES2" */ +-&(nid_objs[69]),/* "PBKDF2" */ +-&(nid_objs[162]),/* "PBMAC1" */ +-&(nid_objs[127]),/* "PKIX" */ +-&(nid_objs[98]),/* "RC2-40-CBC" */ +-&(nid_objs[166]),/* "RC2-64-CBC" */ +-&(nid_objs[37]),/* "RC2-CBC" */ +-&(nid_objs[39]),/* "RC2-CFB" */ +-&(nid_objs[38]),/* "RC2-ECB" */ +-&(nid_objs[40]),/* "RC2-OFB" */ +-&(nid_objs[ 5]),/* "RC4" */ +-&(nid_objs[97]),/* "RC4-40" */ +-&(nid_objs[120]),/* "RC5-CBC" */ +-&(nid_objs[122]),/* "RC5-CFB" */ +-&(nid_objs[121]),/* "RC5-ECB" */ +-&(nid_objs[123]),/* "RC5-OFB" */ +-&(nid_objs[117]),/* "RIPEMD160" */ +-&(nid_objs[124]),/* "RLE" */ +-&(nid_objs[19]),/* "RSA" */ +-&(nid_objs[ 7]),/* "RSA-MD2" */ +-&(nid_objs[396]),/* "RSA-MD4" */ +-&(nid_objs[ 8]),/* "RSA-MD5" */ +-&(nid_objs[96]),/* "RSA-MDC2" */ +-&(nid_objs[104]),/* "RSA-NP-MD5" */ +-&(nid_objs[119]),/* "RSA-RIPEMD160" */ +-&(nid_objs[42]),/* "RSA-SHA" */ +-&(nid_objs[65]),/* "RSA-SHA1" */ +-&(nid_objs[115]),/* "RSA-SHA1-2" */ +-&(nid_objs[671]),/* "RSA-SHA224" */ +-&(nid_objs[668]),/* "RSA-SHA256" */ +-&(nid_objs[669]),/* "RSA-SHA384" */ +-&(nid_objs[670]),/* "RSA-SHA512" */ +-&(nid_objs[777]),/* "SEED-CBC" */ +-&(nid_objs[779]),/* "SEED-CFB" */ +-&(nid_objs[776]),/* "SEED-ECB" */ +-&(nid_objs[778]),/* "SEED-OFB" */ +-&(nid_objs[41]),/* "SHA" */ +-&(nid_objs[64]),/* "SHA1" */ +-&(nid_objs[675]),/* "SHA224" */ +-&(nid_objs[672]),/* "SHA256" */ +-&(nid_objs[673]),/* "SHA384" */ +-&(nid_objs[674]),/* "SHA512" */ +-&(nid_objs[188]),/* "SMIME" */ +-&(nid_objs[167]),/* "SMIME-CAPS" */ +-&(nid_objs[100]),/* "SN" */ +-&(nid_objs[16]),/* "ST" */ +-&(nid_objs[143]),/* "SXNetID" */ +-&(nid_objs[458]),/* "UID" */ +-&(nid_objs[ 0]),/* "UNDEF" */ +-&(nid_objs[11]),/* "X500" */ +-&(nid_objs[378]),/* "X500algorithms" */ +-&(nid_objs[12]),/* "X509" */ +-&(nid_objs[184]),/* "X9-57" */ +-&(nid_objs[185]),/* "X9cm" */ +-&(nid_objs[125]),/* "ZLIB" */ +-&(nid_objs[478]),/* "aRecord" */ +-&(nid_objs[289]),/* "aaControls" */ +-&(nid_objs[287]),/* "ac-auditEntity" */ +-&(nid_objs[397]),/* "ac-proxying" */ +-&(nid_objs[288]),/* "ac-targeting" */ +-&(nid_objs[368]),/* "acceptableResponses" */ +-&(nid_objs[446]),/* "account" */ +-&(nid_objs[363]),/* "ad_timestamping" */ +-&(nid_objs[376]),/* "algorithm" */ +-&(nid_objs[405]),/* "ansi-X9-62" */ +-&(nid_objs[746]),/* "anyPolicy" */ +-&(nid_objs[370]),/* "archiveCutoff" */ +-&(nid_objs[484]),/* "associatedDomain" */ +-&(nid_objs[485]),/* "associatedName" */ +-&(nid_objs[501]),/* "audio" */ +-&(nid_objs[177]),/* "authorityInfoAccess" */ +-&(nid_objs[90]),/* "authorityKeyIdentifier" */ +-&(nid_objs[87]),/* "basicConstraints" */ +-&(nid_objs[365]),/* "basicOCSPResponse" */ +-&(nid_objs[285]),/* "biometricInfo" */ +-&(nid_objs[494]),/* "buildingName" */ +-&(nid_objs[691]),/* "c2onb191v4" */ +-&(nid_objs[692]),/* "c2onb191v5" */ +-&(nid_objs[697]),/* "c2onb239v4" */ +-&(nid_objs[698]),/* "c2onb239v5" */ +-&(nid_objs[684]),/* "c2pnb163v1" */ +-&(nid_objs[685]),/* "c2pnb163v2" */ +-&(nid_objs[686]),/* "c2pnb163v3" */ +-&(nid_objs[687]),/* "c2pnb176v1" */ +-&(nid_objs[693]),/* "c2pnb208w1" */ +-&(nid_objs[699]),/* "c2pnb272w1" */ +-&(nid_objs[700]),/* "c2pnb304w1" */ +-&(nid_objs[702]),/* "c2pnb368w1" */ +-&(nid_objs[688]),/* "c2tnb191v1" */ +-&(nid_objs[689]),/* "c2tnb191v2" */ +-&(nid_objs[690]),/* "c2tnb191v3" */ +-&(nid_objs[694]),/* "c2tnb239v1" */ +-&(nid_objs[695]),/* "c2tnb239v2" */ +-&(nid_objs[696]),/* "c2tnb239v3" */ +-&(nid_objs[701]),/* "c2tnb359v1" */ +-&(nid_objs[703]),/* "c2tnb431r1" */ +-&(nid_objs[483]),/* "cNAMERecord" */ +-&(nid_objs[179]),/* "caIssuers" */ +-&(nid_objs[785]),/* "caRepository" */ +-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ +-&(nid_objs[152]),/* "certBag" */ +-&(nid_objs[677]),/* "certicom-arc" */ +-&(nid_objs[771]),/* "certificateIssuer" */ +-&(nid_objs[89]),/* "certificatePolicies" */ +-&(nid_objs[54]),/* "challengePassword" */ +-&(nid_objs[407]),/* "characteristic-two-field" */ +-&(nid_objs[395]),/* "clearance" */ +-&(nid_objs[130]),/* "clientAuth" */ +-&(nid_objs[131]),/* "codeSigning" */ +-&(nid_objs[50]),/* "contentType" */ +-&(nid_objs[53]),/* "countersignature" */ +-&(nid_objs[153]),/* "crlBag" */ +-&(nid_objs[103]),/* "crlDistributionPoints" */ +-&(nid_objs[88]),/* "crlNumber" */ +-&(nid_objs[806]),/* "cryptocom" */ +-&(nid_objs[805]),/* "cryptopro" */ +-&(nid_objs[500]),/* "dITRedirect" */ +-&(nid_objs[451]),/* "dNSDomain" */ +-&(nid_objs[495]),/* "dSAQuality" */ +-&(nid_objs[434]),/* "data" */ +-&(nid_objs[390]),/* "dcobject" */ +-&(nid_objs[140]),/* "deltaCRL" */ +-&(nid_objs[107]),/* "description" */ +-&(nid_objs[28]),/* "dhKeyAgreement" */ +-&(nid_objs[382]),/* "directory" */ +-&(nid_objs[174]),/* "dnQualifier" */ +-&(nid_objs[447]),/* "document" */ +-&(nid_objs[471]),/* "documentAuthor" */ +-&(nid_objs[468]),/* "documentIdentifier" */ +-&(nid_objs[472]),/* "documentLocation" */ +-&(nid_objs[502]),/* "documentPublisher" */ +-&(nid_objs[449]),/* "documentSeries" */ +-&(nid_objs[469]),/* "documentTitle" */ +-&(nid_objs[470]),/* "documentVersion" */ +-&(nid_objs[392]),/* "domain" */ +-&(nid_objs[452]),/* "domainRelatedObject" */ +-&(nid_objs[802]),/* "dsa_with_SHA224" */ +-&(nid_objs[803]),/* "dsa_with_SHA256" */ +-&(nid_objs[791]),/* "ecdsa-with-Recommended" */ +-&(nid_objs[416]),/* "ecdsa-with-SHA1" */ +-&(nid_objs[793]),/* "ecdsa-with-SHA224" */ +-&(nid_objs[794]),/* "ecdsa-with-SHA256" */ +-&(nid_objs[795]),/* "ecdsa-with-SHA384" */ +-&(nid_objs[796]),/* "ecdsa-with-SHA512" */ +-&(nid_objs[792]),/* "ecdsa-with-Specified" */ +-&(nid_objs[48]),/* "emailAddress" */ +-&(nid_objs[132]),/* "emailProtection" */ +-&(nid_objs[389]),/* "enterprises" */ +-&(nid_objs[384]),/* "experimental" */ +-&(nid_objs[172]),/* "extReq" */ +-&(nid_objs[56]),/* "extendedCertificateAttributes" */ +-&(nid_objs[126]),/* "extendedKeyUsage" */ +-&(nid_objs[372]),/* "extendedStatus" */ +-&(nid_objs[462]),/* "favouriteDrink" */ +-&(nid_objs[857]),/* "freshestCRL" */ +-&(nid_objs[453]),/* "friendlyCountry" */ +-&(nid_objs[490]),/* "friendlyCountryName" */ +-&(nid_objs[156]),/* "friendlyName" */ +-&(nid_objs[509]),/* "generationQualifier" */ +-&(nid_objs[815]),/* "gost-mac" */ +-&(nid_objs[811]),/* "gost2001" */ +-&(nid_objs[851]),/* "gost2001cc" */ +-&(nid_objs[813]),/* "gost89" */ +-&(nid_objs[814]),/* "gost89-cnt" */ +-&(nid_objs[812]),/* "gost94" */ +-&(nid_objs[850]),/* "gost94cc" */ +-&(nid_objs[797]),/* "hmacWithMD5" */ +-&(nid_objs[163]),/* "hmacWithSHA1" */ +-&(nid_objs[798]),/* "hmacWithSHA224" */ +-&(nid_objs[799]),/* "hmacWithSHA256" */ +-&(nid_objs[800]),/* "hmacWithSHA384" */ +-&(nid_objs[801]),/* "hmacWithSHA512" */ +-&(nid_objs[432]),/* "holdInstructionCallIssuer" */ +-&(nid_objs[430]),/* "holdInstructionCode" */ +-&(nid_objs[431]),/* "holdInstructionNone" */ +-&(nid_objs[433]),/* "holdInstructionReject" */ +-&(nid_objs[486]),/* "homePostalAddress" */ +-&(nid_objs[473]),/* "homeTelephoneNumber" */ +-&(nid_objs[466]),/* "host" */ +-&(nid_objs[442]),/* "iA5StringSyntax" */ +-&(nid_objs[783]),/* "id-DHBasedMac" */ +-&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +-&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +-&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +-&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +-&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +-&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +-&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +-&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +-&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */ +-&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */ +-&(nid_objs[849]),/* "id-Gost28147-89-cc" */ +-&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +-&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +-&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +-&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +-&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +-&(nid_objs[854]),/* "id-GostR3410-2001-ParamSet-cc" */ +-&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */ +-&(nid_objs[817]),/* "id-GostR3410-2001DH" */ +-&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +-&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +-&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +-&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +-&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +-&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +-&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +-&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */ +-&(nid_objs[845]),/* "id-GostR3410-94-a" */ +-&(nid_objs[846]),/* "id-GostR3410-94-aBis" */ +-&(nid_objs[847]),/* "id-GostR3410-94-b" */ +-&(nid_objs[848]),/* "id-GostR3410-94-bBis" */ +-&(nid_objs[818]),/* "id-GostR3410-94DH" */ +-&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */ +-&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */ +-&(nid_objs[807]),/* "id-GostR3411-94-with-GostR3410-2001" */ +-&(nid_objs[853]),/* "id-GostR3411-94-with-GostR3410-2001-cc" */ +-&(nid_objs[808]),/* "id-GostR3411-94-with-GostR3410-94" */ +-&(nid_objs[852]),/* "id-GostR3411-94-with-GostR3410-94-cc" */ +-&(nid_objs[810]),/* "id-HMACGostR3411-94" */ +-&(nid_objs[782]),/* "id-PasswordBasedMAC" */ +-&(nid_objs[266]),/* "id-aca" */ +-&(nid_objs[355]),/* "id-aca-accessIdentity" */ +-&(nid_objs[354]),/* "id-aca-authenticationInfo" */ +-&(nid_objs[356]),/* "id-aca-chargingIdentity" */ +-&(nid_objs[399]),/* "id-aca-encAttrs" */ +-&(nid_objs[357]),/* "id-aca-group" */ +-&(nid_objs[358]),/* "id-aca-role" */ +-&(nid_objs[176]),/* "id-ad" */ +-&(nid_objs[788]),/* "id-aes128-wrap" */ +-&(nid_objs[789]),/* "id-aes192-wrap" */ +-&(nid_objs[790]),/* "id-aes256-wrap" */ +-&(nid_objs[262]),/* "id-alg" */ +-&(nid_objs[323]),/* "id-alg-des40" */ +-&(nid_objs[326]),/* "id-alg-dh-pop" */ +-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */ +-&(nid_objs[324]),/* "id-alg-noSignature" */ +-&(nid_objs[268]),/* "id-cct" */ +-&(nid_objs[361]),/* "id-cct-PKIData" */ +-&(nid_objs[362]),/* "id-cct-PKIResponse" */ +-&(nid_objs[360]),/* "id-cct-crs" */ +-&(nid_objs[81]),/* "id-ce" */ +-&(nid_objs[680]),/* "id-characteristic-two-basis" */ +-&(nid_objs[263]),/* "id-cmc" */ +-&(nid_objs[334]),/* "id-cmc-addExtensions" */ +-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ +-&(nid_objs[330]),/* "id-cmc-dataReturn" */ +-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */ +-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */ +-&(nid_objs[339]),/* "id-cmc-getCRL" */ +-&(nid_objs[338]),/* "id-cmc-getCert" */ +-&(nid_objs[328]),/* "id-cmc-identification" */ +-&(nid_objs[329]),/* "id-cmc-identityProof" */ +-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */ +-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */ +-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */ +-&(nid_objs[343]),/* "id-cmc-queryPending" */ +-&(nid_objs[333]),/* "id-cmc-recipientNonce" */ +-&(nid_objs[341]),/* "id-cmc-regInfo" */ +-&(nid_objs[342]),/* "id-cmc-responseInfo" */ +-&(nid_objs[340]),/* "id-cmc-revokeRequest" */ +-&(nid_objs[332]),/* "id-cmc-senderNonce" */ +-&(nid_objs[327]),/* "id-cmc-statusInfo" */ +-&(nid_objs[331]),/* "id-cmc-transactionId" */ +-&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ +-&(nid_objs[408]),/* "id-ecPublicKey" */ +-&(nid_objs[508]),/* "id-hex-multipart-message" */ +-&(nid_objs[507]),/* "id-hex-partial-message" */ +-&(nid_objs[260]),/* "id-it" */ +-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */ +-&(nid_objs[298]),/* "id-it-caProtEncCert" */ +-&(nid_objs[311]),/* "id-it-confirmWaitTime" */ +-&(nid_objs[303]),/* "id-it-currentCRL" */ +-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */ +-&(nid_objs[310]),/* "id-it-implicitConfirm" */ +-&(nid_objs[308]),/* "id-it-keyPairParamRep" */ +-&(nid_objs[307]),/* "id-it-keyPairParamReq" */ +-&(nid_objs[312]),/* "id-it-origPKIMessage" */ +-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */ +-&(nid_objs[309]),/* "id-it-revPassphrase" */ +-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */ +-&(nid_objs[305]),/* "id-it-subscriptionRequest" */ +-&(nid_objs[306]),/* "id-it-subscriptionResponse" */ +-&(nid_objs[784]),/* "id-it-suppLangTags" */ +-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */ +-&(nid_objs[128]),/* "id-kp" */ +-&(nid_objs[280]),/* "id-mod-attribute-cert" */ +-&(nid_objs[274]),/* "id-mod-cmc" */ +-&(nid_objs[277]),/* "id-mod-cmp" */ +-&(nid_objs[284]),/* "id-mod-cmp2000" */ +-&(nid_objs[273]),/* "id-mod-crmf" */ +-&(nid_objs[283]),/* "id-mod-dvcs" */ +-&(nid_objs[275]),/* "id-mod-kea-profile-88" */ +-&(nid_objs[276]),/* "id-mod-kea-profile-93" */ +-&(nid_objs[282]),/* "id-mod-ocsp" */ +-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */ +-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */ +-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */ +-&(nid_objs[264]),/* "id-on" */ +-&(nid_objs[858]),/* "id-on-permanentIdentifier" */ +-&(nid_objs[347]),/* "id-on-personalData" */ +-&(nid_objs[265]),/* "id-pda" */ +-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */ +-&(nid_objs[353]),/* "id-pda-countryOfResidence" */ +-&(nid_objs[348]),/* "id-pda-dateOfBirth" */ +-&(nid_objs[351]),/* "id-pda-gender" */ +-&(nid_objs[349]),/* "id-pda-placeOfBirth" */ +-&(nid_objs[175]),/* "id-pe" */ +-&(nid_objs[261]),/* "id-pkip" */ +-&(nid_objs[258]),/* "id-pkix-mod" */ +-&(nid_objs[269]),/* "id-pkix1-explicit-88" */ +-&(nid_objs[271]),/* "id-pkix1-explicit-93" */ +-&(nid_objs[270]),/* "id-pkix1-implicit-88" */ +-&(nid_objs[272]),/* "id-pkix1-implicit-93" */ +-&(nid_objs[662]),/* "id-ppl" */ +-&(nid_objs[664]),/* "id-ppl-anyLanguage" */ +-&(nid_objs[667]),/* "id-ppl-independent" */ +-&(nid_objs[665]),/* "id-ppl-inheritAll" */ +-&(nid_objs[267]),/* "id-qcs" */ +-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ +-&(nid_objs[259]),/* "id-qt" */ +-&(nid_objs[164]),/* "id-qt-cps" */ +-&(nid_objs[165]),/* "id-qt-unotice" */ +-&(nid_objs[313]),/* "id-regCtrl" */ +-&(nid_objs[316]),/* "id-regCtrl-authenticator" */ +-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */ +-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */ +-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */ +-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */ +-&(nid_objs[315]),/* "id-regCtrl-regToken" */ +-&(nid_objs[314]),/* "id-regInfo" */ +-&(nid_objs[322]),/* "id-regInfo-certReq" */ +-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */ +-&(nid_objs[512]),/* "id-set" */ +-&(nid_objs[191]),/* "id-smime-aa" */ +-&(nid_objs[215]),/* "id-smime-aa-contentHint" */ +-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */ +-&(nid_objs[221]),/* "id-smime-aa-contentReference" */ +-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */ +-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */ +-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */ +-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */ +-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */ +-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */ +-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */ +-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */ +-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */ +-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */ +-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */ +-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */ +-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */ +-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */ +-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */ +-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */ +-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */ +-&(nid_objs[219]),/* "id-smime-aa-macValue" */ +-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */ +-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */ +-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */ +-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */ +-&(nid_objs[239]),/* "id-smime-aa-signatureType" */ +-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */ +-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */ +-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */ +-&(nid_objs[192]),/* "id-smime-alg" */ +-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */ +-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */ +-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */ +-&(nid_objs[245]),/* "id-smime-alg-ESDH" */ +-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */ +-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */ +-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */ +-&(nid_objs[193]),/* "id-smime-cd" */ +-&(nid_objs[248]),/* "id-smime-cd-ldap" */ +-&(nid_objs[190]),/* "id-smime-ct" */ +-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */ +-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */ +-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ +-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ +-&(nid_objs[205]),/* "id-smime-ct-authData" */ +-&(nid_objs[786]),/* "id-smime-ct-compressedData" */ +-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */ +-&(nid_objs[206]),/* "id-smime-ct-publishCert" */ +-&(nid_objs[204]),/* "id-smime-ct-receipt" */ +-&(nid_objs[195]),/* "id-smime-cti" */ +-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */ +-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */ +-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */ +-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */ +-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */ +-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */ +-&(nid_objs[189]),/* "id-smime-mod" */ +-&(nid_objs[196]),/* "id-smime-mod-cms" */ +-&(nid_objs[197]),/* "id-smime-mod-ess" */ +-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */ +-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */ +-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */ +-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */ +-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */ +-&(nid_objs[198]),/* "id-smime-mod-oid" */ +-&(nid_objs[194]),/* "id-smime-spq" */ +-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */ +-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ +-&(nid_objs[676]),/* "identified-organization" */ +-&(nid_objs[461]),/* "info" */ +-&(nid_objs[748]),/* "inhibitAnyPolicy" */ +-&(nid_objs[101]),/* "initials" */ +-&(nid_objs[647]),/* "international-organizations" */ +-&(nid_objs[142]),/* "invalidityDate" */ +-&(nid_objs[294]),/* "ipsecEndSystem" */ +-&(nid_objs[295]),/* "ipsecTunnel" */ +-&(nid_objs[296]),/* "ipsecUser" */ +-&(nid_objs[86]),/* "issuerAltName" */ +-&(nid_objs[770]),/* "issuingDistributionPoint" */ +-&(nid_objs[492]),/* "janetMailbox" */ +-&(nid_objs[150]),/* "keyBag" */ +-&(nid_objs[83]),/* "keyUsage" */ +-&(nid_objs[477]),/* "lastModifiedBy" */ +-&(nid_objs[476]),/* "lastModifiedTime" */ +-&(nid_objs[157]),/* "localKeyID" */ +-&(nid_objs[480]),/* "mXRecord" */ +-&(nid_objs[460]),/* "mail" */ +-&(nid_objs[493]),/* "mailPreferenceOption" */ +-&(nid_objs[467]),/* "manager" */ +-&(nid_objs[809]),/* "md_gost94" */ +-&(nid_objs[182]),/* "member-body" */ +-&(nid_objs[51]),/* "messageDigest" */ +-&(nid_objs[383]),/* "mgmt" */ +-&(nid_objs[504]),/* "mime-mhs" */ +-&(nid_objs[506]),/* "mime-mhs-bodies" */ +-&(nid_objs[505]),/* "mime-mhs-headings" */ +-&(nid_objs[488]),/* "mobileTelephoneNumber" */ +-&(nid_objs[136]),/* "msCTLSign" */ +-&(nid_objs[135]),/* "msCodeCom" */ +-&(nid_objs[134]),/* "msCodeInd" */ +-&(nid_objs[138]),/* "msEFS" */ +-&(nid_objs[171]),/* "msExtReq" */ +-&(nid_objs[137]),/* "msSGC" */ +-&(nid_objs[648]),/* "msSmartcardLogin" */ +-&(nid_objs[649]),/* "msUPN" */ +-&(nid_objs[481]),/* "nSRecord" */ +-&(nid_objs[173]),/* "name" */ +-&(nid_objs[666]),/* "nameConstraints" */ +-&(nid_objs[369]),/* "noCheck" */ +-&(nid_objs[403]),/* "noRevAvail" */ +-&(nid_objs[72]),/* "nsBaseUrl" */ +-&(nid_objs[76]),/* "nsCaPolicyUrl" */ +-&(nid_objs[74]),/* "nsCaRevocationUrl" */ +-&(nid_objs[58]),/* "nsCertExt" */ +-&(nid_objs[79]),/* "nsCertSequence" */ +-&(nid_objs[71]),/* "nsCertType" */ +-&(nid_objs[78]),/* "nsComment" */ +-&(nid_objs[59]),/* "nsDataType" */ +-&(nid_objs[75]),/* "nsRenewalUrl" */ +-&(nid_objs[73]),/* "nsRevocationUrl" */ +-&(nid_objs[139]),/* "nsSGC" */ +-&(nid_objs[77]),/* "nsSslServerName" */ +-&(nid_objs[681]),/* "onBasis" */ +-&(nid_objs[491]),/* "organizationalStatus" */ +-&(nid_objs[475]),/* "otherMailbox" */ +-&(nid_objs[489]),/* "pagerTelephoneNumber" */ +-&(nid_objs[374]),/* "path" */ +-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */ +-&(nid_objs[499]),/* "personalSignature" */ +-&(nid_objs[487]),/* "personalTitle" */ +-&(nid_objs[464]),/* "photo" */ +-&(nid_objs[437]),/* "pilot" */ +-&(nid_objs[439]),/* "pilotAttributeSyntax" */ +-&(nid_objs[438]),/* "pilotAttributeType" */ +-&(nid_objs[479]),/* "pilotAttributeType27" */ +-&(nid_objs[456]),/* "pilotDSA" */ +-&(nid_objs[441]),/* "pilotGroups" */ +-&(nid_objs[444]),/* "pilotObject" */ +-&(nid_objs[440]),/* "pilotObjectClass" */ +-&(nid_objs[455]),/* "pilotOrganization" */ +-&(nid_objs[445]),/* "pilotPerson" */ +-&(nid_objs[ 2]),/* "pkcs" */ +-&(nid_objs[186]),/* "pkcs1" */ +-&(nid_objs[27]),/* "pkcs3" */ +-&(nid_objs[187]),/* "pkcs5" */ +-&(nid_objs[20]),/* "pkcs7" */ +-&(nid_objs[21]),/* "pkcs7-data" */ +-&(nid_objs[25]),/* "pkcs7-digestData" */ +-&(nid_objs[26]),/* "pkcs7-encryptedData" */ +-&(nid_objs[23]),/* "pkcs7-envelopedData" */ +-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */ +-&(nid_objs[22]),/* "pkcs7-signedData" */ +-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ +-&(nid_objs[47]),/* "pkcs9" */ +-&(nid_objs[401]),/* "policyConstraints" */ +-&(nid_objs[747]),/* "policyMappings" */ +-&(nid_objs[661]),/* "postalCode" */ +-&(nid_objs[683]),/* "ppBasis" */ +-&(nid_objs[816]),/* "prf-gostr3411-94" */ +-&(nid_objs[406]),/* "prime-field" */ +-&(nid_objs[409]),/* "prime192v1" */ +-&(nid_objs[410]),/* "prime192v2" */ +-&(nid_objs[411]),/* "prime192v3" */ +-&(nid_objs[412]),/* "prime239v1" */ +-&(nid_objs[413]),/* "prime239v2" */ +-&(nid_objs[414]),/* "prime239v3" */ +-&(nid_objs[415]),/* "prime256v1" */ +-&(nid_objs[385]),/* "private" */ +-&(nid_objs[84]),/* "privateKeyUsagePeriod" */ +-&(nid_objs[663]),/* "proxyCertInfo" */ +-&(nid_objs[510]),/* "pseudonym" */ +-&(nid_objs[435]),/* "pss" */ +-&(nid_objs[286]),/* "qcStatements" */ +-&(nid_objs[457]),/* "qualityLabelledData" */ +-&(nid_objs[450]),/* "rFC822localPart" */ +-&(nid_objs[400]),/* "role" */ +-&(nid_objs[448]),/* "room" */ +-&(nid_objs[463]),/* "roomNumber" */ +-&(nid_objs[ 6]),/* "rsaEncryption" */ +-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ +-&(nid_objs[377]),/* "rsaSignature" */ +-&(nid_objs[ 1]),/* "rsadsi" */ +-&(nid_objs[482]),/* "sOARecord" */ +-&(nid_objs[155]),/* "safeContentsBag" */ +-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ +-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ +-&(nid_objs[292]),/* "sbgp-routerIdentifier" */ +-&(nid_objs[159]),/* "sdsiCertificate" */ +-&(nid_objs[704]),/* "secp112r1" */ +-&(nid_objs[705]),/* "secp112r2" */ +-&(nid_objs[706]),/* "secp128r1" */ +-&(nid_objs[707]),/* "secp128r2" */ +-&(nid_objs[708]),/* "secp160k1" */ +-&(nid_objs[709]),/* "secp160r1" */ +-&(nid_objs[710]),/* "secp160r2" */ +-&(nid_objs[711]),/* "secp192k1" */ +-&(nid_objs[712]),/* "secp224k1" */ +-&(nid_objs[713]),/* "secp224r1" */ +-&(nid_objs[714]),/* "secp256k1" */ +-&(nid_objs[715]),/* "secp384r1" */ +-&(nid_objs[716]),/* "secp521r1" */ +-&(nid_objs[154]),/* "secretBag" */ +-&(nid_objs[474]),/* "secretary" */ +-&(nid_objs[717]),/* "sect113r1" */ +-&(nid_objs[718]),/* "sect113r2" */ +-&(nid_objs[719]),/* "sect131r1" */ +-&(nid_objs[720]),/* "sect131r2" */ +-&(nid_objs[721]),/* "sect163k1" */ +-&(nid_objs[722]),/* "sect163r1" */ +-&(nid_objs[723]),/* "sect163r2" */ +-&(nid_objs[724]),/* "sect193r1" */ +-&(nid_objs[725]),/* "sect193r2" */ +-&(nid_objs[726]),/* "sect233k1" */ +-&(nid_objs[727]),/* "sect233r1" */ +-&(nid_objs[728]),/* "sect239k1" */ +-&(nid_objs[729]),/* "sect283k1" */ +-&(nid_objs[730]),/* "sect283r1" */ +-&(nid_objs[731]),/* "sect409k1" */ +-&(nid_objs[732]),/* "sect409r1" */ +-&(nid_objs[733]),/* "sect571k1" */ +-&(nid_objs[734]),/* "sect571r1" */ +-&(nid_objs[386]),/* "security" */ +-&(nid_objs[394]),/* "selected-attribute-types" */ +-&(nid_objs[105]),/* "serialNumber" */ +-&(nid_objs[129]),/* "serverAuth" */ +-&(nid_objs[371]),/* "serviceLocator" */ +-&(nid_objs[625]),/* "set-addPolicy" */ +-&(nid_objs[515]),/* "set-attr" */ +-&(nid_objs[518]),/* "set-brand" */ +-&(nid_objs[638]),/* "set-brand-AmericanExpress" */ +-&(nid_objs[637]),/* "set-brand-Diners" */ +-&(nid_objs[636]),/* "set-brand-IATA-ATA" */ +-&(nid_objs[639]),/* "set-brand-JCB" */ +-&(nid_objs[641]),/* "set-brand-MasterCard" */ +-&(nid_objs[642]),/* "set-brand-Novus" */ +-&(nid_objs[640]),/* "set-brand-Visa" */ +-&(nid_objs[517]),/* "set-certExt" */ +-&(nid_objs[513]),/* "set-ctype" */ +-&(nid_objs[514]),/* "set-msgExt" */ +-&(nid_objs[516]),/* "set-policy" */ +-&(nid_objs[607]),/* "set-policy-root" */ +-&(nid_objs[624]),/* "set-rootKeyThumb" */ +-&(nid_objs[620]),/* "setAttr-Cert" */ +-&(nid_objs[631]),/* "setAttr-GenCryptgrm" */ +-&(nid_objs[623]),/* "setAttr-IssCap" */ +-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ +-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ +-&(nid_objs[629]),/* "setAttr-IssCap-T2" */ +-&(nid_objs[621]),/* "setAttr-PGWYcap" */ +-&(nid_objs[635]),/* "setAttr-SecDevSig" */ +-&(nid_objs[632]),/* "setAttr-T2Enc" */ +-&(nid_objs[633]),/* "setAttr-T2cleartxt" */ +-&(nid_objs[634]),/* "setAttr-TokICCsig" */ +-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ +-&(nid_objs[626]),/* "setAttr-Token-EMV" */ +-&(nid_objs[622]),/* "setAttr-TokenType" */ +-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ +-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ +-&(nid_objs[616]),/* "setCext-TokenIdentifier" */ +-&(nid_objs[618]),/* "setCext-TokenType" */ +-&(nid_objs[617]),/* "setCext-Track2Data" */ +-&(nid_objs[611]),/* "setCext-cCertRequired" */ +-&(nid_objs[609]),/* "setCext-certType" */ +-&(nid_objs[608]),/* "setCext-hashedRoot" */ +-&(nid_objs[610]),/* "setCext-merchData" */ +-&(nid_objs[613]),/* "setCext-setExt" */ +-&(nid_objs[614]),/* "setCext-setQualf" */ +-&(nid_objs[612]),/* "setCext-tunneling" */ +-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ +-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ +-&(nid_objs[570]),/* "setct-AuthReqTBE" */ +-&(nid_objs[534]),/* "setct-AuthReqTBS" */ +-&(nid_objs[527]),/* "setct-AuthResBaggage" */ +-&(nid_objs[571]),/* "setct-AuthResTBE" */ +-&(nid_objs[572]),/* "setct-AuthResTBEX" */ +-&(nid_objs[535]),/* "setct-AuthResTBS" */ +-&(nid_objs[536]),/* "setct-AuthResTBSX" */ +-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ +-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ +-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ +-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ +-&(nid_objs[542]),/* "setct-AuthRevResData" */ +-&(nid_objs[578]),/* "setct-AuthRevResTBE" */ +-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ +-&(nid_objs[543]),/* "setct-AuthRevResTBS" */ +-&(nid_objs[573]),/* "setct-AuthTokenTBE" */ +-&(nid_objs[537]),/* "setct-AuthTokenTBS" */ +-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ +-&(nid_objs[558]),/* "setct-BatchAdminReqData" */ +-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ +-&(nid_objs[559]),/* "setct-BatchAdminResData" */ +-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ +-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ +-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ +-&(nid_objs[580]),/* "setct-CapReqTBE" */ +-&(nid_objs[581]),/* "setct-CapReqTBEX" */ +-&(nid_objs[544]),/* "setct-CapReqTBS" */ +-&(nid_objs[545]),/* "setct-CapReqTBSX" */ +-&(nid_objs[546]),/* "setct-CapResData" */ +-&(nid_objs[582]),/* "setct-CapResTBE" */ +-&(nid_objs[583]),/* "setct-CapRevReqTBE" */ +-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ +-&(nid_objs[547]),/* "setct-CapRevReqTBS" */ +-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ +-&(nid_objs[549]),/* "setct-CapRevResData" */ +-&(nid_objs[585]),/* "setct-CapRevResTBE" */ +-&(nid_objs[538]),/* "setct-CapTokenData" */ +-&(nid_objs[530]),/* "setct-CapTokenSeq" */ +-&(nid_objs[574]),/* "setct-CapTokenTBE" */ +-&(nid_objs[575]),/* "setct-CapTokenTBEX" */ +-&(nid_objs[539]),/* "setct-CapTokenTBS" */ +-&(nid_objs[560]),/* "setct-CardCInitResTBS" */ +-&(nid_objs[566]),/* "setct-CertInqReqTBS" */ +-&(nid_objs[563]),/* "setct-CertReqData" */ +-&(nid_objs[595]),/* "setct-CertReqTBE" */ +-&(nid_objs[596]),/* "setct-CertReqTBEX" */ +-&(nid_objs[564]),/* "setct-CertReqTBS" */ +-&(nid_objs[565]),/* "setct-CertResData" */ +-&(nid_objs[597]),/* "setct-CertResTBE" */ +-&(nid_objs[586]),/* "setct-CredReqTBE" */ +-&(nid_objs[587]),/* "setct-CredReqTBEX" */ +-&(nid_objs[550]),/* "setct-CredReqTBS" */ +-&(nid_objs[551]),/* "setct-CredReqTBSX" */ +-&(nid_objs[552]),/* "setct-CredResData" */ +-&(nid_objs[588]),/* "setct-CredResTBE" */ +-&(nid_objs[589]),/* "setct-CredRevReqTBE" */ +-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ +-&(nid_objs[553]),/* "setct-CredRevReqTBS" */ +-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ +-&(nid_objs[555]),/* "setct-CredRevResData" */ +-&(nid_objs[591]),/* "setct-CredRevResTBE" */ +-&(nid_objs[567]),/* "setct-ErrorTBS" */ +-&(nid_objs[526]),/* "setct-HODInput" */ +-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ +-&(nid_objs[522]),/* "setct-OIData" */ +-&(nid_objs[519]),/* "setct-PANData" */ +-&(nid_objs[521]),/* "setct-PANOnly" */ +-&(nid_objs[520]),/* "setct-PANToken" */ +-&(nid_objs[556]),/* "setct-PCertReqData" */ +-&(nid_objs[557]),/* "setct-PCertResTBS" */ +-&(nid_objs[523]),/* "setct-PI" */ +-&(nid_objs[532]),/* "setct-PI-TBS" */ +-&(nid_objs[524]),/* "setct-PIData" */ +-&(nid_objs[525]),/* "setct-PIDataUnsigned" */ +-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ +-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ +-&(nid_objs[531]),/* "setct-PInitResData" */ +-&(nid_objs[533]),/* "setct-PResData" */ +-&(nid_objs[594]),/* "setct-RegFormReqTBE" */ +-&(nid_objs[562]),/* "setct-RegFormResTBS" */ +-&(nid_objs[606]),/* "setext-cv" */ +-&(nid_objs[601]),/* "setext-genCrypt" */ +-&(nid_objs[602]),/* "setext-miAuth" */ +-&(nid_objs[604]),/* "setext-pinAny" */ +-&(nid_objs[603]),/* "setext-pinSecure" */ +-&(nid_objs[605]),/* "setext-track2" */ +-&(nid_objs[52]),/* "signingTime" */ +-&(nid_objs[454]),/* "simpleSecurityObject" */ +-&(nid_objs[496]),/* "singleLevelQuality" */ +-&(nid_objs[387]),/* "snmpv2" */ +-&(nid_objs[660]),/* "streetAddress" */ +-&(nid_objs[85]),/* "subjectAltName" */ +-&(nid_objs[769]),/* "subjectDirectoryAttributes" */ +-&(nid_objs[398]),/* "subjectInfoAccess" */ +-&(nid_objs[82]),/* "subjectKeyIdentifier" */ +-&(nid_objs[498]),/* "subtreeMaximumQuality" */ +-&(nid_objs[497]),/* "subtreeMinimumQuality" */ +-&(nid_objs[402]),/* "targetInformation" */ +-&(nid_objs[459]),/* "textEncodedORAddress" */ +-&(nid_objs[293]),/* "textNotice" */ +-&(nid_objs[133]),/* "timeStamping" */ +-&(nid_objs[106]),/* "title" */ +-&(nid_objs[682]),/* "tpBasis" */ +-&(nid_objs[375]),/* "trustRoot" */ +-&(nid_objs[436]),/* "ucl" */ +-&(nid_objs[55]),/* "unstructuredAddress" */ +-&(nid_objs[49]),/* "unstructuredName" */ +-&(nid_objs[465]),/* "userClass" */ +-&(nid_objs[373]),/* "valid" */ +-&(nid_objs[678]),/* "wap" */ +-&(nid_objs[679]),/* "wap-wsg" */ +-&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */ +-&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */ +-&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */ +-&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */ +-&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */ +-&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */ +-&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */ +-&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */ +-&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ +-&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ +-&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ +-&(nid_objs[804]),/* "whirlpool" */ +-&(nid_objs[503]),/* "x500UniqueIdentifier" */ +-&(nid_objs[158]),/* "x509Certificate" */ +-&(nid_objs[160]),/* "x509Crl" */ ++static const unsigned int sn_objs[NUM_SN]={ ++364, /* "AD_DVCS" */ ++419, /* "AES-128-CBC" */ ++916, /* "AES-128-CBC-HMAC-SHA1" */ ++948, /* "AES-128-CBC-HMAC-SHA256" */ ++421, /* "AES-128-CFB" */ ++650, /* "AES-128-CFB1" */ ++653, /* "AES-128-CFB8" */ ++904, /* "AES-128-CTR" */ ++418, /* "AES-128-ECB" */ ++420, /* "AES-128-OFB" */ ++913, /* "AES-128-XTS" */ ++423, /* "AES-192-CBC" */ ++917, /* "AES-192-CBC-HMAC-SHA1" */ ++949, /* "AES-192-CBC-HMAC-SHA256" */ ++425, /* "AES-192-CFB" */ ++651, /* "AES-192-CFB1" */ ++654, /* "AES-192-CFB8" */ ++905, /* "AES-192-CTR" */ ++422, /* "AES-192-ECB" */ ++424, /* "AES-192-OFB" */ ++427, /* "AES-256-CBC" */ ++918, /* "AES-256-CBC-HMAC-SHA1" */ ++950, /* "AES-256-CBC-HMAC-SHA256" */ ++429, /* "AES-256-CFB" */ ++652, /* "AES-256-CFB1" */ ++655, /* "AES-256-CFB8" */ ++906, /* "AES-256-CTR" */ ++426, /* "AES-256-ECB" */ ++428, /* "AES-256-OFB" */ ++914, /* "AES-256-XTS" */ ++91, /* "BF-CBC" */ ++93, /* "BF-CFB" */ ++92, /* "BF-ECB" */ ++94, /* "BF-OFB" */ ++14, /* "C" */ ++751, /* "CAMELLIA-128-CBC" */ ++757, /* "CAMELLIA-128-CFB" */ ++760, /* "CAMELLIA-128-CFB1" */ ++763, /* "CAMELLIA-128-CFB8" */ ++754, /* "CAMELLIA-128-ECB" */ ++766, /* "CAMELLIA-128-OFB" */ ++752, /* "CAMELLIA-192-CBC" */ ++758, /* "CAMELLIA-192-CFB" */ ++761, /* "CAMELLIA-192-CFB1" */ ++764, /* "CAMELLIA-192-CFB8" */ ++755, /* "CAMELLIA-192-ECB" */ ++767, /* "CAMELLIA-192-OFB" */ ++753, /* "CAMELLIA-256-CBC" */ ++759, /* "CAMELLIA-256-CFB" */ ++762, /* "CAMELLIA-256-CFB1" */ ++765, /* "CAMELLIA-256-CFB8" */ ++756, /* "CAMELLIA-256-ECB" */ ++768, /* "CAMELLIA-256-OFB" */ ++108, /* "CAST5-CBC" */ ++110, /* "CAST5-CFB" */ ++109, /* "CAST5-ECB" */ ++111, /* "CAST5-OFB" */ ++894, /* "CMAC" */ ++13, /* "CN" */ ++141, /* "CRLReason" */ ++417, /* "CSPName" */ ++367, /* "CrlID" */ ++391, /* "DC" */ ++31, /* "DES-CBC" */ ++643, /* "DES-CDMF" */ ++30, /* "DES-CFB" */ ++656, /* "DES-CFB1" */ ++657, /* "DES-CFB8" */ ++29, /* "DES-ECB" */ ++32, /* "DES-EDE" */ ++43, /* "DES-EDE-CBC" */ ++60, /* "DES-EDE-CFB" */ ++62, /* "DES-EDE-OFB" */ ++33, /* "DES-EDE3" */ ++44, /* "DES-EDE3-CBC" */ ++61, /* "DES-EDE3-CFB" */ ++658, /* "DES-EDE3-CFB1" */ ++659, /* "DES-EDE3-CFB8" */ ++63, /* "DES-EDE3-OFB" */ ++45, /* "DES-OFB" */ ++80, /* "DESX-CBC" */ ++380, /* "DOD" */ ++116, /* "DSA" */ ++66, /* "DSA-SHA" */ ++113, /* "DSA-SHA1" */ ++70, /* "DSA-SHA1-old" */ ++67, /* "DSA-old" */ ++297, /* "DVCS" */ ++99, /* "GN" */ ++855, /* "HMAC" */ ++780, /* "HMAC-MD5" */ ++781, /* "HMAC-SHA1" */ ++381, /* "IANA" */ ++34, /* "IDEA-CBC" */ ++35, /* "IDEA-CFB" */ ++36, /* "IDEA-ECB" */ ++46, /* "IDEA-OFB" */ ++181, /* "ISO" */ ++183, /* "ISO-US" */ ++645, /* "ITU-T" */ ++646, /* "JOINT-ISO-ITU-T" */ ++773, /* "KISA" */ ++15, /* "L" */ ++856, /* "LocalKeySet" */ ++ 3, /* "MD2" */ ++257, /* "MD4" */ ++ 4, /* "MD5" */ ++114, /* "MD5-SHA1" */ ++95, /* "MDC2" */ ++911, /* "MGF1" */ ++388, /* "Mail" */ ++393, /* "NULL" */ ++404, /* "NULL" */ ++57, /* "Netscape" */ ++366, /* "Nonce" */ ++17, /* "O" */ ++178, /* "OCSP" */ ++180, /* "OCSPSigning" */ ++379, /* "ORG" */ ++18, /* "OU" */ ++749, /* "Oakley-EC2N-3" */ ++750, /* "Oakley-EC2N-4" */ ++ 9, /* "PBE-MD2-DES" */ ++168, /* "PBE-MD2-RC2-64" */ ++10, /* "PBE-MD5-DES" */ ++169, /* "PBE-MD5-RC2-64" */ ++147, /* "PBE-SHA1-2DES" */ ++146, /* "PBE-SHA1-3DES" */ ++170, /* "PBE-SHA1-DES" */ ++148, /* "PBE-SHA1-RC2-128" */ ++149, /* "PBE-SHA1-RC2-40" */ ++68, /* "PBE-SHA1-RC2-64" */ ++144, /* "PBE-SHA1-RC4-128" */ ++145, /* "PBE-SHA1-RC4-40" */ ++161, /* "PBES2" */ ++69, /* "PBKDF2" */ ++162, /* "PBMAC1" */ ++127, /* "PKIX" */ ++935, /* "PSPECIFIED" */ ++98, /* "RC2-40-CBC" */ ++166, /* "RC2-64-CBC" */ ++37, /* "RC2-CBC" */ ++39, /* "RC2-CFB" */ ++38, /* "RC2-ECB" */ ++40, /* "RC2-OFB" */ ++ 5, /* "RC4" */ ++97, /* "RC4-40" */ ++915, /* "RC4-HMAC-MD5" */ ++120, /* "RC5-CBC" */ ++122, /* "RC5-CFB" */ ++121, /* "RC5-ECB" */ ++123, /* "RC5-OFB" */ ++117, /* "RIPEMD160" */ ++124, /* "RLE" */ ++19, /* "RSA" */ ++ 7, /* "RSA-MD2" */ ++396, /* "RSA-MD4" */ ++ 8, /* "RSA-MD5" */ ++96, /* "RSA-MDC2" */ ++104, /* "RSA-NP-MD5" */ ++119, /* "RSA-RIPEMD160" */ ++42, /* "RSA-SHA" */ ++65, /* "RSA-SHA1" */ ++115, /* "RSA-SHA1-2" */ ++671, /* "RSA-SHA224" */ ++668, /* "RSA-SHA256" */ ++669, /* "RSA-SHA384" */ ++670, /* "RSA-SHA512" */ ++919, /* "RSAES-OAEP" */ ++912, /* "RSASSA-PSS" */ ++777, /* "SEED-CBC" */ ++779, /* "SEED-CFB" */ ++776, /* "SEED-ECB" */ ++778, /* "SEED-OFB" */ ++41, /* "SHA" */ ++64, /* "SHA1" */ ++675, /* "SHA224" */ ++672, /* "SHA256" */ ++673, /* "SHA384" */ ++674, /* "SHA512" */ ++188, /* "SMIME" */ ++167, /* "SMIME-CAPS" */ ++100, /* "SN" */ ++16, /* "ST" */ ++143, /* "SXNetID" */ ++458, /* "UID" */ ++ 0, /* "UNDEF" */ ++11, /* "X500" */ ++378, /* "X500algorithms" */ ++12, /* "X509" */ ++184, /* "X9-57" */ ++185, /* "X9cm" */ ++125, /* "ZLIB" */ ++478, /* "aRecord" */ ++289, /* "aaControls" */ ++287, /* "ac-auditEntity" */ ++397, /* "ac-proxying" */ ++288, /* "ac-targeting" */ ++368, /* "acceptableResponses" */ ++446, /* "account" */ ++363, /* "ad_timestamping" */ ++376, /* "algorithm" */ ++405, /* "ansi-X9-62" */ ++910, /* "anyExtendedKeyUsage" */ ++746, /* "anyPolicy" */ ++370, /* "archiveCutoff" */ ++484, /* "associatedDomain" */ ++485, /* "associatedName" */ ++501, /* "audio" */ ++177, /* "authorityInfoAccess" */ ++90, /* "authorityKeyIdentifier" */ ++882, /* "authorityRevocationList" */ ++87, /* "basicConstraints" */ ++365, /* "basicOCSPResponse" */ ++285, /* "biometricInfo" */ ++921, /* "brainpoolP160r1" */ ++922, /* "brainpoolP160t1" */ ++923, /* "brainpoolP192r1" */ ++924, /* "brainpoolP192t1" */ ++925, /* "brainpoolP224r1" */ ++926, /* "brainpoolP224t1" */ ++927, /* "brainpoolP256r1" */ ++928, /* "brainpoolP256t1" */ ++929, /* "brainpoolP320r1" */ ++930, /* "brainpoolP320t1" */ ++931, /* "brainpoolP384r1" */ ++932, /* "brainpoolP384t1" */ ++933, /* "brainpoolP512r1" */ ++934, /* "brainpoolP512t1" */ ++494, /* "buildingName" */ ++860, /* "businessCategory" */ ++691, /* "c2onb191v4" */ ++692, /* "c2onb191v5" */ ++697, /* "c2onb239v4" */ ++698, /* "c2onb239v5" */ ++684, /* "c2pnb163v1" */ ++685, /* "c2pnb163v2" */ ++686, /* "c2pnb163v3" */ ++687, /* "c2pnb176v1" */ ++693, /* "c2pnb208w1" */ ++699, /* "c2pnb272w1" */ ++700, /* "c2pnb304w1" */ ++702, /* "c2pnb368w1" */ ++688, /* "c2tnb191v1" */ ++689, /* "c2tnb191v2" */ ++690, /* "c2tnb191v3" */ ++694, /* "c2tnb239v1" */ ++695, /* "c2tnb239v2" */ ++696, /* "c2tnb239v3" */ ++701, /* "c2tnb359v1" */ ++703, /* "c2tnb431r1" */ ++881, /* "cACertificate" */ ++483, /* "cNAMERecord" */ ++179, /* "caIssuers" */ ++785, /* "caRepository" */ ++443, /* "caseIgnoreIA5StringSyntax" */ ++152, /* "certBag" */ ++677, /* "certicom-arc" */ ++771, /* "certificateIssuer" */ ++89, /* "certificatePolicies" */ ++883, /* "certificateRevocationList" */ ++54, /* "challengePassword" */ ++407, /* "characteristic-two-field" */ ++395, /* "clearance" */ ++130, /* "clientAuth" */ ++131, /* "codeSigning" */ ++50, /* "contentType" */ ++53, /* "countersignature" */ ++153, /* "crlBag" */ ++103, /* "crlDistributionPoints" */ ++88, /* "crlNumber" */ ++884, /* "crossCertificatePair" */ ++806, /* "cryptocom" */ ++805, /* "cryptopro" */ ++954, /* "ct_cert_scts" */ ++952, /* "ct_precert_poison" */ ++951, /* "ct_precert_scts" */ ++953, /* "ct_precert_signer" */ ++500, /* "dITRedirect" */ ++451, /* "dNSDomain" */ ++495, /* "dSAQuality" */ ++434, /* "data" */ ++390, /* "dcobject" */ ++140, /* "deltaCRL" */ ++891, /* "deltaRevocationList" */ ++107, /* "description" */ ++871, /* "destinationIndicator" */ ++947, /* "dh-cofactor-kdf" */ ++946, /* "dh-std-kdf" */ ++28, /* "dhKeyAgreement" */ ++941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ ++942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ ++943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ ++944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ ++945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ ++936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ ++937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ ++938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ ++939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ ++940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ ++920, /* "dhpublicnumber" */ ++382, /* "directory" */ ++887, /* "distinguishedName" */ ++892, /* "dmdName" */ ++174, /* "dnQualifier" */ ++447, /* "document" */ ++471, /* "documentAuthor" */ ++468, /* "documentIdentifier" */ ++472, /* "documentLocation" */ ++502, /* "documentPublisher" */ ++449, /* "documentSeries" */ ++469, /* "documentTitle" */ ++470, /* "documentVersion" */ ++392, /* "domain" */ ++452, /* "domainRelatedObject" */ ++802, /* "dsa_with_SHA224" */ ++803, /* "dsa_with_SHA256" */ ++791, /* "ecdsa-with-Recommended" */ ++416, /* "ecdsa-with-SHA1" */ ++793, /* "ecdsa-with-SHA224" */ ++794, /* "ecdsa-with-SHA256" */ ++795, /* "ecdsa-with-SHA384" */ ++796, /* "ecdsa-with-SHA512" */ ++792, /* "ecdsa-with-Specified" */ ++48, /* "emailAddress" */ ++132, /* "emailProtection" */ ++885, /* "enhancedSearchGuide" */ ++389, /* "enterprises" */ ++384, /* "experimental" */ ++172, /* "extReq" */ ++56, /* "extendedCertificateAttributes" */ ++126, /* "extendedKeyUsage" */ ++372, /* "extendedStatus" */ ++867, /* "facsimileTelephoneNumber" */ ++462, /* "favouriteDrink" */ ++857, /* "freshestCRL" */ ++453, /* "friendlyCountry" */ ++490, /* "friendlyCountryName" */ ++156, /* "friendlyName" */ ++509, /* "generationQualifier" */ ++815, /* "gost-mac" */ ++811, /* "gost2001" */ ++851, /* "gost2001cc" */ ++813, /* "gost89" */ ++814, /* "gost89-cnt" */ ++812, /* "gost94" */ ++850, /* "gost94cc" */ ++797, /* "hmacWithMD5" */ ++163, /* "hmacWithSHA1" */ ++798, /* "hmacWithSHA224" */ ++799, /* "hmacWithSHA256" */ ++800, /* "hmacWithSHA384" */ ++801, /* "hmacWithSHA512" */ ++432, /* "holdInstructionCallIssuer" */ ++430, /* "holdInstructionCode" */ ++431, /* "holdInstructionNone" */ ++433, /* "holdInstructionReject" */ ++486, /* "homePostalAddress" */ ++473, /* "homeTelephoneNumber" */ ++466, /* "host" */ ++889, /* "houseIdentifier" */ ++442, /* "iA5StringSyntax" */ ++783, /* "id-DHBasedMac" */ ++824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ ++825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ ++826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ ++827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ ++819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ ++829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ ++828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ ++830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ ++820, /* "id-Gost28147-89-None-KeyMeshing" */ ++823, /* "id-Gost28147-89-TestParamSet" */ ++849, /* "id-Gost28147-89-cc" */ ++840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ ++841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ ++842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ ++843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ ++844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ ++854, /* "id-GostR3410-2001-ParamSet-cc" */ ++839, /* "id-GostR3410-2001-TestParamSet" */ ++817, /* "id-GostR3410-2001DH" */ ++832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ ++833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ ++834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ ++835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ ++836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ ++837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ ++838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ ++831, /* "id-GostR3410-94-TestParamSet" */ ++845, /* "id-GostR3410-94-a" */ ++846, /* "id-GostR3410-94-aBis" */ ++847, /* "id-GostR3410-94-b" */ ++848, /* "id-GostR3410-94-bBis" */ ++818, /* "id-GostR3410-94DH" */ ++822, /* "id-GostR3411-94-CryptoProParamSet" */ ++821, /* "id-GostR3411-94-TestParamSet" */ ++807, /* "id-GostR3411-94-with-GostR3410-2001" */ ++853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */ ++808, /* "id-GostR3411-94-with-GostR3410-94" */ ++852, /* "id-GostR3411-94-with-GostR3410-94-cc" */ ++810, /* "id-HMACGostR3411-94" */ ++782, /* "id-PasswordBasedMAC" */ ++266, /* "id-aca" */ ++355, /* "id-aca-accessIdentity" */ ++354, /* "id-aca-authenticationInfo" */ ++356, /* "id-aca-chargingIdentity" */ ++399, /* "id-aca-encAttrs" */ ++357, /* "id-aca-group" */ ++358, /* "id-aca-role" */ ++176, /* "id-ad" */ ++896, /* "id-aes128-CCM" */ ++895, /* "id-aes128-GCM" */ ++788, /* "id-aes128-wrap" */ ++897, /* "id-aes128-wrap-pad" */ ++899, /* "id-aes192-CCM" */ ++898, /* "id-aes192-GCM" */ ++789, /* "id-aes192-wrap" */ ++900, /* "id-aes192-wrap-pad" */ ++902, /* "id-aes256-CCM" */ ++901, /* "id-aes256-GCM" */ ++790, /* "id-aes256-wrap" */ ++903, /* "id-aes256-wrap-pad" */ ++262, /* "id-alg" */ ++893, /* "id-alg-PWRI-KEK" */ ++323, /* "id-alg-des40" */ ++326, /* "id-alg-dh-pop" */ ++325, /* "id-alg-dh-sig-hmac-sha1" */ ++324, /* "id-alg-noSignature" */ ++907, /* "id-camellia128-wrap" */ ++908, /* "id-camellia192-wrap" */ ++909, /* "id-camellia256-wrap" */ ++268, /* "id-cct" */ ++361, /* "id-cct-PKIData" */ ++362, /* "id-cct-PKIResponse" */ ++360, /* "id-cct-crs" */ ++81, /* "id-ce" */ ++680, /* "id-characteristic-two-basis" */ ++263, /* "id-cmc" */ ++334, /* "id-cmc-addExtensions" */ ++346, /* "id-cmc-confirmCertAcceptance" */ ++330, /* "id-cmc-dataReturn" */ ++336, /* "id-cmc-decryptedPOP" */ ++335, /* "id-cmc-encryptedPOP" */ ++339, /* "id-cmc-getCRL" */ ++338, /* "id-cmc-getCert" */ ++328, /* "id-cmc-identification" */ ++329, /* "id-cmc-identityProof" */ ++337, /* "id-cmc-lraPOPWitness" */ ++344, /* "id-cmc-popLinkRandom" */ ++345, /* "id-cmc-popLinkWitness" */ ++343, /* "id-cmc-queryPending" */ ++333, /* "id-cmc-recipientNonce" */ ++341, /* "id-cmc-regInfo" */ ++342, /* "id-cmc-responseInfo" */ ++340, /* "id-cmc-revokeRequest" */ ++332, /* "id-cmc-senderNonce" */ ++327, /* "id-cmc-statusInfo" */ ++331, /* "id-cmc-transactionId" */ ++787, /* "id-ct-asciiTextWithCRLF" */ ++408, /* "id-ecPublicKey" */ ++508, /* "id-hex-multipart-message" */ ++507, /* "id-hex-partial-message" */ ++260, /* "id-it" */ ++302, /* "id-it-caKeyUpdateInfo" */ ++298, /* "id-it-caProtEncCert" */ ++311, /* "id-it-confirmWaitTime" */ ++303, /* "id-it-currentCRL" */ ++300, /* "id-it-encKeyPairTypes" */ ++310, /* "id-it-implicitConfirm" */ ++308, /* "id-it-keyPairParamRep" */ ++307, /* "id-it-keyPairParamReq" */ ++312, /* "id-it-origPKIMessage" */ ++301, /* "id-it-preferredSymmAlg" */ ++309, /* "id-it-revPassphrase" */ ++299, /* "id-it-signKeyPairTypes" */ ++305, /* "id-it-subscriptionRequest" */ ++306, /* "id-it-subscriptionResponse" */ ++784, /* "id-it-suppLangTags" */ ++304, /* "id-it-unsupportedOIDs" */ ++128, /* "id-kp" */ ++280, /* "id-mod-attribute-cert" */ ++274, /* "id-mod-cmc" */ ++277, /* "id-mod-cmp" */ ++284, /* "id-mod-cmp2000" */ ++273, /* "id-mod-crmf" */ ++283, /* "id-mod-dvcs" */ ++275, /* "id-mod-kea-profile-88" */ ++276, /* "id-mod-kea-profile-93" */ ++282, /* "id-mod-ocsp" */ ++278, /* "id-mod-qualified-cert-88" */ ++279, /* "id-mod-qualified-cert-93" */ ++281, /* "id-mod-timestamp-protocol" */ ++264, /* "id-on" */ ++858, /* "id-on-permanentIdentifier" */ ++347, /* "id-on-personalData" */ ++265, /* "id-pda" */ ++352, /* "id-pda-countryOfCitizenship" */ ++353, /* "id-pda-countryOfResidence" */ ++348, /* "id-pda-dateOfBirth" */ ++351, /* "id-pda-gender" */ ++349, /* "id-pda-placeOfBirth" */ ++175, /* "id-pe" */ ++261, /* "id-pkip" */ ++258, /* "id-pkix-mod" */ ++269, /* "id-pkix1-explicit-88" */ ++271, /* "id-pkix1-explicit-93" */ ++270, /* "id-pkix1-implicit-88" */ ++272, /* "id-pkix1-implicit-93" */ ++662, /* "id-ppl" */ ++664, /* "id-ppl-anyLanguage" */ ++667, /* "id-ppl-independent" */ ++665, /* "id-ppl-inheritAll" */ ++267, /* "id-qcs" */ ++359, /* "id-qcs-pkixQCSyntax-v1" */ ++259, /* "id-qt" */ ++164, /* "id-qt-cps" */ ++165, /* "id-qt-unotice" */ ++313, /* "id-regCtrl" */ ++316, /* "id-regCtrl-authenticator" */ ++319, /* "id-regCtrl-oldCertID" */ ++318, /* "id-regCtrl-pkiArchiveOptions" */ ++317, /* "id-regCtrl-pkiPublicationInfo" */ ++320, /* "id-regCtrl-protocolEncrKey" */ ++315, /* "id-regCtrl-regToken" */ ++314, /* "id-regInfo" */ ++322, /* "id-regInfo-certReq" */ ++321, /* "id-regInfo-utf8Pairs" */ ++512, /* "id-set" */ ++191, /* "id-smime-aa" */ ++215, /* "id-smime-aa-contentHint" */ ++218, /* "id-smime-aa-contentIdentifier" */ ++221, /* "id-smime-aa-contentReference" */ ++240, /* "id-smime-aa-dvcs-dvc" */ ++217, /* "id-smime-aa-encapContentType" */ ++222, /* "id-smime-aa-encrypKeyPref" */ ++220, /* "id-smime-aa-equivalentLabels" */ ++232, /* "id-smime-aa-ets-CertificateRefs" */ ++233, /* "id-smime-aa-ets-RevocationRefs" */ ++238, /* "id-smime-aa-ets-archiveTimeStamp" */ ++237, /* "id-smime-aa-ets-certCRLTimestamp" */ ++234, /* "id-smime-aa-ets-certValues" */ ++227, /* "id-smime-aa-ets-commitmentType" */ ++231, /* "id-smime-aa-ets-contentTimestamp" */ ++236, /* "id-smime-aa-ets-escTimeStamp" */ ++230, /* "id-smime-aa-ets-otherSigCert" */ ++235, /* "id-smime-aa-ets-revocationValues" */ ++226, /* "id-smime-aa-ets-sigPolicyId" */ ++229, /* "id-smime-aa-ets-signerAttr" */ ++228, /* "id-smime-aa-ets-signerLocation" */ ++219, /* "id-smime-aa-macValue" */ ++214, /* "id-smime-aa-mlExpandHistory" */ ++216, /* "id-smime-aa-msgSigDigest" */ ++212, /* "id-smime-aa-receiptRequest" */ ++213, /* "id-smime-aa-securityLabel" */ ++239, /* "id-smime-aa-signatureType" */ ++223, /* "id-smime-aa-signingCertificate" */ ++224, /* "id-smime-aa-smimeEncryptCerts" */ ++225, /* "id-smime-aa-timeStampToken" */ ++192, /* "id-smime-alg" */ ++243, /* "id-smime-alg-3DESwrap" */ ++246, /* "id-smime-alg-CMS3DESwrap" */ ++247, /* "id-smime-alg-CMSRC2wrap" */ ++245, /* "id-smime-alg-ESDH" */ ++241, /* "id-smime-alg-ESDHwith3DES" */ ++242, /* "id-smime-alg-ESDHwithRC2" */ ++244, /* "id-smime-alg-RC2wrap" */ ++193, /* "id-smime-cd" */ ++248, /* "id-smime-cd-ldap" */ ++190, /* "id-smime-ct" */ ++210, /* "id-smime-ct-DVCSRequestData" */ ++211, /* "id-smime-ct-DVCSResponseData" */ ++208, /* "id-smime-ct-TDTInfo" */ ++207, /* "id-smime-ct-TSTInfo" */ ++205, /* "id-smime-ct-authData" */ ++786, /* "id-smime-ct-compressedData" */ ++209, /* "id-smime-ct-contentInfo" */ ++206, /* "id-smime-ct-publishCert" */ ++204, /* "id-smime-ct-receipt" */ ++195, /* "id-smime-cti" */ ++255, /* "id-smime-cti-ets-proofOfApproval" */ ++256, /* "id-smime-cti-ets-proofOfCreation" */ ++253, /* "id-smime-cti-ets-proofOfDelivery" */ ++251, /* "id-smime-cti-ets-proofOfOrigin" */ ++252, /* "id-smime-cti-ets-proofOfReceipt" */ ++254, /* "id-smime-cti-ets-proofOfSender" */ ++189, /* "id-smime-mod" */ ++196, /* "id-smime-mod-cms" */ ++197, /* "id-smime-mod-ess" */ ++202, /* "id-smime-mod-ets-eSigPolicy-88" */ ++203, /* "id-smime-mod-ets-eSigPolicy-97" */ ++200, /* "id-smime-mod-ets-eSignature-88" */ ++201, /* "id-smime-mod-ets-eSignature-97" */ ++199, /* "id-smime-mod-msg-v3" */ ++198, /* "id-smime-mod-oid" */ ++194, /* "id-smime-spq" */ ++250, /* "id-smime-spq-ets-sqt-unotice" */ ++249, /* "id-smime-spq-ets-sqt-uri" */ ++676, /* "identified-organization" */ ++461, /* "info" */ ++748, /* "inhibitAnyPolicy" */ ++101, /* "initials" */ ++647, /* "international-organizations" */ ++869, /* "internationaliSDNNumber" */ ++142, /* "invalidityDate" */ ++294, /* "ipsecEndSystem" */ ++295, /* "ipsecTunnel" */ ++296, /* "ipsecUser" */ ++86, /* "issuerAltName" */ ++770, /* "issuingDistributionPoint" */ ++492, /* "janetMailbox" */ ++957, /* "jurisdictionC" */ ++955, /* "jurisdictionL" */ ++956, /* "jurisdictionST" */ ++150, /* "keyBag" */ ++83, /* "keyUsage" */ ++477, /* "lastModifiedBy" */ ++476, /* "lastModifiedTime" */ ++157, /* "localKeyID" */ ++480, /* "mXRecord" */ ++460, /* "mail" */ ++493, /* "mailPreferenceOption" */ ++467, /* "manager" */ ++809, /* "md_gost94" */ ++875, /* "member" */ ++182, /* "member-body" */ ++51, /* "messageDigest" */ ++383, /* "mgmt" */ ++504, /* "mime-mhs" */ ++506, /* "mime-mhs-bodies" */ ++505, /* "mime-mhs-headings" */ ++488, /* "mobileTelephoneNumber" */ ++136, /* "msCTLSign" */ ++135, /* "msCodeCom" */ ++134, /* "msCodeInd" */ ++138, /* "msEFS" */ ++171, /* "msExtReq" */ ++137, /* "msSGC" */ ++648, /* "msSmartcardLogin" */ ++649, /* "msUPN" */ ++481, /* "nSRecord" */ ++173, /* "name" */ ++666, /* "nameConstraints" */ ++369, /* "noCheck" */ ++403, /* "noRevAvail" */ ++72, /* "nsBaseUrl" */ ++76, /* "nsCaPolicyUrl" */ ++74, /* "nsCaRevocationUrl" */ ++58, /* "nsCertExt" */ ++79, /* "nsCertSequence" */ ++71, /* "nsCertType" */ ++78, /* "nsComment" */ ++59, /* "nsDataType" */ ++75, /* "nsRenewalUrl" */ ++73, /* "nsRevocationUrl" */ ++139, /* "nsSGC" */ ++77, /* "nsSslServerName" */ ++681, /* "onBasis" */ ++491, /* "organizationalStatus" */ ++475, /* "otherMailbox" */ ++876, /* "owner" */ ++489, /* "pagerTelephoneNumber" */ ++374, /* "path" */ ++112, /* "pbeWithMD5AndCast5CBC" */ ++499, /* "personalSignature" */ ++487, /* "personalTitle" */ ++464, /* "photo" */ ++863, /* "physicalDeliveryOfficeName" */ ++437, /* "pilot" */ ++439, /* "pilotAttributeSyntax" */ ++438, /* "pilotAttributeType" */ ++479, /* "pilotAttributeType27" */ ++456, /* "pilotDSA" */ ++441, /* "pilotGroups" */ ++444, /* "pilotObject" */ ++440, /* "pilotObjectClass" */ ++455, /* "pilotOrganization" */ ++445, /* "pilotPerson" */ ++ 2, /* "pkcs" */ ++186, /* "pkcs1" */ ++27, /* "pkcs3" */ ++187, /* "pkcs5" */ ++20, /* "pkcs7" */ ++21, /* "pkcs7-data" */ ++25, /* "pkcs7-digestData" */ ++26, /* "pkcs7-encryptedData" */ ++23, /* "pkcs7-envelopedData" */ ++24, /* "pkcs7-signedAndEnvelopedData" */ ++22, /* "pkcs7-signedData" */ ++151, /* "pkcs8ShroudedKeyBag" */ ++47, /* "pkcs9" */ ++401, /* "policyConstraints" */ ++747, /* "policyMappings" */ ++862, /* "postOfficeBox" */ ++861, /* "postalAddress" */ ++661, /* "postalCode" */ ++683, /* "ppBasis" */ ++872, /* "preferredDeliveryMethod" */ ++873, /* "presentationAddress" */ ++816, /* "prf-gostr3411-94" */ ++406, /* "prime-field" */ ++409, /* "prime192v1" */ ++410, /* "prime192v2" */ ++411, /* "prime192v3" */ ++412, /* "prime239v1" */ ++413, /* "prime239v2" */ ++414, /* "prime239v3" */ ++415, /* "prime256v1" */ ++385, /* "private" */ ++84, /* "privateKeyUsagePeriod" */ ++886, /* "protocolInformation" */ ++663, /* "proxyCertInfo" */ ++510, /* "pseudonym" */ ++435, /* "pss" */ ++286, /* "qcStatements" */ ++457, /* "qualityLabelledData" */ ++450, /* "rFC822localPart" */ ++870, /* "registeredAddress" */ ++400, /* "role" */ ++877, /* "roleOccupant" */ ++448, /* "room" */ ++463, /* "roomNumber" */ ++ 6, /* "rsaEncryption" */ ++644, /* "rsaOAEPEncryptionSET" */ ++377, /* "rsaSignature" */ ++ 1, /* "rsadsi" */ ++482, /* "sOARecord" */ ++155, /* "safeContentsBag" */ ++291, /* "sbgp-autonomousSysNum" */ ++290, /* "sbgp-ipAddrBlock" */ ++292, /* "sbgp-routerIdentifier" */ ++159, /* "sdsiCertificate" */ ++859, /* "searchGuide" */ ++704, /* "secp112r1" */ ++705, /* "secp112r2" */ ++706, /* "secp128r1" */ ++707, /* "secp128r2" */ ++708, /* "secp160k1" */ ++709, /* "secp160r1" */ ++710, /* "secp160r2" */ ++711, /* "secp192k1" */ ++712, /* "secp224k1" */ ++713, /* "secp224r1" */ ++714, /* "secp256k1" */ ++715, /* "secp384r1" */ ++716, /* "secp521r1" */ ++154, /* "secretBag" */ ++474, /* "secretary" */ ++717, /* "sect113r1" */ ++718, /* "sect113r2" */ ++719, /* "sect131r1" */ ++720, /* "sect131r2" */ ++721, /* "sect163k1" */ ++722, /* "sect163r1" */ ++723, /* "sect163r2" */ ++724, /* "sect193r1" */ ++725, /* "sect193r2" */ ++726, /* "sect233k1" */ ++727, /* "sect233r1" */ ++728, /* "sect239k1" */ ++729, /* "sect283k1" */ ++730, /* "sect283r1" */ ++731, /* "sect409k1" */ ++732, /* "sect409r1" */ ++733, /* "sect571k1" */ ++734, /* "sect571r1" */ ++386, /* "security" */ ++878, /* "seeAlso" */ ++394, /* "selected-attribute-types" */ ++105, /* "serialNumber" */ ++129, /* "serverAuth" */ ++371, /* "serviceLocator" */ ++625, /* "set-addPolicy" */ ++515, /* "set-attr" */ ++518, /* "set-brand" */ ++638, /* "set-brand-AmericanExpress" */ ++637, /* "set-brand-Diners" */ ++636, /* "set-brand-IATA-ATA" */ ++639, /* "set-brand-JCB" */ ++641, /* "set-brand-MasterCard" */ ++642, /* "set-brand-Novus" */ ++640, /* "set-brand-Visa" */ ++517, /* "set-certExt" */ ++513, /* "set-ctype" */ ++514, /* "set-msgExt" */ ++516, /* "set-policy" */ ++607, /* "set-policy-root" */ ++624, /* "set-rootKeyThumb" */ ++620, /* "setAttr-Cert" */ ++631, /* "setAttr-GenCryptgrm" */ ++623, /* "setAttr-IssCap" */ ++628, /* "setAttr-IssCap-CVM" */ ++630, /* "setAttr-IssCap-Sig" */ ++629, /* "setAttr-IssCap-T2" */ ++621, /* "setAttr-PGWYcap" */ ++635, /* "setAttr-SecDevSig" */ ++632, /* "setAttr-T2Enc" */ ++633, /* "setAttr-T2cleartxt" */ ++634, /* "setAttr-TokICCsig" */ ++627, /* "setAttr-Token-B0Prime" */ ++626, /* "setAttr-Token-EMV" */ ++622, /* "setAttr-TokenType" */ ++619, /* "setCext-IssuerCapabilities" */ ++615, /* "setCext-PGWYcapabilities" */ ++616, /* "setCext-TokenIdentifier" */ ++618, /* "setCext-TokenType" */ ++617, /* "setCext-Track2Data" */ ++611, /* "setCext-cCertRequired" */ ++609, /* "setCext-certType" */ ++608, /* "setCext-hashedRoot" */ ++610, /* "setCext-merchData" */ ++613, /* "setCext-setExt" */ ++614, /* "setCext-setQualf" */ ++612, /* "setCext-tunneling" */ ++540, /* "setct-AcqCardCodeMsg" */ ++576, /* "setct-AcqCardCodeMsgTBE" */ ++570, /* "setct-AuthReqTBE" */ ++534, /* "setct-AuthReqTBS" */ ++527, /* "setct-AuthResBaggage" */ ++571, /* "setct-AuthResTBE" */ ++572, /* "setct-AuthResTBEX" */ ++535, /* "setct-AuthResTBS" */ ++536, /* "setct-AuthResTBSX" */ ++528, /* "setct-AuthRevReqBaggage" */ ++577, /* "setct-AuthRevReqTBE" */ ++541, /* "setct-AuthRevReqTBS" */ ++529, /* "setct-AuthRevResBaggage" */ ++542, /* "setct-AuthRevResData" */ ++578, /* "setct-AuthRevResTBE" */ ++579, /* "setct-AuthRevResTBEB" */ ++543, /* "setct-AuthRevResTBS" */ ++573, /* "setct-AuthTokenTBE" */ ++537, /* "setct-AuthTokenTBS" */ ++600, /* "setct-BCIDistributionTBS" */ ++558, /* "setct-BatchAdminReqData" */ ++592, /* "setct-BatchAdminReqTBE" */ ++559, /* "setct-BatchAdminResData" */ ++593, /* "setct-BatchAdminResTBE" */ ++599, /* "setct-CRLNotificationResTBS" */ ++598, /* "setct-CRLNotificationTBS" */ ++580, /* "setct-CapReqTBE" */ ++581, /* "setct-CapReqTBEX" */ ++544, /* "setct-CapReqTBS" */ ++545, /* "setct-CapReqTBSX" */ ++546, /* "setct-CapResData" */ ++582, /* "setct-CapResTBE" */ ++583, /* "setct-CapRevReqTBE" */ ++584, /* "setct-CapRevReqTBEX" */ ++547, /* "setct-CapRevReqTBS" */ ++548, /* "setct-CapRevReqTBSX" */ ++549, /* "setct-CapRevResData" */ ++585, /* "setct-CapRevResTBE" */ ++538, /* "setct-CapTokenData" */ ++530, /* "setct-CapTokenSeq" */ ++574, /* "setct-CapTokenTBE" */ ++575, /* "setct-CapTokenTBEX" */ ++539, /* "setct-CapTokenTBS" */ ++560, /* "setct-CardCInitResTBS" */ ++566, /* "setct-CertInqReqTBS" */ ++563, /* "setct-CertReqData" */ ++595, /* "setct-CertReqTBE" */ ++596, /* "setct-CertReqTBEX" */ ++564, /* "setct-CertReqTBS" */ ++565, /* "setct-CertResData" */ ++597, /* "setct-CertResTBE" */ ++586, /* "setct-CredReqTBE" */ ++587, /* "setct-CredReqTBEX" */ ++550, /* "setct-CredReqTBS" */ ++551, /* "setct-CredReqTBSX" */ ++552, /* "setct-CredResData" */ ++588, /* "setct-CredResTBE" */ ++589, /* "setct-CredRevReqTBE" */ ++590, /* "setct-CredRevReqTBEX" */ ++553, /* "setct-CredRevReqTBS" */ ++554, /* "setct-CredRevReqTBSX" */ ++555, /* "setct-CredRevResData" */ ++591, /* "setct-CredRevResTBE" */ ++567, /* "setct-ErrorTBS" */ ++526, /* "setct-HODInput" */ ++561, /* "setct-MeAqCInitResTBS" */ ++522, /* "setct-OIData" */ ++519, /* "setct-PANData" */ ++521, /* "setct-PANOnly" */ ++520, /* "setct-PANToken" */ ++556, /* "setct-PCertReqData" */ ++557, /* "setct-PCertResTBS" */ ++523, /* "setct-PI" */ ++532, /* "setct-PI-TBS" */ ++524, /* "setct-PIData" */ ++525, /* "setct-PIDataUnsigned" */ ++568, /* "setct-PIDualSignedTBE" */ ++569, /* "setct-PIUnsignedTBE" */ ++531, /* "setct-PInitResData" */ ++533, /* "setct-PResData" */ ++594, /* "setct-RegFormReqTBE" */ ++562, /* "setct-RegFormResTBS" */ ++606, /* "setext-cv" */ ++601, /* "setext-genCrypt" */ ++602, /* "setext-miAuth" */ ++604, /* "setext-pinAny" */ ++603, /* "setext-pinSecure" */ ++605, /* "setext-track2" */ ++52, /* "signingTime" */ ++454, /* "simpleSecurityObject" */ ++496, /* "singleLevelQuality" */ ++387, /* "snmpv2" */ ++660, /* "street" */ ++85, /* "subjectAltName" */ ++769, /* "subjectDirectoryAttributes" */ ++398, /* "subjectInfoAccess" */ ++82, /* "subjectKeyIdentifier" */ ++498, /* "subtreeMaximumQuality" */ ++497, /* "subtreeMinimumQuality" */ ++890, /* "supportedAlgorithms" */ ++874, /* "supportedApplicationContext" */ ++402, /* "targetInformation" */ ++864, /* "telephoneNumber" */ ++866, /* "teletexTerminalIdentifier" */ ++865, /* "telexNumber" */ ++459, /* "textEncodedORAddress" */ ++293, /* "textNotice" */ ++133, /* "timeStamping" */ ++106, /* "title" */ ++682, /* "tpBasis" */ ++375, /* "trustRoot" */ ++436, /* "ucl" */ ++888, /* "uniqueMember" */ ++55, /* "unstructuredAddress" */ ++49, /* "unstructuredName" */ ++880, /* "userCertificate" */ ++465, /* "userClass" */ ++879, /* "userPassword" */ ++373, /* "valid" */ ++678, /* "wap" */ ++679, /* "wap-wsg" */ ++735, /* "wap-wsg-idm-ecid-wtls1" */ ++743, /* "wap-wsg-idm-ecid-wtls10" */ ++744, /* "wap-wsg-idm-ecid-wtls11" */ ++745, /* "wap-wsg-idm-ecid-wtls12" */ ++736, /* "wap-wsg-idm-ecid-wtls3" */ ++737, /* "wap-wsg-idm-ecid-wtls4" */ ++738, /* "wap-wsg-idm-ecid-wtls5" */ ++739, /* "wap-wsg-idm-ecid-wtls6" */ ++740, /* "wap-wsg-idm-ecid-wtls7" */ ++741, /* "wap-wsg-idm-ecid-wtls8" */ ++742, /* "wap-wsg-idm-ecid-wtls9" */ ++804, /* "whirlpool" */ ++868, /* "x121Address" */ ++503, /* "x500UniqueIdentifier" */ ++158, /* "x509Certificate" */ ++160, /* "x509Crl" */ + }; + +-static ASN1_OBJECT *ln_objs[NUM_LN]={ +-&(nid_objs[363]),/* "AD Time Stamping" */ +-&(nid_objs[405]),/* "ANSI X9.62" */ +-&(nid_objs[368]),/* "Acceptable OCSP Responses" */ +-&(nid_objs[664]),/* "Any language" */ +-&(nid_objs[177]),/* "Authority Information Access" */ +-&(nid_objs[365]),/* "Basic OCSP Response" */ +-&(nid_objs[285]),/* "Biometric Info" */ +-&(nid_objs[179]),/* "CA Issuers" */ +-&(nid_objs[785]),/* "CA Repository" */ +-&(nid_objs[131]),/* "Code Signing" */ +-&(nid_objs[783]),/* "Diffie-Hellman based MAC" */ +-&(nid_objs[382]),/* "Directory" */ +-&(nid_objs[392]),/* "Domain" */ +-&(nid_objs[132]),/* "E-mail Protection" */ +-&(nid_objs[389]),/* "Enterprises" */ +-&(nid_objs[384]),/* "Experimental" */ +-&(nid_objs[372]),/* "Extended OCSP Status" */ +-&(nid_objs[172]),/* "Extension Request" */ +-&(nid_objs[813]),/* "GOST 28147-89" */ +-&(nid_objs[849]),/* "GOST 28147-89 Cryptocom ParamSet" */ +-&(nid_objs[815]),/* "GOST 28147-89 MAC" */ +-&(nid_objs[851]),/* "GOST 34.10-2001 Cryptocom" */ +-&(nid_objs[850]),/* "GOST 34.10-94 Cryptocom" */ +-&(nid_objs[811]),/* "GOST R 34.10-2001" */ +-&(nid_objs[817]),/* "GOST R 34.10-2001 DH" */ +-&(nid_objs[812]),/* "GOST R 34.10-94" */ +-&(nid_objs[818]),/* "GOST R 34.10-94 DH" */ +-&(nid_objs[809]),/* "GOST R 34.11-94" */ +-&(nid_objs[816]),/* "GOST R 34.11-94 PRF" */ +-&(nid_objs[807]),/* "GOST R 34.11-94 with GOST R 34.10-2001" */ +-&(nid_objs[853]),/* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ +-&(nid_objs[808]),/* "GOST R 34.11-94 with GOST R 34.10-94" */ +-&(nid_objs[852]),/* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ +-&(nid_objs[854]),/* "GOST R 3410-2001 Parameter Set Cryptocom" */ +-&(nid_objs[810]),/* "HMAC GOST 34.11-94" */ +-&(nid_objs[432]),/* "Hold Instruction Call Issuer" */ +-&(nid_objs[430]),/* "Hold Instruction Code" */ +-&(nid_objs[431]),/* "Hold Instruction None" */ +-&(nid_objs[433]),/* "Hold Instruction Reject" */ +-&(nid_objs[634]),/* "ICC or token signature" */ +-&(nid_objs[294]),/* "IPSec End System" */ +-&(nid_objs[295]),/* "IPSec Tunnel" */ +-&(nid_objs[296]),/* "IPSec User" */ +-&(nid_objs[182]),/* "ISO Member Body" */ +-&(nid_objs[183]),/* "ISO US Member Body" */ +-&(nid_objs[667]),/* "Independent" */ +-&(nid_objs[665]),/* "Inherit all" */ +-&(nid_objs[647]),/* "International Organizations" */ +-&(nid_objs[142]),/* "Invalidity Date" */ +-&(nid_objs[504]),/* "MIME MHS" */ +-&(nid_objs[388]),/* "Mail" */ +-&(nid_objs[383]),/* "Management" */ +-&(nid_objs[417]),/* "Microsoft CSP Name" */ +-&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */ +-&(nid_objs[138]),/* "Microsoft Encrypted File System" */ +-&(nid_objs[171]),/* "Microsoft Extension Request" */ +-&(nid_objs[134]),/* "Microsoft Individual Code Signing" */ +-&(nid_objs[856]),/* "Microsoft Local Key set" */ +-&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */ +-&(nid_objs[648]),/* "Microsoft Smartcardlogin" */ +-&(nid_objs[136]),/* "Microsoft Trust List Signing" */ +-&(nid_objs[649]),/* "Microsoft Universal Principal Name" */ +-&(nid_objs[393]),/* "NULL" */ +-&(nid_objs[404]),/* "NULL" */ +-&(nid_objs[72]),/* "Netscape Base Url" */ +-&(nid_objs[76]),/* "Netscape CA Policy Url" */ +-&(nid_objs[74]),/* "Netscape CA Revocation Url" */ +-&(nid_objs[71]),/* "Netscape Cert Type" */ +-&(nid_objs[58]),/* "Netscape Certificate Extension" */ +-&(nid_objs[79]),/* "Netscape Certificate Sequence" */ +-&(nid_objs[78]),/* "Netscape Comment" */ +-&(nid_objs[57]),/* "Netscape Communications Corp." */ +-&(nid_objs[59]),/* "Netscape Data Type" */ +-&(nid_objs[75]),/* "Netscape Renewal Url" */ +-&(nid_objs[73]),/* "Netscape Revocation Url" */ +-&(nid_objs[77]),/* "Netscape SSL Server Name" */ +-&(nid_objs[139]),/* "Netscape Server Gated Crypto" */ +-&(nid_objs[178]),/* "OCSP" */ +-&(nid_objs[370]),/* "OCSP Archive Cutoff" */ +-&(nid_objs[367]),/* "OCSP CRL ID" */ +-&(nid_objs[369]),/* "OCSP No Check" */ +-&(nid_objs[366]),/* "OCSP Nonce" */ +-&(nid_objs[371]),/* "OCSP Service Locator" */ +-&(nid_objs[180]),/* "OCSP Signing" */ +-&(nid_objs[161]),/* "PBES2" */ +-&(nid_objs[69]),/* "PBKDF2" */ +-&(nid_objs[162]),/* "PBMAC1" */ +-&(nid_objs[127]),/* "PKIX" */ +-&(nid_objs[858]),/* "Permanent Identifier" */ +-&(nid_objs[164]),/* "Policy Qualifier CPS" */ +-&(nid_objs[165]),/* "Policy Qualifier User Notice" */ +-&(nid_objs[385]),/* "Private" */ +-&(nid_objs[663]),/* "Proxy Certificate Information" */ +-&(nid_objs[ 1]),/* "RSA Data Security, Inc." */ +-&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */ +-&(nid_objs[188]),/* "S/MIME" */ +-&(nid_objs[167]),/* "S/MIME Capabilities" */ +-&(nid_objs[387]),/* "SNMPv2" */ +-&(nid_objs[512]),/* "Secure Electronic Transactions" */ +-&(nid_objs[386]),/* "Security" */ +-&(nid_objs[394]),/* "Selected Attribute Types" */ +-&(nid_objs[143]),/* "Strong Extranet ID" */ +-&(nid_objs[398]),/* "Subject Information Access" */ +-&(nid_objs[130]),/* "TLS Web Client Authentication" */ +-&(nid_objs[129]),/* "TLS Web Server Authentication" */ +-&(nid_objs[133]),/* "Time Stamping" */ +-&(nid_objs[375]),/* "Trust Root" */ +-&(nid_objs[12]),/* "X509" */ +-&(nid_objs[402]),/* "X509v3 AC Targeting" */ +-&(nid_objs[746]),/* "X509v3 Any Policy" */ +-&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */ +-&(nid_objs[87]),/* "X509v3 Basic Constraints" */ +-&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */ +-&(nid_objs[88]),/* "X509v3 CRL Number" */ +-&(nid_objs[141]),/* "X509v3 CRL Reason Code" */ +-&(nid_objs[771]),/* "X509v3 Certificate Issuer" */ +-&(nid_objs[89]),/* "X509v3 Certificate Policies" */ +-&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */ +-&(nid_objs[126]),/* "X509v3 Extended Key Usage" */ +-&(nid_objs[857]),/* "X509v3 Freshest CRL" */ +-&(nid_objs[748]),/* "X509v3 Inhibit Any Policy" */ +-&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ +-&(nid_objs[770]),/* "X509v3 Issuing Distrubution Point" */ +-&(nid_objs[83]),/* "X509v3 Key Usage" */ +-&(nid_objs[666]),/* "X509v3 Name Constraints" */ +-&(nid_objs[403]),/* "X509v3 No Revocation Available" */ +-&(nid_objs[401]),/* "X509v3 Policy Constraints" */ +-&(nid_objs[747]),/* "X509v3 Policy Mappings" */ +-&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ +-&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ +-&(nid_objs[769]),/* "X509v3 Subject Directory Attributes" */ +-&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ +-&(nid_objs[184]),/* "X9.57" */ +-&(nid_objs[185]),/* "X9.57 CM ?" */ +-&(nid_objs[478]),/* "aRecord" */ +-&(nid_objs[289]),/* "aaControls" */ +-&(nid_objs[287]),/* "ac-auditEntity" */ +-&(nid_objs[397]),/* "ac-proxying" */ +-&(nid_objs[288]),/* "ac-targeting" */ +-&(nid_objs[446]),/* "account" */ +-&(nid_objs[364]),/* "ad dvcs" */ +-&(nid_objs[606]),/* "additional verification" */ +-&(nid_objs[419]),/* "aes-128-cbc" */ +-&(nid_objs[421]),/* "aes-128-cfb" */ +-&(nid_objs[650]),/* "aes-128-cfb1" */ +-&(nid_objs[653]),/* "aes-128-cfb8" */ +-&(nid_objs[418]),/* "aes-128-ecb" */ +-&(nid_objs[420]),/* "aes-128-ofb" */ +-&(nid_objs[423]),/* "aes-192-cbc" */ +-&(nid_objs[425]),/* "aes-192-cfb" */ +-&(nid_objs[651]),/* "aes-192-cfb1" */ +-&(nid_objs[654]),/* "aes-192-cfb8" */ +-&(nid_objs[422]),/* "aes-192-ecb" */ +-&(nid_objs[424]),/* "aes-192-ofb" */ +-&(nid_objs[427]),/* "aes-256-cbc" */ +-&(nid_objs[429]),/* "aes-256-cfb" */ +-&(nid_objs[652]),/* "aes-256-cfb1" */ +-&(nid_objs[655]),/* "aes-256-cfb8" */ +-&(nid_objs[426]),/* "aes-256-ecb" */ +-&(nid_objs[428]),/* "aes-256-ofb" */ +-&(nid_objs[376]),/* "algorithm" */ +-&(nid_objs[484]),/* "associatedDomain" */ +-&(nid_objs[485]),/* "associatedName" */ +-&(nid_objs[501]),/* "audio" */ +-&(nid_objs[91]),/* "bf-cbc" */ +-&(nid_objs[93]),/* "bf-cfb" */ +-&(nid_objs[92]),/* "bf-ecb" */ +-&(nid_objs[94]),/* "bf-ofb" */ +-&(nid_objs[494]),/* "buildingName" */ +-&(nid_objs[691]),/* "c2onb191v4" */ +-&(nid_objs[692]),/* "c2onb191v5" */ +-&(nid_objs[697]),/* "c2onb239v4" */ +-&(nid_objs[698]),/* "c2onb239v5" */ +-&(nid_objs[684]),/* "c2pnb163v1" */ +-&(nid_objs[685]),/* "c2pnb163v2" */ +-&(nid_objs[686]),/* "c2pnb163v3" */ +-&(nid_objs[687]),/* "c2pnb176v1" */ +-&(nid_objs[693]),/* "c2pnb208w1" */ +-&(nid_objs[699]),/* "c2pnb272w1" */ +-&(nid_objs[700]),/* "c2pnb304w1" */ +-&(nid_objs[702]),/* "c2pnb368w1" */ +-&(nid_objs[688]),/* "c2tnb191v1" */ +-&(nid_objs[689]),/* "c2tnb191v2" */ +-&(nid_objs[690]),/* "c2tnb191v3" */ +-&(nid_objs[694]),/* "c2tnb239v1" */ +-&(nid_objs[695]),/* "c2tnb239v2" */ +-&(nid_objs[696]),/* "c2tnb239v3" */ +-&(nid_objs[701]),/* "c2tnb359v1" */ +-&(nid_objs[703]),/* "c2tnb431r1" */ +-&(nid_objs[483]),/* "cNAMERecord" */ +-&(nid_objs[751]),/* "camellia-128-cbc" */ +-&(nid_objs[757]),/* "camellia-128-cfb" */ +-&(nid_objs[760]),/* "camellia-128-cfb1" */ +-&(nid_objs[763]),/* "camellia-128-cfb8" */ +-&(nid_objs[754]),/* "camellia-128-ecb" */ +-&(nid_objs[766]),/* "camellia-128-ofb" */ +-&(nid_objs[752]),/* "camellia-192-cbc" */ +-&(nid_objs[758]),/* "camellia-192-cfb" */ +-&(nid_objs[761]),/* "camellia-192-cfb1" */ +-&(nid_objs[764]),/* "camellia-192-cfb8" */ +-&(nid_objs[755]),/* "camellia-192-ecb" */ +-&(nid_objs[767]),/* "camellia-192-ofb" */ +-&(nid_objs[753]),/* "camellia-256-cbc" */ +-&(nid_objs[759]),/* "camellia-256-cfb" */ +-&(nid_objs[762]),/* "camellia-256-cfb1" */ +-&(nid_objs[765]),/* "camellia-256-cfb8" */ +-&(nid_objs[756]),/* "camellia-256-ecb" */ +-&(nid_objs[768]),/* "camellia-256-ofb" */ +-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ +-&(nid_objs[108]),/* "cast5-cbc" */ +-&(nid_objs[110]),/* "cast5-cfb" */ +-&(nid_objs[109]),/* "cast5-ecb" */ +-&(nid_objs[111]),/* "cast5-ofb" */ +-&(nid_objs[152]),/* "certBag" */ +-&(nid_objs[677]),/* "certicom-arc" */ +-&(nid_objs[517]),/* "certificate extensions" */ +-&(nid_objs[54]),/* "challengePassword" */ +-&(nid_objs[407]),/* "characteristic-two-field" */ +-&(nid_objs[395]),/* "clearance" */ +-&(nid_objs[633]),/* "cleartext track 2" */ +-&(nid_objs[13]),/* "commonName" */ +-&(nid_objs[513]),/* "content types" */ +-&(nid_objs[50]),/* "contentType" */ +-&(nid_objs[53]),/* "countersignature" */ +-&(nid_objs[14]),/* "countryName" */ +-&(nid_objs[153]),/* "crlBag" */ +-&(nid_objs[806]),/* "cryptocom" */ +-&(nid_objs[805]),/* "cryptopro" */ +-&(nid_objs[500]),/* "dITRedirect" */ +-&(nid_objs[451]),/* "dNSDomain" */ +-&(nid_objs[495]),/* "dSAQuality" */ +-&(nid_objs[434]),/* "data" */ +-&(nid_objs[390]),/* "dcObject" */ +-&(nid_objs[31]),/* "des-cbc" */ +-&(nid_objs[643]),/* "des-cdmf" */ +-&(nid_objs[30]),/* "des-cfb" */ +-&(nid_objs[656]),/* "des-cfb1" */ +-&(nid_objs[657]),/* "des-cfb8" */ +-&(nid_objs[29]),/* "des-ecb" */ +-&(nid_objs[32]),/* "des-ede" */ +-&(nid_objs[43]),/* "des-ede-cbc" */ +-&(nid_objs[60]),/* "des-ede-cfb" */ +-&(nid_objs[62]),/* "des-ede-ofb" */ +-&(nid_objs[33]),/* "des-ede3" */ +-&(nid_objs[44]),/* "des-ede3-cbc" */ +-&(nid_objs[61]),/* "des-ede3-cfb" */ +-&(nid_objs[658]),/* "des-ede3-cfb1" */ +-&(nid_objs[659]),/* "des-ede3-cfb8" */ +-&(nid_objs[63]),/* "des-ede3-ofb" */ +-&(nid_objs[45]),/* "des-ofb" */ +-&(nid_objs[107]),/* "description" */ +-&(nid_objs[80]),/* "desx-cbc" */ +-&(nid_objs[28]),/* "dhKeyAgreement" */ +-&(nid_objs[11]),/* "directory services (X.500)" */ +-&(nid_objs[378]),/* "directory services - algorithms" */ +-&(nid_objs[174]),/* "dnQualifier" */ +-&(nid_objs[447]),/* "document" */ +-&(nid_objs[471]),/* "documentAuthor" */ +-&(nid_objs[468]),/* "documentIdentifier" */ +-&(nid_objs[472]),/* "documentLocation" */ +-&(nid_objs[502]),/* "documentPublisher" */ +-&(nid_objs[449]),/* "documentSeries" */ +-&(nid_objs[469]),/* "documentTitle" */ +-&(nid_objs[470]),/* "documentVersion" */ +-&(nid_objs[380]),/* "dod" */ +-&(nid_objs[391]),/* "domainComponent" */ +-&(nid_objs[452]),/* "domainRelatedObject" */ +-&(nid_objs[116]),/* "dsaEncryption" */ +-&(nid_objs[67]),/* "dsaEncryption-old" */ +-&(nid_objs[66]),/* "dsaWithSHA" */ +-&(nid_objs[113]),/* "dsaWithSHA1" */ +-&(nid_objs[70]),/* "dsaWithSHA1-old" */ +-&(nid_objs[802]),/* "dsa_with_SHA224" */ +-&(nid_objs[803]),/* "dsa_with_SHA256" */ +-&(nid_objs[297]),/* "dvcs" */ +-&(nid_objs[791]),/* "ecdsa-with-Recommended" */ +-&(nid_objs[416]),/* "ecdsa-with-SHA1" */ +-&(nid_objs[793]),/* "ecdsa-with-SHA224" */ +-&(nid_objs[794]),/* "ecdsa-with-SHA256" */ +-&(nid_objs[795]),/* "ecdsa-with-SHA384" */ +-&(nid_objs[796]),/* "ecdsa-with-SHA512" */ +-&(nid_objs[792]),/* "ecdsa-with-Specified" */ +-&(nid_objs[48]),/* "emailAddress" */ +-&(nid_objs[632]),/* "encrypted track 2" */ +-&(nid_objs[56]),/* "extendedCertificateAttributes" */ +-&(nid_objs[462]),/* "favouriteDrink" */ +-&(nid_objs[453]),/* "friendlyCountry" */ +-&(nid_objs[490]),/* "friendlyCountryName" */ +-&(nid_objs[156]),/* "friendlyName" */ +-&(nid_objs[631]),/* "generate cryptogram" */ +-&(nid_objs[509]),/* "generationQualifier" */ +-&(nid_objs[601]),/* "generic cryptogram" */ +-&(nid_objs[99]),/* "givenName" */ +-&(nid_objs[814]),/* "gost89-cnt" */ +-&(nid_objs[855]),/* "hmac" */ +-&(nid_objs[780]),/* "hmac-md5" */ +-&(nid_objs[781]),/* "hmac-sha1" */ +-&(nid_objs[797]),/* "hmacWithMD5" */ +-&(nid_objs[163]),/* "hmacWithSHA1" */ +-&(nid_objs[798]),/* "hmacWithSHA224" */ +-&(nid_objs[799]),/* "hmacWithSHA256" */ +-&(nid_objs[800]),/* "hmacWithSHA384" */ +-&(nid_objs[801]),/* "hmacWithSHA512" */ +-&(nid_objs[486]),/* "homePostalAddress" */ +-&(nid_objs[473]),/* "homeTelephoneNumber" */ +-&(nid_objs[466]),/* "host" */ +-&(nid_objs[442]),/* "iA5StringSyntax" */ +-&(nid_objs[381]),/* "iana" */ +-&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +-&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +-&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +-&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +-&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +-&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +-&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +-&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +-&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */ +-&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */ +-&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +-&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +-&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +-&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +-&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +-&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */ +-&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +-&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +-&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +-&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +-&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +-&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +-&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +-&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */ +-&(nid_objs[845]),/* "id-GostR3410-94-a" */ +-&(nid_objs[846]),/* "id-GostR3410-94-aBis" */ +-&(nid_objs[847]),/* "id-GostR3410-94-b" */ +-&(nid_objs[848]),/* "id-GostR3410-94-bBis" */ +-&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */ +-&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */ +-&(nid_objs[266]),/* "id-aca" */ +-&(nid_objs[355]),/* "id-aca-accessIdentity" */ +-&(nid_objs[354]),/* "id-aca-authenticationInfo" */ +-&(nid_objs[356]),/* "id-aca-chargingIdentity" */ +-&(nid_objs[399]),/* "id-aca-encAttrs" */ +-&(nid_objs[357]),/* "id-aca-group" */ +-&(nid_objs[358]),/* "id-aca-role" */ +-&(nid_objs[176]),/* "id-ad" */ +-&(nid_objs[788]),/* "id-aes128-wrap" */ +-&(nid_objs[789]),/* "id-aes192-wrap" */ +-&(nid_objs[790]),/* "id-aes256-wrap" */ +-&(nid_objs[262]),/* "id-alg" */ +-&(nid_objs[323]),/* "id-alg-des40" */ +-&(nid_objs[326]),/* "id-alg-dh-pop" */ +-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */ +-&(nid_objs[324]),/* "id-alg-noSignature" */ +-&(nid_objs[268]),/* "id-cct" */ +-&(nid_objs[361]),/* "id-cct-PKIData" */ +-&(nid_objs[362]),/* "id-cct-PKIResponse" */ +-&(nid_objs[360]),/* "id-cct-crs" */ +-&(nid_objs[81]),/* "id-ce" */ +-&(nid_objs[680]),/* "id-characteristic-two-basis" */ +-&(nid_objs[263]),/* "id-cmc" */ +-&(nid_objs[334]),/* "id-cmc-addExtensions" */ +-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ +-&(nid_objs[330]),/* "id-cmc-dataReturn" */ +-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */ +-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */ +-&(nid_objs[339]),/* "id-cmc-getCRL" */ +-&(nid_objs[338]),/* "id-cmc-getCert" */ +-&(nid_objs[328]),/* "id-cmc-identification" */ +-&(nid_objs[329]),/* "id-cmc-identityProof" */ +-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */ +-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */ +-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */ +-&(nid_objs[343]),/* "id-cmc-queryPending" */ +-&(nid_objs[333]),/* "id-cmc-recipientNonce" */ +-&(nid_objs[341]),/* "id-cmc-regInfo" */ +-&(nid_objs[342]),/* "id-cmc-responseInfo" */ +-&(nid_objs[340]),/* "id-cmc-revokeRequest" */ +-&(nid_objs[332]),/* "id-cmc-senderNonce" */ +-&(nid_objs[327]),/* "id-cmc-statusInfo" */ +-&(nid_objs[331]),/* "id-cmc-transactionId" */ +-&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ +-&(nid_objs[408]),/* "id-ecPublicKey" */ +-&(nid_objs[508]),/* "id-hex-multipart-message" */ +-&(nid_objs[507]),/* "id-hex-partial-message" */ +-&(nid_objs[260]),/* "id-it" */ +-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */ +-&(nid_objs[298]),/* "id-it-caProtEncCert" */ +-&(nid_objs[311]),/* "id-it-confirmWaitTime" */ +-&(nid_objs[303]),/* "id-it-currentCRL" */ +-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */ +-&(nid_objs[310]),/* "id-it-implicitConfirm" */ +-&(nid_objs[308]),/* "id-it-keyPairParamRep" */ +-&(nid_objs[307]),/* "id-it-keyPairParamReq" */ +-&(nid_objs[312]),/* "id-it-origPKIMessage" */ +-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */ +-&(nid_objs[309]),/* "id-it-revPassphrase" */ +-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */ +-&(nid_objs[305]),/* "id-it-subscriptionRequest" */ +-&(nid_objs[306]),/* "id-it-subscriptionResponse" */ +-&(nid_objs[784]),/* "id-it-suppLangTags" */ +-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */ +-&(nid_objs[128]),/* "id-kp" */ +-&(nid_objs[280]),/* "id-mod-attribute-cert" */ +-&(nid_objs[274]),/* "id-mod-cmc" */ +-&(nid_objs[277]),/* "id-mod-cmp" */ +-&(nid_objs[284]),/* "id-mod-cmp2000" */ +-&(nid_objs[273]),/* "id-mod-crmf" */ +-&(nid_objs[283]),/* "id-mod-dvcs" */ +-&(nid_objs[275]),/* "id-mod-kea-profile-88" */ +-&(nid_objs[276]),/* "id-mod-kea-profile-93" */ +-&(nid_objs[282]),/* "id-mod-ocsp" */ +-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */ +-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */ +-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */ +-&(nid_objs[264]),/* "id-on" */ +-&(nid_objs[347]),/* "id-on-personalData" */ +-&(nid_objs[265]),/* "id-pda" */ +-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */ +-&(nid_objs[353]),/* "id-pda-countryOfResidence" */ +-&(nid_objs[348]),/* "id-pda-dateOfBirth" */ +-&(nid_objs[351]),/* "id-pda-gender" */ +-&(nid_objs[349]),/* "id-pda-placeOfBirth" */ +-&(nid_objs[175]),/* "id-pe" */ +-&(nid_objs[261]),/* "id-pkip" */ +-&(nid_objs[258]),/* "id-pkix-mod" */ +-&(nid_objs[269]),/* "id-pkix1-explicit-88" */ +-&(nid_objs[271]),/* "id-pkix1-explicit-93" */ +-&(nid_objs[270]),/* "id-pkix1-implicit-88" */ +-&(nid_objs[272]),/* "id-pkix1-implicit-93" */ +-&(nid_objs[662]),/* "id-ppl" */ +-&(nid_objs[267]),/* "id-qcs" */ +-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ +-&(nid_objs[259]),/* "id-qt" */ +-&(nid_objs[313]),/* "id-regCtrl" */ +-&(nid_objs[316]),/* "id-regCtrl-authenticator" */ +-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */ +-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */ +-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */ +-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */ +-&(nid_objs[315]),/* "id-regCtrl-regToken" */ +-&(nid_objs[314]),/* "id-regInfo" */ +-&(nid_objs[322]),/* "id-regInfo-certReq" */ +-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */ +-&(nid_objs[191]),/* "id-smime-aa" */ +-&(nid_objs[215]),/* "id-smime-aa-contentHint" */ +-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */ +-&(nid_objs[221]),/* "id-smime-aa-contentReference" */ +-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */ +-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */ +-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */ +-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */ +-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */ +-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */ +-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */ +-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */ +-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */ +-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */ +-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */ +-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */ +-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */ +-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */ +-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */ +-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */ +-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */ +-&(nid_objs[219]),/* "id-smime-aa-macValue" */ +-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */ +-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */ +-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */ +-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */ +-&(nid_objs[239]),/* "id-smime-aa-signatureType" */ +-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */ +-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */ +-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */ +-&(nid_objs[192]),/* "id-smime-alg" */ +-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */ +-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */ +-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */ +-&(nid_objs[245]),/* "id-smime-alg-ESDH" */ +-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */ +-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */ +-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */ +-&(nid_objs[193]),/* "id-smime-cd" */ +-&(nid_objs[248]),/* "id-smime-cd-ldap" */ +-&(nid_objs[190]),/* "id-smime-ct" */ +-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */ +-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */ +-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ +-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ +-&(nid_objs[205]),/* "id-smime-ct-authData" */ +-&(nid_objs[786]),/* "id-smime-ct-compressedData" */ +-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */ +-&(nid_objs[206]),/* "id-smime-ct-publishCert" */ +-&(nid_objs[204]),/* "id-smime-ct-receipt" */ +-&(nid_objs[195]),/* "id-smime-cti" */ +-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */ +-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */ +-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */ +-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */ +-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */ +-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */ +-&(nid_objs[189]),/* "id-smime-mod" */ +-&(nid_objs[196]),/* "id-smime-mod-cms" */ +-&(nid_objs[197]),/* "id-smime-mod-ess" */ +-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */ +-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */ +-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */ +-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */ +-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */ +-&(nid_objs[198]),/* "id-smime-mod-oid" */ +-&(nid_objs[194]),/* "id-smime-spq" */ +-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */ +-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ +-&(nid_objs[34]),/* "idea-cbc" */ +-&(nid_objs[35]),/* "idea-cfb" */ +-&(nid_objs[36]),/* "idea-ecb" */ +-&(nid_objs[46]),/* "idea-ofb" */ +-&(nid_objs[676]),/* "identified-organization" */ +-&(nid_objs[461]),/* "info" */ +-&(nid_objs[101]),/* "initials" */ +-&(nid_objs[749]),/* "ipsec3" */ +-&(nid_objs[750]),/* "ipsec4" */ +-&(nid_objs[181]),/* "iso" */ +-&(nid_objs[623]),/* "issuer capabilities" */ +-&(nid_objs[645]),/* "itu-t" */ +-&(nid_objs[492]),/* "janetMailbox" */ +-&(nid_objs[646]),/* "joint-iso-itu-t" */ +-&(nid_objs[150]),/* "keyBag" */ +-&(nid_objs[773]),/* "kisa" */ +-&(nid_objs[477]),/* "lastModifiedBy" */ +-&(nid_objs[476]),/* "lastModifiedTime" */ +-&(nid_objs[157]),/* "localKeyID" */ +-&(nid_objs[15]),/* "localityName" */ +-&(nid_objs[480]),/* "mXRecord" */ +-&(nid_objs[493]),/* "mailPreferenceOption" */ +-&(nid_objs[467]),/* "manager" */ +-&(nid_objs[ 3]),/* "md2" */ +-&(nid_objs[ 7]),/* "md2WithRSAEncryption" */ +-&(nid_objs[257]),/* "md4" */ +-&(nid_objs[396]),/* "md4WithRSAEncryption" */ +-&(nid_objs[ 4]),/* "md5" */ +-&(nid_objs[114]),/* "md5-sha1" */ +-&(nid_objs[104]),/* "md5WithRSA" */ +-&(nid_objs[ 8]),/* "md5WithRSAEncryption" */ +-&(nid_objs[95]),/* "mdc2" */ +-&(nid_objs[96]),/* "mdc2WithRSA" */ +-&(nid_objs[602]),/* "merchant initiated auth" */ +-&(nid_objs[514]),/* "message extensions" */ +-&(nid_objs[51]),/* "messageDigest" */ +-&(nid_objs[506]),/* "mime-mhs-bodies" */ +-&(nid_objs[505]),/* "mime-mhs-headings" */ +-&(nid_objs[488]),/* "mobileTelephoneNumber" */ +-&(nid_objs[481]),/* "nSRecord" */ +-&(nid_objs[173]),/* "name" */ +-&(nid_objs[681]),/* "onBasis" */ +-&(nid_objs[379]),/* "org" */ +-&(nid_objs[17]),/* "organizationName" */ +-&(nid_objs[491]),/* "organizationalStatus" */ +-&(nid_objs[18]),/* "organizationalUnitName" */ +-&(nid_objs[475]),/* "otherMailbox" */ +-&(nid_objs[489]),/* "pagerTelephoneNumber" */ +-&(nid_objs[782]),/* "password based MAC" */ +-&(nid_objs[374]),/* "path" */ +-&(nid_objs[621]),/* "payment gateway capabilities" */ +-&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */ +-&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */ +-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */ +-&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */ +-&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */ +-&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */ +-&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */ +-&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */ +-&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */ +-&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */ +-&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */ +-&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */ +-&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */ +-&(nid_objs[499]),/* "personalSignature" */ +-&(nid_objs[487]),/* "personalTitle" */ +-&(nid_objs[464]),/* "photo" */ +-&(nid_objs[437]),/* "pilot" */ +-&(nid_objs[439]),/* "pilotAttributeSyntax" */ +-&(nid_objs[438]),/* "pilotAttributeType" */ +-&(nid_objs[479]),/* "pilotAttributeType27" */ +-&(nid_objs[456]),/* "pilotDSA" */ +-&(nid_objs[441]),/* "pilotGroups" */ +-&(nid_objs[444]),/* "pilotObject" */ +-&(nid_objs[440]),/* "pilotObjectClass" */ +-&(nid_objs[455]),/* "pilotOrganization" */ +-&(nid_objs[445]),/* "pilotPerson" */ +-&(nid_objs[186]),/* "pkcs1" */ +-&(nid_objs[27]),/* "pkcs3" */ +-&(nid_objs[187]),/* "pkcs5" */ +-&(nid_objs[20]),/* "pkcs7" */ +-&(nid_objs[21]),/* "pkcs7-data" */ +-&(nid_objs[25]),/* "pkcs7-digestData" */ +-&(nid_objs[26]),/* "pkcs7-encryptedData" */ +-&(nid_objs[23]),/* "pkcs7-envelopedData" */ +-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */ +-&(nid_objs[22]),/* "pkcs7-signedData" */ +-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ +-&(nid_objs[47]),/* "pkcs9" */ +-&(nid_objs[661]),/* "postalCode" */ +-&(nid_objs[683]),/* "ppBasis" */ +-&(nid_objs[406]),/* "prime-field" */ +-&(nid_objs[409]),/* "prime192v1" */ +-&(nid_objs[410]),/* "prime192v2" */ +-&(nid_objs[411]),/* "prime192v3" */ +-&(nid_objs[412]),/* "prime239v1" */ +-&(nid_objs[413]),/* "prime239v2" */ +-&(nid_objs[414]),/* "prime239v3" */ +-&(nid_objs[415]),/* "prime256v1" */ +-&(nid_objs[510]),/* "pseudonym" */ +-&(nid_objs[435]),/* "pss" */ +-&(nid_objs[286]),/* "qcStatements" */ +-&(nid_objs[457]),/* "qualityLabelledData" */ +-&(nid_objs[450]),/* "rFC822localPart" */ +-&(nid_objs[98]),/* "rc2-40-cbc" */ +-&(nid_objs[166]),/* "rc2-64-cbc" */ +-&(nid_objs[37]),/* "rc2-cbc" */ +-&(nid_objs[39]),/* "rc2-cfb" */ +-&(nid_objs[38]),/* "rc2-ecb" */ +-&(nid_objs[40]),/* "rc2-ofb" */ +-&(nid_objs[ 5]),/* "rc4" */ +-&(nid_objs[97]),/* "rc4-40" */ +-&(nid_objs[120]),/* "rc5-cbc" */ +-&(nid_objs[122]),/* "rc5-cfb" */ +-&(nid_objs[121]),/* "rc5-ecb" */ +-&(nid_objs[123]),/* "rc5-ofb" */ +-&(nid_objs[460]),/* "rfc822Mailbox" */ +-&(nid_objs[117]),/* "ripemd160" */ +-&(nid_objs[119]),/* "ripemd160WithRSA" */ +-&(nid_objs[400]),/* "role" */ +-&(nid_objs[448]),/* "room" */ +-&(nid_objs[463]),/* "roomNumber" */ +-&(nid_objs[19]),/* "rsa" */ +-&(nid_objs[ 6]),/* "rsaEncryption" */ +-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ +-&(nid_objs[377]),/* "rsaSignature" */ +-&(nid_objs[124]),/* "run length compression" */ +-&(nid_objs[482]),/* "sOARecord" */ +-&(nid_objs[155]),/* "safeContentsBag" */ +-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ +-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ +-&(nid_objs[292]),/* "sbgp-routerIdentifier" */ +-&(nid_objs[159]),/* "sdsiCertificate" */ +-&(nid_objs[704]),/* "secp112r1" */ +-&(nid_objs[705]),/* "secp112r2" */ +-&(nid_objs[706]),/* "secp128r1" */ +-&(nid_objs[707]),/* "secp128r2" */ +-&(nid_objs[708]),/* "secp160k1" */ +-&(nid_objs[709]),/* "secp160r1" */ +-&(nid_objs[710]),/* "secp160r2" */ +-&(nid_objs[711]),/* "secp192k1" */ +-&(nid_objs[712]),/* "secp224k1" */ +-&(nid_objs[713]),/* "secp224r1" */ +-&(nid_objs[714]),/* "secp256k1" */ +-&(nid_objs[715]),/* "secp384r1" */ +-&(nid_objs[716]),/* "secp521r1" */ +-&(nid_objs[154]),/* "secretBag" */ +-&(nid_objs[474]),/* "secretary" */ +-&(nid_objs[717]),/* "sect113r1" */ +-&(nid_objs[718]),/* "sect113r2" */ +-&(nid_objs[719]),/* "sect131r1" */ +-&(nid_objs[720]),/* "sect131r2" */ +-&(nid_objs[721]),/* "sect163k1" */ +-&(nid_objs[722]),/* "sect163r1" */ +-&(nid_objs[723]),/* "sect163r2" */ +-&(nid_objs[724]),/* "sect193r1" */ +-&(nid_objs[725]),/* "sect193r2" */ +-&(nid_objs[726]),/* "sect233k1" */ +-&(nid_objs[727]),/* "sect233r1" */ +-&(nid_objs[728]),/* "sect239k1" */ +-&(nid_objs[729]),/* "sect283k1" */ +-&(nid_objs[730]),/* "sect283r1" */ +-&(nid_objs[731]),/* "sect409k1" */ +-&(nid_objs[732]),/* "sect409r1" */ +-&(nid_objs[733]),/* "sect571k1" */ +-&(nid_objs[734]),/* "sect571r1" */ +-&(nid_objs[635]),/* "secure device signature" */ +-&(nid_objs[777]),/* "seed-cbc" */ +-&(nid_objs[779]),/* "seed-cfb" */ +-&(nid_objs[776]),/* "seed-ecb" */ +-&(nid_objs[778]),/* "seed-ofb" */ +-&(nid_objs[105]),/* "serialNumber" */ +-&(nid_objs[625]),/* "set-addPolicy" */ +-&(nid_objs[515]),/* "set-attr" */ +-&(nid_objs[518]),/* "set-brand" */ +-&(nid_objs[638]),/* "set-brand-AmericanExpress" */ +-&(nid_objs[637]),/* "set-brand-Diners" */ +-&(nid_objs[636]),/* "set-brand-IATA-ATA" */ +-&(nid_objs[639]),/* "set-brand-JCB" */ +-&(nid_objs[641]),/* "set-brand-MasterCard" */ +-&(nid_objs[642]),/* "set-brand-Novus" */ +-&(nid_objs[640]),/* "set-brand-Visa" */ +-&(nid_objs[516]),/* "set-policy" */ +-&(nid_objs[607]),/* "set-policy-root" */ +-&(nid_objs[624]),/* "set-rootKeyThumb" */ +-&(nid_objs[620]),/* "setAttr-Cert" */ +-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ +-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ +-&(nid_objs[629]),/* "setAttr-IssCap-T2" */ +-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ +-&(nid_objs[626]),/* "setAttr-Token-EMV" */ +-&(nid_objs[622]),/* "setAttr-TokenType" */ +-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ +-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ +-&(nid_objs[616]),/* "setCext-TokenIdentifier" */ +-&(nid_objs[618]),/* "setCext-TokenType" */ +-&(nid_objs[617]),/* "setCext-Track2Data" */ +-&(nid_objs[611]),/* "setCext-cCertRequired" */ +-&(nid_objs[609]),/* "setCext-certType" */ +-&(nid_objs[608]),/* "setCext-hashedRoot" */ +-&(nid_objs[610]),/* "setCext-merchData" */ +-&(nid_objs[613]),/* "setCext-setExt" */ +-&(nid_objs[614]),/* "setCext-setQualf" */ +-&(nid_objs[612]),/* "setCext-tunneling" */ +-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ +-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ +-&(nid_objs[570]),/* "setct-AuthReqTBE" */ +-&(nid_objs[534]),/* "setct-AuthReqTBS" */ +-&(nid_objs[527]),/* "setct-AuthResBaggage" */ +-&(nid_objs[571]),/* "setct-AuthResTBE" */ +-&(nid_objs[572]),/* "setct-AuthResTBEX" */ +-&(nid_objs[535]),/* "setct-AuthResTBS" */ +-&(nid_objs[536]),/* "setct-AuthResTBSX" */ +-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ +-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ +-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ +-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ +-&(nid_objs[542]),/* "setct-AuthRevResData" */ +-&(nid_objs[578]),/* "setct-AuthRevResTBE" */ +-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ +-&(nid_objs[543]),/* "setct-AuthRevResTBS" */ +-&(nid_objs[573]),/* "setct-AuthTokenTBE" */ +-&(nid_objs[537]),/* "setct-AuthTokenTBS" */ +-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ +-&(nid_objs[558]),/* "setct-BatchAdminReqData" */ +-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ +-&(nid_objs[559]),/* "setct-BatchAdminResData" */ +-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ +-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ +-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ +-&(nid_objs[580]),/* "setct-CapReqTBE" */ +-&(nid_objs[581]),/* "setct-CapReqTBEX" */ +-&(nid_objs[544]),/* "setct-CapReqTBS" */ +-&(nid_objs[545]),/* "setct-CapReqTBSX" */ +-&(nid_objs[546]),/* "setct-CapResData" */ +-&(nid_objs[582]),/* "setct-CapResTBE" */ +-&(nid_objs[583]),/* "setct-CapRevReqTBE" */ +-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ +-&(nid_objs[547]),/* "setct-CapRevReqTBS" */ +-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ +-&(nid_objs[549]),/* "setct-CapRevResData" */ +-&(nid_objs[585]),/* "setct-CapRevResTBE" */ +-&(nid_objs[538]),/* "setct-CapTokenData" */ +-&(nid_objs[530]),/* "setct-CapTokenSeq" */ +-&(nid_objs[574]),/* "setct-CapTokenTBE" */ +-&(nid_objs[575]),/* "setct-CapTokenTBEX" */ +-&(nid_objs[539]),/* "setct-CapTokenTBS" */ +-&(nid_objs[560]),/* "setct-CardCInitResTBS" */ +-&(nid_objs[566]),/* "setct-CertInqReqTBS" */ +-&(nid_objs[563]),/* "setct-CertReqData" */ +-&(nid_objs[595]),/* "setct-CertReqTBE" */ +-&(nid_objs[596]),/* "setct-CertReqTBEX" */ +-&(nid_objs[564]),/* "setct-CertReqTBS" */ +-&(nid_objs[565]),/* "setct-CertResData" */ +-&(nid_objs[597]),/* "setct-CertResTBE" */ +-&(nid_objs[586]),/* "setct-CredReqTBE" */ +-&(nid_objs[587]),/* "setct-CredReqTBEX" */ +-&(nid_objs[550]),/* "setct-CredReqTBS" */ +-&(nid_objs[551]),/* "setct-CredReqTBSX" */ +-&(nid_objs[552]),/* "setct-CredResData" */ +-&(nid_objs[588]),/* "setct-CredResTBE" */ +-&(nid_objs[589]),/* "setct-CredRevReqTBE" */ +-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ +-&(nid_objs[553]),/* "setct-CredRevReqTBS" */ +-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ +-&(nid_objs[555]),/* "setct-CredRevResData" */ +-&(nid_objs[591]),/* "setct-CredRevResTBE" */ +-&(nid_objs[567]),/* "setct-ErrorTBS" */ +-&(nid_objs[526]),/* "setct-HODInput" */ +-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ +-&(nid_objs[522]),/* "setct-OIData" */ +-&(nid_objs[519]),/* "setct-PANData" */ +-&(nid_objs[521]),/* "setct-PANOnly" */ +-&(nid_objs[520]),/* "setct-PANToken" */ +-&(nid_objs[556]),/* "setct-PCertReqData" */ +-&(nid_objs[557]),/* "setct-PCertResTBS" */ +-&(nid_objs[523]),/* "setct-PI" */ +-&(nid_objs[532]),/* "setct-PI-TBS" */ +-&(nid_objs[524]),/* "setct-PIData" */ +-&(nid_objs[525]),/* "setct-PIDataUnsigned" */ +-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ +-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ +-&(nid_objs[531]),/* "setct-PInitResData" */ +-&(nid_objs[533]),/* "setct-PResData" */ +-&(nid_objs[594]),/* "setct-RegFormReqTBE" */ +-&(nid_objs[562]),/* "setct-RegFormResTBS" */ +-&(nid_objs[604]),/* "setext-pinAny" */ +-&(nid_objs[603]),/* "setext-pinSecure" */ +-&(nid_objs[605]),/* "setext-track2" */ +-&(nid_objs[41]),/* "sha" */ +-&(nid_objs[64]),/* "sha1" */ +-&(nid_objs[115]),/* "sha1WithRSA" */ +-&(nid_objs[65]),/* "sha1WithRSAEncryption" */ +-&(nid_objs[675]),/* "sha224" */ +-&(nid_objs[671]),/* "sha224WithRSAEncryption" */ +-&(nid_objs[672]),/* "sha256" */ +-&(nid_objs[668]),/* "sha256WithRSAEncryption" */ +-&(nid_objs[673]),/* "sha384" */ +-&(nid_objs[669]),/* "sha384WithRSAEncryption" */ +-&(nid_objs[674]),/* "sha512" */ +-&(nid_objs[670]),/* "sha512WithRSAEncryption" */ +-&(nid_objs[42]),/* "shaWithRSAEncryption" */ +-&(nid_objs[52]),/* "signingTime" */ +-&(nid_objs[454]),/* "simpleSecurityObject" */ +-&(nid_objs[496]),/* "singleLevelQuality" */ +-&(nid_objs[16]),/* "stateOrProvinceName" */ +-&(nid_objs[660]),/* "streetAddress" */ +-&(nid_objs[498]),/* "subtreeMaximumQuality" */ +-&(nid_objs[497]),/* "subtreeMinimumQuality" */ +-&(nid_objs[100]),/* "surname" */ +-&(nid_objs[459]),/* "textEncodedORAddress" */ +-&(nid_objs[293]),/* "textNotice" */ +-&(nid_objs[106]),/* "title" */ +-&(nid_objs[682]),/* "tpBasis" */ +-&(nid_objs[436]),/* "ucl" */ +-&(nid_objs[ 0]),/* "undefined" */ +-&(nid_objs[55]),/* "unstructuredAddress" */ +-&(nid_objs[49]),/* "unstructuredName" */ +-&(nid_objs[465]),/* "userClass" */ +-&(nid_objs[458]),/* "userId" */ +-&(nid_objs[373]),/* "valid" */ +-&(nid_objs[678]),/* "wap" */ +-&(nid_objs[679]),/* "wap-wsg" */ +-&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */ +-&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */ +-&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */ +-&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */ +-&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */ +-&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */ +-&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */ +-&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */ +-&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ +-&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ +-&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ +-&(nid_objs[804]),/* "whirlpool" */ +-&(nid_objs[503]),/* "x500UniqueIdentifier" */ +-&(nid_objs[158]),/* "x509Certificate" */ +-&(nid_objs[160]),/* "x509Crl" */ +-&(nid_objs[125]),/* "zlib compression" */ ++static const unsigned int ln_objs[NUM_LN]={ ++363, /* "AD Time Stamping" */ ++405, /* "ANSI X9.62" */ ++368, /* "Acceptable OCSP Responses" */ ++910, /* "Any Extended Key Usage" */ ++664, /* "Any language" */ ++177, /* "Authority Information Access" */ ++365, /* "Basic OCSP Response" */ ++285, /* "Biometric Info" */ ++179, /* "CA Issuers" */ ++785, /* "CA Repository" */ ++954, /* "CT Certificate SCTs" */ ++952, /* "CT Precertificate Poison" */ ++951, /* "CT Precertificate SCTs" */ ++953, /* "CT Precertificate Signer" */ ++131, /* "Code Signing" */ ++783, /* "Diffie-Hellman based MAC" */ ++382, /* "Directory" */ ++392, /* "Domain" */ ++132, /* "E-mail Protection" */ ++389, /* "Enterprises" */ ++384, /* "Experimental" */ ++372, /* "Extended OCSP Status" */ ++172, /* "Extension Request" */ ++813, /* "GOST 28147-89" */ ++849, /* "GOST 28147-89 Cryptocom ParamSet" */ ++815, /* "GOST 28147-89 MAC" */ ++851, /* "GOST 34.10-2001 Cryptocom" */ ++850, /* "GOST 34.10-94 Cryptocom" */ ++811, /* "GOST R 34.10-2001" */ ++817, /* "GOST R 34.10-2001 DH" */ ++812, /* "GOST R 34.10-94" */ ++818, /* "GOST R 34.10-94 DH" */ ++809, /* "GOST R 34.11-94" */ ++816, /* "GOST R 34.11-94 PRF" */ ++807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ ++853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ ++808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ ++852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ ++854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ ++810, /* "HMAC GOST 34.11-94" */ ++432, /* "Hold Instruction Call Issuer" */ ++430, /* "Hold Instruction Code" */ ++431, /* "Hold Instruction None" */ ++433, /* "Hold Instruction Reject" */ ++634, /* "ICC or token signature" */ ++294, /* "IPSec End System" */ ++295, /* "IPSec Tunnel" */ ++296, /* "IPSec User" */ ++182, /* "ISO Member Body" */ ++183, /* "ISO US Member Body" */ ++667, /* "Independent" */ ++665, /* "Inherit all" */ ++647, /* "International Organizations" */ ++142, /* "Invalidity Date" */ ++504, /* "MIME MHS" */ ++388, /* "Mail" */ ++383, /* "Management" */ ++417, /* "Microsoft CSP Name" */ ++135, /* "Microsoft Commercial Code Signing" */ ++138, /* "Microsoft Encrypted File System" */ ++171, /* "Microsoft Extension Request" */ ++134, /* "Microsoft Individual Code Signing" */ ++856, /* "Microsoft Local Key set" */ ++137, /* "Microsoft Server Gated Crypto" */ ++648, /* "Microsoft Smartcardlogin" */ ++136, /* "Microsoft Trust List Signing" */ ++649, /* "Microsoft Universal Principal Name" */ ++393, /* "NULL" */ ++404, /* "NULL" */ ++72, /* "Netscape Base Url" */ ++76, /* "Netscape CA Policy Url" */ ++74, /* "Netscape CA Revocation Url" */ ++71, /* "Netscape Cert Type" */ ++58, /* "Netscape Certificate Extension" */ ++79, /* "Netscape Certificate Sequence" */ ++78, /* "Netscape Comment" */ ++57, /* "Netscape Communications Corp." */ ++59, /* "Netscape Data Type" */ ++75, /* "Netscape Renewal Url" */ ++73, /* "Netscape Revocation Url" */ ++77, /* "Netscape SSL Server Name" */ ++139, /* "Netscape Server Gated Crypto" */ ++178, /* "OCSP" */ ++370, /* "OCSP Archive Cutoff" */ ++367, /* "OCSP CRL ID" */ ++369, /* "OCSP No Check" */ ++366, /* "OCSP Nonce" */ ++371, /* "OCSP Service Locator" */ ++180, /* "OCSP Signing" */ ++161, /* "PBES2" */ ++69, /* "PBKDF2" */ ++162, /* "PBMAC1" */ ++127, /* "PKIX" */ ++858, /* "Permanent Identifier" */ ++164, /* "Policy Qualifier CPS" */ ++165, /* "Policy Qualifier User Notice" */ ++385, /* "Private" */ ++663, /* "Proxy Certificate Information" */ ++ 1, /* "RSA Data Security, Inc." */ ++ 2, /* "RSA Data Security, Inc. PKCS" */ ++188, /* "S/MIME" */ ++167, /* "S/MIME Capabilities" */ ++387, /* "SNMPv2" */ ++512, /* "Secure Electronic Transactions" */ ++386, /* "Security" */ ++394, /* "Selected Attribute Types" */ ++143, /* "Strong Extranet ID" */ ++398, /* "Subject Information Access" */ ++130, /* "TLS Web Client Authentication" */ ++129, /* "TLS Web Server Authentication" */ ++133, /* "Time Stamping" */ ++375, /* "Trust Root" */ ++12, /* "X509" */ ++402, /* "X509v3 AC Targeting" */ ++746, /* "X509v3 Any Policy" */ ++90, /* "X509v3 Authority Key Identifier" */ ++87, /* "X509v3 Basic Constraints" */ ++103, /* "X509v3 CRL Distribution Points" */ ++88, /* "X509v3 CRL Number" */ ++141, /* "X509v3 CRL Reason Code" */ ++771, /* "X509v3 Certificate Issuer" */ ++89, /* "X509v3 Certificate Policies" */ ++140, /* "X509v3 Delta CRL Indicator" */ ++126, /* "X509v3 Extended Key Usage" */ ++857, /* "X509v3 Freshest CRL" */ ++748, /* "X509v3 Inhibit Any Policy" */ ++86, /* "X509v3 Issuer Alternative Name" */ ++770, /* "X509v3 Issuing Distrubution Point" */ ++83, /* "X509v3 Key Usage" */ ++666, /* "X509v3 Name Constraints" */ ++403, /* "X509v3 No Revocation Available" */ ++401, /* "X509v3 Policy Constraints" */ ++747, /* "X509v3 Policy Mappings" */ ++84, /* "X509v3 Private Key Usage Period" */ ++85, /* "X509v3 Subject Alternative Name" */ ++769, /* "X509v3 Subject Directory Attributes" */ ++82, /* "X509v3 Subject Key Identifier" */ ++920, /* "X9.42 DH" */ ++184, /* "X9.57" */ ++185, /* "X9.57 CM ?" */ ++478, /* "aRecord" */ ++289, /* "aaControls" */ ++287, /* "ac-auditEntity" */ ++397, /* "ac-proxying" */ ++288, /* "ac-targeting" */ ++446, /* "account" */ ++364, /* "ad dvcs" */ ++606, /* "additional verification" */ ++419, /* "aes-128-cbc" */ ++916, /* "aes-128-cbc-hmac-sha1" */ ++948, /* "aes-128-cbc-hmac-sha256" */ ++896, /* "aes-128-ccm" */ ++421, /* "aes-128-cfb" */ ++650, /* "aes-128-cfb1" */ ++653, /* "aes-128-cfb8" */ ++904, /* "aes-128-ctr" */ ++418, /* "aes-128-ecb" */ ++895, /* "aes-128-gcm" */ ++420, /* "aes-128-ofb" */ ++913, /* "aes-128-xts" */ ++423, /* "aes-192-cbc" */ ++917, /* "aes-192-cbc-hmac-sha1" */ ++949, /* "aes-192-cbc-hmac-sha256" */ ++899, /* "aes-192-ccm" */ ++425, /* "aes-192-cfb" */ ++651, /* "aes-192-cfb1" */ ++654, /* "aes-192-cfb8" */ ++905, /* "aes-192-ctr" */ ++422, /* "aes-192-ecb" */ ++898, /* "aes-192-gcm" */ ++424, /* "aes-192-ofb" */ ++427, /* "aes-256-cbc" */ ++918, /* "aes-256-cbc-hmac-sha1" */ ++950, /* "aes-256-cbc-hmac-sha256" */ ++902, /* "aes-256-ccm" */ ++429, /* "aes-256-cfb" */ ++652, /* "aes-256-cfb1" */ ++655, /* "aes-256-cfb8" */ ++906, /* "aes-256-ctr" */ ++426, /* "aes-256-ecb" */ ++901, /* "aes-256-gcm" */ ++428, /* "aes-256-ofb" */ ++914, /* "aes-256-xts" */ ++376, /* "algorithm" */ ++484, /* "associatedDomain" */ ++485, /* "associatedName" */ ++501, /* "audio" */ ++882, /* "authorityRevocationList" */ ++91, /* "bf-cbc" */ ++93, /* "bf-cfb" */ ++92, /* "bf-ecb" */ ++94, /* "bf-ofb" */ ++921, /* "brainpoolP160r1" */ ++922, /* "brainpoolP160t1" */ ++923, /* "brainpoolP192r1" */ ++924, /* "brainpoolP192t1" */ ++925, /* "brainpoolP224r1" */ ++926, /* "brainpoolP224t1" */ ++927, /* "brainpoolP256r1" */ ++928, /* "brainpoolP256t1" */ ++929, /* "brainpoolP320r1" */ ++930, /* "brainpoolP320t1" */ ++931, /* "brainpoolP384r1" */ ++932, /* "brainpoolP384t1" */ ++933, /* "brainpoolP512r1" */ ++934, /* "brainpoolP512t1" */ ++494, /* "buildingName" */ ++860, /* "businessCategory" */ ++691, /* "c2onb191v4" */ ++692, /* "c2onb191v5" */ ++697, /* "c2onb239v4" */ ++698, /* "c2onb239v5" */ ++684, /* "c2pnb163v1" */ ++685, /* "c2pnb163v2" */ ++686, /* "c2pnb163v3" */ ++687, /* "c2pnb176v1" */ ++693, /* "c2pnb208w1" */ ++699, /* "c2pnb272w1" */ ++700, /* "c2pnb304w1" */ ++702, /* "c2pnb368w1" */ ++688, /* "c2tnb191v1" */ ++689, /* "c2tnb191v2" */ ++690, /* "c2tnb191v3" */ ++694, /* "c2tnb239v1" */ ++695, /* "c2tnb239v2" */ ++696, /* "c2tnb239v3" */ ++701, /* "c2tnb359v1" */ ++703, /* "c2tnb431r1" */ ++881, /* "cACertificate" */ ++483, /* "cNAMERecord" */ ++751, /* "camellia-128-cbc" */ ++757, /* "camellia-128-cfb" */ ++760, /* "camellia-128-cfb1" */ ++763, /* "camellia-128-cfb8" */ ++754, /* "camellia-128-ecb" */ ++766, /* "camellia-128-ofb" */ ++752, /* "camellia-192-cbc" */ ++758, /* "camellia-192-cfb" */ ++761, /* "camellia-192-cfb1" */ ++764, /* "camellia-192-cfb8" */ ++755, /* "camellia-192-ecb" */ ++767, /* "camellia-192-ofb" */ ++753, /* "camellia-256-cbc" */ ++759, /* "camellia-256-cfb" */ ++762, /* "camellia-256-cfb1" */ ++765, /* "camellia-256-cfb8" */ ++756, /* "camellia-256-ecb" */ ++768, /* "camellia-256-ofb" */ ++443, /* "caseIgnoreIA5StringSyntax" */ ++108, /* "cast5-cbc" */ ++110, /* "cast5-cfb" */ ++109, /* "cast5-ecb" */ ++111, /* "cast5-ofb" */ ++152, /* "certBag" */ ++677, /* "certicom-arc" */ ++517, /* "certificate extensions" */ ++883, /* "certificateRevocationList" */ ++54, /* "challengePassword" */ ++407, /* "characteristic-two-field" */ ++395, /* "clearance" */ ++633, /* "cleartext track 2" */ ++894, /* "cmac" */ ++13, /* "commonName" */ ++513, /* "content types" */ ++50, /* "contentType" */ ++53, /* "countersignature" */ ++14, /* "countryName" */ ++153, /* "crlBag" */ ++884, /* "crossCertificatePair" */ ++806, /* "cryptocom" */ ++805, /* "cryptopro" */ ++500, /* "dITRedirect" */ ++451, /* "dNSDomain" */ ++495, /* "dSAQuality" */ ++434, /* "data" */ ++390, /* "dcObject" */ ++891, /* "deltaRevocationList" */ ++31, /* "des-cbc" */ ++643, /* "des-cdmf" */ ++30, /* "des-cfb" */ ++656, /* "des-cfb1" */ ++657, /* "des-cfb8" */ ++29, /* "des-ecb" */ ++32, /* "des-ede" */ ++43, /* "des-ede-cbc" */ ++60, /* "des-ede-cfb" */ ++62, /* "des-ede-ofb" */ ++33, /* "des-ede3" */ ++44, /* "des-ede3-cbc" */ ++61, /* "des-ede3-cfb" */ ++658, /* "des-ede3-cfb1" */ ++659, /* "des-ede3-cfb8" */ ++63, /* "des-ede3-ofb" */ ++45, /* "des-ofb" */ ++107, /* "description" */ ++871, /* "destinationIndicator" */ ++80, /* "desx-cbc" */ ++947, /* "dh-cofactor-kdf" */ ++946, /* "dh-std-kdf" */ ++28, /* "dhKeyAgreement" */ ++941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ ++942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ ++943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ ++944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ ++945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ ++936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ ++937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ ++938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ ++939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ ++940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ ++11, /* "directory services (X.500)" */ ++378, /* "directory services - algorithms" */ ++887, /* "distinguishedName" */ ++892, /* "dmdName" */ ++174, /* "dnQualifier" */ ++447, /* "document" */ ++471, /* "documentAuthor" */ ++468, /* "documentIdentifier" */ ++472, /* "documentLocation" */ ++502, /* "documentPublisher" */ ++449, /* "documentSeries" */ ++469, /* "documentTitle" */ ++470, /* "documentVersion" */ ++380, /* "dod" */ ++391, /* "domainComponent" */ ++452, /* "domainRelatedObject" */ ++116, /* "dsaEncryption" */ ++67, /* "dsaEncryption-old" */ ++66, /* "dsaWithSHA" */ ++113, /* "dsaWithSHA1" */ ++70, /* "dsaWithSHA1-old" */ ++802, /* "dsa_with_SHA224" */ ++803, /* "dsa_with_SHA256" */ ++297, /* "dvcs" */ ++791, /* "ecdsa-with-Recommended" */ ++416, /* "ecdsa-with-SHA1" */ ++793, /* "ecdsa-with-SHA224" */ ++794, /* "ecdsa-with-SHA256" */ ++795, /* "ecdsa-with-SHA384" */ ++796, /* "ecdsa-with-SHA512" */ ++792, /* "ecdsa-with-Specified" */ ++48, /* "emailAddress" */ ++632, /* "encrypted track 2" */ ++885, /* "enhancedSearchGuide" */ ++56, /* "extendedCertificateAttributes" */ ++867, /* "facsimileTelephoneNumber" */ ++462, /* "favouriteDrink" */ ++453, /* "friendlyCountry" */ ++490, /* "friendlyCountryName" */ ++156, /* "friendlyName" */ ++631, /* "generate cryptogram" */ ++509, /* "generationQualifier" */ ++601, /* "generic cryptogram" */ ++99, /* "givenName" */ ++814, /* "gost89-cnt" */ ++855, /* "hmac" */ ++780, /* "hmac-md5" */ ++781, /* "hmac-sha1" */ ++797, /* "hmacWithMD5" */ ++163, /* "hmacWithSHA1" */ ++798, /* "hmacWithSHA224" */ ++799, /* "hmacWithSHA256" */ ++800, /* "hmacWithSHA384" */ ++801, /* "hmacWithSHA512" */ ++486, /* "homePostalAddress" */ ++473, /* "homeTelephoneNumber" */ ++466, /* "host" */ ++889, /* "houseIdentifier" */ ++442, /* "iA5StringSyntax" */ ++381, /* "iana" */ ++824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ ++825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ ++826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ ++827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ ++819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ ++829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ ++828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ ++830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ ++820, /* "id-Gost28147-89-None-KeyMeshing" */ ++823, /* "id-Gost28147-89-TestParamSet" */ ++840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ ++841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ ++842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ ++843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ ++844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ ++839, /* "id-GostR3410-2001-TestParamSet" */ ++832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ ++833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ ++834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ ++835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ ++836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ ++837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ ++838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ ++831, /* "id-GostR3410-94-TestParamSet" */ ++845, /* "id-GostR3410-94-a" */ ++846, /* "id-GostR3410-94-aBis" */ ++847, /* "id-GostR3410-94-b" */ ++848, /* "id-GostR3410-94-bBis" */ ++822, /* "id-GostR3411-94-CryptoProParamSet" */ ++821, /* "id-GostR3411-94-TestParamSet" */ ++266, /* "id-aca" */ ++355, /* "id-aca-accessIdentity" */ ++354, /* "id-aca-authenticationInfo" */ ++356, /* "id-aca-chargingIdentity" */ ++399, /* "id-aca-encAttrs" */ ++357, /* "id-aca-group" */ ++358, /* "id-aca-role" */ ++176, /* "id-ad" */ ++788, /* "id-aes128-wrap" */ ++897, /* "id-aes128-wrap-pad" */ ++789, /* "id-aes192-wrap" */ ++900, /* "id-aes192-wrap-pad" */ ++790, /* "id-aes256-wrap" */ ++903, /* "id-aes256-wrap-pad" */ ++262, /* "id-alg" */ ++893, /* "id-alg-PWRI-KEK" */ ++323, /* "id-alg-des40" */ ++326, /* "id-alg-dh-pop" */ ++325, /* "id-alg-dh-sig-hmac-sha1" */ ++324, /* "id-alg-noSignature" */ ++907, /* "id-camellia128-wrap" */ ++908, /* "id-camellia192-wrap" */ ++909, /* "id-camellia256-wrap" */ ++268, /* "id-cct" */ ++361, /* "id-cct-PKIData" */ ++362, /* "id-cct-PKIResponse" */ ++360, /* "id-cct-crs" */ ++81, /* "id-ce" */ ++680, /* "id-characteristic-two-basis" */ ++263, /* "id-cmc" */ ++334, /* "id-cmc-addExtensions" */ ++346, /* "id-cmc-confirmCertAcceptance" */ ++330, /* "id-cmc-dataReturn" */ ++336, /* "id-cmc-decryptedPOP" */ ++335, /* "id-cmc-encryptedPOP" */ ++339, /* "id-cmc-getCRL" */ ++338, /* "id-cmc-getCert" */ ++328, /* "id-cmc-identification" */ ++329, /* "id-cmc-identityProof" */ ++337, /* "id-cmc-lraPOPWitness" */ ++344, /* "id-cmc-popLinkRandom" */ ++345, /* "id-cmc-popLinkWitness" */ ++343, /* "id-cmc-queryPending" */ ++333, /* "id-cmc-recipientNonce" */ ++341, /* "id-cmc-regInfo" */ ++342, /* "id-cmc-responseInfo" */ ++340, /* "id-cmc-revokeRequest" */ ++332, /* "id-cmc-senderNonce" */ ++327, /* "id-cmc-statusInfo" */ ++331, /* "id-cmc-transactionId" */ ++787, /* "id-ct-asciiTextWithCRLF" */ ++408, /* "id-ecPublicKey" */ ++508, /* "id-hex-multipart-message" */ ++507, /* "id-hex-partial-message" */ ++260, /* "id-it" */ ++302, /* "id-it-caKeyUpdateInfo" */ ++298, /* "id-it-caProtEncCert" */ ++311, /* "id-it-confirmWaitTime" */ ++303, /* "id-it-currentCRL" */ ++300, /* "id-it-encKeyPairTypes" */ ++310, /* "id-it-implicitConfirm" */ ++308, /* "id-it-keyPairParamRep" */ ++307, /* "id-it-keyPairParamReq" */ ++312, /* "id-it-origPKIMessage" */ ++301, /* "id-it-preferredSymmAlg" */ ++309, /* "id-it-revPassphrase" */ ++299, /* "id-it-signKeyPairTypes" */ ++305, /* "id-it-subscriptionRequest" */ ++306, /* "id-it-subscriptionResponse" */ ++784, /* "id-it-suppLangTags" */ ++304, /* "id-it-unsupportedOIDs" */ ++128, /* "id-kp" */ ++280, /* "id-mod-attribute-cert" */ ++274, /* "id-mod-cmc" */ ++277, /* "id-mod-cmp" */ ++284, /* "id-mod-cmp2000" */ ++273, /* "id-mod-crmf" */ ++283, /* "id-mod-dvcs" */ ++275, /* "id-mod-kea-profile-88" */ ++276, /* "id-mod-kea-profile-93" */ ++282, /* "id-mod-ocsp" */ ++278, /* "id-mod-qualified-cert-88" */ ++279, /* "id-mod-qualified-cert-93" */ ++281, /* "id-mod-timestamp-protocol" */ ++264, /* "id-on" */ ++347, /* "id-on-personalData" */ ++265, /* "id-pda" */ ++352, /* "id-pda-countryOfCitizenship" */ ++353, /* "id-pda-countryOfResidence" */ ++348, /* "id-pda-dateOfBirth" */ ++351, /* "id-pda-gender" */ ++349, /* "id-pda-placeOfBirth" */ ++175, /* "id-pe" */ ++261, /* "id-pkip" */ ++258, /* "id-pkix-mod" */ ++269, /* "id-pkix1-explicit-88" */ ++271, /* "id-pkix1-explicit-93" */ ++270, /* "id-pkix1-implicit-88" */ ++272, /* "id-pkix1-implicit-93" */ ++662, /* "id-ppl" */ ++267, /* "id-qcs" */ ++359, /* "id-qcs-pkixQCSyntax-v1" */ ++259, /* "id-qt" */ ++313, /* "id-regCtrl" */ ++316, /* "id-regCtrl-authenticator" */ ++319, /* "id-regCtrl-oldCertID" */ ++318, /* "id-regCtrl-pkiArchiveOptions" */ ++317, /* "id-regCtrl-pkiPublicationInfo" */ ++320, /* "id-regCtrl-protocolEncrKey" */ ++315, /* "id-regCtrl-regToken" */ ++314, /* "id-regInfo" */ ++322, /* "id-regInfo-certReq" */ ++321, /* "id-regInfo-utf8Pairs" */ ++191, /* "id-smime-aa" */ ++215, /* "id-smime-aa-contentHint" */ ++218, /* "id-smime-aa-contentIdentifier" */ ++221, /* "id-smime-aa-contentReference" */ ++240, /* "id-smime-aa-dvcs-dvc" */ ++217, /* "id-smime-aa-encapContentType" */ ++222, /* "id-smime-aa-encrypKeyPref" */ ++220, /* "id-smime-aa-equivalentLabels" */ ++232, /* "id-smime-aa-ets-CertificateRefs" */ ++233, /* "id-smime-aa-ets-RevocationRefs" */ ++238, /* "id-smime-aa-ets-archiveTimeStamp" */ ++237, /* "id-smime-aa-ets-certCRLTimestamp" */ ++234, /* "id-smime-aa-ets-certValues" */ ++227, /* "id-smime-aa-ets-commitmentType" */ ++231, /* "id-smime-aa-ets-contentTimestamp" */ ++236, /* "id-smime-aa-ets-escTimeStamp" */ ++230, /* "id-smime-aa-ets-otherSigCert" */ ++235, /* "id-smime-aa-ets-revocationValues" */ ++226, /* "id-smime-aa-ets-sigPolicyId" */ ++229, /* "id-smime-aa-ets-signerAttr" */ ++228, /* "id-smime-aa-ets-signerLocation" */ ++219, /* "id-smime-aa-macValue" */ ++214, /* "id-smime-aa-mlExpandHistory" */ ++216, /* "id-smime-aa-msgSigDigest" */ ++212, /* "id-smime-aa-receiptRequest" */ ++213, /* "id-smime-aa-securityLabel" */ ++239, /* "id-smime-aa-signatureType" */ ++223, /* "id-smime-aa-signingCertificate" */ ++224, /* "id-smime-aa-smimeEncryptCerts" */ ++225, /* "id-smime-aa-timeStampToken" */ ++192, /* "id-smime-alg" */ ++243, /* "id-smime-alg-3DESwrap" */ ++246, /* "id-smime-alg-CMS3DESwrap" */ ++247, /* "id-smime-alg-CMSRC2wrap" */ ++245, /* "id-smime-alg-ESDH" */ ++241, /* "id-smime-alg-ESDHwith3DES" */ ++242, /* "id-smime-alg-ESDHwithRC2" */ ++244, /* "id-smime-alg-RC2wrap" */ ++193, /* "id-smime-cd" */ ++248, /* "id-smime-cd-ldap" */ ++190, /* "id-smime-ct" */ ++210, /* "id-smime-ct-DVCSRequestData" */ ++211, /* "id-smime-ct-DVCSResponseData" */ ++208, /* "id-smime-ct-TDTInfo" */ ++207, /* "id-smime-ct-TSTInfo" */ ++205, /* "id-smime-ct-authData" */ ++786, /* "id-smime-ct-compressedData" */ ++209, /* "id-smime-ct-contentInfo" */ ++206, /* "id-smime-ct-publishCert" */ ++204, /* "id-smime-ct-receipt" */ ++195, /* "id-smime-cti" */ ++255, /* "id-smime-cti-ets-proofOfApproval" */ ++256, /* "id-smime-cti-ets-proofOfCreation" */ ++253, /* "id-smime-cti-ets-proofOfDelivery" */ ++251, /* "id-smime-cti-ets-proofOfOrigin" */ ++252, /* "id-smime-cti-ets-proofOfReceipt" */ ++254, /* "id-smime-cti-ets-proofOfSender" */ ++189, /* "id-smime-mod" */ ++196, /* "id-smime-mod-cms" */ ++197, /* "id-smime-mod-ess" */ ++202, /* "id-smime-mod-ets-eSigPolicy-88" */ ++203, /* "id-smime-mod-ets-eSigPolicy-97" */ ++200, /* "id-smime-mod-ets-eSignature-88" */ ++201, /* "id-smime-mod-ets-eSignature-97" */ ++199, /* "id-smime-mod-msg-v3" */ ++198, /* "id-smime-mod-oid" */ ++194, /* "id-smime-spq" */ ++250, /* "id-smime-spq-ets-sqt-unotice" */ ++249, /* "id-smime-spq-ets-sqt-uri" */ ++34, /* "idea-cbc" */ ++35, /* "idea-cfb" */ ++36, /* "idea-ecb" */ ++46, /* "idea-ofb" */ ++676, /* "identified-organization" */ ++461, /* "info" */ ++101, /* "initials" */ ++869, /* "internationaliSDNNumber" */ ++749, /* "ipsec3" */ ++750, /* "ipsec4" */ ++181, /* "iso" */ ++623, /* "issuer capabilities" */ ++645, /* "itu-t" */ ++492, /* "janetMailbox" */ ++646, /* "joint-iso-itu-t" */ ++957, /* "jurisdictionCountryName" */ ++955, /* "jurisdictionLocalityName" */ ++956, /* "jurisdictionStateOrProvinceName" */ ++150, /* "keyBag" */ ++773, /* "kisa" */ ++477, /* "lastModifiedBy" */ ++476, /* "lastModifiedTime" */ ++157, /* "localKeyID" */ ++15, /* "localityName" */ ++480, /* "mXRecord" */ ++493, /* "mailPreferenceOption" */ ++467, /* "manager" */ ++ 3, /* "md2" */ ++ 7, /* "md2WithRSAEncryption" */ ++257, /* "md4" */ ++396, /* "md4WithRSAEncryption" */ ++ 4, /* "md5" */ ++114, /* "md5-sha1" */ ++104, /* "md5WithRSA" */ ++ 8, /* "md5WithRSAEncryption" */ ++95, /* "mdc2" */ ++96, /* "mdc2WithRSA" */ ++875, /* "member" */ ++602, /* "merchant initiated auth" */ ++514, /* "message extensions" */ ++51, /* "messageDigest" */ ++911, /* "mgf1" */ ++506, /* "mime-mhs-bodies" */ ++505, /* "mime-mhs-headings" */ ++488, /* "mobileTelephoneNumber" */ ++481, /* "nSRecord" */ ++173, /* "name" */ ++681, /* "onBasis" */ ++379, /* "org" */ ++17, /* "organizationName" */ ++491, /* "organizationalStatus" */ ++18, /* "organizationalUnitName" */ ++475, /* "otherMailbox" */ ++876, /* "owner" */ ++935, /* "pSpecified" */ ++489, /* "pagerTelephoneNumber" */ ++782, /* "password based MAC" */ ++374, /* "path" */ ++621, /* "payment gateway capabilities" */ ++ 9, /* "pbeWithMD2AndDES-CBC" */ ++168, /* "pbeWithMD2AndRC2-CBC" */ ++112, /* "pbeWithMD5AndCast5CBC" */ ++10, /* "pbeWithMD5AndDES-CBC" */ ++169, /* "pbeWithMD5AndRC2-CBC" */ ++148, /* "pbeWithSHA1And128BitRC2-CBC" */ ++144, /* "pbeWithSHA1And128BitRC4" */ ++147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */ ++146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */ ++149, /* "pbeWithSHA1And40BitRC2-CBC" */ ++145, /* "pbeWithSHA1And40BitRC4" */ ++170, /* "pbeWithSHA1AndDES-CBC" */ ++68, /* "pbeWithSHA1AndRC2-CBC" */ ++499, /* "personalSignature" */ ++487, /* "personalTitle" */ ++464, /* "photo" */ ++863, /* "physicalDeliveryOfficeName" */ ++437, /* "pilot" */ ++439, /* "pilotAttributeSyntax" */ ++438, /* "pilotAttributeType" */ ++479, /* "pilotAttributeType27" */ ++456, /* "pilotDSA" */ ++441, /* "pilotGroups" */ ++444, /* "pilotObject" */ ++440, /* "pilotObjectClass" */ ++455, /* "pilotOrganization" */ ++445, /* "pilotPerson" */ ++186, /* "pkcs1" */ ++27, /* "pkcs3" */ ++187, /* "pkcs5" */ ++20, /* "pkcs7" */ ++21, /* "pkcs7-data" */ ++25, /* "pkcs7-digestData" */ ++26, /* "pkcs7-encryptedData" */ ++23, /* "pkcs7-envelopedData" */ ++24, /* "pkcs7-signedAndEnvelopedData" */ ++22, /* "pkcs7-signedData" */ ++151, /* "pkcs8ShroudedKeyBag" */ ++47, /* "pkcs9" */ ++862, /* "postOfficeBox" */ ++861, /* "postalAddress" */ ++661, /* "postalCode" */ ++683, /* "ppBasis" */ ++872, /* "preferredDeliveryMethod" */ ++873, /* "presentationAddress" */ ++406, /* "prime-field" */ ++409, /* "prime192v1" */ ++410, /* "prime192v2" */ ++411, /* "prime192v3" */ ++412, /* "prime239v1" */ ++413, /* "prime239v2" */ ++414, /* "prime239v3" */ ++415, /* "prime256v1" */ ++886, /* "protocolInformation" */ ++510, /* "pseudonym" */ ++435, /* "pss" */ ++286, /* "qcStatements" */ ++457, /* "qualityLabelledData" */ ++450, /* "rFC822localPart" */ ++98, /* "rc2-40-cbc" */ ++166, /* "rc2-64-cbc" */ ++37, /* "rc2-cbc" */ ++39, /* "rc2-cfb" */ ++38, /* "rc2-ecb" */ ++40, /* "rc2-ofb" */ ++ 5, /* "rc4" */ ++97, /* "rc4-40" */ ++915, /* "rc4-hmac-md5" */ ++120, /* "rc5-cbc" */ ++122, /* "rc5-cfb" */ ++121, /* "rc5-ecb" */ ++123, /* "rc5-ofb" */ ++870, /* "registeredAddress" */ ++460, /* "rfc822Mailbox" */ ++117, /* "ripemd160" */ ++119, /* "ripemd160WithRSA" */ ++400, /* "role" */ ++877, /* "roleOccupant" */ ++448, /* "room" */ ++463, /* "roomNumber" */ ++19, /* "rsa" */ ++ 6, /* "rsaEncryption" */ ++644, /* "rsaOAEPEncryptionSET" */ ++377, /* "rsaSignature" */ ++919, /* "rsaesOaep" */ ++912, /* "rsassaPss" */ ++124, /* "run length compression" */ ++482, /* "sOARecord" */ ++155, /* "safeContentsBag" */ ++291, /* "sbgp-autonomousSysNum" */ ++290, /* "sbgp-ipAddrBlock" */ ++292, /* "sbgp-routerIdentifier" */ ++159, /* "sdsiCertificate" */ ++859, /* "searchGuide" */ ++704, /* "secp112r1" */ ++705, /* "secp112r2" */ ++706, /* "secp128r1" */ ++707, /* "secp128r2" */ ++708, /* "secp160k1" */ ++709, /* "secp160r1" */ ++710, /* "secp160r2" */ ++711, /* "secp192k1" */ ++712, /* "secp224k1" */ ++713, /* "secp224r1" */ ++714, /* "secp256k1" */ ++715, /* "secp384r1" */ ++716, /* "secp521r1" */ ++154, /* "secretBag" */ ++474, /* "secretary" */ ++717, /* "sect113r1" */ ++718, /* "sect113r2" */ ++719, /* "sect131r1" */ ++720, /* "sect131r2" */ ++721, /* "sect163k1" */ ++722, /* "sect163r1" */ ++723, /* "sect163r2" */ ++724, /* "sect193r1" */ ++725, /* "sect193r2" */ ++726, /* "sect233k1" */ ++727, /* "sect233r1" */ ++728, /* "sect239k1" */ ++729, /* "sect283k1" */ ++730, /* "sect283r1" */ ++731, /* "sect409k1" */ ++732, /* "sect409r1" */ ++733, /* "sect571k1" */ ++734, /* "sect571r1" */ ++635, /* "secure device signature" */ ++878, /* "seeAlso" */ ++777, /* "seed-cbc" */ ++779, /* "seed-cfb" */ ++776, /* "seed-ecb" */ ++778, /* "seed-ofb" */ ++105, /* "serialNumber" */ ++625, /* "set-addPolicy" */ ++515, /* "set-attr" */ ++518, /* "set-brand" */ ++638, /* "set-brand-AmericanExpress" */ ++637, /* "set-brand-Diners" */ ++636, /* "set-brand-IATA-ATA" */ ++639, /* "set-brand-JCB" */ ++641, /* "set-brand-MasterCard" */ ++642, /* "set-brand-Novus" */ ++640, /* "set-brand-Visa" */ ++516, /* "set-policy" */ ++607, /* "set-policy-root" */ ++624, /* "set-rootKeyThumb" */ ++620, /* "setAttr-Cert" */ ++628, /* "setAttr-IssCap-CVM" */ ++630, /* "setAttr-IssCap-Sig" */ ++629, /* "setAttr-IssCap-T2" */ ++627, /* "setAttr-Token-B0Prime" */ ++626, /* "setAttr-Token-EMV" */ ++622, /* "setAttr-TokenType" */ ++619, /* "setCext-IssuerCapabilities" */ ++615, /* "setCext-PGWYcapabilities" */ ++616, /* "setCext-TokenIdentifier" */ ++618, /* "setCext-TokenType" */ ++617, /* "setCext-Track2Data" */ ++611, /* "setCext-cCertRequired" */ ++609, /* "setCext-certType" */ ++608, /* "setCext-hashedRoot" */ ++610, /* "setCext-merchData" */ ++613, /* "setCext-setExt" */ ++614, /* "setCext-setQualf" */ ++612, /* "setCext-tunneling" */ ++540, /* "setct-AcqCardCodeMsg" */ ++576, /* "setct-AcqCardCodeMsgTBE" */ ++570, /* "setct-AuthReqTBE" */ ++534, /* "setct-AuthReqTBS" */ ++527, /* "setct-AuthResBaggage" */ ++571, /* "setct-AuthResTBE" */ ++572, /* "setct-AuthResTBEX" */ ++535, /* "setct-AuthResTBS" */ ++536, /* "setct-AuthResTBSX" */ ++528, /* "setct-AuthRevReqBaggage" */ ++577, /* "setct-AuthRevReqTBE" */ ++541, /* "setct-AuthRevReqTBS" */ ++529, /* "setct-AuthRevResBaggage" */ ++542, /* "setct-AuthRevResData" */ ++578, /* "setct-AuthRevResTBE" */ ++579, /* "setct-AuthRevResTBEB" */ ++543, /* "setct-AuthRevResTBS" */ ++573, /* "setct-AuthTokenTBE" */ ++537, /* "setct-AuthTokenTBS" */ ++600, /* "setct-BCIDistributionTBS" */ ++558, /* "setct-BatchAdminReqData" */ ++592, /* "setct-BatchAdminReqTBE" */ ++559, /* "setct-BatchAdminResData" */ ++593, /* "setct-BatchAdminResTBE" */ ++599, /* "setct-CRLNotificationResTBS" */ ++598, /* "setct-CRLNotificationTBS" */ ++580, /* "setct-CapReqTBE" */ ++581, /* "setct-CapReqTBEX" */ ++544, /* "setct-CapReqTBS" */ ++545, /* "setct-CapReqTBSX" */ ++546, /* "setct-CapResData" */ ++582, /* "setct-CapResTBE" */ ++583, /* "setct-CapRevReqTBE" */ ++584, /* "setct-CapRevReqTBEX" */ ++547, /* "setct-CapRevReqTBS" */ ++548, /* "setct-CapRevReqTBSX" */ ++549, /* "setct-CapRevResData" */ ++585, /* "setct-CapRevResTBE" */ ++538, /* "setct-CapTokenData" */ ++530, /* "setct-CapTokenSeq" */ ++574, /* "setct-CapTokenTBE" */ ++575, /* "setct-CapTokenTBEX" */ ++539, /* "setct-CapTokenTBS" */ ++560, /* "setct-CardCInitResTBS" */ ++566, /* "setct-CertInqReqTBS" */ ++563, /* "setct-CertReqData" */ ++595, /* "setct-CertReqTBE" */ ++596, /* "setct-CertReqTBEX" */ ++564, /* "setct-CertReqTBS" */ ++565, /* "setct-CertResData" */ ++597, /* "setct-CertResTBE" */ ++586, /* "setct-CredReqTBE" */ ++587, /* "setct-CredReqTBEX" */ ++550, /* "setct-CredReqTBS" */ ++551, /* "setct-CredReqTBSX" */ ++552, /* "setct-CredResData" */ ++588, /* "setct-CredResTBE" */ ++589, /* "setct-CredRevReqTBE" */ ++590, /* "setct-CredRevReqTBEX" */ ++553, /* "setct-CredRevReqTBS" */ ++554, /* "setct-CredRevReqTBSX" */ ++555, /* "setct-CredRevResData" */ ++591, /* "setct-CredRevResTBE" */ ++567, /* "setct-ErrorTBS" */ ++526, /* "setct-HODInput" */ ++561, /* "setct-MeAqCInitResTBS" */ ++522, /* "setct-OIData" */ ++519, /* "setct-PANData" */ ++521, /* "setct-PANOnly" */ ++520, /* "setct-PANToken" */ ++556, /* "setct-PCertReqData" */ ++557, /* "setct-PCertResTBS" */ ++523, /* "setct-PI" */ ++532, /* "setct-PI-TBS" */ ++524, /* "setct-PIData" */ ++525, /* "setct-PIDataUnsigned" */ ++568, /* "setct-PIDualSignedTBE" */ ++569, /* "setct-PIUnsignedTBE" */ ++531, /* "setct-PInitResData" */ ++533, /* "setct-PResData" */ ++594, /* "setct-RegFormReqTBE" */ ++562, /* "setct-RegFormResTBS" */ ++604, /* "setext-pinAny" */ ++603, /* "setext-pinSecure" */ ++605, /* "setext-track2" */ ++41, /* "sha" */ ++64, /* "sha1" */ ++115, /* "sha1WithRSA" */ ++65, /* "sha1WithRSAEncryption" */ ++675, /* "sha224" */ ++671, /* "sha224WithRSAEncryption" */ ++672, /* "sha256" */ ++668, /* "sha256WithRSAEncryption" */ ++673, /* "sha384" */ ++669, /* "sha384WithRSAEncryption" */ ++674, /* "sha512" */ ++670, /* "sha512WithRSAEncryption" */ ++42, /* "shaWithRSAEncryption" */ ++52, /* "signingTime" */ ++454, /* "simpleSecurityObject" */ ++496, /* "singleLevelQuality" */ ++16, /* "stateOrProvinceName" */ ++660, /* "streetAddress" */ ++498, /* "subtreeMaximumQuality" */ ++497, /* "subtreeMinimumQuality" */ ++890, /* "supportedAlgorithms" */ ++874, /* "supportedApplicationContext" */ ++100, /* "surname" */ ++864, /* "telephoneNumber" */ ++866, /* "teletexTerminalIdentifier" */ ++865, /* "telexNumber" */ ++459, /* "textEncodedORAddress" */ ++293, /* "textNotice" */ ++106, /* "title" */ ++682, /* "tpBasis" */ ++436, /* "ucl" */ ++ 0, /* "undefined" */ ++888, /* "uniqueMember" */ ++55, /* "unstructuredAddress" */ ++49, /* "unstructuredName" */ ++880, /* "userCertificate" */ ++465, /* "userClass" */ ++458, /* "userId" */ ++879, /* "userPassword" */ ++373, /* "valid" */ ++678, /* "wap" */ ++679, /* "wap-wsg" */ ++735, /* "wap-wsg-idm-ecid-wtls1" */ ++743, /* "wap-wsg-idm-ecid-wtls10" */ ++744, /* "wap-wsg-idm-ecid-wtls11" */ ++745, /* "wap-wsg-idm-ecid-wtls12" */ ++736, /* "wap-wsg-idm-ecid-wtls3" */ ++737, /* "wap-wsg-idm-ecid-wtls4" */ ++738, /* "wap-wsg-idm-ecid-wtls5" */ ++739, /* "wap-wsg-idm-ecid-wtls6" */ ++740, /* "wap-wsg-idm-ecid-wtls7" */ ++741, /* "wap-wsg-idm-ecid-wtls8" */ ++742, /* "wap-wsg-idm-ecid-wtls9" */ ++804, /* "whirlpool" */ ++868, /* "x121Address" */ ++503, /* "x500UniqueIdentifier" */ ++158, /* "x509Certificate" */ ++160, /* "x509Crl" */ ++125, /* "zlib compression" */ + }; + +-static ASN1_OBJECT *obj_objs[NUM_OBJ]={ +-&(nid_objs[ 0]),/* OBJ_undef 0 */ +-&(nid_objs[393]),/* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ +-&(nid_objs[404]),/* OBJ_ccitt OBJ_itu_t */ +-&(nid_objs[645]),/* OBJ_itu_t 0 */ +-&(nid_objs[434]),/* OBJ_data 0 9 */ +-&(nid_objs[181]),/* OBJ_iso 1 */ +-&(nid_objs[182]),/* OBJ_member_body 1 2 */ +-&(nid_objs[379]),/* OBJ_org 1 3 */ +-&(nid_objs[676]),/* OBJ_identified_organization 1 3 */ +-&(nid_objs[646]),/* OBJ_joint_iso_itu_t 2 */ +-&(nid_objs[11]),/* OBJ_X500 2 5 */ +-&(nid_objs[647]),/* OBJ_international_organizations 2 23 */ +-&(nid_objs[380]),/* OBJ_dod 1 3 6 */ +-&(nid_objs[12]),/* OBJ_X509 2 5 4 */ +-&(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ +-&(nid_objs[81]),/* OBJ_id_ce 2 5 29 */ +-&(nid_objs[512]),/* OBJ_id_set 2 23 42 */ +-&(nid_objs[678]),/* OBJ_wap 2 23 43 */ +-&(nid_objs[435]),/* OBJ_pss 0 9 2342 */ +-&(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */ +-&(nid_objs[381]),/* OBJ_iana 1 3 6 1 */ +-&(nid_objs[677]),/* OBJ_certicom_arc 1 3 132 */ +-&(nid_objs[394]),/* OBJ_selected_attribute_types 2 5 1 5 */ +-&(nid_objs[13]),/* OBJ_commonName 2 5 4 3 */ +-&(nid_objs[100]),/* OBJ_surname 2 5 4 4 */ +-&(nid_objs[105]),/* OBJ_serialNumber 2 5 4 5 */ +-&(nid_objs[14]),/* OBJ_countryName 2 5 4 6 */ +-&(nid_objs[15]),/* OBJ_localityName 2 5 4 7 */ +-&(nid_objs[16]),/* OBJ_stateOrProvinceName 2 5 4 8 */ +-&(nid_objs[660]),/* OBJ_streetAddress 2 5 4 9 */ +-&(nid_objs[17]),/* OBJ_organizationName 2 5 4 10 */ +-&(nid_objs[18]),/* OBJ_organizationalUnitName 2 5 4 11 */ +-&(nid_objs[106]),/* OBJ_title 2 5 4 12 */ +-&(nid_objs[107]),/* OBJ_description 2 5 4 13 */ +-&(nid_objs[661]),/* OBJ_postalCode 2 5 4 17 */ +-&(nid_objs[173]),/* OBJ_name 2 5 4 41 */ +-&(nid_objs[99]),/* OBJ_givenName 2 5 4 42 */ +-&(nid_objs[101]),/* OBJ_initials 2 5 4 43 */ +-&(nid_objs[509]),/* OBJ_generationQualifier 2 5 4 44 */ +-&(nid_objs[503]),/* OBJ_x500UniqueIdentifier 2 5 4 45 */ +-&(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */ +-&(nid_objs[510]),/* OBJ_pseudonym 2 5 4 65 */ +-&(nid_objs[400]),/* OBJ_role 2 5 4 72 */ +-&(nid_objs[769]),/* OBJ_subject_directory_attributes 2 5 29 9 */ +-&(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */ +-&(nid_objs[83]),/* OBJ_key_usage 2 5 29 15 */ +-&(nid_objs[84]),/* OBJ_private_key_usage_period 2 5 29 16 */ +-&(nid_objs[85]),/* OBJ_subject_alt_name 2 5 29 17 */ +-&(nid_objs[86]),/* OBJ_issuer_alt_name 2 5 29 18 */ +-&(nid_objs[87]),/* OBJ_basic_constraints 2 5 29 19 */ +-&(nid_objs[88]),/* OBJ_crl_number 2 5 29 20 */ +-&(nid_objs[141]),/* OBJ_crl_reason 2 5 29 21 */ +-&(nid_objs[430]),/* OBJ_hold_instruction_code 2 5 29 23 */ +-&(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */ +-&(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ +-&(nid_objs[770]),/* OBJ_issuing_distribution_point 2 5 29 28 */ +-&(nid_objs[771]),/* OBJ_certificate_issuer 2 5 29 29 */ +-&(nid_objs[666]),/* OBJ_name_constraints 2 5 29 30 */ +-&(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ +-&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ +-&(nid_objs[747]),/* OBJ_policy_mappings 2 5 29 33 */ +-&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ +-&(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ +-&(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ +-&(nid_objs[857]),/* OBJ_freshest_crl 2 5 29 46 */ +-&(nid_objs[748]),/* OBJ_inhibit_any_policy 2 5 29 54 */ +-&(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ +-&(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ +-&(nid_objs[513]),/* OBJ_set_ctype 2 23 42 0 */ +-&(nid_objs[514]),/* OBJ_set_msgExt 2 23 42 1 */ +-&(nid_objs[515]),/* OBJ_set_attr 2 23 42 3 */ +-&(nid_objs[516]),/* OBJ_set_policy 2 23 42 5 */ +-&(nid_objs[517]),/* OBJ_set_certExt 2 23 42 7 */ +-&(nid_objs[518]),/* OBJ_set_brand 2 23 42 8 */ +-&(nid_objs[679]),/* OBJ_wap_wsg 2 23 43 13 */ +-&(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ +-&(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ +-&(nid_objs[384]),/* OBJ_Experimental 1 3 6 1 3 */ +-&(nid_objs[385]),/* OBJ_Private 1 3 6 1 4 */ +-&(nid_objs[386]),/* OBJ_Security 1 3 6 1 5 */ +-&(nid_objs[387]),/* OBJ_SNMPv2 1 3 6 1 6 */ +-&(nid_objs[388]),/* OBJ_Mail 1 3 6 1 7 */ +-&(nid_objs[376]),/* OBJ_algorithm 1 3 14 3 2 */ +-&(nid_objs[395]),/* OBJ_clearance 2 5 1 5 55 */ +-&(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ +-&(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ +-&(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ +-&(nid_objs[746]),/* OBJ_any_policy 2 5 29 32 0 */ +-&(nid_objs[519]),/* OBJ_setct_PANData 2 23 42 0 0 */ +-&(nid_objs[520]),/* OBJ_setct_PANToken 2 23 42 0 1 */ +-&(nid_objs[521]),/* OBJ_setct_PANOnly 2 23 42 0 2 */ +-&(nid_objs[522]),/* OBJ_setct_OIData 2 23 42 0 3 */ +-&(nid_objs[523]),/* OBJ_setct_PI 2 23 42 0 4 */ +-&(nid_objs[524]),/* OBJ_setct_PIData 2 23 42 0 5 */ +-&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ +-&(nid_objs[526]),/* OBJ_setct_HODInput 2 23 42 0 7 */ +-&(nid_objs[527]),/* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ +-&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ +-&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ +-&(nid_objs[530]),/* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ +-&(nid_objs[531]),/* OBJ_setct_PInitResData 2 23 42 0 12 */ +-&(nid_objs[532]),/* OBJ_setct_PI_TBS 2 23 42 0 13 */ +-&(nid_objs[533]),/* OBJ_setct_PResData 2 23 42 0 14 */ +-&(nid_objs[534]),/* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ +-&(nid_objs[535]),/* OBJ_setct_AuthResTBS 2 23 42 0 17 */ +-&(nid_objs[536]),/* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ +-&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ +-&(nid_objs[538]),/* OBJ_setct_CapTokenData 2 23 42 0 20 */ +-&(nid_objs[539]),/* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ +-&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ +-&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ +-&(nid_objs[542]),/* OBJ_setct_AuthRevResData 2 23 42 0 24 */ +-&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ +-&(nid_objs[544]),/* OBJ_setct_CapReqTBS 2 23 42 0 26 */ +-&(nid_objs[545]),/* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ +-&(nid_objs[546]),/* OBJ_setct_CapResData 2 23 42 0 28 */ +-&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ +-&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ +-&(nid_objs[549]),/* OBJ_setct_CapRevResData 2 23 42 0 31 */ +-&(nid_objs[550]),/* OBJ_setct_CredReqTBS 2 23 42 0 32 */ +-&(nid_objs[551]),/* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ +-&(nid_objs[552]),/* OBJ_setct_CredResData 2 23 42 0 34 */ +-&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ +-&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ +-&(nid_objs[555]),/* OBJ_setct_CredRevResData 2 23 42 0 37 */ +-&(nid_objs[556]),/* OBJ_setct_PCertReqData 2 23 42 0 38 */ +-&(nid_objs[557]),/* OBJ_setct_PCertResTBS 2 23 42 0 39 */ +-&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ +-&(nid_objs[559]),/* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ +-&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ +-&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ +-&(nid_objs[562]),/* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ +-&(nid_objs[563]),/* OBJ_setct_CertReqData 2 23 42 0 45 */ +-&(nid_objs[564]),/* OBJ_setct_CertReqTBS 2 23 42 0 46 */ +-&(nid_objs[565]),/* OBJ_setct_CertResData 2 23 42 0 47 */ +-&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ +-&(nid_objs[567]),/* OBJ_setct_ErrorTBS 2 23 42 0 49 */ +-&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ +-&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ +-&(nid_objs[570]),/* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ +-&(nid_objs[571]),/* OBJ_setct_AuthResTBE 2 23 42 0 53 */ +-&(nid_objs[572]),/* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ +-&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ +-&(nid_objs[574]),/* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ +-&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ +-&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ +-&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ +-&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ +-&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ +-&(nid_objs[580]),/* OBJ_setct_CapReqTBE 2 23 42 0 62 */ +-&(nid_objs[581]),/* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ +-&(nid_objs[582]),/* OBJ_setct_CapResTBE 2 23 42 0 64 */ +-&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ +-&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ +-&(nid_objs[585]),/* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ +-&(nid_objs[586]),/* OBJ_setct_CredReqTBE 2 23 42 0 68 */ +-&(nid_objs[587]),/* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ +-&(nid_objs[588]),/* OBJ_setct_CredResTBE 2 23 42 0 70 */ +-&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ +-&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ +-&(nid_objs[591]),/* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ +-&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ +-&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ +-&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ +-&(nid_objs[595]),/* OBJ_setct_CertReqTBE 2 23 42 0 77 */ +-&(nid_objs[596]),/* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ +-&(nid_objs[597]),/* OBJ_setct_CertResTBE 2 23 42 0 79 */ +-&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ +-&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ +-&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ +-&(nid_objs[601]),/* OBJ_setext_genCrypt 2 23 42 1 1 */ +-&(nid_objs[602]),/* OBJ_setext_miAuth 2 23 42 1 3 */ +-&(nid_objs[603]),/* OBJ_setext_pinSecure 2 23 42 1 4 */ +-&(nid_objs[604]),/* OBJ_setext_pinAny 2 23 42 1 5 */ +-&(nid_objs[605]),/* OBJ_setext_track2 2 23 42 1 7 */ +-&(nid_objs[606]),/* OBJ_setext_cv 2 23 42 1 8 */ +-&(nid_objs[620]),/* OBJ_setAttr_Cert 2 23 42 3 0 */ +-&(nid_objs[621]),/* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ +-&(nid_objs[622]),/* OBJ_setAttr_TokenType 2 23 42 3 2 */ +-&(nid_objs[623]),/* OBJ_setAttr_IssCap 2 23 42 3 3 */ +-&(nid_objs[607]),/* OBJ_set_policy_root 2 23 42 5 0 */ +-&(nid_objs[608]),/* OBJ_setCext_hashedRoot 2 23 42 7 0 */ +-&(nid_objs[609]),/* OBJ_setCext_certType 2 23 42 7 1 */ +-&(nid_objs[610]),/* OBJ_setCext_merchData 2 23 42 7 2 */ +-&(nid_objs[611]),/* OBJ_setCext_cCertRequired 2 23 42 7 3 */ +-&(nid_objs[612]),/* OBJ_setCext_tunneling 2 23 42 7 4 */ +-&(nid_objs[613]),/* OBJ_setCext_setExt 2 23 42 7 5 */ +-&(nid_objs[614]),/* OBJ_setCext_setQualf 2 23 42 7 6 */ +-&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ +-&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ +-&(nid_objs[617]),/* OBJ_setCext_Track2Data 2 23 42 7 9 */ +-&(nid_objs[618]),/* OBJ_setCext_TokenType 2 23 42 7 10 */ +-&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ +-&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ +-&(nid_objs[640]),/* OBJ_set_brand_Visa 2 23 42 8 4 */ +-&(nid_objs[641]),/* OBJ_set_brand_MasterCard 2 23 42 8 5 */ +-&(nid_objs[637]),/* OBJ_set_brand_Diners 2 23 42 8 30 */ +-&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ +-&(nid_objs[639]),/* OBJ_set_brand_JCB 2 23 42 8 35 */ +-&(nid_objs[805]),/* OBJ_cryptopro 1 2 643 2 2 */ +-&(nid_objs[806]),/* OBJ_cryptocom 1 2 643 2 9 */ +-&(nid_objs[184]),/* OBJ_X9_57 1 2 840 10040 */ +-&(nid_objs[405]),/* OBJ_ansi_X9_62 1 2 840 10045 */ +-&(nid_objs[389]),/* OBJ_Enterprises 1 3 6 1 4 1 */ +-&(nid_objs[504]),/* OBJ_mime_mhs 1 3 6 1 7 1 */ +-&(nid_objs[104]),/* OBJ_md5WithRSA 1 3 14 3 2 3 */ +-&(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */ +-&(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */ +-&(nid_objs[45]),/* OBJ_des_ofb64 1 3 14 3 2 8 */ +-&(nid_objs[30]),/* OBJ_des_cfb64 1 3 14 3 2 9 */ +-&(nid_objs[377]),/* OBJ_rsaSignature 1 3 14 3 2 11 */ +-&(nid_objs[67]),/* OBJ_dsa_2 1 3 14 3 2 12 */ +-&(nid_objs[66]),/* OBJ_dsaWithSHA 1 3 14 3 2 13 */ +-&(nid_objs[42]),/* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ +-&(nid_objs[32]),/* OBJ_des_ede_ecb 1 3 14 3 2 17 */ +-&(nid_objs[41]),/* OBJ_sha 1 3 14 3 2 18 */ +-&(nid_objs[64]),/* OBJ_sha1 1 3 14 3 2 26 */ +-&(nid_objs[70]),/* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ +-&(nid_objs[115]),/* OBJ_sha1WithRSA 1 3 14 3 2 29 */ +-&(nid_objs[117]),/* OBJ_ripemd160 1 3 36 3 2 1 */ +-&(nid_objs[143]),/* OBJ_sxnet 1 3 101 1 4 1 */ +-&(nid_objs[721]),/* OBJ_sect163k1 1 3 132 0 1 */ +-&(nid_objs[722]),/* OBJ_sect163r1 1 3 132 0 2 */ +-&(nid_objs[728]),/* OBJ_sect239k1 1 3 132 0 3 */ +-&(nid_objs[717]),/* OBJ_sect113r1 1 3 132 0 4 */ +-&(nid_objs[718]),/* OBJ_sect113r2 1 3 132 0 5 */ +-&(nid_objs[704]),/* OBJ_secp112r1 1 3 132 0 6 */ +-&(nid_objs[705]),/* OBJ_secp112r2 1 3 132 0 7 */ +-&(nid_objs[709]),/* OBJ_secp160r1 1 3 132 0 8 */ +-&(nid_objs[708]),/* OBJ_secp160k1 1 3 132 0 9 */ +-&(nid_objs[714]),/* OBJ_secp256k1 1 3 132 0 10 */ +-&(nid_objs[723]),/* OBJ_sect163r2 1 3 132 0 15 */ +-&(nid_objs[729]),/* OBJ_sect283k1 1 3 132 0 16 */ +-&(nid_objs[730]),/* OBJ_sect283r1 1 3 132 0 17 */ +-&(nid_objs[719]),/* OBJ_sect131r1 1 3 132 0 22 */ +-&(nid_objs[720]),/* OBJ_sect131r2 1 3 132 0 23 */ +-&(nid_objs[724]),/* OBJ_sect193r1 1 3 132 0 24 */ +-&(nid_objs[725]),/* OBJ_sect193r2 1 3 132 0 25 */ +-&(nid_objs[726]),/* OBJ_sect233k1 1 3 132 0 26 */ +-&(nid_objs[727]),/* OBJ_sect233r1 1 3 132 0 27 */ +-&(nid_objs[706]),/* OBJ_secp128r1 1 3 132 0 28 */ +-&(nid_objs[707]),/* OBJ_secp128r2 1 3 132 0 29 */ +-&(nid_objs[710]),/* OBJ_secp160r2 1 3 132 0 30 */ +-&(nid_objs[711]),/* OBJ_secp192k1 1 3 132 0 31 */ +-&(nid_objs[712]),/* OBJ_secp224k1 1 3 132 0 32 */ +-&(nid_objs[713]),/* OBJ_secp224r1 1 3 132 0 33 */ +-&(nid_objs[715]),/* OBJ_secp384r1 1 3 132 0 34 */ +-&(nid_objs[716]),/* OBJ_secp521r1 1 3 132 0 35 */ +-&(nid_objs[731]),/* OBJ_sect409k1 1 3 132 0 36 */ +-&(nid_objs[732]),/* OBJ_sect409r1 1 3 132 0 37 */ +-&(nid_objs[733]),/* OBJ_sect571k1 1 3 132 0 38 */ +-&(nid_objs[734]),/* OBJ_sect571r1 1 3 132 0 39 */ +-&(nid_objs[624]),/* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ +-&(nid_objs[625]),/* OBJ_set_addPolicy 2 23 42 3 0 1 */ +-&(nid_objs[626]),/* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ +-&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ +-&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ +-&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ +-&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ +-&(nid_objs[642]),/* OBJ_set_brand_Novus 2 23 42 8 6011 */ +-&(nid_objs[735]),/* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 13 4 1 */ +-&(nid_objs[736]),/* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 13 4 3 */ +-&(nid_objs[737]),/* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 13 4 4 */ +-&(nid_objs[738]),/* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 13 4 5 */ +-&(nid_objs[739]),/* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 13 4 6 */ +-&(nid_objs[740]),/* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 13 4 7 */ +-&(nid_objs[741]),/* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 13 4 8 */ +-&(nid_objs[742]),/* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 13 4 9 */ +-&(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 13 4 10 */ +-&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 13 4 11 */ +-&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 13 4 12 */ +-&(nid_objs[804]),/* OBJ_whirlpool 1 0 10118 3 0 55 */ +-&(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ +-&(nid_objs[773]),/* OBJ_kisa 1 2 410 200004 */ +-&(nid_objs[807]),/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ +-&(nid_objs[808]),/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ +-&(nid_objs[809]),/* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ +-&(nid_objs[810]),/* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ +-&(nid_objs[811]),/* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ +-&(nid_objs[812]),/* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ +-&(nid_objs[813]),/* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ +-&(nid_objs[815]),/* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ +-&(nid_objs[816]),/* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ +-&(nid_objs[817]),/* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ +-&(nid_objs[818]),/* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ +-&(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ +-&(nid_objs[185]),/* OBJ_X9cm 1 2 840 10040 4 */ +-&(nid_objs[127]),/* OBJ_id_pkix 1 3 6 1 5 5 7 */ +-&(nid_objs[505]),/* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ +-&(nid_objs[506]),/* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ +-&(nid_objs[119]),/* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ +-&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ +-&(nid_objs[632]),/* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ +-&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ +-&(nid_objs[634]),/* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ +-&(nid_objs[635]),/* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ +-&(nid_objs[436]),/* OBJ_ucl 0 9 2342 19200300 */ +-&(nid_objs[820]),/* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ +-&(nid_objs[819]),/* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ +-&(nid_objs[845]),/* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ +-&(nid_objs[846]),/* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ +-&(nid_objs[847]),/* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ +-&(nid_objs[848]),/* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ +-&(nid_objs[821]),/* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ +-&(nid_objs[822]),/* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ +-&(nid_objs[823]),/* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ +-&(nid_objs[824]),/* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ +-&(nid_objs[825]),/* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ +-&(nid_objs[826]),/* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ +-&(nid_objs[827]),/* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ +-&(nid_objs[828]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ +-&(nid_objs[829]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ +-&(nid_objs[830]),/* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ +-&(nid_objs[831]),/* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ +-&(nid_objs[832]),/* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ +-&(nid_objs[833]),/* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ +-&(nid_objs[834]),/* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ +-&(nid_objs[835]),/* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ +-&(nid_objs[836]),/* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ +-&(nid_objs[837]),/* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ +-&(nid_objs[838]),/* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ +-&(nid_objs[839]),/* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ +-&(nid_objs[840]),/* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ +-&(nid_objs[841]),/* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ +-&(nid_objs[842]),/* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ +-&(nid_objs[843]),/* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ +-&(nid_objs[844]),/* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ +-&(nid_objs[ 2]),/* OBJ_pkcs 1 2 840 113549 1 */ +-&(nid_objs[431]),/* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ +-&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ +-&(nid_objs[433]),/* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ +-&(nid_objs[116]),/* OBJ_dsa 1 2 840 10040 4 1 */ +-&(nid_objs[113]),/* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ +-&(nid_objs[406]),/* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ +-&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ +-&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ +-&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ +-&(nid_objs[791]),/* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ +-&(nid_objs[792]),/* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ +-&(nid_objs[258]),/* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ +-&(nid_objs[175]),/* OBJ_id_pe 1 3 6 1 5 5 7 1 */ +-&(nid_objs[259]),/* OBJ_id_qt 1 3 6 1 5 5 7 2 */ +-&(nid_objs[128]),/* OBJ_id_kp 1 3 6 1 5 5 7 3 */ +-&(nid_objs[260]),/* OBJ_id_it 1 3 6 1 5 5 7 4 */ +-&(nid_objs[261]),/* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ +-&(nid_objs[262]),/* OBJ_id_alg 1 3 6 1 5 5 7 6 */ +-&(nid_objs[263]),/* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ +-&(nid_objs[264]),/* OBJ_id_on 1 3 6 1 5 5 7 8 */ +-&(nid_objs[265]),/* OBJ_id_pda 1 3 6 1 5 5 7 9 */ +-&(nid_objs[266]),/* OBJ_id_aca 1 3 6 1 5 5 7 10 */ +-&(nid_objs[267]),/* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ +-&(nid_objs[268]),/* OBJ_id_cct 1 3 6 1 5 5 7 12 */ +-&(nid_objs[662]),/* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ +-&(nid_objs[176]),/* OBJ_id_ad 1 3 6 1 5 5 7 48 */ +-&(nid_objs[507]),/* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ +-&(nid_objs[508]),/* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ +-&(nid_objs[57]),/* OBJ_netscape 2 16 840 1 113730 */ +-&(nid_objs[754]),/* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ +-&(nid_objs[766]),/* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ +-&(nid_objs[757]),/* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ +-&(nid_objs[755]),/* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ +-&(nid_objs[767]),/* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ +-&(nid_objs[758]),/* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ +-&(nid_objs[756]),/* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ +-&(nid_objs[768]),/* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ +-&(nid_objs[759]),/* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ +-&(nid_objs[437]),/* OBJ_pilot 0 9 2342 19200300 100 */ +-&(nid_objs[776]),/* OBJ_seed_ecb 1 2 410 200004 1 3 */ +-&(nid_objs[777]),/* OBJ_seed_cbc 1 2 410 200004 1 4 */ +-&(nid_objs[779]),/* OBJ_seed_cfb128 1 2 410 200004 1 5 */ +-&(nid_objs[778]),/* OBJ_seed_ofb128 1 2 410 200004 1 6 */ +-&(nid_objs[852]),/* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ +-&(nid_objs[853]),/* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ +-&(nid_objs[850]),/* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ +-&(nid_objs[851]),/* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ +-&(nid_objs[849]),/* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ +-&(nid_objs[854]),/* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ +-&(nid_objs[186]),/* OBJ_pkcs1 1 2 840 113549 1 1 */ +-&(nid_objs[27]),/* OBJ_pkcs3 1 2 840 113549 1 3 */ +-&(nid_objs[187]),/* OBJ_pkcs5 1 2 840 113549 1 5 */ +-&(nid_objs[20]),/* OBJ_pkcs7 1 2 840 113549 1 7 */ +-&(nid_objs[47]),/* OBJ_pkcs9 1 2 840 113549 1 9 */ +-&(nid_objs[ 3]),/* OBJ_md2 1 2 840 113549 2 2 */ +-&(nid_objs[257]),/* OBJ_md4 1 2 840 113549 2 4 */ +-&(nid_objs[ 4]),/* OBJ_md5 1 2 840 113549 2 5 */ +-&(nid_objs[797]),/* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ +-&(nid_objs[163]),/* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ +-&(nid_objs[798]),/* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ +-&(nid_objs[799]),/* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ +-&(nid_objs[800]),/* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ +-&(nid_objs[801]),/* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ +-&(nid_objs[37]),/* OBJ_rc2_cbc 1 2 840 113549 3 2 */ +-&(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */ +-&(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ +-&(nid_objs[120]),/* OBJ_rc5_cbc 1 2 840 113549 3 8 */ +-&(nid_objs[643]),/* OBJ_des_cdmf 1 2 840 113549 3 10 */ +-&(nid_objs[680]),/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ +-&(nid_objs[684]),/* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ +-&(nid_objs[685]),/* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ +-&(nid_objs[686]),/* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ +-&(nid_objs[687]),/* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ +-&(nid_objs[688]),/* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ +-&(nid_objs[689]),/* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ +-&(nid_objs[690]),/* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ +-&(nid_objs[691]),/* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ +-&(nid_objs[692]),/* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ +-&(nid_objs[693]),/* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ +-&(nid_objs[694]),/* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ +-&(nid_objs[695]),/* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ +-&(nid_objs[696]),/* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ +-&(nid_objs[697]),/* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ +-&(nid_objs[698]),/* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ +-&(nid_objs[699]),/* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ +-&(nid_objs[700]),/* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ +-&(nid_objs[701]),/* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ +-&(nid_objs[702]),/* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ +-&(nid_objs[703]),/* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ +-&(nid_objs[409]),/* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ +-&(nid_objs[410]),/* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ +-&(nid_objs[411]),/* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ +-&(nid_objs[412]),/* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ +-&(nid_objs[413]),/* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ +-&(nid_objs[414]),/* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ +-&(nid_objs[415]),/* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ +-&(nid_objs[793]),/* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ +-&(nid_objs[794]),/* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ +-&(nid_objs[795]),/* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ +-&(nid_objs[796]),/* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ +-&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ +-&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ +-&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ +-&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ +-&(nid_objs[273]),/* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ +-&(nid_objs[274]),/* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ +-&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ +-&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ +-&(nid_objs[277]),/* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ +-&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ +-&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ +-&(nid_objs[280]),/* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ +-&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ +-&(nid_objs[282]),/* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ +-&(nid_objs[283]),/* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ +-&(nid_objs[284]),/* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ +-&(nid_objs[177]),/* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ +-&(nid_objs[285]),/* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ +-&(nid_objs[286]),/* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ +-&(nid_objs[287]),/* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ +-&(nid_objs[288]),/* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ +-&(nid_objs[289]),/* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ +-&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ +-&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ +-&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ +-&(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ +-&(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ +-&(nid_objs[663]),/* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ +-&(nid_objs[164]),/* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ +-&(nid_objs[165]),/* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ +-&(nid_objs[293]),/* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ +-&(nid_objs[129]),/* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ +-&(nid_objs[130]),/* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ +-&(nid_objs[131]),/* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ +-&(nid_objs[132]),/* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ +-&(nid_objs[294]),/* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ +-&(nid_objs[295]),/* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ +-&(nid_objs[296]),/* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ +-&(nid_objs[133]),/* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ +-&(nid_objs[180]),/* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ +-&(nid_objs[297]),/* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ +-&(nid_objs[298]),/* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ +-&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ +-&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ +-&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ +-&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ +-&(nid_objs[303]),/* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ +-&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ +-&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ +-&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ +-&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ +-&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ +-&(nid_objs[309]),/* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ +-&(nid_objs[310]),/* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ +-&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ +-&(nid_objs[312]),/* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ +-&(nid_objs[784]),/* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ +-&(nid_objs[313]),/* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ +-&(nid_objs[314]),/* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ +-&(nid_objs[323]),/* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ +-&(nid_objs[324]),/* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ +-&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ +-&(nid_objs[326]),/* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ +-&(nid_objs[327]),/* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ +-&(nid_objs[328]),/* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ +-&(nid_objs[329]),/* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ +-&(nid_objs[330]),/* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ +-&(nid_objs[331]),/* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ +-&(nid_objs[332]),/* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ +-&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ +-&(nid_objs[334]),/* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ +-&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ +-&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ +-&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ +-&(nid_objs[338]),/* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ +-&(nid_objs[339]),/* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ +-&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ +-&(nid_objs[341]),/* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ +-&(nid_objs[342]),/* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ +-&(nid_objs[343]),/* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ +-&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ +-&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ +-&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ +-&(nid_objs[347]),/* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ +-&(nid_objs[858]),/* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ +-&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ +-&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ +-&(nid_objs[351]),/* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ +-&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ +-&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ +-&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ +-&(nid_objs[355]),/* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ +-&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ +-&(nid_objs[357]),/* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ +-&(nid_objs[358]),/* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ +-&(nid_objs[399]),/* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ +-&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ +-&(nid_objs[360]),/* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ +-&(nid_objs[361]),/* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ +-&(nid_objs[362]),/* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ +-&(nid_objs[664]),/* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ +-&(nid_objs[665]),/* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ +-&(nid_objs[667]),/* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ +-&(nid_objs[178]),/* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ +-&(nid_objs[179]),/* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ +-&(nid_objs[363]),/* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ +-&(nid_objs[364]),/* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ +-&(nid_objs[785]),/* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ +-&(nid_objs[780]),/* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ +-&(nid_objs[781]),/* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ +-&(nid_objs[58]),/* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ +-&(nid_objs[59]),/* OBJ_netscape_data_type 2 16 840 1 113730 2 */ +-&(nid_objs[438]),/* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ +-&(nid_objs[439]),/* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ +-&(nid_objs[440]),/* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ +-&(nid_objs[441]),/* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ +-&(nid_objs[108]),/* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ +-&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ +-&(nid_objs[782]),/* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ +-&(nid_objs[783]),/* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ +-&(nid_objs[ 6]),/* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ +-&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ +-&(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ +-&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ +-&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ +-&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ +-&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ +-&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ +-&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ +-&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ +-&(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ +-&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ +-&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ +-&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ +-&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ +-&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ +-&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ +-&(nid_objs[69]),/* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ +-&(nid_objs[161]),/* OBJ_pbes2 1 2 840 113549 1 5 13 */ +-&(nid_objs[162]),/* OBJ_pbmac1 1 2 840 113549 1 5 14 */ +-&(nid_objs[21]),/* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ +-&(nid_objs[22]),/* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ +-&(nid_objs[23]),/* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ +-&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ +-&(nid_objs[25]),/* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ +-&(nid_objs[26]),/* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ +-&(nid_objs[48]),/* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ +-&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ +-&(nid_objs[50]),/* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ +-&(nid_objs[51]),/* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ +-&(nid_objs[52]),/* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ +-&(nid_objs[53]),/* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ +-&(nid_objs[54]),/* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ +-&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ +-&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ +-&(nid_objs[172]),/* OBJ_ext_req 1 2 840 113549 1 9 14 */ +-&(nid_objs[167]),/* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ +-&(nid_objs[188]),/* OBJ_SMIME 1 2 840 113549 1 9 16 */ +-&(nid_objs[156]),/* OBJ_friendlyName 1 2 840 113549 1 9 20 */ +-&(nid_objs[157]),/* OBJ_localKeyID 1 2 840 113549 1 9 21 */ +-&(nid_objs[681]),/* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ +-&(nid_objs[682]),/* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ +-&(nid_objs[683]),/* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ +-&(nid_objs[417]),/* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ +-&(nid_objs[856]),/* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ +-&(nid_objs[390]),/* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ +-&(nid_objs[91]),/* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ +-&(nid_objs[315]),/* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ +-&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ +-&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ +-&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ +-&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ +-&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ +-&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ +-&(nid_objs[322]),/* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ +-&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ +-&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ +-&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ +-&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ +-&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ +-&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ +-&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ +-&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ +-&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ +-&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ +-&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ +-&(nid_objs[418]),/* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ +-&(nid_objs[419]),/* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ +-&(nid_objs[420]),/* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ +-&(nid_objs[421]),/* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ +-&(nid_objs[788]),/* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ +-&(nid_objs[422]),/* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ +-&(nid_objs[423]),/* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ +-&(nid_objs[424]),/* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ +-&(nid_objs[425]),/* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ +-&(nid_objs[789]),/* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ +-&(nid_objs[426]),/* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ +-&(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ +-&(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ +-&(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ +-&(nid_objs[790]),/* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ +-&(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ +-&(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ +-&(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ +-&(nid_objs[675]),/* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ +-&(nid_objs[802]),/* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ +-&(nid_objs[803]),/* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ +-&(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ +-&(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ +-&(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ +-&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ +-&(nid_objs[75]),/* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ +-&(nid_objs[76]),/* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ +-&(nid_objs[77]),/* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ +-&(nid_objs[78]),/* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ +-&(nid_objs[79]),/* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ +-&(nid_objs[139]),/* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ +-&(nid_objs[458]),/* OBJ_userId 0 9 2342 19200300 100 1 1 */ +-&(nid_objs[459]),/* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ +-&(nid_objs[460]),/* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ +-&(nid_objs[461]),/* OBJ_info 0 9 2342 19200300 100 1 4 */ +-&(nid_objs[462]),/* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ +-&(nid_objs[463]),/* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ +-&(nid_objs[464]),/* OBJ_photo 0 9 2342 19200300 100 1 7 */ +-&(nid_objs[465]),/* OBJ_userClass 0 9 2342 19200300 100 1 8 */ +-&(nid_objs[466]),/* OBJ_host 0 9 2342 19200300 100 1 9 */ +-&(nid_objs[467]),/* OBJ_manager 0 9 2342 19200300 100 1 10 */ +-&(nid_objs[468]),/* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ +-&(nid_objs[469]),/* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ +-&(nid_objs[470]),/* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ +-&(nid_objs[471]),/* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ +-&(nid_objs[472]),/* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ +-&(nid_objs[473]),/* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ +-&(nid_objs[474]),/* OBJ_secretary 0 9 2342 19200300 100 1 21 */ +-&(nid_objs[475]),/* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ +-&(nid_objs[476]),/* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ +-&(nid_objs[477]),/* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ +-&(nid_objs[391]),/* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ +-&(nid_objs[478]),/* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ +-&(nid_objs[479]),/* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ +-&(nid_objs[480]),/* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ +-&(nid_objs[481]),/* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ +-&(nid_objs[482]),/* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ +-&(nid_objs[483]),/* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ +-&(nid_objs[484]),/* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ +-&(nid_objs[485]),/* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ +-&(nid_objs[486]),/* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ +-&(nid_objs[487]),/* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ +-&(nid_objs[488]),/* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ +-&(nid_objs[489]),/* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ +-&(nid_objs[490]),/* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ +-&(nid_objs[491]),/* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ +-&(nid_objs[492]),/* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ +-&(nid_objs[493]),/* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ +-&(nid_objs[494]),/* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ +-&(nid_objs[495]),/* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ +-&(nid_objs[496]),/* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ +-&(nid_objs[497]),/* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ +-&(nid_objs[498]),/* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ +-&(nid_objs[499]),/* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ +-&(nid_objs[500]),/* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ +-&(nid_objs[501]),/* OBJ_audio 0 9 2342 19200300 100 1 55 */ +-&(nid_objs[502]),/* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ +-&(nid_objs[442]),/* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ +-&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ +-&(nid_objs[444]),/* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ +-&(nid_objs[445]),/* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ +-&(nid_objs[446]),/* OBJ_account 0 9 2342 19200300 100 4 5 */ +-&(nid_objs[447]),/* OBJ_document 0 9 2342 19200300 100 4 6 */ +-&(nid_objs[448]),/* OBJ_room 0 9 2342 19200300 100 4 7 */ +-&(nid_objs[449]),/* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ +-&(nid_objs[392]),/* OBJ_Domain 0 9 2342 19200300 100 4 13 */ +-&(nid_objs[450]),/* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ +-&(nid_objs[451]),/* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ +-&(nid_objs[452]),/* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ +-&(nid_objs[453]),/* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ +-&(nid_objs[454]),/* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ +-&(nid_objs[455]),/* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ +-&(nid_objs[456]),/* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ +-&(nid_objs[457]),/* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ +-&(nid_objs[189]),/* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ +-&(nid_objs[190]),/* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ +-&(nid_objs[191]),/* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ +-&(nid_objs[192]),/* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ +-&(nid_objs[193]),/* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ +-&(nid_objs[194]),/* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ +-&(nid_objs[195]),/* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ +-&(nid_objs[158]),/* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ +-&(nid_objs[159]),/* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ +-&(nid_objs[160]),/* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ +-&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ +-&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ +-&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ +-&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ +-&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ +-&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ +-&(nid_objs[171]),/* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ +-&(nid_objs[134]),/* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ +-&(nid_objs[135]),/* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ +-&(nid_objs[136]),/* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ +-&(nid_objs[137]),/* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ +-&(nid_objs[138]),/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ +-&(nid_objs[648]),/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ +-&(nid_objs[649]),/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ +-&(nid_objs[751]),/* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ +-&(nid_objs[752]),/* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ +-&(nid_objs[753]),/* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ +-&(nid_objs[196]),/* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ +-&(nid_objs[197]),/* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ +-&(nid_objs[198]),/* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ +-&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ +-&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ +-&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ +-&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ +-&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ +-&(nid_objs[204]),/* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ +-&(nid_objs[205]),/* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ +-&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ +-&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ +-&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ +-&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ +-&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ +-&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ +-&(nid_objs[786]),/* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ +-&(nid_objs[787]),/* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ +-&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ +-&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ +-&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ +-&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ +-&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ +-&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ +-&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ +-&(nid_objs[219]),/* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ +-&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ +-&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ +-&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ +-&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ +-&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ +-&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ +-&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ +-&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ +-&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ +-&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ +-&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ +-&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ +-&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ +-&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ +-&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ +-&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ +-&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ +-&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ +-&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ +-&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ +-&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ +-&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ +-&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ +-&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ +-&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ +-&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ +-&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ +-&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ +-&(nid_objs[125]),/* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ +-&(nid_objs[248]),/* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ +-&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ +-&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ +-&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ +-&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ +-&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ +-&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ +-&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ +-&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ +-&(nid_objs[150]),/* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ +-&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ +-&(nid_objs[152]),/* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ +-&(nid_objs[153]),/* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ +-&(nid_objs[154]),/* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ +-&(nid_objs[155]),/* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ +-&(nid_objs[34]),/* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ ++static const unsigned int obj_objs[NUM_OBJ]={ ++ 0, /* OBJ_undef 0 */ ++181, /* OBJ_iso 1 */ ++393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ ++404, /* OBJ_ccitt OBJ_itu_t */ ++645, /* OBJ_itu_t 0 */ ++646, /* OBJ_joint_iso_itu_t 2 */ ++434, /* OBJ_data 0 9 */ ++182, /* OBJ_member_body 1 2 */ ++379, /* OBJ_org 1 3 */ ++676, /* OBJ_identified_organization 1 3 */ ++11, /* OBJ_X500 2 5 */ ++647, /* OBJ_international_organizations 2 23 */ ++380, /* OBJ_dod 1 3 6 */ ++12, /* OBJ_X509 2 5 4 */ ++378, /* OBJ_X500algorithms 2 5 8 */ ++81, /* OBJ_id_ce 2 5 29 */ ++512, /* OBJ_id_set 2 23 42 */ ++678, /* OBJ_wap 2 23 43 */ ++435, /* OBJ_pss 0 9 2342 */ ++183, /* OBJ_ISO_US 1 2 840 */ ++381, /* OBJ_iana 1 3 6 1 */ ++677, /* OBJ_certicom_arc 1 3 132 */ ++394, /* OBJ_selected_attribute_types 2 5 1 5 */ ++13, /* OBJ_commonName 2 5 4 3 */ ++100, /* OBJ_surname 2 5 4 4 */ ++105, /* OBJ_serialNumber 2 5 4 5 */ ++14, /* OBJ_countryName 2 5 4 6 */ ++15, /* OBJ_localityName 2 5 4 7 */ ++16, /* OBJ_stateOrProvinceName 2 5 4 8 */ ++660, /* OBJ_streetAddress 2 5 4 9 */ ++17, /* OBJ_organizationName 2 5 4 10 */ ++18, /* OBJ_organizationalUnitName 2 5 4 11 */ ++106, /* OBJ_title 2 5 4 12 */ ++107, /* OBJ_description 2 5 4 13 */ ++859, /* OBJ_searchGuide 2 5 4 14 */ ++860, /* OBJ_businessCategory 2 5 4 15 */ ++861, /* OBJ_postalAddress 2 5 4 16 */ ++661, /* OBJ_postalCode 2 5 4 17 */ ++862, /* OBJ_postOfficeBox 2 5 4 18 */ ++863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ ++864, /* OBJ_telephoneNumber 2 5 4 20 */ ++865, /* OBJ_telexNumber 2 5 4 21 */ ++866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */ ++867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */ ++868, /* OBJ_x121Address 2 5 4 24 */ ++869, /* OBJ_internationaliSDNNumber 2 5 4 25 */ ++870, /* OBJ_registeredAddress 2 5 4 26 */ ++871, /* OBJ_destinationIndicator 2 5 4 27 */ ++872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */ ++873, /* OBJ_presentationAddress 2 5 4 29 */ ++874, /* OBJ_supportedApplicationContext 2 5 4 30 */ ++875, /* OBJ_member 2 5 4 31 */ ++876, /* OBJ_owner 2 5 4 32 */ ++877, /* OBJ_roleOccupant 2 5 4 33 */ ++878, /* OBJ_seeAlso 2 5 4 34 */ ++879, /* OBJ_userPassword 2 5 4 35 */ ++880, /* OBJ_userCertificate 2 5 4 36 */ ++881, /* OBJ_cACertificate 2 5 4 37 */ ++882, /* OBJ_authorityRevocationList 2 5 4 38 */ ++883, /* OBJ_certificateRevocationList 2 5 4 39 */ ++884, /* OBJ_crossCertificatePair 2 5 4 40 */ ++173, /* OBJ_name 2 5 4 41 */ ++99, /* OBJ_givenName 2 5 4 42 */ ++101, /* OBJ_initials 2 5 4 43 */ ++509, /* OBJ_generationQualifier 2 5 4 44 */ ++503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */ ++174, /* OBJ_dnQualifier 2 5 4 46 */ ++885, /* OBJ_enhancedSearchGuide 2 5 4 47 */ ++886, /* OBJ_protocolInformation 2 5 4 48 */ ++887, /* OBJ_distinguishedName 2 5 4 49 */ ++888, /* OBJ_uniqueMember 2 5 4 50 */ ++889, /* OBJ_houseIdentifier 2 5 4 51 */ ++890, /* OBJ_supportedAlgorithms 2 5 4 52 */ ++891, /* OBJ_deltaRevocationList 2 5 4 53 */ ++892, /* OBJ_dmdName 2 5 4 54 */ ++510, /* OBJ_pseudonym 2 5 4 65 */ ++400, /* OBJ_role 2 5 4 72 */ ++769, /* OBJ_subject_directory_attributes 2 5 29 9 */ ++82, /* OBJ_subject_key_identifier 2 5 29 14 */ ++83, /* OBJ_key_usage 2 5 29 15 */ ++84, /* OBJ_private_key_usage_period 2 5 29 16 */ ++85, /* OBJ_subject_alt_name 2 5 29 17 */ ++86, /* OBJ_issuer_alt_name 2 5 29 18 */ ++87, /* OBJ_basic_constraints 2 5 29 19 */ ++88, /* OBJ_crl_number 2 5 29 20 */ ++141, /* OBJ_crl_reason 2 5 29 21 */ ++430, /* OBJ_hold_instruction_code 2 5 29 23 */ ++142, /* OBJ_invalidity_date 2 5 29 24 */ ++140, /* OBJ_delta_crl 2 5 29 27 */ ++770, /* OBJ_issuing_distribution_point 2 5 29 28 */ ++771, /* OBJ_certificate_issuer 2 5 29 29 */ ++666, /* OBJ_name_constraints 2 5 29 30 */ ++103, /* OBJ_crl_distribution_points 2 5 29 31 */ ++89, /* OBJ_certificate_policies 2 5 29 32 */ ++747, /* OBJ_policy_mappings 2 5 29 33 */ ++90, /* OBJ_authority_key_identifier 2 5 29 35 */ ++401, /* OBJ_policy_constraints 2 5 29 36 */ ++126, /* OBJ_ext_key_usage 2 5 29 37 */ ++857, /* OBJ_freshest_crl 2 5 29 46 */ ++748, /* OBJ_inhibit_any_policy 2 5 29 54 */ ++402, /* OBJ_target_information 2 5 29 55 */ ++403, /* OBJ_no_rev_avail 2 5 29 56 */ ++513, /* OBJ_set_ctype 2 23 42 0 */ ++514, /* OBJ_set_msgExt 2 23 42 1 */ ++515, /* OBJ_set_attr 2 23 42 3 */ ++516, /* OBJ_set_policy 2 23 42 5 */ ++517, /* OBJ_set_certExt 2 23 42 7 */ ++518, /* OBJ_set_brand 2 23 42 8 */ ++679, /* OBJ_wap_wsg 2 23 43 1 */ ++382, /* OBJ_Directory 1 3 6 1 1 */ ++383, /* OBJ_Management 1 3 6 1 2 */ ++384, /* OBJ_Experimental 1 3 6 1 3 */ ++385, /* OBJ_Private 1 3 6 1 4 */ ++386, /* OBJ_Security 1 3 6 1 5 */ ++387, /* OBJ_SNMPv2 1 3 6 1 6 */ ++388, /* OBJ_Mail 1 3 6 1 7 */ ++376, /* OBJ_algorithm 1 3 14 3 2 */ ++395, /* OBJ_clearance 2 5 1 5 55 */ ++19, /* OBJ_rsa 2 5 8 1 1 */ ++96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */ ++95, /* OBJ_mdc2 2 5 8 3 101 */ ++746, /* OBJ_any_policy 2 5 29 32 0 */ ++910, /* OBJ_anyExtendedKeyUsage 2 5 29 37 0 */ ++519, /* OBJ_setct_PANData 2 23 42 0 0 */ ++520, /* OBJ_setct_PANToken 2 23 42 0 1 */ ++521, /* OBJ_setct_PANOnly 2 23 42 0 2 */ ++522, /* OBJ_setct_OIData 2 23 42 0 3 */ ++523, /* OBJ_setct_PI 2 23 42 0 4 */ ++524, /* OBJ_setct_PIData 2 23 42 0 5 */ ++525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ ++526, /* OBJ_setct_HODInput 2 23 42 0 7 */ ++527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ ++528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ ++529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ ++530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ ++531, /* OBJ_setct_PInitResData 2 23 42 0 12 */ ++532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */ ++533, /* OBJ_setct_PResData 2 23 42 0 14 */ ++534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ ++535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */ ++536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ ++537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ ++538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */ ++539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ ++540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ ++541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ ++542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */ ++543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ ++544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */ ++545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ ++546, /* OBJ_setct_CapResData 2 23 42 0 28 */ ++547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ ++548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ ++549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */ ++550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */ ++551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ ++552, /* OBJ_setct_CredResData 2 23 42 0 34 */ ++553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ ++554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ ++555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */ ++556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */ ++557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */ ++558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ ++559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ ++560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ ++561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ ++562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ ++563, /* OBJ_setct_CertReqData 2 23 42 0 45 */ ++564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */ ++565, /* OBJ_setct_CertResData 2 23 42 0 47 */ ++566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ ++567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */ ++568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ ++569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ ++570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ ++571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */ ++572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ ++573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ ++574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ ++575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ ++576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ ++577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ ++578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ ++579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ ++580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */ ++581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ ++582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */ ++583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ ++584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ ++585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ ++586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */ ++587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ ++588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */ ++589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ ++590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ ++591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ ++592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ ++593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ ++594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ ++595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */ ++596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ ++597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */ ++598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ ++599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ ++600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ ++601, /* OBJ_setext_genCrypt 2 23 42 1 1 */ ++602, /* OBJ_setext_miAuth 2 23 42 1 3 */ ++603, /* OBJ_setext_pinSecure 2 23 42 1 4 */ ++604, /* OBJ_setext_pinAny 2 23 42 1 5 */ ++605, /* OBJ_setext_track2 2 23 42 1 7 */ ++606, /* OBJ_setext_cv 2 23 42 1 8 */ ++620, /* OBJ_setAttr_Cert 2 23 42 3 0 */ ++621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ ++622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */ ++623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */ ++607, /* OBJ_set_policy_root 2 23 42 5 0 */ ++608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */ ++609, /* OBJ_setCext_certType 2 23 42 7 1 */ ++610, /* OBJ_setCext_merchData 2 23 42 7 2 */ ++611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */ ++612, /* OBJ_setCext_tunneling 2 23 42 7 4 */ ++613, /* OBJ_setCext_setExt 2 23 42 7 5 */ ++614, /* OBJ_setCext_setQualf 2 23 42 7 6 */ ++615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ ++616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ ++617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */ ++618, /* OBJ_setCext_TokenType 2 23 42 7 10 */ ++619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ ++636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ ++640, /* OBJ_set_brand_Visa 2 23 42 8 4 */ ++641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */ ++637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ ++638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ ++639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ ++805, /* OBJ_cryptopro 1 2 643 2 2 */ ++806, /* OBJ_cryptocom 1 2 643 2 9 */ ++184, /* OBJ_X9_57 1 2 840 10040 */ ++405, /* OBJ_ansi_X9_62 1 2 840 10045 */ ++389, /* OBJ_Enterprises 1 3 6 1 4 1 */ ++504, /* OBJ_mime_mhs 1 3 6 1 7 1 */ ++104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */ ++29, /* OBJ_des_ecb 1 3 14 3 2 6 */ ++31, /* OBJ_des_cbc 1 3 14 3 2 7 */ ++45, /* OBJ_des_ofb64 1 3 14 3 2 8 */ ++30, /* OBJ_des_cfb64 1 3 14 3 2 9 */ ++377, /* OBJ_rsaSignature 1 3 14 3 2 11 */ ++67, /* OBJ_dsa_2 1 3 14 3 2 12 */ ++66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */ ++42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ ++32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */ ++41, /* OBJ_sha 1 3 14 3 2 18 */ ++64, /* OBJ_sha1 1 3 14 3 2 26 */ ++70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ ++115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ ++117, /* OBJ_ripemd160 1 3 36 3 2 1 */ ++143, /* OBJ_sxnet 1 3 101 1 4 1 */ ++721, /* OBJ_sect163k1 1 3 132 0 1 */ ++722, /* OBJ_sect163r1 1 3 132 0 2 */ ++728, /* OBJ_sect239k1 1 3 132 0 3 */ ++717, /* OBJ_sect113r1 1 3 132 0 4 */ ++718, /* OBJ_sect113r2 1 3 132 0 5 */ ++704, /* OBJ_secp112r1 1 3 132 0 6 */ ++705, /* OBJ_secp112r2 1 3 132 0 7 */ ++709, /* OBJ_secp160r1 1 3 132 0 8 */ ++708, /* OBJ_secp160k1 1 3 132 0 9 */ ++714, /* OBJ_secp256k1 1 3 132 0 10 */ ++723, /* OBJ_sect163r2 1 3 132 0 15 */ ++729, /* OBJ_sect283k1 1 3 132 0 16 */ ++730, /* OBJ_sect283r1 1 3 132 0 17 */ ++719, /* OBJ_sect131r1 1 3 132 0 22 */ ++720, /* OBJ_sect131r2 1 3 132 0 23 */ ++724, /* OBJ_sect193r1 1 3 132 0 24 */ ++725, /* OBJ_sect193r2 1 3 132 0 25 */ ++726, /* OBJ_sect233k1 1 3 132 0 26 */ ++727, /* OBJ_sect233r1 1 3 132 0 27 */ ++706, /* OBJ_secp128r1 1 3 132 0 28 */ ++707, /* OBJ_secp128r2 1 3 132 0 29 */ ++710, /* OBJ_secp160r2 1 3 132 0 30 */ ++711, /* OBJ_secp192k1 1 3 132 0 31 */ ++712, /* OBJ_secp224k1 1 3 132 0 32 */ ++713, /* OBJ_secp224r1 1 3 132 0 33 */ ++715, /* OBJ_secp384r1 1 3 132 0 34 */ ++716, /* OBJ_secp521r1 1 3 132 0 35 */ ++731, /* OBJ_sect409k1 1 3 132 0 36 */ ++732, /* OBJ_sect409r1 1 3 132 0 37 */ ++733, /* OBJ_sect571k1 1 3 132 0 38 */ ++734, /* OBJ_sect571r1 1 3 132 0 39 */ ++624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ ++625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ ++626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ ++627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ ++628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ ++629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ ++630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ ++642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */ ++735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ ++736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ ++737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ ++738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ ++739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ ++740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ ++741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ ++742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ ++743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ ++744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ ++745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ ++804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ ++124, /* OBJ_rle_compression 1 1 1 1 666 1 */ ++773, /* OBJ_kisa 1 2 410 200004 */ ++807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ ++808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ ++809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ ++810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ ++811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ ++812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ ++813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ ++815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ ++816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ ++817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ ++818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ ++ 1, /* OBJ_rsadsi 1 2 840 113549 */ ++185, /* OBJ_X9cm 1 2 840 10040 4 */ ++127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ ++505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ ++506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ ++119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ ++937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ ++938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ ++939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ ++940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */ ++942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */ ++943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ ++944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ ++945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ ++631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ ++632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ ++633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ ++634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ ++635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ ++436, /* OBJ_ucl 0 9 2342 19200300 */ ++820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ ++819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ ++845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ ++846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ ++847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ ++848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ ++821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ ++822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ ++823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ ++824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ ++825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ ++826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ ++827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ ++828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ ++829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ ++830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ ++831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ ++832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ ++833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ ++834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ ++835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ ++836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ ++837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ ++838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ ++839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ ++840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ ++841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ ++842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ ++843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ ++844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ ++ 2, /* OBJ_pkcs 1 2 840 113549 1 */ ++431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ ++432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ ++433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ ++116, /* OBJ_dsa 1 2 840 10040 4 1 */ ++113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ ++406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ ++407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ ++408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ ++416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ ++791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ ++792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ ++920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */ ++258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ ++175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ ++259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ ++128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */ ++260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */ ++261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ ++262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */ ++263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ ++264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */ ++265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */ ++266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ ++267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ ++268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ ++662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ ++176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ ++507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ ++508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ ++57, /* OBJ_netscape 2 16 840 1 113730 */ ++754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ ++766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ ++757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ ++755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ ++767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ ++758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ ++756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ ++768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ ++759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ ++437, /* OBJ_pilot 0 9 2342 19200300 100 */ ++776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ ++777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ ++779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ ++778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */ ++852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ ++853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ ++850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ ++851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ ++849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ ++854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ ++186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ ++27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ ++187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ ++20, /* OBJ_pkcs7 1 2 840 113549 1 7 */ ++47, /* OBJ_pkcs9 1 2 840 113549 1 9 */ ++ 3, /* OBJ_md2 1 2 840 113549 2 2 */ ++257, /* OBJ_md4 1 2 840 113549 2 4 */ ++ 4, /* OBJ_md5 1 2 840 113549 2 5 */ ++797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ ++163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ ++798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ ++799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ ++800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ ++801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ ++37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ ++ 5, /* OBJ_rc4 1 2 840 113549 3 4 */ ++44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ ++120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */ ++643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */ ++680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ ++684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ ++685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ ++686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ ++687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ ++688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ ++689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ ++690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ ++691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ ++692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ ++693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ ++694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ ++695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ ++696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ ++697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ ++698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ ++699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ ++700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ ++701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ ++702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ ++703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ ++409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ ++410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ ++411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ ++412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ ++413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ ++414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ ++415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ ++793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ ++794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ ++795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ ++796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ ++269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ ++270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ ++271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ ++272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ ++273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ ++274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ ++275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ ++276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ ++277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ ++278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ ++279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ ++280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ ++281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ ++282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ ++283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ ++284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ ++177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ ++285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ ++286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ ++287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ ++288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ ++289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ ++290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ ++291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ ++292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ ++397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ ++398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ ++663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ ++164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ ++165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ ++293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ ++129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ ++130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ ++131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ ++132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ ++294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ ++295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ ++296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ ++133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ ++180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ ++297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ ++298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ ++299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ ++300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ ++301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ ++302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ ++303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ ++304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ ++305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ ++306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ ++307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ ++308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ ++309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ ++310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ ++311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ ++312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ ++784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ ++313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ ++314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ ++323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ ++324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ ++325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ ++326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ ++327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ ++328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ ++329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ ++330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ ++331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ ++332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ ++333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ ++334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ ++335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ ++336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ ++337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ ++338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ ++339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ ++340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ ++341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ ++342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ ++343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ ++344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ ++345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ ++346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ ++347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ ++858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ ++348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ ++349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ ++351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ ++352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ ++353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ ++354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ ++355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ ++356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ ++357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ ++358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ ++399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ ++359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ ++360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ ++361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ ++362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ ++664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ ++665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ ++667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ ++178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ ++179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ ++363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ ++364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ ++785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ ++780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ ++781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ ++58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ ++59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ ++438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ ++439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ ++440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ ++441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ ++108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ ++112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ ++782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ ++783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ ++ 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ ++ 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ ++396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ ++ 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ ++65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ ++644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ ++919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */ ++911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ ++935, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */ ++912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ ++668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ ++669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ ++670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ ++671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ ++28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ ++ 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ ++10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ ++168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ ++169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ ++170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ ++68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ ++69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ ++161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */ ++162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */ ++21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ ++22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ ++23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ ++24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ ++25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ ++26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ ++48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ ++49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ ++50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ ++51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ ++52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ ++53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ ++54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ ++55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ ++56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ ++172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */ ++167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ ++188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */ ++156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */ ++157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */ ++681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ ++682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ ++683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ ++417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ ++856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ ++390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ ++91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ ++315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ ++316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ ++317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ ++318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ ++319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ ++320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ ++321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ ++322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ ++365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ ++366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ ++367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ ++368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ ++369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ ++370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ ++371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ ++372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ ++373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ ++374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ ++375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ ++921, /* OBJ_brainpoolP160r1 1 3 36 3 3 2 8 1 1 1 */ ++922, /* OBJ_brainpoolP160t1 1 3 36 3 3 2 8 1 1 2 */ ++923, /* OBJ_brainpoolP192r1 1 3 36 3 3 2 8 1 1 3 */ ++924, /* OBJ_brainpoolP192t1 1 3 36 3 3 2 8 1 1 4 */ ++925, /* OBJ_brainpoolP224r1 1 3 36 3 3 2 8 1 1 5 */ ++926, /* OBJ_brainpoolP224t1 1 3 36 3 3 2 8 1 1 6 */ ++927, /* OBJ_brainpoolP256r1 1 3 36 3 3 2 8 1 1 7 */ ++928, /* OBJ_brainpoolP256t1 1 3 36 3 3 2 8 1 1 8 */ ++929, /* OBJ_brainpoolP320r1 1 3 36 3 3 2 8 1 1 9 */ ++930, /* OBJ_brainpoolP320t1 1 3 36 3 3 2 8 1 1 10 */ ++931, /* OBJ_brainpoolP384r1 1 3 36 3 3 2 8 1 1 11 */ ++932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */ ++933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */ ++934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */ ++936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */ ++941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */ ++418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ ++419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ ++420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ ++421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ ++788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ ++895, /* OBJ_aes_128_gcm 2 16 840 1 101 3 4 1 6 */ ++896, /* OBJ_aes_128_ccm 2 16 840 1 101 3 4 1 7 */ ++897, /* OBJ_id_aes128_wrap_pad 2 16 840 1 101 3 4 1 8 */ ++422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ ++423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ ++424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ ++425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ ++789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ ++898, /* OBJ_aes_192_gcm 2 16 840 1 101 3 4 1 26 */ ++899, /* OBJ_aes_192_ccm 2 16 840 1 101 3 4 1 27 */ ++900, /* OBJ_id_aes192_wrap_pad 2 16 840 1 101 3 4 1 28 */ ++426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ ++427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ ++428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ ++429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ ++790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ ++901, /* OBJ_aes_256_gcm 2 16 840 1 101 3 4 1 46 */ ++902, /* OBJ_aes_256_ccm 2 16 840 1 101 3 4 1 47 */ ++903, /* OBJ_id_aes256_wrap_pad 2 16 840 1 101 3 4 1 48 */ ++672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ ++673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ ++674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ ++675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ ++802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ ++803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ ++71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ ++72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ ++73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ ++74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ ++75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ ++76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ ++77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ ++78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ ++79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ ++139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ ++458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */ ++459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ ++460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ ++461, /* OBJ_info 0 9 2342 19200300 100 1 4 */ ++462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ ++463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ ++464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */ ++465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */ ++466, /* OBJ_host 0 9 2342 19200300 100 1 9 */ ++467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */ ++468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ ++469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ ++470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ ++471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ ++472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ ++473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ ++474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */ ++475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ ++476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ ++477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ ++391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ ++478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ ++479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ ++480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ ++481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ ++482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ ++483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ ++484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ ++485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ ++486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ ++487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ ++488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ ++489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ ++490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ ++491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ ++492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ ++493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ ++494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ ++495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ ++496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ ++497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ ++498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ ++499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ ++500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ ++501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */ ++502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ ++442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ ++443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ ++444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ ++445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ ++446, /* OBJ_account 0 9 2342 19200300 100 4 5 */ ++447, /* OBJ_document 0 9 2342 19200300 100 4 6 */ ++448, /* OBJ_room 0 9 2342 19200300 100 4 7 */ ++449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ ++392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */ ++450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ ++451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ ++452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ ++453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ ++454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ ++455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ ++456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ ++457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ ++189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ ++190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ ++191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ ++192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ ++193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ ++194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ ++195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ ++158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ ++159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ ++160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ ++144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ ++145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ ++146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ ++147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ ++148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ ++149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ ++171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ ++134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ ++135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ ++136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ ++137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ ++138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ ++648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ ++649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ ++951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ ++952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ ++953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ ++954, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */ ++751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ ++752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ ++753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ ++907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */ ++908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */ ++909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */ ++196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ ++197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ ++198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ ++199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ ++200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ ++201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ ++202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ ++203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ ++204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ ++205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ ++206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ ++207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ ++208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ ++209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ ++210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ ++211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ ++786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ ++787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ ++212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ ++213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ ++214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ ++215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ ++216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ ++217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ ++218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ ++219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ ++220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ ++221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ ++222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ ++223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ ++224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ ++225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ ++226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ ++227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ ++228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ ++229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ ++230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ ++231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ ++232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ ++233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ ++234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ ++235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ ++236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ ++237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ ++238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ ++239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ ++240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ ++241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ ++242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ ++243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ ++244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ ++245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ ++246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ ++247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ ++125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ ++893, /* OBJ_id_alg_PWRI_KEK 1 2 840 113549 1 9 16 3 9 */ ++248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ ++249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ ++250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ ++251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ ++252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ ++253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ ++254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ ++255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ ++256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ ++150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ ++151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ ++152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ ++153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ ++154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ ++155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ ++34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ ++955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */ ++956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */ ++957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */ + }; + +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c +index 75321ec..238aaa5 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_err.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_err.c +@@ -1,6 +1,6 @@ + /* crypto/objects/obj_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c +index 0687602..8851baf 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c +@@ -66,7 +66,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) + { + ASN1_OBJECT *r; + int i; +- char *ln = NULL; ++ char *ln = NULL, *sn = NULL; ++ unsigned char *data = NULL; + + if (o == NULL) + return (NULL); +@@ -79,30 +80,32 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) + OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB); + return (NULL); + } +- r->data = OPENSSL_malloc(o->length); +- if (r->data == NULL) ++ data = OPENSSL_malloc(o->length); ++ if (data == NULL) + goto err; + if (o->data != NULL) +- memcpy(r->data, o->data, o->length); ++ memcpy(data, o->data, o->length); ++ /* once data attached to object it remains const */ ++ r->data = data; + r->length = o->length; + r->nid = o->nid; + r->ln = r->sn = NULL; + if (o->ln != NULL) { + i = strlen(o->ln) + 1; +- r->ln = ln = OPENSSL_malloc(i); +- if (r->ln == NULL) ++ ln = OPENSSL_malloc(i); ++ if (ln == NULL) + goto err; + memcpy(ln, o->ln, i); ++ r->ln = ln; + } + + if (o->sn != NULL) { +- char *s; +- + i = strlen(o->sn) + 1; +- r->sn = s = OPENSSL_malloc(i); +- if (r->sn == NULL) ++ sn = OPENSSL_malloc(i); ++ if (sn == NULL) + goto err; +- memcpy(s, o->sn, i); ++ memcpy(sn, o->sn, i); ++ r->sn = sn; + } + r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | + ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | +@@ -110,13 +113,14 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) + return (r); + err: + OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE); +- if (r != NULL) { +- if (ln != NULL) +- OPENSSL_free(ln); +- if (r->data != NULL) +- OPENSSL_free(r->data); ++ if (ln != NULL) ++ OPENSSL_free(ln); ++ if (sn != NULL) ++ OPENSSL_free(sn); ++ if (data != NULL) ++ OPENSSL_free(data); ++ if (r != NULL) + OPENSSL_free(r); +- } + return (NULL); + } + +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_xref.c b/Cryptlib/OpenSSL/crypto/objects/obj_xref.c +new file mode 100644 +index 0000000..97b305d +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_xref.c +@@ -0,0 +1,222 @@ ++/* crypto/objects/obj_xref.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "obj_xref.h" ++ ++DECLARE_STACK_OF(nid_triple) ++STACK_OF(nid_triple) *sig_app, *sigx_app; ++ ++static int sig_cmp(const nid_triple *a, const nid_triple *b) ++{ ++ return a->sign_id - b->sign_id; ++} ++ ++DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig); ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig); ++ ++static int sig_sk_cmp(const nid_triple *const *a, const nid_triple *const *b) ++{ ++ return (*a)->sign_id - (*b)->sign_id; ++} ++ ++DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx); ++ ++static int sigx_cmp(const nid_triple *const *a, const nid_triple *const *b) ++{ ++ int ret; ++ ret = (*a)->hash_id - (*b)->hash_id; ++ if (ret) ++ return ret; ++ return (*a)->pkey_id - (*b)->pkey_id; ++} ++ ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx); ++ ++int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) ++{ ++ nid_triple tmp; ++ const nid_triple *rv = NULL; ++ tmp.sign_id = signid; ++ ++ if (sig_app) { ++ int idx = sk_nid_triple_find(sig_app, &tmp); ++ if (idx >= 0) ++ rv = sk_nid_triple_value(sig_app, idx); ++ } ++#ifndef OBJ_XREF_TEST2 ++ if (rv == NULL) { ++ rv = OBJ_bsearch_sig(&tmp, sigoid_srt, ++ sizeof(sigoid_srt) / sizeof(nid_triple)); ++ } ++#endif ++ if (rv == NULL) ++ return 0; ++ if (pdig_nid) ++ *pdig_nid = rv->hash_id; ++ if (ppkey_nid) ++ *ppkey_nid = rv->pkey_id; ++ return 1; ++} ++ ++int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) ++{ ++ nid_triple tmp; ++ const nid_triple *t = &tmp; ++ const nid_triple **rv = NULL; ++ ++ tmp.hash_id = dig_nid; ++ tmp.pkey_id = pkey_nid; ++ ++ if (sigx_app) { ++ int idx = sk_nid_triple_find(sigx_app, &tmp); ++ if (idx >= 0) { ++ t = sk_nid_triple_value(sigx_app, idx); ++ rv = &t; ++ } ++ } ++#ifndef OBJ_XREF_TEST2 ++ if (rv == NULL) { ++ rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, ++ sizeof(sigoid_srt_xref) / sizeof(nid_triple *) ++ ); ++ } ++#endif ++ if (rv == NULL) ++ return 0; ++ if (psignid) ++ *psignid = (*rv)->sign_id; ++ return 1; ++} ++ ++int OBJ_add_sigid(int signid, int dig_id, int pkey_id) ++{ ++ nid_triple *ntr; ++ if (!sig_app) ++ sig_app = sk_nid_triple_new(sig_sk_cmp); ++ if (!sig_app) ++ return 0; ++ if (!sigx_app) ++ sigx_app = sk_nid_triple_new(sigx_cmp); ++ if (!sigx_app) ++ return 0; ++ ntr = OPENSSL_malloc(sizeof(int) * 3); ++ if (!ntr) ++ return 0; ++ ntr->sign_id = signid; ++ ntr->hash_id = dig_id; ++ ntr->pkey_id = pkey_id; ++ ++ if (!sk_nid_triple_push(sig_app, ntr)) { ++ OPENSSL_free(ntr); ++ return 0; ++ } ++ ++ if (!sk_nid_triple_push(sigx_app, ntr)) ++ return 0; ++ ++ sk_nid_triple_sort(sig_app); ++ sk_nid_triple_sort(sigx_app); ++ ++ return 1; ++} ++ ++static void sid_free(nid_triple *tt) ++{ ++ OPENSSL_free(tt); ++} ++ ++void OBJ_sigid_free(void) ++{ ++ if (sig_app) { ++ sk_nid_triple_pop_free(sig_app, sid_free); ++ sig_app = NULL; ++ } ++ if (sigx_app) { ++ sk_nid_triple_free(sigx_app); ++ sigx_app = NULL; ++ } ++} ++ ++#ifdef OBJ_XREF_TEST ++ ++main() ++{ ++ int n1, n2, n3; ++ ++ int i, rv; ++# ifdef OBJ_XREF_TEST2 ++ for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { ++ OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]); ++ } ++# endif ++ ++ for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { ++ n1 = sigoid_srt[i][0]; ++ rv = OBJ_find_sigid_algs(n1, &n2, &n3); ++ printf("Forward: %d, %s %s %s\n", rv, ++ OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); ++ n1 = 0; ++ rv = OBJ_find_sigid_by_algs(&n1, n2, n3); ++ printf("Reverse: %d, %s %s %s\n", rv, ++ OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); ++ } ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_xref.h b/Cryptlib/OpenSSL/crypto/objects/obj_xref.h +new file mode 100644 +index 0000000..e453e99 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_xref.h +@@ -0,0 +1,99 @@ ++/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ ++ ++typedef struct { ++ int sign_id; ++ int hash_id; ++ int pkey_id; ++} nid_triple; ++ ++static const nid_triple sigoid_srt[] = { ++ {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, ++ {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, ++ {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, ++ {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, ++ {NID_dsaWithSHA, NID_sha, NID_dsa}, ++ {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, ++ {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, ++ {NID_md5WithRSA, NID_md5, NID_rsa}, ++ {NID_dsaWithSHA1, NID_sha1, NID_dsa}, ++ {NID_sha1WithRSA, NID_sha1, NID_rsa}, ++ {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, ++ {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, ++ {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, ++ {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, ++ {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, ++ {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, ++ {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, ++ {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, ++ {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, ++ {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, ++ {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, ++ {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, ++ {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, ++ {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, ++ {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, ++ {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, ++ NID_id_GostR3410_2001}, ++ {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, ++ NID_id_GostR3410_94}, ++ {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, ++ NID_id_GostR3410_94_cc}, ++ {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, ++ NID_id_GostR3410_2001_cc}, ++ {NID_rsassaPss, NID_undef, NID_rsaEncryption}, ++ {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf}, ++ {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf}, ++ {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf}, ++ {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf}, ++ {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf}, ++ {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, ++ NID_dh_cofactor_kdf}, ++ {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, ++ NID_dh_cofactor_kdf}, ++ {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, ++ NID_dh_cofactor_kdf}, ++ {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, ++ NID_dh_cofactor_kdf}, ++ {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, ++ NID_dh_cofactor_kdf}, ++}; ++ ++static const nid_triple *const sigoid_srt_xref[] = { ++ &sigoid_srt[0], ++ &sigoid_srt[1], ++ &sigoid_srt[7], ++ &sigoid_srt[2], ++ &sigoid_srt[4], ++ &sigoid_srt[3], ++ &sigoid_srt[9], ++ &sigoid_srt[5], ++ &sigoid_srt[8], ++ &sigoid_srt[12], ++ &sigoid_srt[30], ++ &sigoid_srt[35], ++ &sigoid_srt[6], ++ &sigoid_srt[10], ++ &sigoid_srt[11], ++ &sigoid_srt[13], ++ &sigoid_srt[24], ++ &sigoid_srt[20], ++ &sigoid_srt[32], ++ &sigoid_srt[37], ++ &sigoid_srt[14], ++ &sigoid_srt[21], ++ &sigoid_srt[33], ++ &sigoid_srt[38], ++ &sigoid_srt[15], ++ &sigoid_srt[22], ++ &sigoid_srt[34], ++ &sigoid_srt[39], ++ &sigoid_srt[16], ++ &sigoid_srt[23], ++ &sigoid_srt[19], ++ &sigoid_srt[31], ++ &sigoid_srt[36], ++ &sigoid_srt[25], ++ &sigoid_srt[26], ++ &sigoid_srt[27], ++ &sigoid_srt[28], ++}; +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c +index bbb1830..b3612c8 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c +@@ -162,8 +162,6 @@ int OCSP_request_sign(OCSP_REQUEST *req, + + if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) + goto err; +- if (!dgst) +- dgst = EVP_sha1(); + if (key) { + if (!X509_check_private_key(signer, key)) { + OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c +index 0bbf71f..722043c 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c +@@ -1,6 +1,6 @@ + /* crypto/ocsp/ocsp_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[] = { + {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, + {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, + {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, ++ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, + {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, + {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, + {0, NULL} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c +index e341cae..c19648c 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c +@@ -287,7 +287,7 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) + } + + /* also CRL Entry Extensions */ +- ++#if 0 + ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, + void *data, STACK_OF(ASN1_OBJECT) *sk) + { +@@ -329,6 +329,7 @@ ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, + OPENSSL_free(b); + return NULL; + } ++#endif + + /* Nonce handling functions */ + +@@ -360,8 +361,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, + ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); + if (val) + memcpy(tmpval, val, len); +- else +- RAND_pseudo_bytes(tmpval, len); ++ else if (RAND_pseudo_bytes(tmpval, len) < 0) ++ goto err; + if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, + &os, 0, X509V3_ADD_REPLACE)) + goto err; +@@ -476,21 +477,11 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) + if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) + goto err; + } +- if (!(x = X509_EXTENSION_new())) +- goto err; +- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) +- goto err; +- if (!(ASN1_STRING_encode_of(OCSP_CRLID, x->value, i2d_OCSP_CRLID, cid, +- NULL))) +- goto err; +- OCSP_CRLID_free(cid); +- return x; ++ x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); + err: +- if (x) +- X509_EXTENSION_free(x); + if (cid) + OCSP_CRLID_free(cid); +- return NULL; ++ return x; + } + + /* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ +@@ -508,21 +499,11 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) + sk_ASN1_OBJECT_push(sk, o); + oids++; + } +- if (!(x = X509_EXTENSION_new())) +- goto err; +- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) +- goto err; +- if (!(ASN1_STRING_encode_of(ASN1_OBJECT, x->value, i2d_ASN1_OBJECT, NULL, +- sk))) +- goto err; +- sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); +- return x; ++ x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); + err: +- if (x) +- X509_EXTENSION_free(x); + if (sk) + sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); +- return NULL; ++ return x; + } + + /* ArchiveCutoff ::= GeneralizedTime */ +@@ -535,21 +516,11 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) + goto err; + if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) + goto err; +- if (!(x = X509_EXTENSION_new())) +- goto err; +- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff))) +- goto err; +- if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME, x->value, +- i2d_ASN1_GENERALIZEDTIME, gt, NULL))) +- goto err; +- ASN1_GENERALIZEDTIME_free(gt); +- return x; ++ x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); + err: + if (gt) + ASN1_GENERALIZEDTIME_free(gt); +- if (x) +- X509_EXTENSION_free(x); +- return NULL; ++ return x; + } + + /* +@@ -587,19 +558,9 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls) + goto err; + urls++; + } +- if (!(x = X509_EXTENSION_new())) +- goto err; +- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) +- goto err; +- if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC, x->value, +- i2d_OCSP_SERVICELOC, sloc, NULL))) +- goto err; +- OCSP_SERVICELOC_free(sloc); +- return x; ++ x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); + err: +- if (x) +- X509_EXTENSION_free(x); + if (sloc) + OCSP_SERVICELOC_free(sloc); +- return NULL; ++ return x; + } +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +index 6754642..88b26b3 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +@@ -81,9 +81,10 @@ struct ocsp_req_ctx_st { + BIO *io; /* BIO to perform I/O with */ + BIO *mem; /* Memory BIO response is built into */ + unsigned long asn1_len; /* ASN1 length of response */ ++ unsigned long max_resp_len; /* Maximum length of response */ + }; + +-#define OCSP_MAX_REQUEST_LENGTH (100 * 1024) ++#define OCSP_MAX_RESP_LENGTH (100 * 1024) + #define OCSP_MAX_LINE_LEN 4096; + + /* OCSP states */ +@@ -100,15 +101,42 @@ struct ocsp_req_ctx_st { + #define OHS_ASN1_HEADER 3 + /* OCSP content octets being read */ + #define OHS_ASN1_CONTENT 4 ++/* First call: ready to start I/O */ ++#define OHS_ASN1_WRITE_INIT (5 | OHS_NOREAD) + /* Request being sent */ + #define OHS_ASN1_WRITE (6 | OHS_NOREAD) + /* Request being flushed */ + #define OHS_ASN1_FLUSH (7 | OHS_NOREAD) + /* Completed */ + #define OHS_DONE (8 | OHS_NOREAD) ++/* Headers set, no final \r\n included */ ++#define OHS_HTTP_HEADER (9 | OHS_NOREAD) + + static int parse_http_line1(char *line); + ++OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline) ++{ ++ OCSP_REQ_CTX *rctx; ++ rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); ++ if (!rctx) ++ return NULL; ++ rctx->state = OHS_ERROR; ++ rctx->max_resp_len = OCSP_MAX_RESP_LENGTH; ++ rctx->mem = BIO_new(BIO_s_mem()); ++ rctx->io = io; ++ rctx->asn1_len = 0; ++ if (maxline > 0) ++ rctx->iobuflen = maxline; ++ else ++ rctx->iobuflen = OCSP_MAX_LINE_LEN; ++ rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); ++ if (!rctx->iobuf || !rctx->mem) { ++ OCSP_REQ_CTX_free(rctx); ++ return NULL; ++ } ++ return rctx; ++} ++ + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) + { + if (rctx->mem) +@@ -118,39 +146,110 @@ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) + OPENSSL_free(rctx); + } + +-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, +- int maxline) ++BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx) + { +- static char post_hdr[] = "POST %s HTTP/1.0\r\n" ++ return rctx->mem; ++} ++ ++void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len) ++{ ++ if (len == 0) ++ rctx->max_resp_len = OCSP_MAX_RESP_LENGTH; ++ else ++ rctx->max_resp_len = len; ++} ++ ++int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ASN1_VALUE *val) ++{ ++ static const char req_hdr[] = + "Content-Type: application/ocsp-request\r\n" + "Content-Length: %d\r\n\r\n"; ++ int reqlen = ASN1_item_i2d(val, NULL, it); ++ if (BIO_printf(rctx->mem, req_hdr, reqlen) <= 0) ++ return 0; ++ if (ASN1_item_i2d_bio(it, rctx->mem, val) <= 0) ++ return 0; ++ rctx->state = OHS_ASN1_WRITE_INIT; ++ return 1; ++} + +- OCSP_REQ_CTX *rctx; +- rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); +- rctx->state = OHS_FIRSTLINE; +- rctx->mem = BIO_new(BIO_s_mem()); +- rctx->io = io; +- if (maxline > 0) +- rctx->iobuflen = maxline; +- else +- rctx->iobuflen = OCSP_MAX_LINE_LEN; +- rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); +- if (!path) +- path = "/"; ++int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ++ ASN1_VALUE **pval, const ASN1_ITEM *it) ++{ ++ int rv, len; ++ const unsigned char *p; ++ ++ rv = OCSP_REQ_CTX_nbio(rctx); ++ if (rv != 1) ++ return rv; + +- if (BIO_printf(rctx->mem, post_hdr, path, +- i2d_OCSP_REQUEST(req, NULL)) <= 0) { ++ len = BIO_get_mem_data(rctx->mem, &p); ++ *pval = ASN1_item_d2i(NULL, &p, len, it); ++ if (*pval == NULL) { + rctx->state = OHS_ERROR; + return 0; + } +- if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) { +- rctx->state = OHS_ERROR; ++ return 1; ++} ++ ++int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path) ++{ ++ static const char http_hdr[] = "%s %s HTTP/1.0\r\n"; ++ ++ if (!path) ++ path = "/"; ++ ++ if (BIO_printf(rctx->mem, http_hdr, op, path) <= 0) ++ return 0; ++ rctx->state = OHS_HTTP_HEADER; ++ return 1; ++} ++ ++int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req) ++{ ++ return OCSP_REQ_CTX_i2d(rctx, ASN1_ITEM_rptr(OCSP_REQUEST), ++ (ASN1_VALUE *)req); ++} ++ ++int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, ++ const char *name, const char *value) ++{ ++ if (!name) + return 0; ++ if (BIO_puts(rctx->mem, name) <= 0) ++ return 0; ++ if (value) { ++ if (BIO_write(rctx->mem, ": ", 2) != 2) ++ return 0; ++ if (BIO_puts(rctx->mem, value) <= 0) ++ return 0; + } +- rctx->state = OHS_ASN1_WRITE; +- rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); ++ if (BIO_write(rctx->mem, "\r\n", 2) != 2) ++ return 0; ++ rctx->state = OHS_HTTP_HEADER; ++ return 1; ++} ++ ++OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, ++ int maxline) ++{ ++ ++ OCSP_REQ_CTX *rctx = NULL; ++ rctx = OCSP_REQ_CTX_new(io, maxline); ++ if (!rctx) ++ return NULL; ++ ++ if (!OCSP_REQ_CTX_http(rctx, "POST", path)) ++ goto err; ++ ++ if (req && !OCSP_REQ_CTX_set1_req(rctx, req)) ++ goto err; + + return rctx; ++ ++ err: ++ OCSP_REQ_CTX_free(rctx); ++ return NULL; + } + + /* +@@ -224,7 +323,7 @@ static int parse_http_line1(char *line) + + } + +-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) ++int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx) + { + int i, n; + const unsigned char *p; +@@ -245,6 +344,17 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) + } + + switch (rctx->state) { ++ case OHS_HTTP_HEADER: ++ /* Last operation was adding headers: need a final \r\n */ ++ if (BIO_write(rctx->mem, "\r\n", 2) != 2) { ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ rctx->state = OHS_ASN1_WRITE_INIT; ++ ++ case OHS_ASN1_WRITE_INIT: ++ rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); ++ rctx->state = OHS_ASN1_WRITE; + + case OHS_ASN1_WRITE: + n = BIO_get_mem_data(rctx->mem, &p); +@@ -380,7 +490,7 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) + rctx->asn1_len |= *p++; + } + +- if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) { ++ if (rctx->asn1_len > rctx->max_resp_len) { + rctx->state = OHS_ERROR; + return 0; + } +@@ -394,18 +504,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) + /* Fall thru */ + + case OHS_ASN1_CONTENT: +- n = BIO_get_mem_data(rctx->mem, &p); ++ n = BIO_get_mem_data(rctx->mem, NULL); + if (n < (int)rctx->asn1_len) + goto next_io; + +- *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); +- if (*presp) { +- rctx->state = OHS_DONE; +- return 1; +- } +- +- rctx->state = OHS_ERROR; +- return 0; ++ rctx->state = OHS_DONE; ++ return 1; + + break; + +@@ -418,9 +522,16 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) + + } + ++int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) ++{ ++ return OCSP_REQ_CTX_nbio_d2i(rctx, ++ (ASN1_VALUE **)presp, ++ ASN1_ITEM_rptr(OCSP_RESPONSE)); ++} ++ + /* Blocking OCSP request handler: now a special case of non-blocking I/O */ + +-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) ++OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req) + { + OCSP_RESPONSE *resp = NULL; + OCSP_REQ_CTX *ctx; +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +index a6686e5..442a5b6 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +@@ -72,6 +72,7 @@ + #include + #include + #include ++#include + + /* Convert a certificate and its issuer to an OCSP_CERTID */ + +@@ -128,7 +129,8 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + goto err; + + /* Calculate the issuerKey hash, excluding tag and length */ +- EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL); ++ if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) ++ goto err; + + if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) + goto err; +@@ -173,7 +175,7 @@ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) + * whether it is SSL. + */ + +-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, ++int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl) + { + char *p, *buf; +@@ -284,3 +286,5 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, + return 0; + + } ++ ++IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID) +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c +index f618177..1834256 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c +@@ -87,21 +87,21 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) + + typedef struct { + long t; +- char *m; ++ const char *m; + } OCSP_TBLSTR; + +-static char *table2string(long s, OCSP_TBLSTR *ts, int len) ++static const char *table2string(long s, const OCSP_TBLSTR *ts, int len) + { +- OCSP_TBLSTR *p; ++ const OCSP_TBLSTR *p; + for (p = ts; p < ts + len; p++) + if (p->t == s) + return p->m; + return "(UNKNOWN)"; + } + +-char *OCSP_response_status_str(long s) ++const char *OCSP_response_status_str(long s) + { +- static OCSP_TBLSTR rstat_tbl[] = { ++ static const OCSP_TBLSTR rstat_tbl[] = { + {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"}, + {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"}, + {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"}, +@@ -112,9 +112,9 @@ char *OCSP_response_status_str(long s) + return table2string(s, rstat_tbl, 6); + } + +-char *OCSP_cert_status_str(long s) ++const char *OCSP_cert_status_str(long s) + { +- static OCSP_TBLSTR cstat_tbl[] = { ++ static const OCSP_TBLSTR cstat_tbl[] = { + {V_OCSP_CERTSTATUS_GOOD, "good"}, + {V_OCSP_CERTSTATUS_REVOKED, "revoked"}, + {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"} +@@ -122,9 +122,9 @@ char *OCSP_cert_status_str(long s) + return table2string(s, cstat_tbl, 3); + } + +-char *OCSP_crl_reason_str(long s) ++const char *OCSP_crl_reason_str(long s) + { +- OCSP_TBLSTR reason_tbl[] = { ++ static const OCSP_TBLSTR reason_tbl[] = { + {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"}, + {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"}, + {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"}, +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +index 726ea03..d4a257c 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +@@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + { + X509 *signer, *x; + STACK_OF(X509) *chain = NULL; ++ STACK_OF(X509) *untrusted = NULL; + X509_STORE_CTX ctx; + int i, ret = 0; + ret = ocsp_find_signer(&signer, bs, certs, st, flags); +@@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + } + if (!(flags & OCSP_NOVERIFY)) { + int init_res; +- if (flags & OCSP_NOCHAIN) +- init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); +- else +- init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); ++ if (flags & OCSP_NOCHAIN) { ++ untrusted = NULL; ++ } else if (bs->certs && certs) { ++ untrusted = sk_X509_dup(bs->certs); ++ for (i = 0; i < sk_X509_num(certs); i++) { ++ if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { ++ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ } ++ } else { ++ untrusted = bs->certs; ++ } ++ init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); + if (!init_res) { + ret = -1; + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); +@@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + end: + if (chain) + sk_X509_pop_free(chain, X509_free); ++ if (bs->certs && certs) ++ sk_X509_free(untrusted); + return ret; + } + +@@ -308,6 +321,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, + } + + mdlen = EVP_MD_size(dgst); ++ if (mdlen < 0) ++ return -1; + if ((cid->issuerNameHash->length != mdlen) || + (cid->issuerKeyHash->length != mdlen)) + return 0; +@@ -316,7 +331,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, + return -1; + if (memcmp(md, cid->issuerNameHash->data, mdlen)) + return 0; +- X509_pubkey_digest(cert, EVP_sha1(), md, NULL); ++ X509_pubkey_digest(cert, dgst, md, NULL); + if (memcmp(md, cid->issuerKeyHash->data, mdlen)) + return 0; + +@@ -424,8 +439,10 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, + X509 *signer; + if (!(flags & OCSP_NOINTERN)) { + signer = X509_find_by_subject(req->optionalSignature->certs, nm); +- *psigner = signer; +- return 1; ++ if (signer) { ++ *psigner = signer; ++ return 1; ++ } + } + + signer = X509_find_by_subject(certs, nm); +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c +index d4022aa..0e5be63 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_all.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_all.c +@@ -110,7 +110,6 @@ + */ + + #include +-#undef SSLEAY_MACROS + #include "cryptlib.h" + #include + #include +@@ -194,16 +193,21 @@ int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_RSA(k, x); +- +- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_RSA(k, x); ++ ++ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey, ++ PEM_STRING_RSA, bp, x, enc, kstr, klen, cb, ++ u); + } + + # ifndef OPENSSL_NO_FP_API +@@ -211,17 +215,21 @@ int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- +- EVP_PKEY_set1_RSA(k, x); +- +- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ ++ EVP_PKEY_set1_RSA(k, x); ++ ++ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey, ++ PEM_STRING_RSA, fp, x, enc, kstr, klen, cb, u); + } + # endif + +@@ -257,7 +265,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, + { + EVP_PKEY *pktmp; + pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); +- return pkey_get_dsa(pktmp, dsa); ++ return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ + } + + # ifdef OPENSSL_FIPS +@@ -266,16 +274,21 @@ int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_DSA(k, x); +- +- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_DSA(k, x); ++ ++ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey, ++ PEM_STRING_DSA, bp, x, enc, kstr, klen, cb, ++ u); + } + + # ifndef OPENSSL_NO_FP_API +@@ -283,15 +296,19 @@ int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_DSA(k, x); +- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_DSA(k, x); ++ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey, ++ PEM_STRING_DSA, fp, x, enc, kstr, klen, cb, u); + } + # endif + +@@ -306,7 +323,7 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) + { + EVP_PKEY *pktmp; + pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); +- return pkey_get_dsa(pktmp, dsa); ++ return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ + } + + # endif +@@ -335,7 +352,7 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, + { + EVP_PKEY *pktmp; + pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); +- return pkey_get_eckey(pktmp, key); ++ return pkey_get_eckey(pktmp, key); /* will free pktmp */ + } + + IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, +@@ -345,16 +362,21 @@ int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_EC_KEY(k, x); +- +- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_EC_KEY(k, x); ++ ++ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey, ++ PEM_STRING_ECPRIVATEKEY, ++ bp, x, enc, kstr, klen, cb, u); + } + + # ifndef OPENSSL_NO_FP_API +@@ -362,15 +384,20 @@ int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_EC_KEY(k, x); +- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_EC_KEY(k, x); ++ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey, ++ PEM_STRING_ECPRIVATEKEY, ++ fp, x, enc, kstr, klen, cb, u); + } + # endif + +@@ -385,7 +412,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, + { + EVP_PKEY *pktmp; + pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); +- return pkey_get_eckey(pktmp, eckey); ++ return pkey_get_eckey(pktmp, eckey); /* will free pktmp */ + } + + # endif +@@ -394,66 +421,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, + + #ifndef OPENSSL_NO_DH + +-IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) +-#endif +-/*- +- * The PrivateKey case is not that straightforward. +- * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey) +- * does not work, RSA and DSA keys have specific strings. +- * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything +- * appropriate.) +- */ +-#ifdef OPENSSL_FIPS +-static const char *pkey_str(EVP_PKEY *x) +-{ +- switch (x->type) { +- case EVP_PKEY_RSA: +- return PEM_STRING_RSA; +- +- case EVP_PKEY_DSA: +- return PEM_STRING_DSA; +- +- case EVP_PKEY_EC: +- return PEM_STRING_ECPRIVATEKEY; +- +- default: +- return NULL; +- } +-} +- +-int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) +-{ +- if (FIPS_mode()) +- return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, +- (char *)kstr, klen, cb, u); +- else +- return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, +- pkey_str(x), bp, (char *)x, enc, kstr, klen, +- cb, u); +-} +- +-# ifndef OPENSSL_NO_FP_API +-int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) +-{ +- if (FIPS_mode()) +- return PEM_write_PKCS8PrivateKey(fp, x, enc, +- (char *)kstr, klen, cb, u); +- else +- return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey, +- pkey_str(x), fp, (char *)x, enc, kstr, klen, cb, +- u); +-} +-# endif +- +-#else +-IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, +- ((x->type == +- EVP_PKEY_DSA) ? PEM_STRING_DSA : (x->type == +- EVP_PKEY_RSA) ? +- PEM_STRING_RSA : PEM_STRING_ECPRIVATEKEY), PrivateKey) ++IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) ++ IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) + #endif +- IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) ++IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c +index 7452d25..e1f4fdb 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_err.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_err.c +@@ -1,6 +1,6 @@ + /* crypto/pem/pem_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -70,10 +70,22 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) + + static ERR_STRING_DATA PEM_str_functs[] = { ++ {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"}, ++ {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"}, ++ {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"}, ++ {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"}, ++ {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"}, + {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, + {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, ++ {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"}, ++ {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"}, ++ {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"}, + {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, + {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, ++ {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"}, ++ {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"}, ++ {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"}, ++ {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"}, + {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, + {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, + {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, +@@ -87,13 +99,17 @@ static ERR_STRING_DATA PEM_str_functs[] = { + {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, + {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, + {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, ++ {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_READ_BIO_DHPARAMS"}, ++ {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, + {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, ++ {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_READ_DHPARAMS"}, + {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, + {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, + {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, + {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, + {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, + {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, ++ {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"}, + {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, + {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, + {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, +@@ -105,9 +121,21 @@ static ERR_STRING_DATA PEM_str_reasons[] = { + {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"}, + {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"}, ++ {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER), "bad magic number"}, + {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"}, ++ {ERR_REASON(PEM_R_BAD_VERSION_NUMBER), "bad version number"}, ++ {ERR_REASON(PEM_R_BIO_WRITE_FAILURE), "bio write failure"}, ++ {ERR_REASON(PEM_R_CIPHER_IS_NULL), "cipher is null"}, + {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY), + "error converting private key"}, ++ {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB), ++ "expecting private key blob"}, ++ {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), ++ "expecting public key blob"}, ++ {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"}, ++ {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), ++ "keyblob header parse error"}, ++ {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"}, + {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"}, + {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"}, + {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"}, +@@ -115,10 +143,14 @@ static ERR_STRING_DATA PEM_str_reasons[] = { + {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), + "problems getting password"}, + {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"}, ++ {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"}, ++ {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"}, + {ERR_REASON(PEM_R_READ_KEY), "read key"}, + {ERR_REASON(PEM_R_SHORT_HEADER), "short header"}, + {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, + {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"}, ++ {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS), ++ "unsupported key components"}, + {0, NULL} + }; + +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c +index 91842b6..68747d1 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_info.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_info.c +@@ -99,8 +99,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + long len, error = 0; + int ok = 0; + STACK_OF(X509_INFO) *ret = NULL; +- unsigned int i, raw; +- d2i_of_void *d2i; ++ unsigned int i, raw, ptype; ++ d2i_of_void *d2i = 0; + + if (sk == NULL) { + if ((ret = sk_X509_INFO_new_null()) == NULL) { +@@ -114,6 +114,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + goto err; + for (;;) { + raw = 0; ++ ptype = 0; + i = PEM_read_bio(bp, &name, &header, &data, &len); + if (i == 0) { + error = ERR_GET_REASON(ERR_peek_last_error()); +@@ -171,10 +172,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + xi->enc_len = 0; + + xi->x_pkey = X509_PKEY_new(); +- if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL) +- goto err; +- xi->x_pkey->dec_pkey->type = EVP_PKEY_RSA; +- pp = &(xi->x_pkey->dec_pkey->pkey.rsa); ++ ptype = EVP_PKEY_RSA; ++ pp = &xi->x_pkey->dec_pkey; + if ((int)strlen(header) > 10) /* assume encrypted */ + raw = 1; + } else +@@ -194,10 +193,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + xi->enc_len = 0; + + xi->x_pkey = X509_PKEY_new(); +- if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL) +- goto err; +- xi->x_pkey->dec_pkey->type = EVP_PKEY_DSA; +- pp = &xi->x_pkey->dec_pkey->pkey.dsa; ++ ptype = EVP_PKEY_DSA; ++ pp = &xi->x_pkey->dec_pkey; + if ((int)strlen(header) > 10) /* assume encrypted */ + raw = 1; + } else +@@ -217,10 +214,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + xi->enc_len = 0; + + xi->x_pkey = X509_PKEY_new(); +- if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL) +- goto err; +- xi->x_pkey->dec_pkey->type = EVP_PKEY_EC; +- pp = &(xi->x_pkey->dec_pkey->pkey.ec); ++ ptype = EVP_PKEY_EC; ++ pp = &xi->x_pkey->dec_pkey; + if ((int)strlen(header) > 10) /* assume encrypted */ + raw = 1; + } else +@@ -239,7 +234,12 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + if (!PEM_do_header(&cipher, data, &len, cb, u)) + goto err; + p = data; +- if (d2i(pp, &p, len) == NULL) { ++ if (ptype) { ++ if (!d2i_PrivateKey(ptype, pp, &p, len)) { ++ PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ } else if (d2i(pp, &p, len) == NULL) { + PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); + goto err; + } +@@ -324,6 +324,11 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + */ + if (xi->x_pkey != NULL) { + if ((xi->enc_data != NULL) && (xi->enc_len > 0)) { ++ if (enc == NULL) { ++ PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL); ++ goto err; ++ } ++ + /* copy from weirdo names into more normal things */ + iv = xi->enc_cipher.iv; + data = (unsigned char *)xi->enc_data; +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +index 8febf10..a29821a 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +@@ -57,6 +57,7 @@ + */ + + #include ++#include + #include "cryptlib.h" + #include + #include +@@ -65,9 +66,13 @@ + #include + #include + #include ++#include "asn1_locl.h" + #ifndef OPENSSL_NO_DES + # include + #endif ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + + const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT; + +@@ -75,6 +80,7 @@ const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT; + + static int load_iv(char **fromp, unsigned char *to, int num); + static int check_pem(const char *nm, const char *name); ++int pem_check_suffix(const char *pem_str, const char *suffix); + + int PEM_def_callback(char *buf, int num, int w, void *key) + { +@@ -99,7 +105,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) + prompt = "Enter PEM pass phrase:"; + + for (;;) { +- i = EVP_read_pw_string(buf, num, prompt, w); ++ i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w); + if (i != 0) { + PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); + memset(buf, 0, (unsigned int)num); +@@ -181,22 +187,53 @@ static int check_pem(const char *nm, const char *name) + + /* Make PEM_STRING_EVP_PKEY match any private key */ + +- if (!strcmp(nm, PEM_STRING_PKCS8) && !strcmp(name, PEM_STRING_EVP_PKEY)) +- return 1; +- +- if (!strcmp(nm, PEM_STRING_PKCS8INF) && +- !strcmp(name, PEM_STRING_EVP_PKEY)) +- return 1; +- +- if (!strcmp(nm, PEM_STRING_RSA) && !strcmp(name, PEM_STRING_EVP_PKEY)) +- return 1; +- +- if (!strcmp(nm, PEM_STRING_DSA) && !strcmp(name, PEM_STRING_EVP_PKEY)) ++ if (!strcmp(name, PEM_STRING_EVP_PKEY)) { ++ int slen; ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ if (!strcmp(nm, PEM_STRING_PKCS8)) ++ return 1; ++ if (!strcmp(nm, PEM_STRING_PKCS8INF)) ++ return 1; ++ slen = pem_check_suffix(nm, "PRIVATE KEY"); ++ if (slen > 0) { ++ /* ++ * NB: ENGINE implementations wont contain a deprecated old ++ * private key decode function so don't look for them. ++ */ ++ ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); ++ if (ameth && ameth->old_priv_decode) ++ return 1; ++ } ++ return 0; ++ } ++ ++ if (!strcmp(name, PEM_STRING_PARAMETERS)) { ++ int slen; ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ slen = pem_check_suffix(nm, "PARAMETERS"); ++ if (slen > 0) { ++ ENGINE *e; ++ ameth = EVP_PKEY_asn1_find_str(&e, nm, slen); ++ if (ameth) { ++ int r; ++ if (ameth->param_decode) ++ r = 1; ++ else ++ r = 0; ++#ifndef OPENSSL_NO_ENGINE ++ if (e) ++ ENGINE_finish(e); ++#endif ++ return r; ++ } ++ } ++ return 0; ++ } ++ /* If reading DH parameters handle X9.42 DH format too */ ++ if (!strcmp(nm, PEM_STRING_DHXPARAMS) && ++ !strcmp(name, PEM_STRING_DHPARAMS)) + return 1; + +- if (!strcmp(nm, PEM_STRING_ECPRIVATEKEY) && +- !strcmp(name, PEM_STRING_EVP_PKEY)) +- return 1; + /* Permit older strings */ + + if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509)) +@@ -223,6 +260,14 @@ static int check_pem(const char *nm, const char *name) + !strcmp(name, PEM_STRING_PKCS7)) + return 1; + ++#ifndef OPENSSL_NO_CMS ++ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS)) ++ return 1; ++ /* Allow CMS to be read from PKCS#7 headers */ ++ if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS)) ++ return 1; ++#endif ++ + return 0; + } + +@@ -272,7 +317,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + + #ifndef OPENSSL_NO_FP_API + int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, +- char *x, const EVP_CIPHER *enc, unsigned char *kstr, ++ void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u) + { + BIO *b; +@@ -290,7 +335,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + #endif + + int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, +- char *x, const EVP_CIPHER *enc, unsigned char *kstr, ++ void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u) + { + EVP_CIPHER_CTX ctx; +@@ -348,7 +393,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + * The 'iv' is used as the iv and as a salt. It is NOT taken from + * the BytesToKey function + */ +- EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL); ++ if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL)) ++ goto err; + + if (kstr == (unsigned char *)buf) + OPENSSL_cleanse(buf, PEM_BUFSIZE); +@@ -362,12 +408,15 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + /* k=strlen(buf); */ + + EVP_CIPHER_CTX_init(&ctx); +- EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv); +- EVP_EncryptUpdate(&ctx, data, &j, data, i); +- EVP_EncryptFinal_ex(&ctx, &(data[j]), &i); ++ ret = 1; ++ if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) ++ || !EVP_EncryptUpdate(&ctx, data, &j, data, i) ++ || !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i)) ++ ret = 0; + EVP_CIPHER_CTX_cleanup(&ctx); ++ if (ret == 0) ++ goto err; + i += j; +- ret = 1; + } else { + ret = 1; + buf[0] = '\0'; +@@ -390,7 +439,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, + pem_password_cb *callback, void *u) + { +- int i, j, o, klen; ++ int i = 0, j, o, klen; + long len; + EVP_CIPHER_CTX ctx; + unsigned char key[EVP_MAX_KEY_LENGTH]; +@@ -413,19 +462,23 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, + ebcdic2ascii(buf, buf, klen); + #endif + +- EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), +- (unsigned char *)buf, klen, 1, key, NULL); ++ if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), ++ (unsigned char *)buf, klen, 1, key, NULL)) ++ return 0; + + j = (int)len; + EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); +- EVP_DecryptUpdate(&ctx, data, &i, data, j); +- o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j); ++ o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); ++ if (o) ++ o = EVP_DecryptUpdate(&ctx, data, &i, data, j); ++ if (o) ++ o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j); + EVP_CIPHER_CTX_cleanup(&ctx); + OPENSSL_cleanse((char *)buf, sizeof(buf)); + OPENSSL_cleanse((char *)key, sizeof(key)); +- j += i; +- if (!o) { ++ if (o) ++ j += i; ++ else { + PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT); + return (0); + } +@@ -526,8 +579,8 @@ static int load_iv(char **fromp, unsigned char *to, int num) + } + + #ifndef OPENSSL_NO_FP_API +-int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, +- long len) ++int PEM_write(FILE *fp, const char *name, const char *header, ++ const unsigned char *data, long len) + { + BIO *b; + int ret; +@@ -543,8 +596,8 @@ int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, + } + #endif + +-int PEM_write_bio(BIO *bp, const char *name, char *header, +- unsigned char *data, long len) ++int PEM_write_bio(BIO *bp, const char *name, const char *header, ++ const unsigned char *data, long len) + { + int nlen, n, i, j, outl; + unsigned char *buf = NULL; +@@ -788,3 +841,25 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, + BUF_MEM_free(dataB); + return (0); + } ++ ++/* ++ * Check pem string and return prefix length. If for example the pem_str == ++ * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the ++ * string "RSA". ++ */ ++ ++int pem_check_suffix(const char *pem_str, const char *suffix) ++{ ++ int pem_len = strlen(pem_str); ++ int suffix_len = strlen(suffix); ++ const char *p; ++ if (suffix_len + 1 >= pem_len) ++ return 0; ++ p = pem_str + pem_len - suffix_len; ++ if (strcmp(p, suffix)) ++ return 0; ++ p--; ++ if (*p != ' ') ++ return 0; ++ return p - pem_str; ++} +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c +index b98c76c..5747c73 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c +@@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, + if (kstr == buf) + OPENSSL_cleanse(buf, klen); + PKCS8_PRIV_KEY_INFO_free(p8inf); ++ if (p8 == NULL) ++ return 0; + if (isder) + ret = i2d_PKCS8_bio(bp, p8); + else +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c +index 5f5c4fe..04d6319 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c +@@ -65,6 +65,15 @@ + #include + #include + #include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++#ifndef OPENSSL_NO_DH ++# include ++#endif ++#include "asn1_locl.h" ++ ++int pem_check_suffix(const char *pem_str, const char *suffix); + + EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u) +@@ -73,19 +82,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + const unsigned char *p = NULL; + unsigned char *data = NULL; + long len; ++ int slen; + EVP_PKEY *ret = NULL; + + if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) + return NULL; + p = data; + +- if (strcmp(nm, PEM_STRING_RSA) == 0) +- ret = d2i_PrivateKey(EVP_PKEY_RSA, x, &p, len); +- else if (strcmp(nm, PEM_STRING_DSA) == 0) +- ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len); +- else if (strcmp(nm, PEM_STRING_ECPRIVATEKEY) == 0) +- ret = d2i_PrivateKey(EVP_PKEY_EC, x, &p, len); +- else if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) { ++ if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) { + PKCS8_PRIV_KEY_INFO *p8inf; + p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); + if (!p8inf) +@@ -125,6 +129,12 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + *x = ret; + } + PKCS8_PRIV_KEY_INFO_free(p8inf); ++ } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) { ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); ++ if (!ameth || !ameth->old_priv_decode) ++ goto p8err; ++ ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len); + } + p8err: + if (ret == NULL) +@@ -136,6 +146,70 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + return (ret); + } + ++int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ char pem_str[80]; ++ if (!x->ameth || x->ameth->priv_encode) ++ return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, ++ (char *)kstr, klen, cb, u); ++ ++ BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, ++ pem_str, bp, x, enc, kstr, klen, cb, u); ++} ++ ++EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) ++{ ++ char *nm = NULL; ++ const unsigned char *p = NULL; ++ unsigned char *data = NULL; ++ long len; ++ int slen; ++ EVP_PKEY *ret = NULL; ++ ++ if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS, ++ bp, 0, NULL)) ++ return NULL; ++ p = data; ++ ++ if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) { ++ ret = EVP_PKEY_new(); ++ if (!ret) ++ goto err; ++ if (!EVP_PKEY_set_type_str(ret, nm, slen) ++ || !ret->ameth->param_decode ++ || !ret->ameth->param_decode(ret, &p, len)) { ++ EVP_PKEY_free(ret); ++ ret = NULL; ++ goto err; ++ } ++ if (x) { ++ if (*x) ++ EVP_PKEY_free((EVP_PKEY *)*x); ++ *x = ret; ++ } ++ } ++ err: ++ if (ret == NULL) ++ PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB); ++ OPENSSL_free(nm); ++ OPENSSL_free(data); ++ return (ret); ++} ++ ++int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) ++{ ++ char pem_str[80]; ++ if (!x->ameth || !x->ameth->param_encode) ++ return 0; ++ ++ BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str); ++ return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode, ++ pem_str, bp, x, NULL, NULL, 0, 0, NULL); ++} ++ + #ifndef OPENSSL_NO_FP_API + EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u) +@@ -152,4 +226,68 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + BIO_free(b); + return (ret); + } ++ ++int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { ++ PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB); ++ return 0; ++ } ++ ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u); ++ BIO_free(b); ++ return ret; ++} ++ ++#endif ++ ++#ifndef OPENSSL_NO_DH ++ ++/* Transparently read in PKCS#3 or X9.42 DH parameters */ ++ ++DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) ++{ ++ char *nm = NULL; ++ const unsigned char *p = NULL; ++ unsigned char *data = NULL; ++ long len; ++ DH *ret = NULL; ++ ++ if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, bp, cb, u)) ++ return NULL; ++ p = data; ++ ++ if (!strcmp(nm, PEM_STRING_DHXPARAMS)) ++ ret = d2i_DHxparams(x, &p, len); ++ else ++ ret = d2i_DHparams(x, &p, len); ++ ++ if (ret == NULL) ++ PEMerr(PEM_F_PEM_READ_BIO_DHPARAMS, ERR_R_ASN1_LIB); ++ OPENSSL_free(nm); ++ OPENSSL_free(data); ++ return ret; ++} ++ ++# ifndef OPENSSL_NO_FP_API ++DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) ++{ ++ BIO *b; ++ DH *ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ PEMerr(PEM_F_PEM_READ_DHPARAMS, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = PEM_read_bio_DHparams(b, x, cb, u); ++ BIO_free(b); ++ return (ret); ++} ++# endif ++ + #endif +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c +index a4a556a..a5c1812 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c +@@ -94,7 +94,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, + EVP_EncodeInit(&ctx->encode); + + EVP_MD_CTX_init(&ctx->md); +- EVP_SignInit(&ctx->md, md_type); ++ if (!EVP_SignInit(&ctx->md, md_type)) ++ goto err; + + EVP_CIPHER_CTX_init(&ctx->cipher); + ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); +@@ -161,7 +162,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, + goto err; + } + +- EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i); ++ if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i)) ++ goto err; + EVP_EncodeUpdate(&ctx->encode, out, &j, s, i); + *outl = j; + out += j; +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c +index 9d75d20..3c20ff2 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c +@@ -58,7 +58,6 @@ + */ + + #include +-#undef SSLEAY_MACROS + #include "cryptlib.h" + #include + #include +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c +index ebd1803..c523430 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c +@@ -58,7 +58,6 @@ + */ + + #include +-#undef SSLEAY_MACROS + #include "cryptlib.h" + #include + #include +diff --git a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c +new file mode 100644 +index 0000000..ee4b6a8 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c +@@ -0,0 +1,883 @@ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * Support for PVK format keys and related structures (such a PUBLICKEYBLOB ++ * and PRIVATEKEYBLOB). ++ */ ++ ++#include "cryptlib.h" ++#include ++#include ++#include ++#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) ++# include ++# include ++ ++/* ++ * Utility function: read a DWORD (4 byte unsigned integer) in little endian ++ * format ++ */ ++ ++static unsigned int read_ledword(const unsigned char **in) ++{ ++ const unsigned char *p = *in; ++ unsigned int ret; ++ ret = *p++; ++ ret |= (*p++ << 8); ++ ret |= (*p++ << 16); ++ ret |= (*p++ << 24); ++ *in = p; ++ return ret; ++} ++ ++/* ++ * Read a BIGNUM in little endian format. The docs say that this should take ++ * up bitlen/8 bytes. ++ */ ++ ++static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) ++{ ++ const unsigned char *p; ++ unsigned char *tmpbuf, *q; ++ unsigned int i; ++ p = *in + nbyte - 1; ++ tmpbuf = OPENSSL_malloc(nbyte); ++ if (!tmpbuf) ++ return 0; ++ q = tmpbuf; ++ for (i = 0; i < nbyte; i++) ++ *q++ = *p--; ++ *r = BN_bin2bn(tmpbuf, nbyte, NULL); ++ OPENSSL_free(tmpbuf); ++ if (*r) { ++ *in += nbyte; ++ return 1; ++ } else ++ return 0; ++} ++ ++/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ ++ ++# define MS_PUBLICKEYBLOB 0x6 ++# define MS_PRIVATEKEYBLOB 0x7 ++# define MS_RSA1MAGIC 0x31415352L ++# define MS_RSA2MAGIC 0x32415352L ++# define MS_DSS1MAGIC 0x31535344L ++# define MS_DSS2MAGIC 0x32535344L ++ ++# define MS_KEYALG_RSA_KEYX 0xa400 ++# define MS_KEYALG_DSS_SIGN 0x2200 ++ ++# define MS_KEYTYPE_KEYX 0x1 ++# define MS_KEYTYPE_SIGN 0x2 ++ ++/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ ++# define MS_PVKMAGIC 0xb0b5f11eL ++/* Salt length for PVK files */ ++# define PVK_SALTLEN 0x10 ++ ++static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, ++ unsigned int bitlen, int ispub); ++static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, ++ unsigned int bitlen, int ispub); ++ ++static int do_blob_header(const unsigned char **in, unsigned int length, ++ unsigned int *pmagic, unsigned int *pbitlen, ++ int *pisdss, int *pispub) ++{ ++ const unsigned char *p = *in; ++ if (length < 16) ++ return 0; ++ /* bType */ ++ if (*p == MS_PUBLICKEYBLOB) { ++ if (*pispub == 0) { ++ PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB); ++ return 0; ++ } ++ *pispub = 1; ++ } else if (*p == MS_PRIVATEKEYBLOB) { ++ if (*pispub == 1) { ++ PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB); ++ return 0; ++ } ++ *pispub = 0; ++ } else ++ return 0; ++ p++; ++ /* Version */ ++ if (*p++ != 0x2) { ++ PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER); ++ return 0; ++ } ++ /* Ignore reserved, aiKeyAlg */ ++ p += 6; ++ *pmagic = read_ledword(&p); ++ *pbitlen = read_ledword(&p); ++ *pisdss = 0; ++ switch (*pmagic) { ++ ++ case MS_DSS1MAGIC: ++ *pisdss = 1; ++ case MS_RSA1MAGIC: ++ if (*pispub == 0) { ++ PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB); ++ return 0; ++ } ++ break; ++ ++ case MS_DSS2MAGIC: ++ *pisdss = 1; ++ case MS_RSA2MAGIC: ++ if (*pispub == 1) { ++ PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB); ++ return 0; ++ } ++ break; ++ ++ default: ++ PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER); ++ return -1; ++ } ++ *in = p; ++ return 1; ++} ++ ++static unsigned int blob_length(unsigned bitlen, int isdss, int ispub) ++{ ++ unsigned int nbyte, hnbyte; ++ nbyte = (bitlen + 7) >> 3; ++ hnbyte = (bitlen + 15) >> 4; ++ if (isdss) { ++ ++ /* ++ * Expected length: 20 for q + 3 components bitlen each + 24 for seed ++ * structure. ++ */ ++ if (ispub) ++ return 44 + 3 * nbyte; ++ /* ++ * Expected length: 20 for q, priv, 2 bitlen components + 24 for seed ++ * structure. ++ */ ++ else ++ return 64 + 2 * nbyte; ++ } else { ++ /* Expected length: 4 for 'e' + 'n' */ ++ if (ispub) ++ return 4 + nbyte; ++ else ++ /* ++ * Expected length: 4 for 'e' and 7 other components. 2 ++ * components are bitlen size, 5 are bitlen/2 ++ */ ++ return 4 + 2 * nbyte + 5 * hnbyte; ++ } ++ ++} ++ ++static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, ++ int ispub) ++{ ++ const unsigned char *p = *in; ++ unsigned int bitlen, magic; ++ int isdss; ++ if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) { ++ PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); ++ return NULL; ++ } ++ length -= 16; ++ if (length < blob_length(bitlen, isdss, ispub)) { ++ PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT); ++ return NULL; ++ } ++ if (isdss) ++ return b2i_dss(&p, length, bitlen, ispub); ++ else ++ return b2i_rsa(&p, length, bitlen, ispub); ++} ++ ++static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) ++{ ++ const unsigned char *p; ++ unsigned char hdr_buf[16], *buf = NULL; ++ unsigned int bitlen, magic, length; ++ int isdss; ++ EVP_PKEY *ret = NULL; ++ if (BIO_read(in, hdr_buf, 16) != 16) { ++ PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); ++ return NULL; ++ } ++ p = hdr_buf; ++ if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0) ++ return NULL; ++ ++ length = blob_length(bitlen, isdss, ispub); ++ buf = OPENSSL_malloc(length); ++ if (!buf) { ++ PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p = buf; ++ if (BIO_read(in, buf, length) != (int)length) { ++ PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); ++ goto err; ++ } ++ ++ if (isdss) ++ ret = b2i_dss(&p, length, bitlen, ispub); ++ else ++ ret = b2i_rsa(&p, length, bitlen, ispub); ++ ++ err: ++ if (buf) ++ OPENSSL_free(buf); ++ return ret; ++} ++ ++static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, ++ unsigned int bitlen, int ispub) ++{ ++ const unsigned char *p = *in; ++ EVP_PKEY *ret = NULL; ++ DSA *dsa = NULL; ++ BN_CTX *ctx = NULL; ++ unsigned int nbyte; ++ nbyte = (bitlen + 7) >> 3; ++ ++ dsa = DSA_new(); ++ ret = EVP_PKEY_new(); ++ if (!dsa || !ret) ++ goto memerr; ++ if (!read_lebn(&p, nbyte, &dsa->p)) ++ goto memerr; ++ if (!read_lebn(&p, 20, &dsa->q)) ++ goto memerr; ++ if (!read_lebn(&p, nbyte, &dsa->g)) ++ goto memerr; ++ if (ispub) { ++ if (!read_lebn(&p, nbyte, &dsa->pub_key)) ++ goto memerr; ++ } else { ++ if (!read_lebn(&p, 20, &dsa->priv_key)) ++ goto memerr; ++ /* Calculate public key */ ++ if (!(dsa->pub_key = BN_new())) ++ goto memerr; ++ if (!(ctx = BN_CTX_new())) ++ goto memerr; ++ ++ if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) ++ ++ goto memerr; ++ BN_CTX_free(ctx); ++ } ++ ++ EVP_PKEY_set1_DSA(ret, dsa); ++ DSA_free(dsa); ++ *in = p; ++ return ret; ++ ++ memerr: ++ PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); ++ if (dsa) ++ DSA_free(dsa); ++ if (ret) ++ EVP_PKEY_free(ret); ++ if (ctx) ++ BN_CTX_free(ctx); ++ return NULL; ++} ++ ++static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, ++ unsigned int bitlen, int ispub) ++{ ++ const unsigned char *p = *in; ++ EVP_PKEY *ret = NULL; ++ RSA *rsa = NULL; ++ unsigned int nbyte, hnbyte; ++ nbyte = (bitlen + 7) >> 3; ++ hnbyte = (bitlen + 15) >> 4; ++ rsa = RSA_new(); ++ ret = EVP_PKEY_new(); ++ if (!rsa || !ret) ++ goto memerr; ++ rsa->e = BN_new(); ++ if (!rsa->e) ++ goto memerr; ++ if (!BN_set_word(rsa->e, read_ledword(&p))) ++ goto memerr; ++ if (!read_lebn(&p, nbyte, &rsa->n)) ++ goto memerr; ++ if (!ispub) { ++ if (!read_lebn(&p, hnbyte, &rsa->p)) ++ goto memerr; ++ if (!read_lebn(&p, hnbyte, &rsa->q)) ++ goto memerr; ++ if (!read_lebn(&p, hnbyte, &rsa->dmp1)) ++ goto memerr; ++ if (!read_lebn(&p, hnbyte, &rsa->dmq1)) ++ goto memerr; ++ if (!read_lebn(&p, hnbyte, &rsa->iqmp)) ++ goto memerr; ++ if (!read_lebn(&p, nbyte, &rsa->d)) ++ goto memerr; ++ } ++ ++ EVP_PKEY_set1_RSA(ret, rsa); ++ RSA_free(rsa); ++ *in = p; ++ return ret; ++ memerr: ++ PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); ++ if (rsa) ++ RSA_free(rsa); ++ if (ret) ++ EVP_PKEY_free(ret); ++ return NULL; ++} ++ ++EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length) ++{ ++ return do_b2i(in, length, 0); ++} ++ ++EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length) ++{ ++ return do_b2i(in, length, 1); ++} ++ ++EVP_PKEY *b2i_PrivateKey_bio(BIO *in) ++{ ++ return do_b2i_bio(in, 0); ++} ++ ++EVP_PKEY *b2i_PublicKey_bio(BIO *in) ++{ ++ return do_b2i_bio(in, 1); ++} ++ ++static void write_ledword(unsigned char **out, unsigned int dw) ++{ ++ unsigned char *p = *out; ++ *p++ = dw & 0xff; ++ *p++ = (dw >> 8) & 0xff; ++ *p++ = (dw >> 16) & 0xff; ++ *p++ = (dw >> 24) & 0xff; ++ *out = p; ++} ++ ++static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) ++{ ++ int nb, i; ++ unsigned char *p = *out, *q, c; ++ nb = BN_num_bytes(bn); ++ BN_bn2bin(bn, p); ++ q = p + nb - 1; ++ /* In place byte order reversal */ ++ for (i = 0; i < nb / 2; i++) { ++ c = *p; ++ *p++ = *q; ++ *q-- = c; ++ } ++ *out += nb; ++ /* Pad with zeroes if we have to */ ++ if (len > 0) { ++ len -= nb; ++ if (len > 0) { ++ memset(*out, 0, len); ++ *out += len; ++ } ++ } ++} ++ ++static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); ++static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic); ++ ++static void write_rsa(unsigned char **out, RSA *rsa, int ispub); ++static void write_dsa(unsigned char **out, DSA *dsa, int ispub); ++ ++static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) ++{ ++ unsigned char *p; ++ unsigned int bitlen, magic = 0, keyalg; ++ int outlen, noinc = 0; ++ if (pk->type == EVP_PKEY_DSA) { ++ bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic); ++ keyalg = MS_KEYALG_DSS_SIGN; ++ } else if (pk->type == EVP_PKEY_RSA) { ++ bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic); ++ keyalg = MS_KEYALG_RSA_KEYX; ++ } else ++ return -1; ++ if (bitlen == 0) ++ return -1; ++ outlen = 16 + blob_length(bitlen, ++ keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub); ++ if (out == NULL) ++ return outlen; ++ if (*out) ++ p = *out; ++ else { ++ p = OPENSSL_malloc(outlen); ++ if (!p) ++ return -1; ++ *out = p; ++ noinc = 1; ++ } ++ if (ispub) ++ *p++ = MS_PUBLICKEYBLOB; ++ else ++ *p++ = MS_PRIVATEKEYBLOB; ++ *p++ = 0x2; ++ *p++ = 0; ++ *p++ = 0; ++ write_ledword(&p, keyalg); ++ write_ledword(&p, magic); ++ write_ledword(&p, bitlen); ++ if (keyalg == MS_KEYALG_DSS_SIGN) ++ write_dsa(&p, pk->pkey.dsa, ispub); ++ else ++ write_rsa(&p, pk->pkey.rsa, ispub); ++ if (!noinc) ++ *out += outlen; ++ return outlen; ++} ++ ++static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) ++{ ++ unsigned char *tmp = NULL; ++ int outlen, wrlen; ++ outlen = do_i2b(&tmp, pk, ispub); ++ if (outlen < 0) ++ return -1; ++ wrlen = BIO_write(out, tmp, outlen); ++ OPENSSL_free(tmp); ++ if (wrlen == outlen) ++ return outlen; ++ return -1; ++} ++ ++static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) ++{ ++ int bitlen; ++ bitlen = BN_num_bits(dsa->p); ++ if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) ++ || (BN_num_bits(dsa->g) > bitlen)) ++ goto badkey; ++ if (ispub) { ++ if (BN_num_bits(dsa->pub_key) > bitlen) ++ goto badkey; ++ *pmagic = MS_DSS1MAGIC; ++ } else { ++ if (BN_num_bits(dsa->priv_key) > 160) ++ goto badkey; ++ *pmagic = MS_DSS2MAGIC; ++ } ++ ++ return bitlen; ++ badkey: ++ PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); ++ return 0; ++} ++ ++static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) ++{ ++ int nbyte, hnbyte, bitlen; ++ if (BN_num_bits(rsa->e) > 32) ++ goto badkey; ++ bitlen = BN_num_bits(rsa->n); ++ nbyte = BN_num_bytes(rsa->n); ++ hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; ++ if (ispub) { ++ *pmagic = MS_RSA1MAGIC; ++ return bitlen; ++ } else { ++ *pmagic = MS_RSA2MAGIC; ++ /* ++ * For private key each component must fit within nbyte or hnbyte. ++ */ ++ if (BN_num_bytes(rsa->d) > nbyte) ++ goto badkey; ++ if ((BN_num_bytes(rsa->iqmp) > hnbyte) ++ || (BN_num_bytes(rsa->p) > hnbyte) ++ || (BN_num_bytes(rsa->q) > hnbyte) ++ || (BN_num_bytes(rsa->dmp1) > hnbyte) ++ || (BN_num_bytes(rsa->dmq1) > hnbyte)) ++ goto badkey; ++ } ++ return bitlen; ++ badkey: ++ PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); ++ return 0; ++} ++ ++static void write_rsa(unsigned char **out, RSA *rsa, int ispub) ++{ ++ int nbyte, hnbyte; ++ nbyte = BN_num_bytes(rsa->n); ++ hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; ++ write_lebn(out, rsa->e, 4); ++ write_lebn(out, rsa->n, -1); ++ if (ispub) ++ return; ++ write_lebn(out, rsa->p, hnbyte); ++ write_lebn(out, rsa->q, hnbyte); ++ write_lebn(out, rsa->dmp1, hnbyte); ++ write_lebn(out, rsa->dmq1, hnbyte); ++ write_lebn(out, rsa->iqmp, hnbyte); ++ write_lebn(out, rsa->d, nbyte); ++} ++ ++static void write_dsa(unsigned char **out, DSA *dsa, int ispub) ++{ ++ int nbyte; ++ nbyte = BN_num_bytes(dsa->p); ++ write_lebn(out, dsa->p, nbyte); ++ write_lebn(out, dsa->q, 20); ++ write_lebn(out, dsa->g, nbyte); ++ if (ispub) ++ write_lebn(out, dsa->pub_key, nbyte); ++ else ++ write_lebn(out, dsa->priv_key, 20); ++ /* Set "invalid" for seed structure values */ ++ memset(*out, 0xff, 24); ++ *out += 24; ++ return; ++} ++ ++int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk) ++{ ++ return do_i2b_bio(out, pk, 0); ++} ++ ++int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk) ++{ ++ return do_i2b_bio(out, pk, 1); ++} ++ ++# ifndef OPENSSL_NO_RC4 ++ ++static int do_PVK_header(const unsigned char **in, unsigned int length, ++ int skip_magic, ++ unsigned int *psaltlen, unsigned int *pkeylen) ++{ ++ const unsigned char *p = *in; ++ unsigned int pvk_magic, is_encrypted; ++ if (skip_magic) { ++ if (length < 20) { ++ PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); ++ return 0; ++ } ++ length -= 20; ++ } else { ++ if (length < 24) { ++ PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); ++ return 0; ++ } ++ length -= 24; ++ pvk_magic = read_ledword(&p); ++ if (pvk_magic != MS_PVKMAGIC) { ++ PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); ++ return 0; ++ } ++ } ++ /* Skip reserved */ ++ p += 4; ++ /* ++ * keytype = ++ */ read_ledword(&p); ++ is_encrypted = read_ledword(&p); ++ *psaltlen = read_ledword(&p); ++ *pkeylen = read_ledword(&p); ++ ++ if (is_encrypted && !*psaltlen) { ++ PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); ++ return 0; ++ } ++ ++ *in = p; ++ return 1; ++} ++ ++static int derive_pvk_key(unsigned char *key, ++ const unsigned char *salt, unsigned int saltlen, ++ const unsigned char *pass, int passlen) ++{ ++ EVP_MD_CTX mctx; ++ int rv = 1; ++ EVP_MD_CTX_init(&mctx); ++ if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) ++ || !EVP_DigestUpdate(&mctx, salt, saltlen) ++ || !EVP_DigestUpdate(&mctx, pass, passlen) ++ || !EVP_DigestFinal_ex(&mctx, key, NULL)) ++ rv = 0; ++ ++ EVP_MD_CTX_cleanup(&mctx); ++ return rv; ++} ++ ++static EVP_PKEY *do_PVK_body(const unsigned char **in, ++ unsigned int saltlen, unsigned int keylen, ++ pem_password_cb *cb, void *u) ++{ ++ EVP_PKEY *ret = NULL; ++ const unsigned char *p = *in; ++ unsigned int magic; ++ unsigned char *enctmp = NULL, *q; ++ EVP_CIPHER_CTX cctx; ++ EVP_CIPHER_CTX_init(&cctx); ++ if (saltlen) { ++ char psbuf[PEM_BUFSIZE]; ++ unsigned char keybuf[20]; ++ int enctmplen, inlen; ++ if (cb) ++ inlen = cb(psbuf, PEM_BUFSIZE, 0, u); ++ else ++ inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); ++ if (inlen <= 0) { ++ PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); ++ return NULL; ++ } ++ enctmp = OPENSSL_malloc(keylen + 8); ++ if (!enctmp) { ++ PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ if (!derive_pvk_key(keybuf, p, saltlen, ++ (unsigned char *)psbuf, inlen)) ++ return NULL; ++ p += saltlen; ++ /* Copy BLOBHEADER across, decrypt rest */ ++ memcpy(enctmp, p, 8); ++ p += 8; ++ if (keylen < 8) { ++ PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT); ++ return NULL; ++ } ++ inlen = keylen - 8; ++ q = enctmp + 8; ++ if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) ++ goto err; ++ if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) ++ goto err; ++ if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) ++ goto err; ++ magic = read_ledword((const unsigned char **)&q); ++ if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { ++ q = enctmp + 8; ++ memset(keybuf + 5, 0, 11); ++ if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) ++ goto err; ++ OPENSSL_cleanse(keybuf, 20); ++ if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) ++ goto err; ++ if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) ++ goto err; ++ magic = read_ledword((const unsigned char **)&q); ++ if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { ++ PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); ++ goto err; ++ } ++ } else ++ OPENSSL_cleanse(keybuf, 20); ++ p = enctmp; ++ } ++ ++ ret = b2i_PrivateKey(&p, keylen); ++ err: ++ EVP_CIPHER_CTX_cleanup(&cctx); ++ if (enctmp && saltlen) ++ OPENSSL_free(enctmp); ++ return ret; ++} ++ ++EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) ++{ ++ unsigned char pvk_hdr[24], *buf = NULL; ++ const unsigned char *p; ++ int buflen; ++ EVP_PKEY *ret = NULL; ++ unsigned int saltlen, keylen; ++ if (BIO_read(in, pvk_hdr, 24) != 24) { ++ PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); ++ return NULL; ++ } ++ p = pvk_hdr; ++ ++ if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen)) ++ return 0; ++ buflen = (int)keylen + saltlen; ++ buf = OPENSSL_malloc(buflen); ++ if (!buf) { ++ PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ p = buf; ++ if (BIO_read(in, buf, buflen) != buflen) { ++ PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); ++ goto err; ++ } ++ ret = do_PVK_body(&p, saltlen, keylen, cb, u); ++ ++ err: ++ if (buf) { ++ OPENSSL_cleanse(buf, buflen); ++ OPENSSL_free(buf); ++ } ++ return ret; ++} ++ ++static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, ++ pem_password_cb *cb, void *u) ++{ ++ int outlen = 24, pklen; ++ unsigned char *p, *salt = NULL; ++ EVP_CIPHER_CTX cctx; ++ EVP_CIPHER_CTX_init(&cctx); ++ if (enclevel) ++ outlen += PVK_SALTLEN; ++ pklen = do_i2b(NULL, pk, 0); ++ if (pklen < 0) ++ return -1; ++ outlen += pklen; ++ if (!out) ++ return outlen; ++ if (*out) ++ p = *out; ++ else { ++ p = OPENSSL_malloc(outlen); ++ if (!p) { ++ PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ *out = p; ++ } ++ ++ write_ledword(&p, MS_PVKMAGIC); ++ write_ledword(&p, 0); ++ if (pk->type == EVP_PKEY_DSA) ++ write_ledword(&p, MS_KEYTYPE_SIGN); ++ else ++ write_ledword(&p, MS_KEYTYPE_KEYX); ++ write_ledword(&p, enclevel ? 1 : 0); ++ write_ledword(&p, enclevel ? PVK_SALTLEN : 0); ++ write_ledword(&p, pklen); ++ if (enclevel) { ++ if (RAND_bytes(p, PVK_SALTLEN) <= 0) ++ goto error; ++ salt = p; ++ p += PVK_SALTLEN; ++ } ++ do_i2b(&p, pk, 0); ++ if (enclevel == 0) ++ return outlen; ++ else { ++ char psbuf[PEM_BUFSIZE]; ++ unsigned char keybuf[20]; ++ int enctmplen, inlen; ++ if (cb) ++ inlen = cb(psbuf, PEM_BUFSIZE, 1, u); ++ else ++ inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u); ++ if (inlen <= 0) { ++ PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ); ++ goto error; ++ } ++ if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, ++ (unsigned char *)psbuf, inlen)) ++ goto error; ++ if (enclevel == 1) ++ memset(keybuf + 5, 0, 11); ++ p = salt + PVK_SALTLEN + 8; ++ if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) ++ goto error; ++ OPENSSL_cleanse(keybuf, 20); ++ if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8)) ++ goto error; ++ if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) ++ goto error; ++ } ++ EVP_CIPHER_CTX_cleanup(&cctx); ++ return outlen; ++ ++ error: ++ EVP_CIPHER_CTX_cleanup(&cctx); ++ return -1; ++} ++ ++int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, ++ pem_password_cb *cb, void *u) ++{ ++ unsigned char *tmp = NULL; ++ int outlen, wrlen; ++ outlen = i2b_PVK(&tmp, pk, enclevel, cb, u); ++ if (outlen < 0) ++ return -1; ++ wrlen = BIO_write(out, tmp, outlen); ++ OPENSSL_free(tmp); ++ if (wrlen == outlen) { ++ PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); ++ return outlen; ++ } ++ return -1; ++} ++ ++# endif ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +index 54e4af5..982805d 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +@@ -108,6 +108,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, + PKCS8_PRIV_KEY_INFO *p8) + { + PKCS12_SAFEBAG *bag; ++ const EVP_CIPHER *pbe_ciph; + + /* Set up the safe bag */ + if (!(bag = PKCS12_SAFEBAG_new())) { +@@ -116,8 +117,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, + } + + bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); ++ ++ pbe_ciph = EVP_get_cipherbynid(pbe_nid); ++ ++ if (pbe_ciph) ++ pbe_nid = -1; ++ + if (!(bag->value.shkeybag = +- PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter, ++ PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, + p8))) { + PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + return NULL; +@@ -166,6 +173,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + { + PKCS7 *p7; + X509_ALGOR *pbe; ++ const EVP_CIPHER *pbe_ciph; + if (!(p7 = PKCS7_new())) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); + return NULL; +@@ -175,7 +183,15 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); + return NULL; + } +- if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) { ++ ++ pbe_ciph = EVP_get_cipherbynid(pbe_nid); ++ ++ if (pbe_ciph) ++ pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen); ++ else ++ pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); ++ ++ if (!pbe) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); + return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c +index 1b57ac8..fff3ba1 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c +@@ -61,12 +61,6 @@ + #include "cryptlib.h" + #include + +-#ifdef OPENSSL_SYS_NETWARE +-/* Rename these functions to avoid name clashes on NetWare OS */ +-# define uni2asc OPENSSL_uni2asc +-# define asc2uni OPENSSL_asc2uni +-#endif +- + /* Add a local keyid to a safebag */ + + int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, +@@ -148,6 +142,6 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) + return NULL; + if (atype->type != V_ASN1_BMPSTRING) + return NULL; +- return uni2asc(atype->value.bmpstring->data, +- atype->value.bmpstring->length); ++ return OPENSSL_uni2asc(atype->value.bmpstring->data, ++ atype->value.bmpstring->length); + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c +index d75adf5..3a166e6 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c +@@ -61,28 +61,10 @@ + #include "cryptlib.h" + #include + +-/* PKCS#12 specific PBE functions */ ++/* PKCS#12 PBE algorithms now in static table */ + + void PKCS12_PBE_add(void) + { +-#ifndef OPENSSL_NO_RC4 +- EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), +- PKCS12_PBE_keyivgen); +- EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), +- PKCS12_PBE_keyivgen); +-#endif +-#ifndef OPENSSL_NO_DES +- EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, +- EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); +- EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, +- EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); +-#endif +-#ifndef OPENSSL_NO_RC2 +- EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), +- EVP_sha1(), PKCS12_PBE_keyivgen); +- EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), +- EVP_sha1(), PKCS12_PBE_keyivgen); +-#endif + } + + int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +index e9b150c..7d2aeef 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +@@ -60,9 +60,6 @@ + #include + #include "cryptlib.h" + #include +-#ifdef OPENSSL_FIPS +-# include +-#endif + + static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, + PKCS12_SAFEBAG *bag); +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c +index af0b7f8..b40ea10 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c +@@ -93,7 +93,13 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, + goto err; + } + +- EVP_CipherUpdate(&ctx, out, &i, in, inlen); ++ if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) { ++ OPENSSL_free(out); ++ out = NULL; ++ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB); ++ goto err; ++ } ++ + outlen = i; + if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) { + OPENSSL_free(out); +@@ -165,28 +171,32 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const char *pass, int passlen, + void *obj, int zbuf) + { +- ASN1_OCTET_STRING *oct; ++ ASN1_OCTET_STRING *oct = NULL; + unsigned char *in = NULL; + int inlen; + if (!(oct = M_ASN1_OCTET_STRING_new())) { + PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE); +- return NULL; ++ goto err; + } + inlen = ASN1_item_i2d(obj, &in, it); + if (!in) { + PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR); +- return NULL; ++ goto err; + } + if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, + &oct->length, 1)) { + PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); + OPENSSL_free(in); +- return NULL; ++ goto err; + } + if (zbuf) + OPENSSL_cleanse(in, inlen); + OPENSSL_free(in); + return oct; ++ err: ++ if (oct) ++ ASN1_OCTET_STRING_free(oct); ++ return NULL; + } + + IMPLEMENT_PKCS12_STACK_OF(PKCS7) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c +index dcccc10..99b8260 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c +@@ -72,12 +72,6 @@ extern BIO *bio_err; + void h__dump(unsigned char *p, int len); + #endif + +-#ifdef OPENSSL_SYS_NETWARE +-/* Rename these functions to avoid name clashes on NetWare OS */ +-# define uni2asc OPENSSL_uni2asc +-# define asc2uni OPENSSL_asc2uni +-#endif +- + /* PKCS12 compatible key/IV generation */ + #ifndef min + # define min(a,b) ((a) < (b) ? (a) : (b)) +@@ -90,15 +84,18 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int ret; + unsigned char *unipass; + int uniplen; ++ + if (!pass) { + unipass = NULL; + uniplen = 0; +- } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { ++ } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { + PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE); + return 0; + } + ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, + id, iter, n, out, md_type); ++ if (ret <= 0) ++ return 0; + if (unipass) { + OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ + OPENSSL_free(unipass); +@@ -139,6 +136,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + #endif + v = EVP_MD_block_size(md_type); + u = EVP_MD_size(md_type); ++ if (u < 0) ++ return 0; + D = OPENSSL_malloc(v); + Ai = OPENSSL_malloc(u); + B = OPENSSL_malloc(v + 1); +@@ -161,14 +160,16 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + for (i = 0; i < Plen; i++) + *p++ = pass[i % passlen]; + for (;;) { +- EVP_DigestInit_ex(&ctx, md_type, NULL); +- EVP_DigestUpdate(&ctx, D, v); +- EVP_DigestUpdate(&ctx, I, Ilen); +- EVP_DigestFinal_ex(&ctx, Ai, NULL); ++ if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ++ || !EVP_DigestUpdate(&ctx, D, v) ++ || !EVP_DigestUpdate(&ctx, I, Ilen) ++ || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) ++ goto err; + for (j = 1; j < iter; j++) { +- EVP_DigestInit_ex(&ctx, md_type, NULL); +- EVP_DigestUpdate(&ctx, Ai, u); +- EVP_DigestFinal_ex(&ctx, Ai, NULL); ++ if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ++ || !EVP_DigestUpdate(&ctx, Ai, u) ++ || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) ++ goto err; + } + memcpy(out, Ai, min(n, u)); + if (u >= n) { +@@ -193,20 +194,23 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + goto err; + if (!BN_add(Ij, Ij, Bpl1)) + goto err; +- BN_bn2bin(Ij, B); ++ if (!BN_bn2bin(Ij, B)) ++ goto err; + Ijlen = BN_num_bytes(Ij); + /* If more than 2^(v*8) - 1 cut off MSB */ + if (Ijlen > v) { +- BN_bn2bin(Ij, B); ++ if (!BN_bn2bin(Ij, B)) ++ goto err; + memcpy(I + j, B + 1, v); + #ifndef PKCS12_BROKEN_KEYGEN + /* If less than v bytes pad with zeroes */ + } else if (Ijlen < v) { + memset(I + j, 0, v - Ijlen); +- BN_bn2bin(Ij, I + j + v - Ijlen); ++ if (!BN_bn2bin(Ij, I + j + v - Ijlen)) ++ goto err; + #endif +- } else +- BN_bn2bin(Ij, I + j); ++ } else if (!BN_bn2bin(Ij, I + j)) ++ goto err; + } + } + +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +index 819251c..9aa3c90 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +@@ -64,16 +64,13 @@ + /* Simplified PKCS#12 routines */ + + static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, +- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); ++ EVP_PKEY **pkey, STACK_OF(X509) *ocerts); + + static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, +- int passlen, EVP_PKEY **pkey, X509 **cert, +- STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, +- char *keymatch); ++ int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); + + static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, +- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, +- ASN1_OCTET_STRING **keyid, char *keymatch); ++ EVP_PKEY **pkey, STACK_OF(X509) *ocerts); + + /* + * Parse and decrypt a PKCS#12 structure returning user key, user cert and +@@ -85,7 +82,8 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca) + { +- ++ STACK_OF(X509) *ocerts = NULL; ++ X509 *x = NULL; + /* Check for NULL PKCS12 structure */ + + if (!p12) { +@@ -94,14 +92,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + return 0; + } + +- /* Allocate stack for ca certificates if needed */ +- if ((ca != NULL) && (*ca == NULL)) { +- if (!(*ca = sk_X509_new_null())) { +- PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- + if (pkey) + *pkey = NULL; + if (cert) +@@ -130,11 +120,45 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + goto err; + } + +- if (!parse_pk12(p12, pass, -1, pkey, cert, ca)) { ++ /* Allocate stack for other certificates */ ++ ocerts = sk_X509_new_null(); ++ ++ if (!ocerts) { ++ PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { + PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR); + goto err; + } + ++ while ((x = sk_X509_pop(ocerts))) { ++ if (pkey && *pkey && cert && !*cert) { ++ ERR_set_mark(); ++ if (X509_check_private_key(x, *pkey)) { ++ *cert = x; ++ x = NULL; ++ } ++ ERR_pop_to_mark(); ++ } ++ ++ if (ca && x) { ++ if (!*ca) ++ *ca = sk_X509_new_null(); ++ if (!*ca) ++ goto err; ++ if (!sk_X509_push(*ca, x)) ++ goto err; ++ x = NULL; ++ } ++ if (x) ++ X509_free(x); ++ } ++ ++ if (ocerts) ++ sk_X509_pop_free(ocerts, X509_free); ++ + return 1; + + err: +@@ -143,8 +167,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + EVP_PKEY_free(*pkey); + if (cert && *cert) + X509_free(*cert); +- if (ca) +- sk_X509_pop_free(*ca, X509_free); ++ if (x) ++ X509_free(x); ++ if (ocerts) ++ sk_X509_pop_free(ocerts, X509_free); + return 0; + + } +@@ -152,15 +178,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + /* Parse the outer PKCS#12 structure */ + + static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, +- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) ++ EVP_PKEY **pkey, STACK_OF(X509) *ocerts) + { + STACK_OF(PKCS7) *asafes; + STACK_OF(PKCS12_SAFEBAG) *bags; + int i, bagnid; + PKCS7 *p7; +- ASN1_OCTET_STRING *keyid = NULL; + +- char keymatch = 0; + if (!(asafes = PKCS12_unpack_authsafes(p12))) + return 0; + for (i = 0; i < sk_PKCS7_num(asafes); i++) { +@@ -176,8 +200,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, + sk_PKCS7_pop_free(asafes, PKCS7_free); + return 0; + } +- if (!parse_bags(bags, pass, passlen, pkey, cert, ca, +- &keyid, &keymatch)) { ++ if (!parse_bags(bags, pass, passlen, pkey, ocerts)) { + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + sk_PKCS7_pop_free(asafes, PKCS7_free); + return 0; +@@ -185,71 +208,46 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + } + sk_PKCS7_pop_free(asafes, PKCS7_free); +- if (keyid) +- M_ASN1_OCTET_STRING_free(keyid); + return 1; + } + + static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, +- int passlen, EVP_PKEY **pkey, X509 **cert, +- STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, +- char *keymatch) ++ int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) + { + int i; + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { + if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), +- pass, passlen, pkey, cert, ca, keyid, keymatch)) ++ pass, passlen, pkey, ocerts)) + return 0; + } + return 1; + } + +-#define MATCH_KEY 0x1 +-#define MATCH_CERT 0x2 +-#define MATCH_ALL 0x3 +- + static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, +- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, +- ASN1_OCTET_STRING **keyid, char *keymatch) ++ EVP_PKEY **pkey, STACK_OF(X509) *ocerts) + { + PKCS8_PRIV_KEY_INFO *p8; + X509 *x509; +- ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; + ASN1_TYPE *attrib; + ASN1_BMPSTRING *fname = NULL; ++ ASN1_OCTET_STRING *lkid = NULL; + + if ((attrib = PKCS12_get_attr(bag, NID_friendlyName))) + fname = attrib->value.bmpstring; + +- if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) { +- lkey = attrib->value.octet_string; +- ckid = lkey; +- } +- +- /* Check for any local key id matching (if needed) */ +- if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { +- if (*keyid) { +- if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) +- lkey = NULL; +- } else { +- if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { +- PKCS12err(PKCS12_F_PARSE_BAG, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- } ++ if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) ++ lkid = attrib->value.octet_string; + + switch (M_PKCS12_bag_type(bag)) { + case NID_keyBag: +- if (!lkey || !pkey) ++ if (!pkey || *pkey) + return 1; + if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) + return 0; +- *keymatch |= MATCH_KEY; + break; + + case NID_pkcs8ShroudedKeyBag: +- if (!lkey || !pkey) ++ if (!pkey || *pkey) + return 1; + if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) + return 0; +@@ -257,7 +255,6 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO_free(p8); + if (!(*pkey)) + return 0; +- *keymatch |= MATCH_KEY; + break; + + case NID_certBag: +@@ -265,11 +262,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + return 1; + if (!(x509 = PKCS12_certbag2x509(bag))) + return 0; +- if (ckid) { +- if (!X509_keyid_set1(x509, ckid->data, ckid->length)) { +- X509_free(x509); +- return 0; +- } ++ if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { ++ X509_free(x509); ++ return 0; + } + if (fname) { + int len, r; +@@ -285,23 +280,15 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + } + } + +- if (lkey) { +- *keymatch |= MATCH_CERT; +- if (cert) +- *cert = x509; +- else +- X509_free(x509); +- } else { +- if (ca) +- sk_X509_push(*ca, x509); +- else +- X509_free(x509); ++ if (!sk_X509_push(ocerts, x509)) { ++ X509_free(x509); ++ return 0; + } ++ + break; + + case NID_safeContentsBag: +- return parse_bags(bag->value.safes, pass, passlen, +- pkey, cert, ca, keyid, keymatch); ++ return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts); + break; + + default: +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +index b50f1b6..5ab4bf2 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +@@ -60,6 +60,7 @@ + #ifndef OPENSSL_NO_HMAC + # include + # include "cryptlib.h" ++# include + # include + # include + # include +@@ -72,6 +73,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + HMAC_CTX hmac; + unsigned char key[EVP_MAX_MD_SIZE], *salt; + int saltlen, iter; ++ int md_size; + + if (!PKCS7_type_is_data(p12->authsafes)) { + PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); +@@ -88,16 +90,22 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); + return 0; + } ++ md_size = EVP_MD_size(md_type); ++ if (md_size < 0) ++ return 0; + if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, +- EVP_MD_size(md_type), key, md_type)) { ++ md_size, key, md_type)) { + PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); + return 0; + } + HMAC_CTX_init(&hmac); +- HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); +- HMAC_Update(&hmac, p12->authsafes->d.data->data, +- p12->authsafes->d.data->length); +- HMAC_Final(&hmac, mac, maclen); ++ if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) ++ || !HMAC_Update(&hmac, p12->authsafes->d.data->data, ++ p12->authsafes->d.data->length) ++ || !HMAC_Final(&hmac, mac, maclen)) { ++ HMAC_CTX_cleanup(&hmac); ++ return 0; ++ } + HMAC_CTX_cleanup(&hmac); + return 1; + } +@@ -116,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) + return 0; + } + if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) +- || memcmp(mac, p12->mac->dinfo->digest->data, maclen)) ++ || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + return 0; + return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c +index d970f05..861a087 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c +@@ -76,8 +76,12 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + + if (pbe_nid == -1) + pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); +- else ++ else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) ++ pbe = PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, pbe_nid); ++ else { ++ ERR_clear_error(); + pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); ++ } + if (!pbe) { + PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); + goto err; +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c +index fc53cf0..a0b992e 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c +@@ -61,16 +61,10 @@ + #include "cryptlib.h" + #include + +-#ifdef OPENSSL_SYS_NETWARE +-/* Rename these functions to avoid name clashes on NetWare OS */ +-# define uni2asc OPENSSL_uni2asc +-# define asc2uni OPENSSL_asc2uni +-#endif +- + /* Cheap and nasty Unicode stuff */ + +-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, +- int *unilen) ++unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, ++ unsigned char **uni, int *unilen) + { + int ulen, i; + unsigned char *unitmp; +@@ -93,7 +87,7 @@ unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, + return unitmp; + } + +-char *uni2asc(unsigned char *uni, int unilen) ++char *OPENSSL_uni2asc(unsigned char *uni, int unilen) + { + int asclen, i; + char *asctmp; +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c +index 799f838..e58710b 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c +@@ -1,6 +1,6 @@ + /* crypto/pkcs12/pk12err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c b/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c +new file mode 100644 +index 0000000..fae1c56 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c +@@ -0,0 +1,70 @@ ++/* bio_pk7.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#include ++#include ++#include ++ ++#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS) ++# include ++#endif ++#include ++ ++/* Streaming encode support for PKCS#7 */ ++ ++BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) ++{ ++ return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c +index 0e4e69d..9c0a439 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c +@@ -78,13 +78,43 @@ ASN1_ADB(PKCS7) = { + ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) + } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); + +-ASN1_NDEF_SEQUENCE(PKCS7) = { ++/* PKCS#7 streaming support */ ++static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ ASN1_STREAM_ARG *sarg = exarg; ++ PKCS7 **pp7 = (PKCS7 **)pval; ++ ++ switch (operation) { ++ ++ case ASN1_OP_STREAM_PRE: ++ if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) ++ return 0; ++ case ASN1_OP_DETACHED_PRE: ++ sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); ++ if (!sarg->ndef_bio) ++ return 0; ++ break; ++ ++ case ASN1_OP_STREAM_POST: ++ case ASN1_OP_DETACHED_POST: ++ if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) ++ return 0; ++ break; ++ ++ } ++ return 1; ++} ++ ++ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = { + ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(PKCS7) +-}ASN1_NDEF_SEQUENCE_END(PKCS7) ++}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7) ++ + IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) ++ + IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) + + ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { +@@ -99,7 +129,8 @@ ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) + + /* Minor tweak to operation: free up EVP_PKEY */ +-static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + if (operation == ASN1_OP_FREE_POST) { + PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; +@@ -141,7 +172,8 @@ ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) + + /* Minor tweak to operation: free up X509 */ +-static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + if (operation == ASN1_OP_FREE_POST) { + PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; +@@ -162,7 +194,7 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) + ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { + ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), + ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), +- ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) ++ ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0) + } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +@@ -215,3 +247,5 @@ ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, + V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) + ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) ++ ++IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c +index 1fd65b5..88922ef 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c +@@ -61,6 +61,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -70,27 +71,12 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap) + { + ASN1_STRING *seq; +- unsigned char *p, *pp; +- int len; +- len = i2d_ASN1_SET_OF_X509_ALGOR(cap, NULL, i2d_X509_ALGOR, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, +- IS_SEQUENCE); +- if (!(pp = (unsigned char *)OPENSSL_malloc(len))) { +- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- p = pp; +- i2d_ASN1_SET_OF_X509_ALGOR(cap, &p, i2d_X509_ALGOR, V_ASN1_SEQUENCE, +- V_ASN1_UNIVERSAL, IS_SEQUENCE); + if (!(seq = ASN1_STRING_new())) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); + return 0; + } +- if (!ASN1_STRING_set(seq, pp, len)) { +- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- OPENSSL_free(pp); ++ seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data, ++ ASN1_ITEM_rptr(X509_ALGORS)); + return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, seq); + } +@@ -104,10 +90,9 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) + if (!cap || (cap->type != V_ASN1_SEQUENCE)) + return NULL; + p = cap->value.sequence->data; +- return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, +- cap->value.sequence->length, +- d2i_X509_ALGOR, X509_ALGOR_free, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); ++ return (STACK_OF(X509_ALGOR) *) ++ ASN1_item_d2i(NULL, &p, cap->value.sequence->length, ++ ASN1_ITEM_rptr(X509_ALGORS)); + } + + /* Basic smime-capabilities OID and optional integer arg */ +@@ -141,3 +126,40 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) + sk_X509_ALGOR_push(sk, alg); + return 1; + } ++ ++int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) ++{ ++ if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType)) ++ return 0; ++ if (!coid) ++ coid = OBJ_nid2obj(NID_pkcs7_data); ++ return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, ++ V_ASN1_OBJECT, coid); ++} ++ ++int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) ++{ ++ if (!t && !(t = X509_gmtime_adj(NULL, 0))) { ++ PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, ++ ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, ++ V_ASN1_UTCTIME, t); ++} ++ ++int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, ++ const unsigned char *md, int mdlen) ++{ ++ ASN1_OCTET_STRING *os; ++ os = ASN1_OCTET_STRING_new(); ++ if (!os) ++ return 0; ++ if (!ASN1_STRING_set(os, md, mdlen) ++ || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, ++ V_ASN1_OCTET_STRING, os)) { ++ ASN1_OCTET_STRING_free(os); ++ return 0; ++ } ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +index db134dd..c8d7db0 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +@@ -134,6 +134,121 @@ static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) + + } + ++static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, ++ unsigned char *key, int keylen) ++{ ++ EVP_PKEY_CTX *pctx = NULL; ++ EVP_PKEY *pkey = NULL; ++ unsigned char *ek = NULL; ++ int ret = 0; ++ size_t eklen; ++ ++ pkey = X509_get_pubkey(ri->cert); ++ ++ if (!pkey) ++ return 0; ++ ++ pctx = EVP_PKEY_CTX_new(pkey, NULL); ++ if (!pctx) ++ return 0; ++ ++ if (EVP_PKEY_encrypt_init(pctx) <= 0) ++ goto err; ++ ++ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, ++ EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); ++ goto err; ++ } ++ ++ if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) ++ goto err; ++ ++ ek = OPENSSL_malloc(eklen); ++ ++ if (ek == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) ++ goto err; ++ ++ ASN1_STRING_set0(ri->enc_key, ek, eklen); ++ ek = NULL; ++ ++ ret = 1; ++ ++ err: ++ if (pkey) ++ EVP_PKEY_free(pkey); ++ if (pctx) ++ EVP_PKEY_CTX_free(pctx); ++ if (ek) ++ OPENSSL_free(ek); ++ return ret; ++ ++} ++ ++static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, ++ PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) ++{ ++ EVP_PKEY_CTX *pctx = NULL; ++ unsigned char *ek = NULL; ++ size_t eklen; ++ ++ int ret = -1; ++ ++ pctx = EVP_PKEY_CTX_new(pkey, NULL); ++ if (!pctx) ++ return -1; ++ ++ if (EVP_PKEY_decrypt_init(pctx) <= 0) ++ goto err; ++ ++ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, ++ EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); ++ goto err; ++ } ++ ++ if (EVP_PKEY_decrypt(pctx, NULL, &eklen, ++ ri->enc_key->data, ri->enc_key->length) <= 0) ++ goto err; ++ ++ ek = OPENSSL_malloc(eklen); ++ ++ if (ek == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (EVP_PKEY_decrypt(pctx, ek, &eklen, ++ ri->enc_key->data, ri->enc_key->length) <= 0) { ++ ret = 0; ++ PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); ++ goto err; ++ } ++ ++ ret = 1; ++ ++ if (*pek) { ++ OPENSSL_cleanse(*pek, *peklen); ++ OPENSSL_free(*pek); ++ } ++ ++ *pek = ek; ++ *peklen = eklen; ++ ++ err: ++ if (pctx) ++ EVP_PKEY_CTX_free(pctx); ++ if (!ret && ek) ++ OPENSSL_free(ek); ++ ++ return ret; ++} ++ + BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) + { + int i; +@@ -144,7 +259,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) + STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; + X509_ALGOR *xalg = NULL; + PKCS7_RECIP_INFO *ri = NULL; +- EVP_PKEY *pkey; + ASN1_OCTET_STRING *os = NULL; + + if (p7 == NULL) { +@@ -197,6 +311,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) + xa = p7->d.digest->md; + os = PKCS7_get_octet_string(p7->d.digest->contents); + break; ++ case NID_pkcs7_data: ++ break; + default: + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; +@@ -213,8 +329,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) + unsigned char key[EVP_MAX_KEY_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + int keylen, ivlen; +- int jj, max; +- unsigned char *tmp; + EVP_CIPHER_CTX *ctx; + + if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { +@@ -246,43 +360,11 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) + } + + /* Lets do the pub key stuff :-) */ +- max = 0; +- for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { +- ri = sk_PKCS7_RECIP_INFO_value(rsk, i); +- if (ri->cert == NULL) { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT, +- PKCS7_R_MISSING_CERIPEND_INFO); +- goto err; +- } +- if ((pkey = X509_get_pubkey(ri->cert)) == NULL) +- goto err; +- jj = EVP_PKEY_size(pkey); +- EVP_PKEY_free(pkey); +- if (max < jj) +- max = jj; +- } +- if ((tmp = (unsigned char *)OPENSSL_malloc(max)) == NULL) { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE); +- goto err; +- } + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); +- if ((pkey = X509_get_pubkey(ri->cert)) == NULL) +- goto err; +- jj = EVP_PKEY_encrypt(tmp, key, keylen, pkey); +- EVP_PKEY_free(pkey); +- if (jj <= 0) { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_EVP_LIB); +- OPENSSL_free(tmp); +- goto err; +- } +- if (!M_ASN1_OCTET_STRING_set(ri->enc_key, tmp, jj)) { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(tmp); ++ if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) + goto err; +- } + } +- OPENSSL_free(tmp); + OPENSSL_cleanse(key, keylen); + + if (out == NULL) +@@ -304,7 +386,10 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) + BIO_set_mem_eof_return(bio, 0); + } + } +- BIO_push(out, bio); ++ if (out) ++ BIO_push(out, bio); ++ else ++ out = bio; + bio = NULL; + if (0) { + err: +@@ -333,7 +418,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + { + int i, j; + BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; +- unsigned char *tmp = NULL; + X509_ALGOR *xa; + ASN1_OCTET_STRING *data_body = NULL; + const EVP_MD *evp_md; +@@ -343,6 +427,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + STACK_OF(X509_ALGOR) *md_sk = NULL; + STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; + PKCS7_RECIP_INFO *ri = NULL; ++ unsigned char *ek = NULL, *tkey = NULL; ++ int eklen = 0, tkeylen = 0; + + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); +@@ -359,12 +445,24 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + + switch (i) { + case NID_pkcs7_signed: ++ /* ++ * p7->d.sign->contents is a PKCS7 structure consisting of a contentType ++ * field and optional content. ++ * data_body is NULL if that structure has no (=detached) content ++ * or if the contentType is wrong (i.e., not "data"). ++ */ + data_body = PKCS7_get_octet_string(p7->d.sign->contents); ++ if (!PKCS7_is_detached(p7) && data_body == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ++ PKCS7_R_INVALID_SIGNED_DATA_TYPE); ++ goto err; ++ } + md_sk = p7->d.sign->md_algs; + break; + case NID_pkcs7_signedAndEnveloped: + rsk = p7->d.signed_and_enveloped->recipientinfo; + md_sk = p7->d.signed_and_enveloped->md_algs; ++ /* data_body is NULL if the optional EncryptedContent is missing. */ + data_body = p7->d.signed_and_enveloped->enc_data->enc_data; + enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; + evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); +@@ -377,6 +475,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + case NID_pkcs7_enveloped: + rsk = p7->d.enveloped->recipientinfo; + enc_alg = p7->d.enveloped->enc_data->algorithm; ++ /* data_body is NULL if the optional EncryptedContent is missing. */ + data_body = p7->d.enveloped->enc_data->enc_data; + evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); + if (evp_cipher == NULL) { +@@ -390,6 +489,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + goto err; + } + ++ /* Detached content must be supplied via in_bio instead. */ ++ if (data_body == NULL && in_bio == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); ++ goto err; ++ } ++ + /* We will be checking the signature */ + if (md_sk != NULL) { + for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { +@@ -425,9 +530,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + int max; + X509_OBJECT ret; + #endif +- unsigned char *tkey = NULL; +- int tkeylen; +- int jj; + + if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); +@@ -458,48 +560,23 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + } + } + +- jj = EVP_PKEY_size(pkey); +- tmp = (unsigned char *)OPENSSL_malloc(jj + 10); +- if (tmp == NULL) { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- + /* If we haven't got a certificate try each ri in turn */ +- + if (pcert == NULL) { + /* +- * Temporary storage in case EVP_PKEY_decrypt overwrites output +- * buffer on error. +- */ +- unsigned char *tmp2; +- tmp2 = OPENSSL_malloc(jj); +- if (!tmp2) +- goto err; +- jj = -1; +- /* +- * Always attempt to decrypt all cases to avoid leaking timing +- * information about a successful decrypt. ++ * Always attempt to decrypt all rinfo even after sucess as a ++ * defence against MMA timing attacks. + */ + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { +- int tret; + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); +- tret = EVP_PKEY_decrypt(tmp2, +- M_ASN1_STRING_data(ri->enc_key), +- M_ASN1_STRING_length(ri->enc_key), +- pkey); +- if (tret > 0) { +- memcpy(tmp, tmp2, tret); +- OPENSSL_cleanse(tmp2, tret); +- jj = tret; +- } ++ ++ if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) ++ goto err; + ERR_clear_error(); + } +- OPENSSL_free(tmp2); + } else { +- jj = EVP_PKEY_decrypt(tmp, +- M_ASN1_STRING_data(ri->enc_key), +- M_ASN1_STRING_length(ri->enc_key), pkey); ++ /* Only exit on fatal errors, not decrypt failure */ ++ if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) ++ goto err; + ERR_clear_error(); + } + +@@ -509,45 +586,48 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + goto err; + if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) + goto err; +- /* Generate random key to counter MMA */ ++ /* Generate random key as MMA defence */ + tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); + tkey = OPENSSL_malloc(tkeylen); + if (!tkey) + goto err; + if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) + goto err; +- /* If we have no key use random key */ +- if (jj <= 0) { +- OPENSSL_free(tmp); +- jj = tkeylen; +- tmp = tkey; ++ if (ek == NULL) { ++ ek = tkey; ++ eklen = tkeylen; + tkey = NULL; + } + +- if (jj != tkeylen) { ++ if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { + /* + * Some S/MIME clients don't use the same key and effective key + * length. The key length is determined by the size of the + * decrypted RSA key. + */ +- if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) { +- /* As MMA defence use random key instead */ +- OPENSSL_cleanse(tmp, jj); +- OPENSSL_free(tmp); +- jj = tkeylen; +- tmp = tkey; ++ if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { ++ /* Use random key as MMA defence */ ++ OPENSSL_cleanse(ek, eklen); ++ OPENSSL_free(ek); ++ ek = tkey; ++ eklen = tkeylen; + tkey = NULL; + } + } ++ /* Clear errors so we don't leak information useful in MMA */ + ERR_clear_error(); +- if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, tmp, NULL, 0) <= 0) ++ if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) + goto err; + +- OPENSSL_cleanse(tmp, jj); +- ++ if (ek) { ++ OPENSSL_cleanse(ek, eklen); ++ OPENSSL_free(ek); ++ ek = NULL; ++ } + if (tkey) { + OPENSSL_cleanse(tkey, tkeylen); + OPENSSL_free(tkey); ++ tkey = NULL; + } + + if (out == NULL) +@@ -557,7 +637,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + etmp = NULL; + } + #if 1 +- if (PKCS7_is_detached(p7) || (in_bio != NULL)) { ++ if (in_bio != NULL) { + bio = in_bio; + } else { + # if 0 +@@ -587,6 +667,14 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + #endif + if (0) { + err: ++ if (ek) { ++ OPENSSL_cleanse(ek, eklen); ++ OPENSSL_free(ek); ++ } ++ if (tkey) { ++ OPENSSL_cleanse(tkey, tkeylen); ++ OPENSSL_free(tkey); ++ } + if (out != NULL) + BIO_free_all(out); + if (btmp != NULL) +@@ -597,8 +685,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + BIO_free_all(bio); + out = NULL; + } +- if (tmp != NULL) +- OPENSSL_free(tmp); + return (out); + } + +@@ -623,13 +709,41 @@ static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) + return NULL; + } + ++static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) ++{ ++ unsigned char md_data[EVP_MAX_MD_SIZE]; ++ unsigned int md_len; ++ ++ /* Add signing time if not already present */ ++ if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { ++ if (!PKCS7_add0_attrib_signing_time(si, NULL)) { ++ PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ ++ /* Add digest */ ++ if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) { ++ PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB); ++ return 0; ++ } ++ if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) { ++ PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ /* Now sign the attributes */ ++ if (!PKCS7_SIGNER_INFO_sign(si)) ++ return 0; ++ ++ return 1; ++} ++ + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + { + int ret = 0; + int i, j; + BIO *btmp; +- BUF_MEM *buf_mem = NULL; +- BUF_MEM *buf = NULL; + PKCS7_SIGNER_INFO *si; + EVP_MD_CTX *mdc, ctx_tmp; + STACK_OF(X509_ATTRIBUTE) *sk; +@@ -651,22 +765,33 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + p7->state = PKCS7_S_HEADER; + + switch (i) { ++ case NID_pkcs7_data: ++ os = p7->d.data; ++ break; + case NID_pkcs7_signedAndEnveloped: + /* XXXXXXXXXXXXXXXX */ + si_sk = p7->d.signed_and_enveloped->signer_info; +- if (!(os = M_ASN1_OCTET_STRING_new())) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); +- goto err; ++ os = p7->d.signed_and_enveloped->enc_data->enc_data; ++ if (!os) { ++ os = M_ASN1_OCTET_STRING_new(); ++ if (!os) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p7->d.signed_and_enveloped->enc_data->enc_data = os; + } +- p7->d.signed_and_enveloped->enc_data->enc_data = os; + break; + case NID_pkcs7_enveloped: + /* XXXXXXXXXXXXXXXX */ +- if (!(os = M_ASN1_OCTET_STRING_new())) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); +- goto err; ++ os = p7->d.enveloped->enc_data->enc_data; ++ if (!os) { ++ os = M_ASN1_OCTET_STRING_new(); ++ if (!os) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p7->d.enveloped->enc_data->enc_data = os; + } +- p7->d.enveloped->enc_data->enc_data = os; + break; + case NID_pkcs7_signed: + si_sk = p7->d.sign->signer_info; +@@ -689,13 +814,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + } + break; + ++ default: ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); ++ goto err; + } + + if (si_sk != NULL) { +- if ((buf = BUF_MEM_new()) == NULL) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB); +- goto err; +- } + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) { + si = sk_PKCS7_SIGNER_INFO_value(si_sk, i); + if (si->pkey == NULL) +@@ -713,11 +837,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + /* + * We now have the EVP_MD_CTX, lets do the signing. + */ +- EVP_MD_CTX_copy_ex(&ctx_tmp, mdc); +- if (!BUF_MEM_grow_clean(buf, EVP_PKEY_size(si->pkey))) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB); ++ if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) + goto err; +- } + + sk = si->auth_attr; + +@@ -725,76 +846,22 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + * If there are attributes, we add the digest attribute and only + * sign the attributes + */ +- if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { +- unsigned char md_data[EVP_MAX_MD_SIZE], *abuf = NULL; +- unsigned int md_len, alen; +- ASN1_OCTET_STRING *digest; +- ASN1_UTCTIME *sign_time; +- const EVP_MD *md_tmp; +- +- /* Add signing time if not already present */ +- if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { +- if (!(sign_time = X509_gmtime_adj(NULL, 0))) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!PKCS7_add_signed_attribute(si, +- NID_pkcs9_signingTime, +- V_ASN1_UTCTIME, +- sign_time)) { +- M_ASN1_UTCTIME_free(sign_time); +- goto err; +- } +- } +- +- /* Add digest */ +- md_tmp = EVP_MD_CTX_md(&ctx_tmp); +- EVP_DigestFinal_ex(&ctx_tmp, md_data, &md_len); +- if (!(digest = M_ASN1_OCTET_STRING_new())) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!M_ASN1_OCTET_STRING_set(digest, md_data, md_len)) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); +- M_ASN1_OCTET_STRING_free(digest); +- goto err; +- } +- if (!PKCS7_add_signed_attribute(si, +- NID_pkcs9_messageDigest, +- V_ASN1_OCTET_STRING, digest)) +- { +- M_ASN1_OCTET_STRING_free(digest); ++ if (sk_X509_ATTRIBUTE_num(sk) > 0) { ++ if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) + goto err; +- } +- +- /* Now sign the attributes */ +- EVP_SignInit_ex(&ctx_tmp, md_tmp, NULL); +- alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, +- ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); ++ } else { ++ unsigned char *abuf = NULL; ++ unsigned int abuflen; ++ abuflen = EVP_PKEY_size(si->pkey); ++ abuf = OPENSSL_malloc(abuflen); + if (!abuf) + goto err; +- EVP_SignUpdate(&ctx_tmp, abuf, alen); +- OPENSSL_free(abuf); +- } +-#ifndef OPENSSL_NO_DSA +- if (si->pkey->type == EVP_PKEY_DSA) +- ctx_tmp.digest = EVP_dss1(); +-#endif +-#ifndef OPENSSL_NO_ECDSA +- if (si->pkey->type == EVP_PKEY_EC) +- ctx_tmp.digest = EVP_ecdsa(); +-#endif + +- if (!EVP_SignFinal(&ctx_tmp, (unsigned char *)buf->data, +- (unsigned int *)&buf->length, si->pkey)) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); +- goto err; +- } +- if (!ASN1_STRING_set(si->enc_digest, +- (unsigned char *)buf->data, buf->length)) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_ASN1_LIB); +- goto err; ++ if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); ++ goto err; ++ } ++ ASN1_STRING_set0(si->enc_digest, abuf, abuflen); + } + } + } else if (i == NID_pkcs7_digest) { +@@ -803,7 +870,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + if (!PKCS7_find_digest(&mdc, bio, + OBJ_obj2nid(p7->d.digest->md->algorithm))) + goto err; +- EVP_DigestFinal_ex(mdc, md_data, &md_len); ++ if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) ++ goto err; + M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + } + +@@ -814,34 +882,89 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + */ + if (os == NULL) + goto err; +- btmp = BIO_find_type(bio, BIO_TYPE_MEM); +- if (btmp == NULL) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); +- goto err; ++ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { ++ char *cont; ++ long contlen; ++ btmp = BIO_find_type(bio, BIO_TYPE_MEM); ++ if (btmp == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); ++ goto err; ++ } ++ contlen = BIO_get_mem_data(btmp, &cont); ++ /* ++ * Mark the BIO read only then we can use its copy of the data ++ * instead of making an extra copy. ++ */ ++ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); ++ BIO_set_mem_eof_return(btmp, 0); ++ ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + } +- BIO_get_mem_ptr(btmp, &buf_mem); +- /* +- * Mark the BIO read only then we can use its copy of the data +- * instead of making an extra copy. +- */ +- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); +- BIO_set_mem_eof_return(btmp, 0); +- os->data = (unsigned char *)buf_mem->data; +- os->length = buf_mem->length; +-#if 0 +- M_ASN1_OCTET_STRING_set(os, +- (unsigned char *)buf_mem->data, +- buf_mem->length); +-#endif + } + ret = 1; + err: + EVP_MD_CTX_cleanup(&ctx_tmp); +- if (buf != NULL) +- BUF_MEM_free(buf); + return (ret); + } + ++int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) ++{ ++ EVP_MD_CTX mctx; ++ EVP_PKEY_CTX *pctx; ++ unsigned char *abuf = NULL; ++ int alen; ++ size_t siglen; ++ const EVP_MD *md = NULL; ++ ++ md = EVP_get_digestbyobj(si->digest_alg->algorithm); ++ if (md == NULL) ++ return 0; ++ ++ EVP_MD_CTX_init(&mctx); ++ if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) ++ goto err; ++ ++ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, ++ EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); ++ goto err; ++ } ++ ++ alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, ++ ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); ++ if (!abuf) ++ goto err; ++ if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) ++ goto err; ++ OPENSSL_free(abuf); ++ abuf = NULL; ++ if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) ++ goto err; ++ abuf = OPENSSL_malloc(siglen); ++ if (!abuf) ++ goto err; ++ if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) ++ goto err; ++ ++ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, ++ EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); ++ goto err; ++ } ++ ++ EVP_MD_CTX_cleanup(&mctx); ++ ++ ASN1_STRING_set0(si->enc_digest, abuf, siglen); ++ ++ return 1; ++ ++ err: ++ if (abuf) ++ OPENSSL_free(abuf); ++ EVP_MD_CTX_cleanup(&mctx); ++ return 0; ++ ++} ++ + int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, + PKCS7 *p7, PKCS7_SIGNER_INFO *si) + { +@@ -947,15 +1070,18 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + * mdc is the digest ctx that we want, unless there are attributes, in + * which case the digest is the signed attributes + */ +- EVP_MD_CTX_copy_ex(&mdc_tmp, mdc); ++ if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) ++ goto err; + + sk = si->auth_attr; + if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { + unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; +- unsigned int md_len, alen; ++ unsigned int md_len; ++ int alen; + ASN1_OCTET_STRING *message_digest; + +- EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len); ++ if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) ++ goto err; + message_digest = PKCS7_digest_from_attributes(sk); + if (!message_digest) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, +@@ -980,11 +1106,18 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + goto err; + } + +- EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL); ++ if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL)) ++ goto err; + + alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, + ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); +- EVP_VerifyUpdate(&mdc_tmp, abuf, alen); ++ if (alen <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB); ++ ret = -1; ++ goto err; ++ } ++ if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) ++ goto err; + + OPENSSL_free(abuf); + } +@@ -995,14 +1128,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + ret = -1; + goto err; + } +-#ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) +- mdc_tmp.digest = EVP_dss1(); +-#endif +-#ifndef OPENSSL_NO_ECDSA +- if (pkey->type == EVP_PKEY_EC) +- mdc_tmp.digest = EVP_ecdsa(); +-#endif + + i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); + EVP_PKEY_free(pkey); +@@ -1135,7 +1260,8 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, + X509_ATTRIBUTE *attr = NULL; + + if (*sk == NULL) { +- if (!(*sk = sk_X509_ATTRIBUTE_new_null())) ++ *sk = sk_X509_ATTRIBUTE_new_null(); ++ if (*sk == NULL) + return 0; + new_attrib: + if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value))) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c +index c2ad3ec..0c5fcaa 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c +@@ -60,6 +60,7 @@ + #include "cryptlib.h" + #include + #include ++#include "asn1_locl.h" + + long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) + { +@@ -354,13 +355,8 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) + int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst) + { +- int nid; +- char is_dsa; ++ int ret; + +- if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) +- is_dsa = 1; +- else +- is_dsa = 0; + /* We now need to add another PKCS7_SIGNER_INFO entry */ + if (!ASN1_INTEGER_set(p7i->version, 1)) + goto err; +@@ -382,58 +378,41 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + p7i->pkey = pkey; + + /* Set the algorithms */ +- if (is_dsa) +- p7i->digest_alg->algorithm = OBJ_nid2obj(NID_sha1); +- else +- p7i->digest_alg->algorithm = OBJ_nid2obj(EVP_MD_type(dgst)); + +- if (p7i->digest_alg->parameter != NULL) +- ASN1_TYPE_free(p7i->digest_alg->parameter); +- if ((p7i->digest_alg->parameter = ASN1_TYPE_new()) == NULL) +- goto err; +- p7i->digest_alg->parameter->type = V_ASN1_NULL; +- +- if (p7i->digest_enc_alg->parameter != NULL) +- ASN1_TYPE_free(p7i->digest_enc_alg->parameter); +- nid = EVP_PKEY_type(pkey->type); +- if (nid == EVP_PKEY_RSA) { +- p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_rsaEncryption); +- if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new())) +- goto err; +- p7i->digest_enc_alg->parameter->type = V_ASN1_NULL; +- } else if (nid == EVP_PKEY_DSA) { +-#if 1 +- /* +- * use 'dsaEncryption' OID for compatibility with other software +- * (PKCS #7 v1.5 does specify how to handle DSA) ... +- */ +- p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsa); +-#else +- /* +- * ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for +- * CMS) would make more sense. +- */ +- p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsaWithSHA1); +-#endif +- p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit +- * 'parameter'! */ +- } else if (nid == EVP_PKEY_EC) { +- p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA1); +- if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new())) +- goto err; +- p7i->digest_enc_alg->parameter->type = V_ASN1_NULL; +- } else +- return (0); ++ X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), ++ V_ASN1_NULL, NULL); + +- return (1); ++ if (pkey->ameth && pkey->ameth->pkey_ctrl) { ++ ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i); ++ if (ret > 0) ++ return 1; ++ if (ret != -2) { ++ PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, ++ PKCS7_R_SIGNING_CTRL_FAILURE); ++ return 0; ++ } ++ } ++ PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, ++ PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + err: +- return (0); ++ return 0; + } + + PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst) + { +- PKCS7_SIGNER_INFO *si; ++ PKCS7_SIGNER_INFO *si = NULL; ++ ++ if (dgst == NULL) { ++ int def_nid; ++ if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) ++ goto err; ++ dgst = EVP_get_digestbynid(def_nid); ++ if (dgst == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, PKCS7_R_NO_DEFAULT_DIGEST); ++ goto err; ++ } ++ } + + if ((si = PKCS7_SIGNER_INFO_new()) == NULL) + goto err; +@@ -443,7 +422,8 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, + goto err; + return (si); + err: +- PKCS7_SIGNER_INFO_free(si); ++ if (si) ++ PKCS7_SIGNER_INFO_free(si); + return (NULL); + } + +@@ -475,6 +455,23 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) + return (NULL); + } + ++void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, ++ X509_ALGOR **pdig, X509_ALGOR **psig) ++{ ++ if (pk) ++ *pk = si->pkey; ++ if (pdig) ++ *pdig = si->digest_alg; ++ if (psig) ++ *psig = si->digest_enc_alg; ++} ++ ++void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) ++{ ++ if (penc) ++ *penc = ri->key_enc_algor; ++} ++ + PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) + { + PKCS7_RECIP_INFO *ri; +@@ -485,10 +482,11 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) + goto err; + if (!PKCS7_add_recipient_info(p7, ri)) + goto err; +- return (ri); ++ return ri; + err: +- PKCS7_RECIP_INFO_free(ri); +- return (NULL); ++ if (ri) ++ PKCS7_RECIP_INFO_free(ri); ++ return NULL; + } + + int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) +@@ -517,6 +515,8 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) + + int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) + { ++ int ret; ++ EVP_PKEY *pkey = NULL; + if (!ASN1_INTEGER_set(p7i->version, 0)) + return 0; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, +@@ -528,14 +528,37 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + return 0; + +- X509_ALGOR_free(p7i->key_enc_algor); +- if (!(p7i->key_enc_algor = X509_ALGOR_dup(x509->cert_info->key->algor))) +- return 0; ++ pkey = X509_get_pubkey(x509); ++ ++ if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { ++ PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, ++ PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); ++ goto err; ++ } ++ ++ ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i); ++ if (ret == -2) { ++ PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, ++ PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); ++ goto err; ++ } ++ if (ret <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, ++ PKCS7_R_ENCRYPTION_CTRL_FAILURE); ++ goto err; ++ } ++ ++ EVP_PKEY_free(pkey); + + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + p7i->cert = x509; + +- return (1); ++ return 1; ++ ++ err: ++ if (pkey) ++ EVP_PKEY_free(pkey); ++ return 0; + } + + X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) +@@ -578,3 +601,46 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) + ec->cipher = cipher; + return 1; + } ++ ++int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) ++{ ++ ASN1_OCTET_STRING *os = NULL; ++ ++ switch (OBJ_obj2nid(p7->type)) { ++ case NID_pkcs7_data: ++ os = p7->d.data; ++ break; ++ ++ case NID_pkcs7_signedAndEnveloped: ++ os = p7->d.signed_and_enveloped->enc_data->enc_data; ++ if (os == NULL) { ++ os = M_ASN1_OCTET_STRING_new(); ++ p7->d.signed_and_enveloped->enc_data->enc_data = os; ++ } ++ break; ++ ++ case NID_pkcs7_enveloped: ++ os = p7->d.enveloped->enc_data->enc_data; ++ if (os == NULL) { ++ os = M_ASN1_OCTET_STRING_new(); ++ p7->d.enveloped->enc_data->enc_data = os; ++ } ++ break; ++ ++ case NID_pkcs7_signed: ++ os = p7->d.sign->contents->d.data; ++ break; ++ ++ default: ++ os = NULL; ++ break; ++ } ++ ++ if (os == NULL) ++ return 0; ++ ++ os->flags |= ASN1_STRING_FLAG_NDEF; ++ *boundary = &os->data; ++ ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +index 2eca5ea..62fb299 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +@@ -60,52 +60,18 @@ + #include + #include + +-/* PKCS#7 wrappers round generalised MIME routines */ ++/* PKCS#7 wrappers round generalised stream and MIME routines */ + +-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) ++int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) + { +- return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); ++ return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, ++ ASN1_ITEM_rptr(PKCS7)); + } + +-/* Callback for int_smime_write_ASN1 */ +- +-static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, +- const ASN1_ITEM *it) ++int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) + { +- PKCS7 *p7 = (PKCS7 *)val; +- BIO *tmpbio, *p7bio; +- +- if (!(flags & SMIME_DETACHED)) { +- SMIME_crlf_copy(data, out, flags); +- return 1; +- } +- +- /* Let PKCS7 code prepend any needed BIOs */ +- +- p7bio = PKCS7_dataInit(p7, out); +- +- if (!p7bio) +- return 0; +- +- /* Copy data across, passing through filter BIOs for processing */ +- SMIME_crlf_copy(data, p7bio, flags); +- +- /* Finalize structure */ +- if (PKCS7_dataFinal(p7, p7bio) <= 0) +- goto err; +- +- err: +- +- /* Now remove any digests prepended to the BIO */ +- +- while (p7bio != out) { +- tmpbio = BIO_pop(p7bio); +- BIO_free(p7bio); +- p7bio = tmpbio; +- } +- +- return 1; +- ++ return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)p7, in, flags, ++ "PKCS7", ASN1_ITEM_rptr(PKCS7)); + } + + int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) +@@ -117,7 +83,14 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) + else + mdalgs = NULL; + +- return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, +- ctype_nid, NID_undef, mdalgs, +- pk7_output_data, ASN1_ITEM_rptr(PKCS7)); ++ flags ^= SMIME_OLDMIME; ++ ++ return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, ++ ctype_nid, NID_undef, mdalgs, ++ ASN1_ITEM_rptr(PKCS7)); ++} ++ ++PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) ++{ ++ return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +index cd22c85..71afa21 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +@@ -64,21 +64,14 @@ + #include + #include + ++static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); ++ + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags) + { +- PKCS7 *p7 = NULL; +- PKCS7_SIGNER_INFO *si; +- BIO *p7bio = NULL; +- STACK_OF(X509_ALGOR) *smcap = NULL; ++ PKCS7 *p7; + int i; + +- if (!X509_check_private_key(signcert, pkey)) { +- PKCS7err(PKCS7_F_PKCS7_SIGN, +- PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); +- return NULL; +- } +- + if (!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); + return NULL; +@@ -90,88 +83,167 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + if (!PKCS7_content_new(p7, NID_pkcs7_data)) + goto err; + +-#if defined(OPENSSL_SYS_UEFI) +- /* +- * NOTE: Update to SHA-256 digest algorithm for UEFI version. +- */ +- if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) { +-#else +- if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) { +-#endif +- PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); ++ if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) { ++ PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR); + goto err; + } + + if (!(flags & PKCS7_NOCERTS)) { ++ for (i = 0; i < sk_X509_num(certs); i++) { ++ if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) ++ goto err; ++ } ++ } ++ ++ if (flags & PKCS7_DETACHED) ++ PKCS7_set_detached(p7, 1); ++ ++ if (flags & (PKCS7_STREAM | PKCS7_PARTIAL)) ++ return p7; ++ ++ if (PKCS7_final(p7, data, flags)) ++ return p7; ++ ++ err: ++ PKCS7_free(p7); ++ return NULL; ++} ++ ++int PKCS7_final(PKCS7 *p7, BIO *data, int flags) ++{ ++ BIO *p7bio; ++ int ret = 0; ++ if (!(p7bio = PKCS7_dataInit(p7, NULL))) { ++ PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ SMIME_crlf_copy(data, p7bio, flags); ++ ++ (void)BIO_flush(p7bio); ++ ++ if (!PKCS7_dataFinal(p7, p7bio)) { ++ PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN); ++ goto err; ++ } ++ ++ ret = 1; ++ ++ err: ++ BIO_free_all(p7bio); ++ ++ return ret; ++ ++} ++ ++/* Check to see if a cipher exists and if so add S/MIME capabilities */ ++ ++static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) ++{ ++ if (EVP_get_cipherbynid(nid)) ++ return PKCS7_simple_smimecap(sk, nid, arg); ++ return 1; ++} ++ ++static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) ++{ ++ if (EVP_get_digestbynid(nid)) ++ return PKCS7_simple_smimecap(sk, nid, arg); ++ return 1; ++} ++ ++PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, ++ EVP_PKEY *pkey, const EVP_MD *md, ++ int flags) ++{ ++ PKCS7_SIGNER_INFO *si = NULL; ++ STACK_OF(X509_ALGOR) *smcap = NULL; ++ if (!X509_check_private_key(signcert, pkey)) { ++ PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ++ PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); ++ return NULL; ++ } ++ ++ if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) { ++ PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ++ PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); ++ return NULL; ++ } ++ ++ if (!(flags & PKCS7_NOCERTS)) { + if (!PKCS7_add_certificate(p7, signcert)) + goto err; +- if (certs) +- for (i = 0; i < sk_X509_num(certs); i++) +- if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) +- goto err; + } + + if (!(flags & PKCS7_NOATTR)) { +- if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, +- V_ASN1_OBJECT, +- OBJ_nid2obj(NID_pkcs7_data))) ++ if (!PKCS7_add_attrib_content_type(si, NULL)) + goto err; + /* Add SMIMECapabilities */ + if (!(flags & PKCS7_NOSMIMECAP)) { + if (!(smcap = sk_X509_ALGOR_new_null())) { +- PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); ++ PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE); + goto err; + } +-#ifndef OPENSSL_NO_DES +- if (!PKCS7_simple_smimecap(smcap, NID_des_ede3_cbc, -1)) +- goto err; +-#endif +-#ifndef OPENSSL_NO_RC2 +- if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 128)) +- goto err; +- if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 64)) +- goto err; +-#endif +-#ifndef OPENSSL_NO_DES +- if (!PKCS7_simple_smimecap(smcap, NID_des_cbc, -1)) +- goto err; +-#endif +-#ifndef OPENSSL_NO_RC2 +- if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 40)) +- goto err; +-#endif +- if (!PKCS7_add_attrib_smimecap(si, smcap)) ++ if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ++ || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ++ || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ++ || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ++ || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ++ || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ++ || !add_cipher_smcap(smcap, NID_rc2_cbc, 128) ++ || !add_cipher_smcap(smcap, NID_rc2_cbc, 64) ++ || !add_cipher_smcap(smcap, NID_des_cbc, -1) ++ || !add_cipher_smcap(smcap, NID_rc2_cbc, 40) ++ || !PKCS7_add_attrib_smimecap(si, smcap)) + goto err; + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + smcap = NULL; + } ++ if (flags & PKCS7_REUSE_DIGEST) { ++ if (!pkcs7_copy_existing_digest(p7, si)) ++ goto err; ++ if (!(flags & PKCS7_PARTIAL) && !PKCS7_SIGNER_INFO_sign(si)) ++ goto err; ++ } + } ++ return si; ++ err: ++ if (smcap) ++ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); ++ return NULL; ++} + +- if (flags & PKCS7_DETACHED) +- PKCS7_set_detached(p7, 1); ++/* ++ * Search for a digest matching SignerInfo digest type and if found copy ++ * across. ++ */ + +- if (flags & PKCS7_STREAM) +- return p7; ++static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) ++{ ++ int i; ++ STACK_OF(PKCS7_SIGNER_INFO) *sinfos; ++ PKCS7_SIGNER_INFO *sitmp; ++ ASN1_OCTET_STRING *osdig = NULL; ++ sinfos = PKCS7_get_signer_info(p7); ++ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { ++ sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i); ++ if (si == sitmp) ++ break; ++ if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0) ++ continue; ++ if (!OBJ_cmp(si->digest_alg->algorithm, sitmp->digest_alg->algorithm)) { ++ osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); ++ break; ++ } + +- if (!(p7bio = PKCS7_dataInit(p7, NULL))) { +- PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); +- goto err; + } + +- SMIME_crlf_copy(data, p7bio, flags); ++ if (osdig) ++ return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); + +- if (!PKCS7_dataFinal(p7, p7bio)) { +- PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_DATASIGN); +- goto err; +- } +- +- BIO_free_all(p7bio); +- return p7; +- err: +- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); +- BIO_free_all(p7bio); +- PKCS7_free(p7); +- return NULL; ++ PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, ++ PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); ++ return 0; + } + + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +@@ -295,14 +367,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + tmpout = out; + + bufsiz = 4096; +- buf = OPENSSL_malloc (bufsiz); ++ buf = OPENSSL_malloc(bufsiz); + if (buf == NULL) { +- goto err; ++ goto err; + } +- + /* We now have to 'read' from p7bio to calculate digests etc. */ + for (;;) { +- i = BIO_read(p7bio, buf, sizeof(buf)); ++ i = BIO_read(p7bio, buf, bufsiz); + if (i <= 0) + break; + if (tmpout) +@@ -343,7 +414,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + sk_X509_free(signers); + + if (buf != NULL) { +- OPENSSL_free (buf); ++ OPENSSL_free(buf); + } + + return ret; +@@ -375,7 +446,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + + if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS); +- return NULL; ++ return 0; + } + + if (!(signers = sk_X509_new_null())) { +@@ -400,7 +471,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, + PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); + sk_X509_free(signers); +- return NULL; ++ return 0; + } + + if (!sk_X509_push(signers, signer)) { +@@ -440,22 +511,11 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + } + } + +- if (!(p7bio = PKCS7_dataInit(p7, NULL))) { +- PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- SMIME_crlf_copy(in, p7bio, flags); +- +- (void)BIO_flush(p7bio); +- +- if (!PKCS7_dataFinal(p7, p7bio)) { +- PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_PKCS7_DATAFINAL_ERROR); +- goto err; +- } +- BIO_free_all(p7bio); ++ if (flags & PKCS7_STREAM) ++ return p7; + +- return p7; ++ if (PKCS7_final(p7, in, flags)) ++ return p7; + + err: + +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c +index 7dc5e29..323513f 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c +@@ -1,6 +1,6 @@ + /* crypto/pkcs7/pkcs7err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -72,13 +72,20 @@ + static ERR_STRING_DATA PKCS7_str_functs[] = { + {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, + {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, ++ {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, ++ {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), ++ "PKCS7_add0_attrib_signing_time"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), + "PKCS7_add_attrib_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, + {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), ++ "PKCS7_COPY_EXISTING_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, +@@ -86,15 +93,22 @@ static ERR_STRING_DATA PKCS7_str_functs[] = { + {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, + {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, + {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, + {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, + {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, +@@ -110,21 +124,30 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { + {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"}, + {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), + "content and data present"}, ++ {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"}, + {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), + "decrypted key is wrong length"}, + {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"}, + {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"}, ++ {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"}, ++ {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), ++ "encryption not supported for this key type"}, + {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"}, + {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, + {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"}, + {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, ++ {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE), ++ "invalid signed data type"}, + {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, + {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"}, + {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, + {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"}, + {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"}, + {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"}, ++ {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST), "no default digest"}, ++ {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), ++ "no matching digest type found"}, + {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), + "no multipart body failure"}, + {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, +@@ -139,6 +162,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { + "operation not supported on this type"}, + {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), + "pkcs7 add signature error"}, ++ {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"}, + {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"}, + {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"}, + {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, +@@ -149,6 +173,9 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { + {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"}, + {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), + "signer certificate not found"}, ++ {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"}, ++ {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), ++ "signing not supported for this key type"}, + {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, + {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), +diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c +index 69cfefd..75f9734 100644 +--- a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c ++++ b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c +@@ -66,14 +66,13 @@ typedef struct _pqueue { + int count; + } pqueue_s; + +-pitem *pitem_new(PQ_64BIT priority, void *data) ++pitem *pitem_new(unsigned char *prio64be, void *data) + { + pitem *item = (pitem *)OPENSSL_malloc(sizeof(pitem)); + if (item == NULL) + return NULL; + +- pq_64bit_init(&(item->priority)); +- pq_64bit_assign(&item->priority, &priority); ++ memcpy(item->priority, prio64be, sizeof(item->priority)); + + item->data = data; + item->next = NULL; +@@ -86,7 +85,6 @@ void pitem_free(pitem *item) + if (item == NULL) + return; + +- pq_64bit_free(&(item->priority)); + OPENSSL_free(item); + } + +@@ -119,7 +117,11 @@ pitem *pqueue_insert(pqueue_s *pq, pitem *item) + + for (curr = NULL, next = pq->items; + next != NULL; curr = next, next = next->next) { +- if (pq_64bit_gt(&(next->priority), &(item->priority))) { ++ /* ++ * we can compare 64-bit value in big-endian encoding with memcmp:-) ++ */ ++ int cmp = memcmp(next->priority, item->priority, 8); ++ if (cmp > 0) { /* next > item */ + item->next = next; + + if (curr == NULL) +@@ -129,8 +131,8 @@ pitem *pqueue_insert(pqueue_s *pq, pitem *item) + + return item; + } +- /* duplicates not allowed */ +- if (pq_64bit_eq(&(item->priority), &(next->priority))) ++ ++ else if (cmp == 0) /* duplicates not allowed */ + return NULL; + } + +@@ -155,7 +157,7 @@ pitem *pqueue_pop(pqueue_s *pq) + return item; + } + +-pitem *pqueue_find(pqueue_s *pq, PQ_64BIT priority) ++pitem *pqueue_find(pqueue_s *pq, unsigned char *prio64be) + { + pitem *next; + pitem *found = NULL; +@@ -164,33 +166,42 @@ pitem *pqueue_find(pqueue_s *pq, PQ_64BIT priority) + return NULL; + + for (next = pq->items; next->next != NULL; next = next->next) { +- if (pq_64bit_eq(&(next->priority), &priority)) { ++ if (memcmp(next->priority, prio64be, 8) == 0) { + found = next; + break; + } + } + + /* check the one last node */ +- if (pq_64bit_eq(&(next->priority), &priority)) ++ if (memcmp(next->priority, prio64be, 8) == 0) + found = next; + + if (!found) + return NULL; + ++#if 0 /* find works in peek mode */ ++ if (prev == NULL) ++ pq->items = next->next; ++ else ++ prev->next = next->next; ++#endif ++ + return found; + } + +-#if PQ_64BIT_IS_INTEGER + void pqueue_print(pqueue_s *pq) + { + pitem *item = pq->items; + + while (item != NULL) { +- printf("item\t" PQ_64BIT_PRINT "\n", item->priority); ++ printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n", ++ item->priority[0], item->priority[1], ++ item->priority[2], item->priority[3], ++ item->priority[4], item->priority[5], ++ item->priority[6], item->priority[7]); + item = item->next; + } + } +-#endif + + pitem *pqueue_iterator(pqueue_s *pq) + { +diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.h b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.h +index 02386d1..d40d9c7 100644 +--- a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.h ++++ b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.h +@@ -1,7 +1,7 @@ + /* crypto/pqueue/pqueue.h */ +-/* ++/* + * DTLS implementation written by Nagendra Modadugu +- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. ++ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ + /* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +@@ -11,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,38 +58,42 @@ + */ + + #ifndef HEADER_PQUEUE_H +-#define HEADER_PQUEUE_H ++# define HEADER_PQUEUE_H + +-#include +-#include +-#include +- +-#include ++# include ++# include ++# include + ++#ifdef __cplusplus ++extern "C" { ++#endif + typedef struct _pqueue *pqueue; + +-typedef struct _pitem +- { +- PQ_64BIT priority; +- void *data; +- struct _pitem *next; +- } pitem; ++typedef struct _pitem { ++ unsigned char priority[8]; /* 64-bit value in big-endian encoding */ ++ void *data; ++ struct _pitem *next; ++} pitem; + + typedef struct _pitem *piterator; + +-pitem *pitem_new(PQ_64BIT priority, void *data); +-void pitem_free(pitem *item); ++pitem *pitem_new(unsigned char *prio64be, void *data); ++void pitem_free(pitem *item); + + pqueue pqueue_new(void); +-void pqueue_free(pqueue pq); ++void pqueue_free(pqueue pq); + + pitem *pqueue_insert(pqueue pq, pitem *item); + pitem *pqueue_peek(pqueue pq); + pitem *pqueue_pop(pqueue pq); +-pitem *pqueue_find(pqueue pq, PQ_64BIT priority); ++pitem *pqueue_find(pqueue pq, unsigned char *prio64be); + pitem *pqueue_iterator(pqueue pq); + pitem *pqueue_next(piterator *iter); + +-void pqueue_print(pqueue pq); ++void pqueue_print(pqueue pq); ++int pqueue_size(pqueue pq); + +-#endif /* ! HEADER_PQUEUE_H */ ++#ifdef __cplusplus ++} ++#endif ++#endif /* ! HEADER_PQUEUE_H */ +diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c +index 6445c1b..5c13d57 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/md_rand.c ++++ b/Cryptlib/OpenSSL/crypto/rand/md_rand.c +@@ -109,6 +109,8 @@ + * + */ + ++#define OPENSSL_FIPSEVP ++ + #ifdef MD_RAND_DEBUG + # ifndef NDEBUG + # define NDEBUG +@@ -121,14 +123,11 @@ + + #include "e_os.h" + ++#include + #include + #include "rand_lcl.h" + +-#include + #include +-#ifdef OPENSSL_FIPS +-# include +-#endif + + #ifdef BN_DEBUG + # define PREDICT +@@ -150,7 +149,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread + * prevent double locking) */ + /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ + /* valid iff crypto_lock_rand is set */ +-static unsigned long locking_thread = 0; ++static CRYPTO_THREADID locking_threadid; + + #ifdef PREDICT + int rand_predictable = 0; +@@ -161,13 +160,13 @@ const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT; + static void ssleay_rand_cleanup(void); + static void ssleay_rand_seed(const void *buf, int num); + static void ssleay_rand_add(const void *buf, int num, double add_entropy); +-static int ssleay_rand_bytes(unsigned char *buf, int num); ++static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num); + static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); + static int ssleay_rand_status(void); + + RAND_METHOD rand_ssleay_meth = { + ssleay_rand_seed, +- ssleay_rand_bytes, ++ ssleay_rand_nopseudo_bytes, + ssleay_rand_cleanup, + ssleay_rand_add, + ssleay_rand_pseudo_bytes, +@@ -199,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add) + EVP_MD_CTX m; + int do_not_lock; + ++ if (!num) ++ return; ++ + /* + * (Based on the rand(3) manpage) + * +@@ -216,8 +218,10 @@ static void ssleay_rand_add(const void *buf, int num, double add) + + /* check if we already have the lock */ + if (crypto_lock_rand) { ++ CRYPTO_THREADID cur; ++ CRYPTO_THREADID_current(&cur); + CRYPTO_r_lock(CRYPTO_LOCK_RAND2); +- do_not_lock = (locking_thread == CRYPTO_thread_id()); ++ do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); + CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + } else + do_not_lock = 0; +@@ -271,7 +275,16 @@ static void ssleay_rand_add(const void *buf, int num, double add) + } else + MD_Update(&m, &(state[st_idx]), j); + ++ /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + MD_Update(&m, buf, j); ++ /* ++ * We know that line may cause programs such as purify and valgrind ++ * to complain about use of uninitialized data. The problem is not, ++ * it's with the caller. Removing that line will make sure you get ++ * really bad randomness and thereby other problems such as very ++ * insecure keys. ++ */ ++ + MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + MD_Final(&m, local_md); + md_c[1]++; +@@ -320,7 +333,7 @@ static void ssleay_rand_seed(const void *buf, int num) + ssleay_rand_add(buf, num, (double)num); + } + +-static int ssleay_rand_bytes(unsigned char *buf, int num) ++int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) + { + static volatile int stirred_pool = 0; + int i, j, k, st_num, st_idx; +@@ -334,13 +347,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) + #endif + int do_stir_pool = 0; + +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) { +- FIPSerr(FIPS_F_SSLEAY_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); +- return 0; +- } +-#endif +- + #ifdef PREDICT + if (rand_predictable) { + static unsigned char val = 0; +@@ -376,12 +382,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) + * are fed into the hash function and the results are kept in the + * global 'md'. + */ +- +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ if (lock) ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); + + /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ + CRYPTO_w_lock(CRYPTO_LOCK_RAND2); +- locking_thread = CRYPTO_thread_id(); ++ CRYPTO_THREADID_current(&locking_threadid); + CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + crypto_lock_rand = 1; + +@@ -456,7 +462,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) + + /* before unlocking, we must clear 'crypto_lock_rand' */ + crypto_lock_rand = 0; +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + while (num > 0) { + /* num_ceil -= MD_DIGEST_LENGTH/2 */ +@@ -471,9 +478,18 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) + #endif + MD_Update(&m, local_md, MD_DIGEST_LENGTH); + MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); +-#ifndef PURIFY +- MD_Update(&m, buf, j); /* purify complains */ ++ ++#ifndef PURIFY /* purify complains */ ++ /* ++ * The following line uses the supplied buffer as a small source of ++ * entropy: since this buffer is often uninitialised it may cause ++ * programs such as purify or valgrind to complain. So for those ++ * builds it is not used: the removal of such a small source of ++ * entropy has negligible impact on security. ++ */ ++ MD_Update(&m, buf, j); + #endif ++ + k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; + if (k > 0) { + MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k); +@@ -495,14 +511,18 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) + MD_Init(&m); + MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + MD_Update(&m, local_md, MD_DIGEST_LENGTH); +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ if (lock) ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); + MD_Update(&m, md, MD_DIGEST_LENGTH); + MD_Final(&m, md); +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + EVP_MD_CTX_cleanup(&m); + if (ok) + return (1); ++ else if (pseudo) ++ return 0; + else { + RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); + ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " +@@ -511,36 +531,33 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) + } + } + ++static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num) ++{ ++ return ssleay_rand_bytes(buf, num, 0, 1); ++} ++ + /* + * pseudo-random bytes that are guaranteed to be unique but not unpredictable + */ + static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) + { +- int ret; +- unsigned long err; +- +- ret = RAND_bytes(buf, num); +- if (ret == 0) { +- err = ERR_peek_error(); +- if (ERR_GET_LIB(err) == ERR_LIB_RAND && +- ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) +- ERR_clear_error(); +- } +- return (ret); ++ return ssleay_rand_bytes(buf, num, 1, 1); + } + + static int ssleay_rand_status(void) + { ++ CRYPTO_THREADID cur; + int ret; + int do_not_lock; + ++ CRYPTO_THREADID_current(&cur); + /* + * check if we already have the lock (could happen if a RAND_poll() + * implementation calls RAND_status()) + */ + if (crypto_lock_rand) { + CRYPTO_r_lock(CRYPTO_LOCK_RAND2); +- do_not_lock = (locking_thread == CRYPTO_thread_id()); ++ do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); + CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + } else + do_not_lock = 0; +@@ -552,7 +569,7 @@ static int ssleay_rand_status(void) + * prevent ssleay_rand_bytes() from trying to obtain the lock again + */ + CRYPTO_w_lock(CRYPTO_LOCK_RAND2); +- locking_thread = CRYPTO_thread_id(); ++ CRYPTO_THREADID_cpy(&locking_threadid, &cur); + CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + crypto_lock_rand = 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c +deleted file mode 100644 +index c0a9618..0000000 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c ++++ /dev/null +@@ -1,291 +0,0 @@ +-/* crypto/rand/rand_egd.c */ +-/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */ +-/* ==================================================================== +- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include +-#include +- +-/*- +- * Query the EGD . +- * +- * This module supplies three routines: +- * +- * RAND_query_egd_bytes(path, buf, bytes) +- * will actually query "bytes" bytes of entropy form the egd-socket located +- * at path and will write them to buf (if supplied) or will directly feed +- * it to RAND_seed() if buf==NULL. +- * The number of bytes is not limited by the maximum chunk size of EGD, +- * which is 255 bytes. If more than 255 bytes are wanted, several chunks +- * of entropy bytes are requested. The connection is left open until the +- * query is competed. +- * RAND_query_egd_bytes() returns with +- * -1 if an error occured during connection or communication. +- * num the number of bytes read from the EGD socket. This number is either +- * the number of bytes requested or smaller, if the EGD pool is +- * drained and the daemon signals that the pool is empty. +- * This routine does not touch any RAND_status(). This is necessary, since +- * PRNG functions may call it during initialization. +- * +- * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them +- * used to seed the PRNG. +- * RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL. +- * Unlike RAND_query_egd_bytes(), RAND_status() is used to test the +- * seed status so that the return value can reflect the seed state: +- * -1 if an error occured during connection or communication _or_ +- * if the PRNG has still not received the required seeding. +- * num the number of bytes read from the EGD socket. This number is either +- * the number of bytes requested or smaller, if the EGD pool is +- * drained and the daemon signals that the pool is empty. +- * +- * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed +- * the PRNG. +- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. +- */ +- +-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) +-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) +-{ +- return (-1); +-} +- +-int RAND_egd(const char *path) +-{ +- return (-1); +-} +- +-int RAND_egd_bytes(const char *path, int bytes) +-{ +- return (-1); +-} +-#else +-# include +-# include OPENSSL_UNISTD +-# include +-# include +-# ifndef NO_SYS_UN_H +-# ifdef OPENSSL_SYS_VXWORKS +-# include +-# else +-# include +-# endif +-# else +-struct sockaddr_un { +- short sun_family; /* AF_UNIX */ +- char sun_path[108]; /* path name (gag) */ +-}; +-# endif /* NO_SYS_UN_H */ +-# include +-# include +- +-# ifndef offsetof +-# define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) +-# endif +- +-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) +-{ +- int ret = 0; +- struct sockaddr_un addr; +- int len, num, numbytes; +- int fd = -1; +- int success; +- unsigned char egdbuf[2], tempbuf[255], *retrievebuf; +- +- memset(&addr, 0, sizeof(addr)); +- addr.sun_family = AF_UNIX; +- if (strlen(path) >= sizeof(addr.sun_path)) +- return (-1); +- BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path); +- len = offsetof(struct sockaddr_un, sun_path) + strlen(path); +- fd = socket(AF_UNIX, SOCK_STREAM, 0); +- if (fd == -1) +- return (-1); +- success = 0; +- while (!success) { +- if (connect(fd, (struct sockaddr *)&addr, len) == 0) +- success = 1; +- else { +- switch (errno) { +-# ifdef EINTR +- case EINTR: +-# endif +-# ifdef EAGAIN +- case EAGAIN: +-# endif +-# ifdef EINPROGRESS +- case EINPROGRESS: +-# endif +-# ifdef EALREADY +- case EALREADY: +-# endif +- /* No error, try again */ +- break; +-# ifdef EISCONN +- case EISCONN: +- success = 1; +- break; +-# endif +- default: +- goto err; /* failure */ +- } +- } +- } +- +- while (bytes > 0) { +- egdbuf[0] = 1; +- egdbuf[1] = bytes < 255 ? bytes : 255; +- numbytes = 0; +- while (numbytes != 2) { +- num = write(fd, egdbuf + numbytes, 2 - numbytes); +- if (num >= 0) +- numbytes += num; +- else { +- switch (errno) { +-# ifdef EINTR +- case EINTR: +-# endif +-# ifdef EAGAIN +- case EAGAIN: +-# endif +- /* No error, try again */ +- break; +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- numbytes = 0; +- while (numbytes != 1) { +- num = read(fd, egdbuf, 1); +- if (num == 0) +- goto err; /* descriptor closed */ +- else if (num > 0) +- numbytes += num; +- else { +- switch (errno) { +-# ifdef EINTR +- case EINTR: +-# endif +-# ifdef EAGAIN +- case EAGAIN: +-# endif +- /* No error, try again */ +- break; +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- if (egdbuf[0] == 0) +- goto err; +- if (buf) +- retrievebuf = buf + ret; +- else +- retrievebuf = tempbuf; +- numbytes = 0; +- while (numbytes != egdbuf[0]) { +- num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); +- if (num == 0) +- goto err; /* descriptor closed */ +- else if (num > 0) +- numbytes += num; +- else { +- switch (errno) { +-# ifdef EINTR +- case EINTR: +-# endif +-# ifdef EAGAIN +- case EAGAIN: +-# endif +- /* No error, try again */ +- break; +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- ret += egdbuf[0]; +- bytes -= egdbuf[0]; +- if (!buf) +- RAND_seed(tempbuf, egdbuf[0]); +- } +- err: +- if (fd != -1) +- close(fd); +- return (ret); +-} +- +-int RAND_egd_bytes(const char *path, int bytes) +-{ +- int num, ret = 0; +- +- num = RAND_query_egd_bytes(path, NULL, bytes); +- if (num < 1) +- goto err; +- if (RAND_status() == 1) +- ret = num; +- err: +- return (ret); +-} +- +-int RAND_egd(const char *path) +-{ +- return (RAND_egd_bytes(path, 255)); +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c +deleted file mode 100644 +index c7fe2f0..0000000 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c ++++ /dev/null +@@ -1,145 +0,0 @@ +-/* crypto/rand/rand_lib.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include "cryptlib.h" +-#include "rand_lcl.h" +-#include +-#ifdef OPENSSL_FIPS +-# include +-# include +-#endif +- +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +- +-#if defined(OPENSSL_FIPS) && !defined(OPENSSL_NO_ENGINE) +- +-/* non-NULL if default_RAND_meth is ENGINE-provided */ +-static ENGINE *funct_ref = NULL; +- +-int eng_RAND_set_rand_method(const RAND_METHOD *meth, +- const RAND_METHOD **pmeth) +-{ +- if (funct_ref) { +- ENGINE_finish(funct_ref); +- funct_ref = NULL; +- } +- *pmeth = meth; +- return 1; +-} +- +-const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth) +-{ +- if (!*pmeth) { +- ENGINE *e = ENGINE_get_default_RAND(); +- if (e) { +- *pmeth = ENGINE_get_RAND(e); +- if (!*pmeth) { +- ENGINE_finish(e); +- e = NULL; +- } +- } +- if (e) +- funct_ref = e; +- else if (FIPS_mode()) +- *pmeth = FIPS_rand_method(); +- else +- *pmeth = RAND_SSLeay(); +- } +- +- if (FIPS_mode() +- && *pmeth != FIPS_rand_check()) { +- RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD); +- return 0; +- } +- +- return *pmeth; +-} +- +-int RAND_set_rand_engine(ENGINE *engine) +-{ +- const RAND_METHOD *tmp_meth = NULL; +- if (engine) { +- if (!ENGINE_init(engine)) +- return 0; +- tmp_meth = ENGINE_get_RAND(engine); +- if (!tmp_meth) { +- ENGINE_finish(engine); +- return 0; +- } +- } +- /* This function releases any prior ENGINE so call it first */ +- RAND_set_rand_method(tmp_meth); +- funct_ref = engine; +- return 1; +-} +- +-void int_RAND_init_engine_callbacks(void) +-{ +- static int done = 0; +- if (done) +- return; +- int_RAND_set_callbacks(eng_RAND_set_rand_method, +- eng_RAND_get_rand_method); +- done = 1; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c +index 8ed247f..55d86ea 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_err.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_err.c +@@ -1,6 +1,6 @@ + /* crypto/rand/rand_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -70,32 +70,19 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) + + static ERR_STRING_DATA RAND_str_functs[] = { +- {ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"}, +- {ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, +- {ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, +- {ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"}, +- {ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"}, +- {ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, +- {ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"}, +- {ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, + {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, ++ {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, + {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, + {0, NULL} + }; + + static ERR_STRING_DATA RAND_str_reasons[] = { +- {ERR_REASON(RAND_R_NON_FIPS_METHOD), "non fips method"}, +- {ERR_REASON(RAND_R_NOT_IN_TEST_MODE), "not in test mode"}, +- {ERR_REASON(RAND_R_NO_KEY_SET), "no key set"}, +- {ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH), "prng asking for too much"}, +- {ERR_REASON(RAND_R_PRNG_ERROR), "prng error"}, +- {ERR_REASON(RAND_R_PRNG_KEYED), "prng keyed"}, +- {ERR_REASON(RAND_R_PRNG_NOT_REKEYED), "prng not rekeyed"}, +- {ERR_REASON(RAND_R_PRNG_NOT_RESEEDED), "prng not reseeded"}, ++ {ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"}, ++ {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"}, ++ {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"}, ++ {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET), ++ "no fips random method set"}, + {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, +- {ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY), +- "prng seed must not match key"}, +- {ERR_REASON(RAND_R_PRNG_STUCK), "prng stuck"}, + {0, NULL} + }; + +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h +index 18cc9b1..f9fda3e 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -110,60 +110,49 @@ + */ + + #ifndef HEADER_RAND_LCL_H +-#define HEADER_RAND_LCL_H ++# define HEADER_RAND_LCL_H + +-#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ ++# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ + ++# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) ++# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) ++# define USE_SHA1_RAND ++# elif !defined(OPENSSL_NO_MD5) ++# define USE_MD5_RAND ++# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) ++# define USE_MDC2_RAND ++# elif !defined(OPENSSL_NO_MD2) ++# define USE_MD2_RAND ++# else ++# error No message digest algorithm available ++# endif ++# endif + +-#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) +-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +-#define USE_SHA1_RAND +-#elif !defined(OPENSSL_NO_MD5) +-#define USE_MD5_RAND +-#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) +-#define USE_MDC2_RAND +-#elif !defined(OPENSSL_NO_MD2) +-#define USE_MD2_RAND +-#else +-#error No message digest algorithm available +-#endif +-#endif +- +-#include +-#define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c) +-#define MD_Final(a,b) EVP_DigestFinal_ex(a,b,NULL) +-#if defined(USE_MD5_RAND) +-#include +-#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH +-#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md5(), NULL) +-#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md5(), NULL) +-#elif defined(USE_SHA1_RAND) +-#include +-#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH +-#define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL) +-#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL) +-#elif defined(USE_MDC2_RAND) +-#include +-#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH +-#define MD_Init(a) EVP_DigestInit_ex(a,EVP_mdc2(), NULL) +-#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL) +-#elif defined(USE_MD2_RAND) +-#include +-#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH +-#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md2(), NULL) +-#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) +-#endif +- +-#ifndef OPENSSL_NO_ENGINE +-void int_RAND_set_callbacks( +- int (*set_rand_func)(const RAND_METHOD *meth, +- const RAND_METHOD **pmeth), +- const RAND_METHOD *(*get_rand_func) +- (const RAND_METHOD **pmeth)); +-int eng_RAND_set_rand_method(const RAND_METHOD *meth, +- const RAND_METHOD **pmeth); +-const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth); +-#endif ++# include ++# define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c) ++# define MD_Final(a,b) EVP_DigestFinal_ex(a,b,NULL) ++# if defined(USE_MD5_RAND) ++# include ++# define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH ++# define MD_Init(a) EVP_DigestInit_ex(a,EVP_md5(), NULL) ++# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md5(), NULL) ++# elif defined(USE_SHA1_RAND) ++# include ++# define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH ++# define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL) ++# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL) ++# elif defined(USE_MDC2_RAND) ++# include ++# define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH ++# define MD_Init(a) EVP_DigestInit_ex(a,EVP_mdc2(), NULL) ++# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL) ++# elif defined(USE_MD2_RAND) ++# include ++# define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH ++# define MD_Init(a) EVP_DigestInit_ex(a,EVP_md2(), NULL) ++# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) ++# endif + ++int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock); + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c +index 96997bd..88a78d3 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c +@@ -60,88 +60,31 @@ + #include + #include "cryptlib.h" + #include +-#include "rand_lcl.h" +-#ifdef OPENSSL_FIPS +-# include +-# include +-#endif + + #ifndef OPENSSL_NO_ENGINE + # include + #endif + +-static const RAND_METHOD *default_RAND_meth = NULL; +- + #ifdef OPENSSL_FIPS ++# include ++# include ++# include "rand_lcl.h" ++#endif + +-static int fips_RAND_set_rand_method(const RAND_METHOD *meth, +- const RAND_METHOD **pmeth) +-{ +- *pmeth = meth; +- return 1; +-} +- +-static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth) +-{ +- if (!*pmeth) { +- if (FIPS_mode()) +- *pmeth = FIPS_rand_method(); +- else +- *pmeth = RAND_SSLeay(); +- } +- +- if (FIPS_mode() +- && *pmeth != FIPS_rand_check()) { +- RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD); +- return 0; +- } +- +- return *pmeth; +-} +- +-static int (*RAND_set_rand_method_func) (const RAND_METHOD *meth, +- const RAND_METHOD **pmeth) +- = fips_RAND_set_rand_method; +-static const RAND_METHOD *(*RAND_get_rand_method_func) +- (const RAND_METHOD **pmeth) +- = fips_RAND_get_rand_method; +- +-# ifndef OPENSSL_NO_ENGINE +-void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth, +- const RAND_METHOD **pmeth), +- const RAND_METHOD *(*get_rand_func) +- (const RAND_METHOD **pmeth)) +-{ +- RAND_set_rand_method_func = set_rand_func; +- RAND_get_rand_method_func = get_rand_func; +-} +-# endif +- +-int RAND_set_rand_method(const RAND_METHOD *meth) +-{ +- return RAND_set_rand_method_func(meth, &default_RAND_meth); +-} +- +-const RAND_METHOD *RAND_get_rand_method(void) +-{ +- return RAND_get_rand_method_func(&default_RAND_meth); +-} +- +-#else +- +-# ifndef OPENSSL_NO_ENGINE ++#ifndef OPENSSL_NO_ENGINE + /* non-NULL if default_RAND_meth is ENGINE-provided */ + static ENGINE *funct_ref = NULL; +-# endif ++#endif ++static const RAND_METHOD *default_RAND_meth = NULL; + + int RAND_set_rand_method(const RAND_METHOD *meth) + { +-# ifndef OPENSSL_NO_ENGINE ++#ifndef OPENSSL_NO_ENGINE + if (funct_ref) { + ENGINE_finish(funct_ref); + funct_ref = NULL; + } +-# endif ++#endif + default_RAND_meth = meth; + return 1; + } +@@ -149,7 +92,7 @@ int RAND_set_rand_method(const RAND_METHOD *meth) + const RAND_METHOD *RAND_get_rand_method(void) + { + if (!default_RAND_meth) { +-# ifndef OPENSSL_NO_ENGINE ++#ifndef OPENSSL_NO_ENGINE + ENGINE *e = ENGINE_get_default_RAND(); + if (e) { + default_RAND_meth = ENGINE_get_RAND(e); +@@ -161,13 +104,13 @@ const RAND_METHOD *RAND_get_rand_method(void) + if (e) + funct_ref = e; + else +-# endif ++#endif + default_RAND_meth = RAND_SSLeay(); + } + return default_RAND_meth; + } + +-# ifndef OPENSSL_NO_ENGINE ++#ifndef OPENSSL_NO_ENGINE + int RAND_set_rand_engine(ENGINE *engine) + { + const RAND_METHOD *tmp_meth = NULL; +@@ -185,8 +128,6 @@ int RAND_set_rand_engine(ENGINE *engine) + funct_ref = engine; + return 1; + } +-# endif +- + #endif + + void RAND_cleanup(void) +@@ -234,3 +175,126 @@ int RAND_status(void) + return meth->status(); + return 0; + } ++ ++#ifdef OPENSSL_FIPS ++ ++/* ++ * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest ++ * of OpenSSL. ++ */ ++ ++/* ++ * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather ++ * entropy internally through RAND_poll(). ++ */ ++ ++static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len) ++{ ++ /* Round up request to multiple of block size */ ++ min_len = ((min_len + 19) / 20) * 20; ++ *pout = OPENSSL_malloc(min_len); ++ if (!*pout) ++ return 0; ++ if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) { ++ OPENSSL_free(*pout); ++ *pout = NULL; ++ return 0; ++ } ++ return min_len; ++} ++ ++static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) ++{ ++ if (out) { ++ OPENSSL_cleanse(out, olen); ++ OPENSSL_free(out); ++ } ++} ++ ++/* ++ * Set "additional input" when generating random data. This uses the current ++ * PID, a time value and a counter. ++ */ ++ ++static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) ++{ ++ /* Use of static variables is OK as this happens under a lock */ ++ static unsigned char buf[16]; ++ static unsigned long counter; ++ FIPS_get_timevec(buf, &counter); ++ *pout = buf; ++ return sizeof(buf); ++} ++ ++/* ++ * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is ++ * correctly seeded by RAND_poll(). ++ */ ++ ++static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, ++ double entropy) ++{ ++ RAND_SSLeay()->add(in, inlen, entropy); ++ return 1; ++} ++ ++static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) ++{ ++ RAND_SSLeay()->seed(in, inlen); ++ return 1; ++} ++ ++# ifndef OPENSSL_DRBG_DEFAULT_TYPE ++# define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr ++# endif ++# ifndef OPENSSL_DRBG_DEFAULT_FLAGS ++# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF ++# endif ++ ++static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE; ++static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; ++ ++void RAND_set_fips_drbg_type(int type, int flags) ++{ ++ fips_drbg_type = type; ++ fips_drbg_flags = flags; ++} ++ ++int RAND_init_fips(void) ++{ ++ DRBG_CTX *dctx; ++ size_t plen; ++ unsigned char pers[32], *p; ++# ifndef OPENSSL_ALLOW_DUAL_EC_DRBG ++ if (fips_drbg_type >> 16) { ++ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED); ++ return 0; ++ } ++# endif ++ ++ dctx = FIPS_get_default_drbg(); ++ if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { ++ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); ++ return 0; ++ } ++ ++ FIPS_drbg_set_callbacks(dctx, ++ drbg_get_entropy, drbg_free_entropy, 20, ++ drbg_get_entropy, drbg_free_entropy); ++ FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, ++ drbg_rand_seed, drbg_rand_add); ++ /* Personalisation string: a string followed by date time vector */ ++ strcpy((char *)pers, "OpenSSL DRBG2.0"); ++ plen = drbg_get_adin(dctx, &p); ++ memcpy(pers + 16, p, plen); ++ ++ if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) { ++ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); ++ return 0; ++ } ++ FIPS_rand_set_method(FIPS_drbg_method()); ++ return 1; ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c +deleted file mode 100644 +index 55ffe9a..0000000 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c ++++ /dev/null +@@ -1,179 +0,0 @@ +-/* crypto/rand/rand_nw.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "cryptlib.h" +-#include +-#include "rand_lcl.h" +- +-#if defined (OPENSSL_SYS_NETWARE) +- +-# if defined(NETWARE_LIBC) +-# include +-# else +-# include +-# endif +- +-extern int GetProcessSwitchCount(void); +-# if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000) +-extern void *RunningProcess; /* declare here same as found in newer NDKs */ +-extern unsigned long GetSuperHighResolutionTimer(void); +-# endif +- +- /* +- * the FAQ indicates we need to provide at least 20 bytes (160 bits) of +- * seed +- */ +-int RAND_poll(void) +-{ +- unsigned long l; +- unsigned long tsc; +- int i; +- +- /* +- * There are several options to gather miscellaneous data but for now we +- * will loop checking the time stamp counter (rdtsc) and the +- * SuperHighResolutionTimer. Each iteration will collect 8 bytes of data +- * but it is treated as only 1 byte of entropy. The call to +- * ThreadSwitchWithDelay() will introduce additional variability into the +- * data returned by rdtsc. Applications can agument the seed material by +- * adding additional stuff with RAND_add() and should probably do so. +- */ +- l = GetProcessSwitchCount(); +- RAND_add(&l, sizeof(l), 1); +- +- /* need to cast the void* to unsigned long here */ +- l = (unsigned long)RunningProcess; +- RAND_add(&l, sizeof(l), 1); +- +- for (i = 2; i < ENTROPY_NEEDED; i++) { +-# ifdef __MWERKS__ +- asm { +- rdtsc mov tsc, eax} +-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +- asm volatile ("rdtsc":"=a" (tsc)::"edx"); +-# endif +- +- RAND_add(&tsc, sizeof(tsc), 1); +- +- l = GetSuperHighResolutionTimer(); +- RAND_add(&l, sizeof(l), 0); +- +-# if defined(NETWARE_LIBC) +- NXThreadYield(); +-# else /* NETWARE_CLIB */ +- ThreadSwitchWithDelay(); +-# endif +- } +- +- return 1; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c +deleted file mode 100644 +index 4de2115..0000000 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c ++++ /dev/null +@@ -1,161 +0,0 @@ +-/* crypto/rand/rand_os2.c */ +-/* ==================================================================== +- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "cryptlib.h" +-#include +-#include "rand_lcl.h" +- +-#ifdef OPENSSL_SYS_OS2 +- +-# define INCL_DOSPROCESS +-# define INCL_DOSPROFILE +-# define INCL_DOSMISC +-# define INCL_DOSMODULEMGR +-# include +- +-# define CMD_KI_RDCNT (0x63) +- +-typedef struct _CPUUTIL { +- ULONG ulTimeLow; /* Low 32 bits of time stamp */ +- ULONG ulTimeHigh; /* High 32 bits of time stamp */ +- ULONG ulIdleLow; /* Low 32 bits of idle time */ +- ULONG ulIdleHigh; /* High 32 bits of idle time */ +- ULONG ulBusyLow; /* Low 32 bits of busy time */ +- ULONG ulBusyHigh; /* High 32 bits of busy time */ +- ULONG ulIntrLow; /* Low 32 bits of interrupt time */ +- ULONG ulIntrHigh; /* High 32 bits of interrupt time */ +-} CPUUTIL; +- +-APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, +- ULONG ulParm2, ULONG ulParm3) = NULL; +-APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, +- ULONG _res_, PVOID buf, ULONG bufsz) = +- NULL; +-HMODULE hDoscalls = 0; +- +-int RAND_poll(void) +-{ +- char failed_module[20]; +- QWORD qwTime; +- ULONG SysVars[QSV_FOREGROUND_PROCESS]; +- +- if (hDoscalls == 0) { +- ULONG rc = +- DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", +- &hDoscalls); +- +- if (rc == 0) { +- rc = DosQueryProcAddr(hDoscalls, 976, NULL, +- (PFN *) & DosPerfSysCall); +- +- if (rc) +- DosPerfSysCall = NULL; +- +- rc = DosQueryProcAddr(hDoscalls, 368, NULL, +- (PFN *) & DosQuerySysState); +- +- if (rc) +- DosQuerySysState = NULL; +- } +- } +- +- /* Sample the hi-res timer, runs at around 1.1 MHz */ +- DosTmrQueryTime(&qwTime); +- RAND_add(&qwTime, sizeof(qwTime), 2); +- +- /* +- * Sample a bunch of system variables, includes various process & memory +- * statistics +- */ +- DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars)); +- RAND_add(SysVars, sizeof(SysVars), 4); +- +- /* +- * If available, sample CPU registers that count at CPU MHz Only fairly +- * new CPUs (PPro & K6 onwards) & OS/2 versions support this +- */ +- if (DosPerfSysCall) { +- CPUUTIL util; +- +- if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG) & util, 0, 0) == 0) { +- RAND_add(&util, sizeof(util), 10); +- } else { +- DosPerfSysCall = NULL; +- } +- } +- +- /* +- * DosQuerySysState() gives us a huge quantity of process, thread, memory +- * & handle stats +- */ +- if (DosQuerySysState) { +- char *buffer = OPENSSL_malloc(256 * 1024); +- +- if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { +- /* +- * First 4 bytes in buffer is a pointer to the thread count there +- * should be at least 1 byte of entropy per thread +- */ +- RAND_add(buffer, 256 * 1024, **(ULONG **) buffer); +- } +- +- OPENSSL_free(buffer); +- return 1; +- } +- +- return 0; +-} +- +-#endif /* OPENSSL_SYS_OS2 */ +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c +index 0a6893c..f60fac6 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c +@@ -134,7 +134,95 @@ + # define FD_SETSIZE (8*sizeof(fd_set)) + # endif + +-# ifdef __OpenBSD__ ++# if defined(OPENSSL_SYS_VOS) ++ ++/* ++ * The following algorithm repeatedly samples the real-time clock (RTC) to ++ * generate a sequence of unpredictable data. The algorithm relies upon the ++ * uneven execution speed of the code (due to factors such as cache misses, ++ * interrupts, bus activity, and scheduling) and upon the rather large ++ * relative difference between the speed of the clock and the rate at which ++ * it can be read. ++ * ++ * If this code is ported to an environment where execution speed is more ++ * constant or where the RTC ticks at a much slower rate, or the clock can be ++ * read with fewer instructions, it is likely that the results would be far ++ * more predictable. ++ * ++ * As a precaution, we generate 4 times the minimum required amount of seed ++ * data. ++ */ ++ ++int RAND_poll(void) ++{ ++ short int code; ++ gid_t curr_gid; ++ pid_t curr_pid; ++ uid_t curr_uid; ++ int i, k; ++ struct timespec ts; ++ unsigned char v; ++ ++# ifdef OPENSSL_SYS_VOS_HPPA ++ long duration; ++ extern void s$sleep(long *_duration, short int *_code); ++# else ++# ifdef OPENSSL_SYS_VOS_IA32 ++ long long duration; ++ extern void s$sleep2(long long *_duration, short int *_code); ++# else ++# error "Unsupported Platform." ++# endif /* OPENSSL_SYS_VOS_IA32 */ ++# endif /* OPENSSL_SYS_VOS_HPPA */ ++ ++ /* ++ * Seed with the gid, pid, and uid, to ensure *some* variation between ++ * different processes. ++ */ ++ ++ curr_gid = getgid(); ++ RAND_add(&curr_gid, sizeof curr_gid, 1); ++ curr_gid = 0; ++ ++ curr_pid = getpid(); ++ RAND_add(&curr_pid, sizeof curr_pid, 1); ++ curr_pid = 0; ++ ++ curr_uid = getuid(); ++ RAND_add(&curr_uid, sizeof curr_uid, 1); ++ curr_uid = 0; ++ ++ for (i = 0; i < (ENTROPY_NEEDED * 4); i++) { ++ /* ++ * burn some cpu; hope for interrupts, cache collisions, bus ++ * interference, etc. ++ */ ++ for (k = 0; k < 99; k++) ++ ts.tv_nsec = random(); ++ ++# ifdef OPENSSL_SYS_VOS_HPPA ++ /* sleep for 1/1024 of a second (976 us). */ ++ duration = 1; ++ s$sleep(&duration, &code); ++# else ++# ifdef OPENSSL_SYS_VOS_IA32 ++ /* sleep for 1/65536 of a second (15 us). */ ++ duration = 1; ++ s$sleep2(&duration, &code); ++# endif /* OPENSSL_SYS_VOS_IA32 */ ++# endif /* OPENSSL_SYS_VOS_HPPA */ ++ ++ /* get wall clock time. */ ++ clock_gettime(CLOCK_REALTIME, &ts); ++ ++ /* take 8 bits */ ++ v = (unsigned char)(ts.tv_nsec % 256); ++ RAND_add(&v, sizeof v, 1); ++ v = 0; ++ } ++ return 1; ++} ++# elif defined __OpenBSD__ + int RAND_poll(void) + { + u_int32_t rnd = 0, i; +@@ -164,7 +252,7 @@ int RAND_poll(void) + static const char *randomfiles[] = { DEVRANDOM }; + struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])]; + int fd; +- size_t i; ++ unsigned int i; + # endif + # ifdef DEVRANDOM_EGD + static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; +@@ -179,8 +267,8 @@ int RAND_poll(void) + * out of random entries. + */ + +- for (i = 0; i < sizeof(randomfiles) / sizeof(randomfiles[0]) +- && n < ENTROPY_NEEDED; i++) { ++ for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && ++ (n < ENTROPY_NEEDED); i++) { + if ((fd = open(randomfiles[i], O_RDONLY + # ifdef O_NONBLOCK + | O_NONBLOCK +@@ -195,7 +283,7 @@ int RAND_poll(void) + )) >= 0) { + int usec = 10 * 1000; /* spend 10ms on each file */ + int r; +- size_t j; ++ unsigned int j; + struct stat *st = &randomstats[i]; + + /* +@@ -219,7 +307,14 @@ int RAND_poll(void) + do { + int try_read = 0; + +-# if defined(OPENSSL_SYS_LINUX) ++# if defined(OPENSSL_SYS_BEOS_R5) ++ /* ++ * select() is broken in BeOS R5, so we simply try to read ++ * something and snooze if we couldn't ++ */ ++ try_read = 1; ++ ++# elif defined(OPENSSL_SYS_LINUX) + /* use poll() */ + struct pollfd pset; + +@@ -263,6 +358,10 @@ int RAND_poll(void) + ENTROPY_NEEDED - n); + if (r > 0) + n += r; ++# if defined(OPENSSL_SYS_BEOS_R5) ++ if (r == 0) ++ snooze(t.tv_usec); ++# endif + } else + r = -1; + +@@ -317,6 +416,14 @@ int RAND_poll(void) + l = time(NULL); + RAND_add(&l, sizeof(l), 0.0); + ++# if defined(OPENSSL_SYS_BEOS) ++ { ++ system_info sysInfo; ++ get_system_info(&sysInfo); ++ RAND_add(&sysInfo, sizeof(sysInfo), 0); ++ } ++# endif ++ + # if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) + return 1; + # else +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c +deleted file mode 100644 +index 0c616c4..0000000 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_win.c ++++ /dev/null +@@ -1,751 +0,0 @@ +-/* crypto/rand/rand_win.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +-/* ==================================================================== +- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include "cryptlib.h" +-#include +-#include "rand_lcl.h" +- +-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +-# include +-# ifndef _WIN32_WINNT +-# define _WIN32_WINNT 0x0400 +-# endif +-# include +-# include +- +-/* +- * Limit the time spent walking through the heap, processes, threads and +- * modules to a maximum of 1000 miliseconds each, unless CryptoGenRandom +- * failed +- */ +-# define MAXDELAY 1000 +- +-/* +- * Intel hardware RNG CSP -- available from +- * http://developer.intel.com/design/security/rng/redist_license.htm +- */ +-# define PROV_INTEL_SEC 22 +-# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" +- +-static void readtimer(void); +-static void readscreen(void); +- +-/* +- * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined +- * when WINVER is 0x0500 and up, which currently only happens on Win2000. +- * Unfortunately, those are typedefs, so they're a little bit difficult to +- * detect properly. On the other hand, the macro CURSOR_SHOWING is defined +- * within the same conditional, so it can be use to detect the absence of +- * said typedefs. +- */ +- +-# ifndef CURSOR_SHOWING +-/* +- * Information about the global cursor. +- */ +-typedef struct tagCURSORINFO { +- DWORD cbSize; +- DWORD flags; +- HCURSOR hCursor; +- POINT ptScreenPos; +-} CURSORINFO, *PCURSORINFO, *LPCURSORINFO; +- +-# define CURSOR_SHOWING 0x00000001 +-# endif /* CURSOR_SHOWING */ +- +-# if !defined(OPENSSL_SYS_WINCE) +-typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR, +- DWORD, DWORD); +-typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *); +-typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD); +- +-typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID); +-typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO); +-typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT); +- +-typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); +-typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); +-typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t); +-typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32); +-typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32); +-typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32); +-typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32); +-typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32); +- +-# include +-# include +-# if 1 +-/* +- * The NET API is Unicode only. It requires the use of the UNICODE macro. +- * When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was was added to the +- * Platform SDK to allow the NET API to be used in non-Unicode applications +- * provided that Unicode strings were still used for input. LMSTR is defined +- * as LPWSTR. +- */ +-typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET) +- (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *); +-typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE); +-# endif /* 1 */ +-# endif /* !OPENSSL_SYS_WINCE */ +- +-int RAND_poll(void) +-{ +- MEMORYSTATUS m; +- HCRYPTPROV hProvider = 0; +- DWORD w; +- int good = 0; +- +-# if defined(OPENSSL_SYS_WINCE) +-# if defined(_WIN32_WCE) && _WIN32_WCE>=300 +- /* +- * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available +- * in commonly available implementations prior 300... +- */ +- { +- BYTE buf[64]; +- /* poll the CryptoAPI PRNG */ +- /* The CryptoAPI returns sizeof(buf) bytes of randomness */ +- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, +- CRYPT_VERIFYCONTEXT)) { +- if (CryptGenRandom(hProvider, sizeof(buf), buf)) +- RAND_add(buf, sizeof(buf), sizeof(buf)); +- CryptReleaseContext(hProvider, 0); +- } +- } +-# endif +-# else /* OPENSSL_SYS_WINCE */ +- /* +- * None of below libraries are present on Windows CE, which is +- * why we #ifndef the whole section. This also excuses us from +- * handling the GetProcAddress issue. The trouble is that in +- * real Win32 API GetProcAddress is available in ANSI flavor +- * only. In WinCE on the other hand GetProcAddress is a macro +- * most commonly defined as GetProcAddressW, which accepts +- * Unicode argument. If we were to call GetProcAddress under +- * WinCE, I'd recommend to either redefine GetProcAddress as +- * GetProcAddressA (there seem to be one in common CE spec) or +- * implement own shim routine, which would accept ANSI argument +- * and expand it to Unicode. +- */ +- { +- /* load functions dynamically - not available on all systems */ +- HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); +- HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); +- HMODULE user = NULL; +- HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); +- CRYPTACQUIRECONTEXTW acquire = NULL; +- CRYPTGENRANDOM gen = NULL; +- CRYPTRELEASECONTEXT release = NULL; +- NETSTATGET netstatget = NULL; +- NETFREE netfree = NULL; +- BYTE buf[64]; +- +- if (netapi) { +- netstatget = +- (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet"); +- netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree"); +- } +- +- if (netstatget && netfree) { +- LPBYTE outbuf; +- /* +- * NetStatisticsGet() is a Unicode only function +- * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 +- * contains 17 fields. We treat each field as a source of one +- * byte of entropy. +- */ +- +- if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) { +- RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); +- netfree(outbuf); +- } +- if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) { +- RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); +- netfree(outbuf); +- } +- } +- +- if (netapi) +- FreeLibrary(netapi); +- +- /* +- * It appears like this can cause an exception deep within +- * ADVAPI32.DLL at random times on Windows 2000. Reported by Jeffrey +- * Altman. Only use it on NT. +- */ +- +- if (advapi) { +- /* +- * If it's available, then it's available in both ANSI +- * and UNICODE flavors even in Win9x, documentation says. +- * We favor Unicode... +- */ +- acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi, +- "CryptAcquireContextW"); +- gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom"); +- release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, +- "CryptReleaseContext"); +- } +- +- if (acquire && gen && release) { +- /* poll the CryptoAPI PRNG */ +- /* The CryptoAPI returns sizeof(buf) bytes of randomness */ +- if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, +- CRYPT_VERIFYCONTEXT)) { +- if (gen(hProvider, sizeof(buf), buf) != 0) { +- RAND_add(buf, sizeof(buf), 0); +- good = 1; +-# if 0 +- printf("randomness from PROV_RSA_FULL\n"); +-# endif +- } +- release(hProvider, 0); +- } +- +- /* poll the Pentium PRG with CryptoAPI */ +- if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) { +- if (gen(hProvider, sizeof(buf), buf) != 0) { +- RAND_add(buf, sizeof(buf), sizeof(buf)); +- good = 1; +-# if 0 +- printf("randomness from PROV_INTEL_SEC\n"); +-# endif +- } +- release(hProvider, 0); +- } +- } +- +- if (advapi) +- FreeLibrary(advapi); +- +- if ((!check_winnt() || +- !OPENSSL_isservice()) && +- (user = LoadLibrary(TEXT("USER32.DLL")))) { +- GETCURSORINFO cursor; +- GETFOREGROUNDWINDOW win; +- GETQUEUESTATUS queue; +- +- win = +- (GETFOREGROUNDWINDOW) GetProcAddress(user, +- "GetForegroundWindow"); +- cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); +- queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); +- +- if (win) { +- /* window handle */ +- HWND h = win(); +- RAND_add(&h, sizeof(h), 0); +- } +- if (cursor) { +- /* +- * unfortunately, its not safe to call GetCursorInfo() on NT4 +- * even though it exists in SP3 (or SP6) and higher. +- */ +- if (check_winnt() && !check_win_minplat(5)) +- cursor = 0; +- } +- if (cursor) { +- /* cursor position */ +- /* assume 2 bytes of entropy */ +- CURSORINFO ci; +- ci.cbSize = sizeof(CURSORINFO); +- if (cursor(&ci)) +- RAND_add(&ci, ci.cbSize, 2); +- } +- +- if (queue) { +- /* message queue status */ +- /* assume 1 byte of entropy */ +- w = queue(QS_ALLEVENTS); +- RAND_add(&w, sizeof(w), 1); +- } +- +- FreeLibrary(user); +- } +- +- /*- +- * Toolhelp32 snapshot: enumerate processes, threads, modules and heap +- * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm +- * (Win 9x and 2000 only, not available on NT) +- * +- * This seeding method was proposed in Peter Gutmann, Software +- * Generation of Practically Strong Random Numbers, +- * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html +- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf +- * (The assignment of entropy estimates below is arbitrary, but based +- * on Peter's analysis the full poll appears to be safe. Additional +- * interactive seeding is encouraged.) +- */ +- +- if (kernel) { +- CREATETOOLHELP32SNAPSHOT snap; +- CLOSETOOLHELP32SNAPSHOT close_snap; +- HANDLE handle; +- +- HEAP32FIRST heap_first; +- HEAP32NEXT heap_next; +- HEAP32LIST heaplist_first, heaplist_next; +- PROCESS32 process_first, process_next; +- THREAD32 thread_first, thread_next; +- MODULE32 module_first, module_next; +- +- HEAPLIST32 hlist; +- HEAPENTRY32 hentry; +- PROCESSENTRY32 p; +- THREADENTRY32 t; +- MODULEENTRY32 m; +- DWORD starttime = 0; +- +- snap = (CREATETOOLHELP32SNAPSHOT) +- GetProcAddress(kernel, "CreateToolhelp32Snapshot"); +- close_snap = (CLOSETOOLHELP32SNAPSHOT) +- GetProcAddress(kernel, "CloseToolhelp32Snapshot"); +- heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); +- heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); +- heaplist_first = +- (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); +- heaplist_next = +- (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); +- process_first = +- (PROCESS32) GetProcAddress(kernel, "Process32First"); +- process_next = +- (PROCESS32) GetProcAddress(kernel, "Process32Next"); +- thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); +- thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); +- module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); +- module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); +- +- if (snap && heap_first && heap_next && heaplist_first && +- heaplist_next && process_first && process_next && +- thread_first && thread_next && module_first && +- module_next && (handle = snap(TH32CS_SNAPALL, 0)) +- != INVALID_HANDLE_VALUE) { +- /* heap list and heap walking */ +- /* +- * HEAPLIST32 contains 3 fields that will change with each +- * entry. Consider each field a source of 1 byte of entropy. +- * HEAPENTRY32 contains 5 fields that will change with each +- * entry. Consider each field a source of 1 byte of entropy. +- */ +- ZeroMemory(&hlist, sizeof(HEAPLIST32)); +- hlist.dwSize = sizeof(HEAPLIST32); +- if (good) +- starttime = GetTickCount(); +-# ifdef _MSC_VER +- if (heaplist_first(handle, &hlist)) { +- /* +- * following discussion on dev ML, exception on WinCE (or +- * other Win platform) is theoretically of unknown +- * origin; prevent infinite loop here when this +- * theoretical case occurs; otherwise cope with the +- * expected (MSDN documented) exception-throwing +- * behaviour of Heap32Next() on WinCE. +- * +- * based on patch in original message by Tanguy Fautré +- * (2009/03/02) Subject: RAND_poll() and +- * CreateToolhelp32Snapshot() stability +- */ +- int ex_cnt_limit = 42; +- do { +- RAND_add(&hlist, hlist.dwSize, 3); +- __try { +- ZeroMemory(&hentry, sizeof(HEAPENTRY32)); +- hentry.dwSize = sizeof(HEAPENTRY32); +- if (heap_first(&hentry, +- hlist.th32ProcessID, +- hlist.th32HeapID)) { +- int entrycnt = 80; +- do +- RAND_add(&hentry, hentry.dwSize, 5); +- while (heap_next(&hentry) +- && (!good +- || (GetTickCount() - starttime) < +- MAXDELAY) +- && --entrycnt > 0); +- } +- } +- __except(EXCEPTION_EXECUTE_HANDLER) { +- /* +- * ignore access violations when walking the heap +- * list +- */ +- ex_cnt_limit--; +- } +- } while (heaplist_next(handle, &hlist) +- && (!good +- || (GetTickCount() - starttime) < MAXDELAY) +- && ex_cnt_limit > 0); +- } +-# else +- if (heaplist_first(handle, &hlist)) { +- do { +- RAND_add(&hlist, hlist.dwSize, 3); +- hentry.dwSize = sizeof(HEAPENTRY32); +- if (heap_first(&hentry, +- hlist.th32ProcessID, +- hlist.th32HeapID)) { +- int entrycnt = 80; +- do +- RAND_add(&hentry, hentry.dwSize, 5); +- while (heap_next(&hentry) +- && --entrycnt > 0); +- } +- } while (heaplist_next(handle, &hlist) +- && (!good +- || (GetTickCount() - starttime) < MAXDELAY)); +- } +-# endif +- +- /* process walking */ +- /* +- * PROCESSENTRY32 contains 9 fields that will change with +- * each entry. Consider each field a source of 1 byte of +- * entropy. +- */ +- p.dwSize = sizeof(PROCESSENTRY32); +- +- if (good) +- starttime = GetTickCount(); +- if (process_first(handle, &p)) +- do +- RAND_add(&p, p.dwSize, 9); +- while (process_next(handle, &p) +- && (!good +- || (GetTickCount() - starttime) < MAXDELAY)); +- +- /* thread walking */ +- /* +- * THREADENTRY32 contains 6 fields that will change with each +- * entry. Consider each field a source of 1 byte of entropy. +- */ +- t.dwSize = sizeof(THREADENTRY32); +- if (good) +- starttime = GetTickCount(); +- if (thread_first(handle, &t)) +- do +- RAND_add(&t, t.dwSize, 6); +- while (thread_next(handle, &t) +- && (!good +- || (GetTickCount() - starttime) < MAXDELAY)); +- +- /* module walking */ +- /* +- * MODULEENTRY32 contains 9 fields that will change with each +- * entry. Consider each field a source of 1 byte of entropy. +- */ +- m.dwSize = sizeof(MODULEENTRY32); +- if (good) +- starttime = GetTickCount(); +- if (module_first(handle, &m)) +- do +- RAND_add(&m, m.dwSize, 9); +- while (module_next(handle, &m) +- && (!good +- || (GetTickCount() - starttime) < MAXDELAY)); +- if (close_snap) +- close_snap(handle); +- else +- CloseHandle(handle); +- +- } +- +- FreeLibrary(kernel); +- } +- } +-# endif /* !OPENSSL_SYS_WINCE */ +- +- /* timer data */ +- readtimer(); +- +- /* memory usage statistics */ +- GlobalMemoryStatus(&m); +- RAND_add(&m, sizeof(m), 1); +- +- /* process ID */ +- w = GetCurrentProcessId(); +- RAND_add(&w, sizeof(w), 1); +- +-# if 0 +- printf("Exiting RAND_poll\n"); +-# endif +- +- return (1); +-} +- +-int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) +-{ +- double add_entropy = 0; +- +- switch (iMsg) { +- case WM_KEYDOWN: +- { +- static WPARAM key; +- if (key != wParam) +- add_entropy = 0.05; +- key = wParam; +- } +- break; +- case WM_MOUSEMOVE: +- { +- static int lastx, lasty, lastdx, lastdy; +- int x, y, dx, dy; +- +- x = LOWORD(lParam); +- y = HIWORD(lParam); +- dx = lastx - x; +- dy = lasty - y; +- if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0) +- add_entropy = .2; +- lastx = x, lasty = y; +- lastdx = dx, lastdy = dy; +- } +- break; +- } +- +- readtimer(); +- RAND_add(&iMsg, sizeof(iMsg), add_entropy); +- RAND_add(&wParam, sizeof(wParam), 0); +- RAND_add(&lParam, sizeof(lParam), 0); +- +- return (RAND_status()); +-} +- +-void RAND_screen(void) +-{ /* function available for backward +- * compatibility */ +- RAND_poll(); +- readscreen(); +-} +- +-/* feed timing information to the PRNG */ +-static void readtimer(void) +-{ +- DWORD w; +- LARGE_INTEGER l; +- static int have_perfc = 1; +-# if defined(_MSC_VER) && defined(_M_X86) +- static int have_tsc = 1; +- DWORD cyclecount; +- +- if (have_tsc) { +- __try { +- __asm { +- _emit 0x0f _emit 0x31 mov cyclecount, eax} +- RAND_add(&cyclecount, sizeof(cyclecount), 1); +- } +- __except(EXCEPTION_EXECUTE_HANDLER) { +- have_tsc = 0; +- } +- } +-# else +-# define have_tsc 0 +-# endif +- +- if (have_perfc) { +- if (QueryPerformanceCounter(&l) == 0) +- have_perfc = 0; +- else +- RAND_add(&l, sizeof(l), 0); +- } +- +- if (!have_tsc && !have_perfc) { +- w = GetTickCount(); +- RAND_add(&w, sizeof(w), 0); +- } +-} +- +-/* feed screen contents to PRNG */ +-/***************************************************************************** +- * +- * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. +- * +- * Code adapted from +- * ; +- * the original copyright message is: +- * +- * (C) Copyright Microsoft Corp. 1993. All rights reserved. +- * +- * You have a royalty-free right to use, modify, reproduce and +- * distribute the Sample Files (and/or any modified version) in +- * any way you find useful, provided that you agree that +- * Microsoft has no warranty obligations or liability for any +- * Sample Application Files which are modified. +- */ +- +-static void readscreen(void) +-{ +-# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) +- HDC hScrDC; /* screen DC */ +- HDC hMemDC; /* memory DC */ +- HBITMAP hBitmap; /* handle for our bitmap */ +- HBITMAP hOldBitmap; /* handle for previous bitmap */ +- BITMAP bm; /* bitmap properties */ +- unsigned int size; /* size of bitmap */ +- char *bmbits; /* contents of bitmap */ +- int w; /* screen width */ +- int h; /* screen height */ +- int y; /* y-coordinate of screen lines to grab */ +- int n = 16; /* number of screen lines to grab at a time */ +- +- if (check_winnt() && OPENSSL_isservice() > 0) +- return; +- +- /* Create a screen DC and a memory DC compatible to screen DC */ +- hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); +- hMemDC = CreateCompatibleDC(hScrDC); +- +- /* Get screen resolution */ +- w = GetDeviceCaps(hScrDC, HORZRES); +- h = GetDeviceCaps(hScrDC, VERTRES); +- +- /* Create a bitmap compatible with the screen DC */ +- hBitmap = CreateCompatibleBitmap(hScrDC, w, n); +- +- /* Select new bitmap into memory DC */ +- hOldBitmap = SelectObject(hMemDC, hBitmap); +- +- /* Get bitmap properties */ +- GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm); +- size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; +- +- bmbits = OPENSSL_malloc(size); +- if (bmbits) { +- /* Now go through the whole screen, repeatedly grabbing n lines */ +- for (y = 0; y < h - n; y += n) { +- unsigned char md[MD_DIGEST_LENGTH]; +- +- /* Bitblt screen DC to memory DC */ +- BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); +- +- /* Copy bitmap bits from memory DC to bmbits */ +- GetBitmapBits(hBitmap, size, bmbits); +- +- /* Get the hash of the bitmap */ +- MD(bmbits, size, md); +- +- /* Seed the random generator with the hash value */ +- RAND_add(md, MD_DIGEST_LENGTH, 0); +- } +- +- OPENSSL_free(bmbits); +- } +- +- /* Select old bitmap back into memory DC */ +- hBitmap = SelectObject(hMemDC, hOldBitmap); +- +- /* Clean up */ +- DeleteObject(hBitmap); +- DeleteDC(hMemDC); +- DeleteDC(hScrDC); +-# endif /* !OPENSSL_SYS_WINCE */ +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c +index 3feca3d..9537c56 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/randfile.c ++++ b/Cryptlib/OpenSSL/crypto/rand/randfile.c +@@ -57,7 +57,9 @@ + */ + + /* We need to define this to get macros like S_IFBLK and S_IFCHR */ +-#define _XOPEN_SOURCE 500 ++#if !defined(OPENSSL_SYS_VXWORKS) ++# define _XOPEN_SOURCE 500 ++#endif + + #include + #include +@@ -75,10 +77,9 @@ + #ifndef NO_SYS_TYPES_H + # include + #endif +-#ifdef MAC_OS_pre_X +-# include +-#else ++#ifndef OPENSSL_NO_POSIX_IO + # include ++# include + #endif + + #ifdef _WIN32 +@@ -117,14 +118,17 @@ int RAND_load_file(const char *file, long bytes) + */ + + MS_STATIC unsigned char buf[BUFSIZE]; ++#ifndef OPENSSL_NO_POSIX_IO + struct stat sb; ++#endif + int i, ret = 0, n; + FILE *in; + + if (file == NULL) + return (0); + +-#ifdef PURIFY ++#ifndef OPENSSL_NO_POSIX_IO ++# ifdef PURIFY + /* + * struct stat can have padding and unused fields that may not be + * initialized in the call to stat(). We need to clear the entire +@@ -132,11 +136,11 @@ int RAND_load_file(const char *file, long bytes) + * applications such as Valgrind. + */ + memset(&sb, 0, sizeof(sb)); +-#endif +- ++# endif + if (stat(file, &sb) < 0) + return (0); + RAND_add(&sb, sizeof(sb), 0.0); ++#endif + if (bytes == 0) + return (ret); + +@@ -147,15 +151,17 @@ int RAND_load_file(const char *file, long bytes) + #endif + if (in == NULL) + goto err; +-#if defined(S_ISBLK) && defined(S_ISCHR) +- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { ++#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO) ++ if (sb.st_mode & (S_IFBLK | S_IFCHR)) { + /* + * this file is a device. we don't want read an infinite number of + * bytes from a random device, nor do we want to use buffered I/O + * because we will waste system entropy. + */ + bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ ++# ifndef OPENSSL_NO_SETVBUF_IONBF + setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ ++# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ + } + #endif + for (;;) { +@@ -191,11 +197,12 @@ int RAND_write_file(const char *file) + int i, ret = 0, rand_err = 0; + FILE *out = NULL; + int n; ++#ifndef OPENSSL_NO_POSIX_IO + struct stat sb; + + i = stat(file, &sb); + if (i != -1) { +-#if defined(S_ISBLK) && defined(S_ISCHR) ++# if defined(S_ISBLK) && defined(S_ISCHR) + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { + /* + * this file is a device. we don't write back to it. we +@@ -205,17 +212,20 @@ int RAND_write_file(const char *file) + */ + return (1); + } +-#endif ++# endif + } +-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) +- { +- /* For some reason Win32 can't write to files created this way */ ++#endif + ++#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS) ++ { ++# ifndef O_BINARY ++# define O_BINARY 0 ++# endif + /* + * chmod(..., 0600) is too late to protect the file, permissions + * should be restrictive from the start + */ +- int fd = open(file, O_CREAT, 0600); ++ int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600); + if (fd != -1) + out = fdopen(fd, "wb"); + } +@@ -279,7 +289,6 @@ const char *RAND_file_name(char *buf, size_t size) + { + char *s = NULL; + #ifdef __OpenBSD__ +- int ok = 0; + struct stat sb; + #endif + +@@ -302,9 +311,6 @@ const char *RAND_file_name(char *buf, size_t size) + BUF_strlcat(buf, "/", size); + #endif + BUF_strlcat(buf, RFILE, size); +-#ifdef __OpenBSD__ +- ok = 1; +-#endif + } else + buf[0] = '\0'; /* no file name */ + } +@@ -318,7 +324,7 @@ const char *RAND_file_name(char *buf, size_t size) + * available. + */ + +- if (!ok) ++ if (!buf[0]) + if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { + return (NULL); + } +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c +deleted file mode 100644 +index 5eaf01d..0000000 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c ++++ /dev/null +@@ -1,228 +0,0 @@ +-/* crypto/rc2/rc2_cbc.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "rc2_locl.h" +- +-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- RC2_KEY *ks, unsigned char *iv, int encrypt) +-{ +- register unsigned long tin0, tin1; +- register unsigned long tout0, tout1, xor0, xor1; +- register long l = length; +- unsigned long tin[2]; +- +- if (encrypt) { +- c2l(iv, tout0); +- c2l(iv, tout1); +- iv -= 8; +- for (l -= 8; l >= 0; l -= 8) { +- c2l(in, tin0); +- c2l(in, tin1); +- tin0 ^= tout0; +- tin1 ^= tout1; +- tin[0] = tin0; +- tin[1] = tin1; +- RC2_encrypt(tin, ks); +- tout0 = tin[0]; +- l2c(tout0, out); +- tout1 = tin[1]; +- l2c(tout1, out); +- } +- if (l != -8) { +- c2ln(in, tin0, tin1, l + 8); +- tin0 ^= tout0; +- tin1 ^= tout1; +- tin[0] = tin0; +- tin[1] = tin1; +- RC2_encrypt(tin, ks); +- tout0 = tin[0]; +- l2c(tout0, out); +- tout1 = tin[1]; +- l2c(tout1, out); +- } +- l2c(tout0, iv); +- l2c(tout1, iv); +- } else { +- c2l(iv, xor0); +- c2l(iv, xor1); +- iv -= 8; +- for (l -= 8; l >= 0; l -= 8) { +- c2l(in, tin0); +- tin[0] = tin0; +- c2l(in, tin1); +- tin[1] = tin1; +- RC2_decrypt(tin, ks); +- tout0 = tin[0] ^ xor0; +- tout1 = tin[1] ^ xor1; +- l2c(tout0, out); +- l2c(tout1, out); +- xor0 = tin0; +- xor1 = tin1; +- } +- if (l != -8) { +- c2l(in, tin0); +- tin[0] = tin0; +- c2l(in, tin1); +- tin[1] = tin1; +- RC2_decrypt(tin, ks); +- tout0 = tin[0] ^ xor0; +- tout1 = tin[1] ^ xor1; +- l2cn(tout0, tout1, out, l + 8); +- xor0 = tin0; +- xor1 = tin1; +- } +- l2c(xor0, iv); +- l2c(xor1, iv); +- } +- tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; +- tin[0] = tin[1] = 0; +-} +- +-void RC2_encrypt(unsigned long *d, RC2_KEY *key) +-{ +- int i, n; +- register RC2_INT *p0, *p1; +- register RC2_INT x0, x1, x2, x3, t; +- unsigned long l; +- +- l = d[0]; +- x0 = (RC2_INT) l & 0xffff; +- x1 = (RC2_INT) (l >> 16L); +- l = d[1]; +- x2 = (RC2_INT) l & 0xffff; +- x3 = (RC2_INT) (l >> 16L); +- +- n = 3; +- i = 5; +- +- p0 = p1 = &(key->data[0]); +- for (;;) { +- t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff; +- x0 = (t << 1) | (t >> 15); +- t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff; +- x1 = (t << 2) | (t >> 14); +- t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff; +- x2 = (t << 3) | (t >> 13); +- t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff; +- x3 = (t << 5) | (t >> 11); +- +- if (--i == 0) { +- if (--n == 0) +- break; +- i = (n == 2) ? 6 : 5; +- +- x0 += p1[x3 & 0x3f]; +- x1 += p1[x0 & 0x3f]; +- x2 += p1[x1 & 0x3f]; +- x3 += p1[x2 & 0x3f]; +- } +- } +- +- d[0] = +- (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); +- d[1] = +- (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); +-} +- +-void RC2_decrypt(unsigned long *d, RC2_KEY *key) +-{ +- int i, n; +- register RC2_INT *p0, *p1; +- register RC2_INT x0, x1, x2, x3, t; +- unsigned long l; +- +- l = d[0]; +- x0 = (RC2_INT) l & 0xffff; +- x1 = (RC2_INT) (l >> 16L); +- l = d[1]; +- x2 = (RC2_INT) l & 0xffff; +- x3 = (RC2_INT) (l >> 16L); +- +- n = 3; +- i = 5; +- +- p0 = &(key->data[63]); +- p1 = &(key->data[0]); +- for (;;) { +- t = ((x3 << 11) | (x3 >> 5)) & 0xffff; +- x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff; +- t = ((x2 << 13) | (x2 >> 3)) & 0xffff; +- x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff; +- t = ((x1 << 14) | (x1 >> 2)) & 0xffff; +- x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff; +- t = ((x0 << 15) | (x0 >> 1)) & 0xffff; +- x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff; +- +- if (--i == 0) { +- if (--n == 0) +- break; +- i = (n == 2) ? 6 : 5; +- +- x3 = (x3 - p1[x2 & 0x3f]) & 0xffff; +- x2 = (x2 - p1[x1 & 0x3f]) & 0xffff; +- x1 = (x1 - p1[x0 & 0x3f]) & 0xffff; +- x0 = (x0 - p1[x3 & 0x3f]) & 0xffff; +- } +- } +- +- d[0] = +- (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); +- d[1] = +- (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); +-} +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c +deleted file mode 100644 +index 48442a3..0000000 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c ++++ /dev/null +@@ -1,92 +0,0 @@ +-/* crypto/rc2/rc2_ecb.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "rc2_locl.h" +-#include +- +-const char RC2_version[] = "RC2" OPENSSL_VERSION_PTEXT; +- +-/*- +- * RC2 as implemented frm a posting from +- * Newsgroups: sci.crypt +- * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann) +- * Subject: Specification for Ron Rivests Cipher No.2 +- * Message-ID: <4fk39f$f70@net.auckland.ac.nz> +- * Date: 11 Feb 1996 06:45:03 GMT +- */ +- +-void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks, +- int encrypt) +-{ +- unsigned long l, d[2]; +- +- c2l(in, l); +- d[0] = l; +- c2l(in, l); +- d[1] = l; +- if (encrypt) +- RC2_encrypt(d, ks); +- else +- RC2_decrypt(d, ks); +- l = d[0]; +- l2c(l, out); +- l = d[1]; +- l2c(l, out); +- l = d[0] = d[1] = 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_locl.h b/Cryptlib/OpenSSL/crypto/rc2/rc2_locl.h +deleted file mode 100644 +index 565cd17..0000000 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_locl.h ++++ /dev/null +@@ -1,156 +0,0 @@ +-/* crypto/rc2/rc2_locl.h */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#undef c2l +-#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ +- l|=((unsigned long)(*((c)++)))<< 8L, \ +- l|=((unsigned long)(*((c)++)))<<16L, \ +- l|=((unsigned long)(*((c)++)))<<24L) +- +-/* NOTE - c is not incremented as per c2l */ +-#undef c2ln +-#define c2ln(c,l1,l2,n) { \ +- c+=n; \ +- l1=l2=0; \ +- switch (n) { \ +- case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ +- case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ +- case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ +- case 5: l2|=((unsigned long)(*(--(c)))); \ +- case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ +- case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ +- case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ +- case 1: l1|=((unsigned long)(*(--(c)))); \ +- } \ +- } +- +-#undef l2c +-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +- +-/* NOTE - c is not incremented as per l2c */ +-#undef l2cn +-#define l2cn(l1,l2,c,n) { \ +- c+=n; \ +- switch (n) { \ +- case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ +- case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ +- case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ +- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ +- case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ +- case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ +- case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ +- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ +- } \ +- } +- +-/* NOTE - c is not incremented as per n2l */ +-#define n2ln(c,l1,l2,n) { \ +- c+=n; \ +- l1=l2=0; \ +- switch (n) { \ +- case 8: l2 =((unsigned long)(*(--(c)))) ; \ +- case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ +- case 6: l2|=((unsigned long)(*(--(c))))<<16; \ +- case 5: l2|=((unsigned long)(*(--(c))))<<24; \ +- case 4: l1 =((unsigned long)(*(--(c)))) ; \ +- case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ +- case 2: l1|=((unsigned long)(*(--(c))))<<16; \ +- case 1: l1|=((unsigned long)(*(--(c))))<<24; \ +- } \ +- } +- +-/* NOTE - c is not incremented as per l2n */ +-#define l2nn(l1,l2,c,n) { \ +- c+=n; \ +- switch (n) { \ +- case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ +- case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ +- case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ +- case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ +- case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ +- case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ +- case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ +- case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ +- } \ +- } +- +-#undef n2l +-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ +- l|=((unsigned long)(*((c)++)))<<16L, \ +- l|=((unsigned long)(*((c)++)))<< 8L, \ +- l|=((unsigned long)(*((c)++)))) +- +-#undef l2n +-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ +- *((c)++)=(unsigned char)(((l) )&0xff)) +- +-#define C_RC2(n) \ +- t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \ +- x0=(t<<1)|(t>>15); \ +- t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \ +- x1=(t<<2)|(t>>14); \ +- t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \ +- x2=(t<<3)|(t>>13); \ +- t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \ +- x3=(t<<5)|(t>>11); +- +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c +deleted file mode 100644 +index 5363304..0000000 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c ++++ /dev/null +@@ -1,165 +0,0 @@ +-/* crypto/rc2/rc2_skey.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-#include "rc2_locl.h" +- +-static unsigned char key_table[256] = { +- 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, +- 0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, +- 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5, +- 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, +- 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, +- 0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, +- 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f, +- 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, +- 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, +- 0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, +- 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde, +- 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, +- 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, +- 0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, +- 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85, +- 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, +- 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, +- 0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, +- 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b, +- 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, +- 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, +- 0xfe, 0x7f, 0xc1, 0xad, +-}; +- +-#if defined(_MSC_VER) && defined(_ARM_) +-# pragma optimize("g",off) +-#endif +- +-/* +- * It has come to my attention that there are 2 versions of the RC2 key +- * schedule. One which is normal, and anther which has a hook to use a +- * reduced key length. BSAFE uses the 'retarded' version. What I previously +- * shipped is the same as specifying 1024 for the 'bits' parameter. Bsafe +- * uses a version where the bits parameter is the same as len*8 +- */ +- +-#ifdef OPENSSL_FIPS +-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +-{ +- if (FIPS_mode()) +- FIPS_BAD_ABORT(RC2) +- private_RC2_set_key(key, len, data, bits); +-} +- +-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, +- int bits) +-#else +-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +-#endif +-{ +- int i, j; +- unsigned char *k; +- RC2_INT *ki; +- unsigned int c, d; +- +- k = (unsigned char *)&(key->data[0]); +- *k = 0; /* for if there is a zero length key */ +- +- if (len > 128) +- len = 128; +- if (bits <= 0) +- bits = 1024; +- if (bits > 1024) +- bits = 1024; +- +- for (i = 0; i < len; i++) +- k[i] = data[i]; +- +- /* expand table */ +- d = k[len - 1]; +- j = 0; +- for (i = len; i < 128; i++, j++) { +- d = key_table[(k[j] + d) & 0xff]; +- k[i] = d; +- } +- +- /* hmm.... key reduction to 'bits' bits */ +- +- j = (bits + 7) >> 3; +- i = 128 - j; +- c = (0xff >> (-bits & 0x07)); +- +- d = key_table[k[i] & c]; +- k[i] = d; +- while (i--) { +- d = key_table[k[i + j] ^ d]; +- k[i] = d; +- } +- +- /* copy from bytes into RC2_INT's */ +- ki = &(key->data[63]); +- for (i = 127; i >= 0; i -= 2) +- *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff; +-} +- +-#if defined(_MSC_VER) +-# pragma optimize("",on) +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c +deleted file mode 100644 +index 8b5929f..0000000 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c ++++ /dev/null +@@ -1,123 +0,0 @@ +-/* crypto/rc2/rc2cfb64.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "rc2_locl.h" +- +-/* +- * The input and output encrypted as though 64bit cfb mode is being used. +- * The extra state information to record how much of the 64bit block we have +- * used is contained in *num; +- */ +- +-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, RC2_KEY *schedule, unsigned char *ivec, +- int *num, int encrypt) +-{ +- register unsigned long v0, v1, t; +- register int n = *num; +- register long l = length; +- unsigned long ti[2]; +- unsigned char *iv, c, cc; +- +- iv = (unsigned char *)ivec; +- if (encrypt) { +- while (l--) { +- if (n == 0) { +- c2l(iv, v0); +- ti[0] = v0; +- c2l(iv, v1); +- ti[1] = v1; +- RC2_encrypt((unsigned long *)ti, schedule); +- iv = (unsigned char *)ivec; +- t = ti[0]; +- l2c(t, iv); +- t = ti[1]; +- l2c(t, iv); +- iv = (unsigned char *)ivec; +- } +- c = *(in++) ^ iv[n]; +- *(out++) = c; +- iv[n] = c; +- n = (n + 1) & 0x07; +- } +- } else { +- while (l--) { +- if (n == 0) { +- c2l(iv, v0); +- ti[0] = v0; +- c2l(iv, v1); +- ti[1] = v1; +- RC2_encrypt((unsigned long *)ti, schedule); +- iv = (unsigned char *)ivec; +- t = ti[0]; +- l2c(t, iv); +- t = ti[1]; +- l2c(t, iv); +- iv = (unsigned char *)ivec; +- } +- cc = *(in++); +- c = iv[n]; +- iv[n] = cc; +- *(out++) = c ^ cc; +- n = (n + 1) & 0x07; +- } +- } +- v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; +- *num = n; +-} +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c +deleted file mode 100644 +index b9f4d8c..0000000 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c ++++ /dev/null +@@ -1,110 +0,0 @@ +-/* crypto/rc2/rc2ofb64.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "rc2_locl.h" +- +-/* +- * The input and output encrypted as though 64bit ofb mode is being used. +- * The extra state information to record how much of the 64bit block we have +- * used is contained in *num; +- */ +-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, RC2_KEY *schedule, unsigned char *ivec, +- int *num) +-{ +- register unsigned long v0, v1, t; +- register int n = *num; +- register long l = length; +- unsigned char d[8]; +- register char *dp; +- unsigned long ti[2]; +- unsigned char *iv; +- int save = 0; +- +- iv = (unsigned char *)ivec; +- c2l(iv, v0); +- c2l(iv, v1); +- ti[0] = v0; +- ti[1] = v1; +- dp = (char *)d; +- l2c(v0, dp); +- l2c(v1, dp); +- while (l--) { +- if (n == 0) { +- RC2_encrypt((unsigned long *)ti, schedule); +- dp = (char *)d; +- t = ti[0]; +- l2c(t, dp); +- t = ti[1]; +- l2c(t, dp); +- save++; +- } +- *(out++) = *(in++) ^ d[n]; +- n = (n + 1) & 0x07; +- } +- if (save) { +- v0 = ti[0]; +- v1 = ti[1]; +- iv = (unsigned char *)ivec; +- l2c(v0, iv); +- l2c(v1, iv); +- } +- t = v0 = v1 = ti[0] = ti[1] = 0; +- *num = n; +-} +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c +index 72cc8f6..0f0a248 100644 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c +@@ -68,18 +68,18 @@ + * Date: Wed, 14 Sep 1994 06:35:31 GMT + */ + +-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, ++void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata) + { + register RC4_INT *d; + register RC4_INT x, y, tx, ty; +- int i; ++ size_t i; + + x = key->x; + y = key->y; + d = key->data; + +-#if defined(RC4_CHUNK) ++#if defined(RC4_CHUNK) && !defined(PEDANTIC) + /*- + * The original reason for implementing this(*) was the fact that + * pre-21164a Alpha CPUs don't have byte load/store instructions +@@ -121,8 +121,8 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, + (RC4_CHUNK)d[(tx+ty)&0xff]\ + ) + +- if ((((unsigned long)indata & (sizeof(RC4_CHUNK) - 1)) | +- ((unsigned long)outdata & (sizeof(RC4_CHUNK) - 1))) == 0) { ++ if ((((size_t)indata & (sizeof(RC4_CHUNK) - 1)) | ++ ((size_t)outdata & (sizeof(RC4_CHUNK) - 1))) == 0) { + RC4_CHUNK ichunk, otp; + const union { + long one; +@@ -161,7 +161,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, + */ + if (!is_endian.little) { /* BIG-ENDIAN CASE */ + # define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) +- for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) { ++ for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { + ichunk = *(RC4_CHUNK *) indata; + otp = RC4_STEP << BESHFT(0); + otp |= RC4_STEP << BESHFT(1); +@@ -215,7 +215,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, + return; + } else { /* LITTLE-ENDIAN CASE */ + # define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) +- for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) { ++ for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { + ichunk = *(RC4_CHUNK *) indata; + otp = RC4_STEP; + otp |= RC4_STEP << 8; +@@ -284,7 +284,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, + # define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) + #endif + +- i = (int)(len >> 3L); ++ i = len >> 3; + if (i) { + for (;;) { + RC4_LOOP(indata, outdata, 0); +@@ -303,7 +303,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, + break; + } + } +- i = (int)len & 0x07; ++ i = len & 0x07; + if (i) { + for (;;) { + RC4_LOOP(indata, outdata, 0); +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c +deleted file mode 100644 +index f236685..0000000 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c ++++ /dev/null +@@ -1,75 +0,0 @@ +-/* crypto/rc4/rc4_fblk.c */ +-/* +- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project. +- */ +-/* ==================================================================== +- * Copyright (c) 2008 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- */ +- +-#include +-#include "rc4_locl.h" +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-/* +- * FIPS mode blocking for RC4 has to be done separately since RC4_set_key may +- * be implemented in an assembly language file. +- */ +- +-#ifdef OPENSSL_FIPS +-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +-{ +- if (FIPS_mode()) +- FIPS_BAD_ABORT(RC4) +- private_RC4_set_key(key, len, data); +-} +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h b/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h +index c712e16..faf8742 100644 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h +@@ -1,5 +1,5 @@ + #ifndef HEADER_RC4_LOCL_H +-#define HEADER_RC4_LOCL_H +-#include +-#include ++# define HEADER_RC4_LOCL_H ++# include ++# include + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c +index 62121d9..06890d1 100644 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c +@@ -59,10 +59,6 @@ + #include + #include "rc4_locl.h" + #include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif + + const char RC4_version[] = "RC4" OPENSSL_VERSION_PTEXT; + +@@ -90,11 +86,7 @@ const char *RC4_options(void) + * Date: Wed, 14 Sep 1994 06:35:31 GMT + */ + +-#ifdef OPENSSL_FIPS + void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +-#else +-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +-#endif + { + register RC4_INT tmp; + register int id1, id2; +@@ -113,48 +105,6 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) + d[(n)]=d[id2]; \ + d[id2]=tmp; } + +-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) +-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ +- defined(__INTEL__) || \ +- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) +- if (sizeof(RC4_INT) > 1) { +- /* +- * Unlike all other x86 [and x86_64] implementations, +- * Intel P4 core [including EM64T] was found to perform +- * poorly with wider RC4_INT. Performance improvement +- * for IA-32 hand-coded assembler turned out to be 2.8x +- * if re-coded for RC4_CHAR! It's however inappropriate +- * to just switch to RC4_CHAR for x86[_64], as non-P4 +- * implementations suffer from significant performance +- * losses then, e.g. PIII exhibits >2x deterioration, +- * and so does Opteron. In order to assure optimal +- * all-round performance, we detect P4 at run-time by +- * checking upon reserved bit 20 in CPU capability +- * vector and set up compressed key schedule, which is +- * recognized by correspondingly updated assembler +- * module... Bit 20 is set up by OPENSSL_ia32_cpuid. +- * +- * +- */ +-# ifdef OPENSSL_FIPS +- unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc(); +- if (ia32cap_ptr && (*ia32cap_ptr & (1 << 20))) { +-# else +- if (OPENSSL_ia32cap_P & (1 << 20)) { +-# endif +- unsigned char *cp = (unsigned char *)d; +- +- for (i = 0; i < 256; i++) +- cp[i] = i; +- for (i = 0; i < 256; i++) +- SK_LOOP(cp, i); +- /* mark schedule as compressed! */ +- d[256 / sizeof(RC4_INT)] = -1; +- return; +- } +- } +-# endif +-#endif + for (i = 0; i < 256; i++) + d[i] = i; + for (i = 0; i < 256; i += 4) { +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c +new file mode 100644 +index 0000000..7c6a15f +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c +@@ -0,0 +1,62 @@ ++/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#include ++#include ++#include ++ ++void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) ++{ ++#ifdef OPENSSL_FIPS ++ fips_cipher_abort(RC4); ++#endif ++ private_RC4_set_key(key, len, data); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c +deleted file mode 100644 +index 236a5ed..0000000 +--- a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c ++++ /dev/null +@@ -1,339 +0,0 @@ +-/* crypto/ripemd/rmd_dgst.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include "rmd_locl.h" +-#include +-#include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-const char RMD160_version[] = "RIPE-MD160" OPENSSL_VERSION_PTEXT; +- +-#ifdef RMD160_ASM +-void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num); +-# define ripemd160_block ripemd160_block_x86 +-#else +-void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); +-#endif +- +-FIPS_NON_FIPS_MD_Init(RIPEMD160) +-{ +- c->A = RIPEMD160_A; +- c->B = RIPEMD160_B; +- c->C = RIPEMD160_C; +- c->D = RIPEMD160_D; +- c->E = RIPEMD160_E; +- c->Nl = 0; +- c->Nh = 0; +- c->num = 0; +- return 1; +-} +- +-#ifndef ripemd160_block_data_order +-# ifdef X +-# undef X +-# endif +-void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num) +-{ +- const unsigned char *data = p; +- register unsigned MD32_REG_T A, B, C, D, E; +- unsigned MD32_REG_T a, b, c, d, e, l; +-# ifndef MD32_XARRAY +- /* See comment in crypto/sha/sha_locl.h for details. */ +- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, +- XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; +-# define X(i) XX##i +-# else +- RIPEMD160_LONG XX[16]; +-# define X(i) XX[i] +-# endif +- +- for (; num--;) { +- +- A = ctx->A; +- B = ctx->B; +- C = ctx->C; +- D = ctx->D; +- E = ctx->E; +- +- HOST_c2l(data, l); +- X(0) = l; +- HOST_c2l(data, l); +- X(1) = l; +- RIP1(A, B, C, D, E, WL00, SL00); +- HOST_c2l(data, l); +- X(2) = l; +- RIP1(E, A, B, C, D, WL01, SL01); +- HOST_c2l(data, l); +- X(3) = l; +- RIP1(D, E, A, B, C, WL02, SL02); +- HOST_c2l(data, l); +- X(4) = l; +- RIP1(C, D, E, A, B, WL03, SL03); +- HOST_c2l(data, l); +- X(5) = l; +- RIP1(B, C, D, E, A, WL04, SL04); +- HOST_c2l(data, l); +- X(6) = l; +- RIP1(A, B, C, D, E, WL05, SL05); +- HOST_c2l(data, l); +- X(7) = l; +- RIP1(E, A, B, C, D, WL06, SL06); +- HOST_c2l(data, l); +- X(8) = l; +- RIP1(D, E, A, B, C, WL07, SL07); +- HOST_c2l(data, l); +- X(9) = l; +- RIP1(C, D, E, A, B, WL08, SL08); +- HOST_c2l(data, l); +- X(10) = l; +- RIP1(B, C, D, E, A, WL09, SL09); +- HOST_c2l(data, l); +- X(11) = l; +- RIP1(A, B, C, D, E, WL10, SL10); +- HOST_c2l(data, l); +- X(12) = l; +- RIP1(E, A, B, C, D, WL11, SL11); +- HOST_c2l(data, l); +- X(13) = l; +- RIP1(D, E, A, B, C, WL12, SL12); +- HOST_c2l(data, l); +- X(14) = l; +- RIP1(C, D, E, A, B, WL13, SL13); +- HOST_c2l(data, l); +- X(15) = l; +- RIP1(B, C, D, E, A, WL14, SL14); +- RIP1(A, B, C, D, E, WL15, SL15); +- +- RIP2(E, A, B, C, D, WL16, SL16, KL1); +- RIP2(D, E, A, B, C, WL17, SL17, KL1); +- RIP2(C, D, E, A, B, WL18, SL18, KL1); +- RIP2(B, C, D, E, A, WL19, SL19, KL1); +- RIP2(A, B, C, D, E, WL20, SL20, KL1); +- RIP2(E, A, B, C, D, WL21, SL21, KL1); +- RIP2(D, E, A, B, C, WL22, SL22, KL1); +- RIP2(C, D, E, A, B, WL23, SL23, KL1); +- RIP2(B, C, D, E, A, WL24, SL24, KL1); +- RIP2(A, B, C, D, E, WL25, SL25, KL1); +- RIP2(E, A, B, C, D, WL26, SL26, KL1); +- RIP2(D, E, A, B, C, WL27, SL27, KL1); +- RIP2(C, D, E, A, B, WL28, SL28, KL1); +- RIP2(B, C, D, E, A, WL29, SL29, KL1); +- RIP2(A, B, C, D, E, WL30, SL30, KL1); +- RIP2(E, A, B, C, D, WL31, SL31, KL1); +- +- RIP3(D, E, A, B, C, WL32, SL32, KL2); +- RIP3(C, D, E, A, B, WL33, SL33, KL2); +- RIP3(B, C, D, E, A, WL34, SL34, KL2); +- RIP3(A, B, C, D, E, WL35, SL35, KL2); +- RIP3(E, A, B, C, D, WL36, SL36, KL2); +- RIP3(D, E, A, B, C, WL37, SL37, KL2); +- RIP3(C, D, E, A, B, WL38, SL38, KL2); +- RIP3(B, C, D, E, A, WL39, SL39, KL2); +- RIP3(A, B, C, D, E, WL40, SL40, KL2); +- RIP3(E, A, B, C, D, WL41, SL41, KL2); +- RIP3(D, E, A, B, C, WL42, SL42, KL2); +- RIP3(C, D, E, A, B, WL43, SL43, KL2); +- RIP3(B, C, D, E, A, WL44, SL44, KL2); +- RIP3(A, B, C, D, E, WL45, SL45, KL2); +- RIP3(E, A, B, C, D, WL46, SL46, KL2); +- RIP3(D, E, A, B, C, WL47, SL47, KL2); +- +- RIP4(C, D, E, A, B, WL48, SL48, KL3); +- RIP4(B, C, D, E, A, WL49, SL49, KL3); +- RIP4(A, B, C, D, E, WL50, SL50, KL3); +- RIP4(E, A, B, C, D, WL51, SL51, KL3); +- RIP4(D, E, A, B, C, WL52, SL52, KL3); +- RIP4(C, D, E, A, B, WL53, SL53, KL3); +- RIP4(B, C, D, E, A, WL54, SL54, KL3); +- RIP4(A, B, C, D, E, WL55, SL55, KL3); +- RIP4(E, A, B, C, D, WL56, SL56, KL3); +- RIP4(D, E, A, B, C, WL57, SL57, KL3); +- RIP4(C, D, E, A, B, WL58, SL58, KL3); +- RIP4(B, C, D, E, A, WL59, SL59, KL3); +- RIP4(A, B, C, D, E, WL60, SL60, KL3); +- RIP4(E, A, B, C, D, WL61, SL61, KL3); +- RIP4(D, E, A, B, C, WL62, SL62, KL3); +- RIP4(C, D, E, A, B, WL63, SL63, KL3); +- +- RIP5(B, C, D, E, A, WL64, SL64, KL4); +- RIP5(A, B, C, D, E, WL65, SL65, KL4); +- RIP5(E, A, B, C, D, WL66, SL66, KL4); +- RIP5(D, E, A, B, C, WL67, SL67, KL4); +- RIP5(C, D, E, A, B, WL68, SL68, KL4); +- RIP5(B, C, D, E, A, WL69, SL69, KL4); +- RIP5(A, B, C, D, E, WL70, SL70, KL4); +- RIP5(E, A, B, C, D, WL71, SL71, KL4); +- RIP5(D, E, A, B, C, WL72, SL72, KL4); +- RIP5(C, D, E, A, B, WL73, SL73, KL4); +- RIP5(B, C, D, E, A, WL74, SL74, KL4); +- RIP5(A, B, C, D, E, WL75, SL75, KL4); +- RIP5(E, A, B, C, D, WL76, SL76, KL4); +- RIP5(D, E, A, B, C, WL77, SL77, KL4); +- RIP5(C, D, E, A, B, WL78, SL78, KL4); +- RIP5(B, C, D, E, A, WL79, SL79, KL4); +- +- a = A; +- b = B; +- c = C; +- d = D; +- e = E; +- /* Do other half */ +- A = ctx->A; +- B = ctx->B; +- C = ctx->C; +- D = ctx->D; +- E = ctx->E; +- +- RIP5(A, B, C, D, E, WR00, SR00, KR0); +- RIP5(E, A, B, C, D, WR01, SR01, KR0); +- RIP5(D, E, A, B, C, WR02, SR02, KR0); +- RIP5(C, D, E, A, B, WR03, SR03, KR0); +- RIP5(B, C, D, E, A, WR04, SR04, KR0); +- RIP5(A, B, C, D, E, WR05, SR05, KR0); +- RIP5(E, A, B, C, D, WR06, SR06, KR0); +- RIP5(D, E, A, B, C, WR07, SR07, KR0); +- RIP5(C, D, E, A, B, WR08, SR08, KR0); +- RIP5(B, C, D, E, A, WR09, SR09, KR0); +- RIP5(A, B, C, D, E, WR10, SR10, KR0); +- RIP5(E, A, B, C, D, WR11, SR11, KR0); +- RIP5(D, E, A, B, C, WR12, SR12, KR0); +- RIP5(C, D, E, A, B, WR13, SR13, KR0); +- RIP5(B, C, D, E, A, WR14, SR14, KR0); +- RIP5(A, B, C, D, E, WR15, SR15, KR0); +- +- RIP4(E, A, B, C, D, WR16, SR16, KR1); +- RIP4(D, E, A, B, C, WR17, SR17, KR1); +- RIP4(C, D, E, A, B, WR18, SR18, KR1); +- RIP4(B, C, D, E, A, WR19, SR19, KR1); +- RIP4(A, B, C, D, E, WR20, SR20, KR1); +- RIP4(E, A, B, C, D, WR21, SR21, KR1); +- RIP4(D, E, A, B, C, WR22, SR22, KR1); +- RIP4(C, D, E, A, B, WR23, SR23, KR1); +- RIP4(B, C, D, E, A, WR24, SR24, KR1); +- RIP4(A, B, C, D, E, WR25, SR25, KR1); +- RIP4(E, A, B, C, D, WR26, SR26, KR1); +- RIP4(D, E, A, B, C, WR27, SR27, KR1); +- RIP4(C, D, E, A, B, WR28, SR28, KR1); +- RIP4(B, C, D, E, A, WR29, SR29, KR1); +- RIP4(A, B, C, D, E, WR30, SR30, KR1); +- RIP4(E, A, B, C, D, WR31, SR31, KR1); +- +- RIP3(D, E, A, B, C, WR32, SR32, KR2); +- RIP3(C, D, E, A, B, WR33, SR33, KR2); +- RIP3(B, C, D, E, A, WR34, SR34, KR2); +- RIP3(A, B, C, D, E, WR35, SR35, KR2); +- RIP3(E, A, B, C, D, WR36, SR36, KR2); +- RIP3(D, E, A, B, C, WR37, SR37, KR2); +- RIP3(C, D, E, A, B, WR38, SR38, KR2); +- RIP3(B, C, D, E, A, WR39, SR39, KR2); +- RIP3(A, B, C, D, E, WR40, SR40, KR2); +- RIP3(E, A, B, C, D, WR41, SR41, KR2); +- RIP3(D, E, A, B, C, WR42, SR42, KR2); +- RIP3(C, D, E, A, B, WR43, SR43, KR2); +- RIP3(B, C, D, E, A, WR44, SR44, KR2); +- RIP3(A, B, C, D, E, WR45, SR45, KR2); +- RIP3(E, A, B, C, D, WR46, SR46, KR2); +- RIP3(D, E, A, B, C, WR47, SR47, KR2); +- +- RIP2(C, D, E, A, B, WR48, SR48, KR3); +- RIP2(B, C, D, E, A, WR49, SR49, KR3); +- RIP2(A, B, C, D, E, WR50, SR50, KR3); +- RIP2(E, A, B, C, D, WR51, SR51, KR3); +- RIP2(D, E, A, B, C, WR52, SR52, KR3); +- RIP2(C, D, E, A, B, WR53, SR53, KR3); +- RIP2(B, C, D, E, A, WR54, SR54, KR3); +- RIP2(A, B, C, D, E, WR55, SR55, KR3); +- RIP2(E, A, B, C, D, WR56, SR56, KR3); +- RIP2(D, E, A, B, C, WR57, SR57, KR3); +- RIP2(C, D, E, A, B, WR58, SR58, KR3); +- RIP2(B, C, D, E, A, WR59, SR59, KR3); +- RIP2(A, B, C, D, E, WR60, SR60, KR3); +- RIP2(E, A, B, C, D, WR61, SR61, KR3); +- RIP2(D, E, A, B, C, WR62, SR62, KR3); +- RIP2(C, D, E, A, B, WR63, SR63, KR3); +- +- RIP1(B, C, D, E, A, WR64, SR64); +- RIP1(A, B, C, D, E, WR65, SR65); +- RIP1(E, A, B, C, D, WR66, SR66); +- RIP1(D, E, A, B, C, WR67, SR67); +- RIP1(C, D, E, A, B, WR68, SR68); +- RIP1(B, C, D, E, A, WR69, SR69); +- RIP1(A, B, C, D, E, WR70, SR70); +- RIP1(E, A, B, C, D, WR71, SR71); +- RIP1(D, E, A, B, C, WR72, SR72); +- RIP1(C, D, E, A, B, WR73, SR73); +- RIP1(B, C, D, E, A, WR74, SR74); +- RIP1(A, B, C, D, E, WR75, SR75); +- RIP1(E, A, B, C, D, WR76, SR76); +- RIP1(D, E, A, B, C, WR77, SR77); +- RIP1(C, D, E, A, B, WR78, SR78); +- RIP1(B, C, D, E, A, WR79, SR79); +- +- D = ctx->B + c + D; +- ctx->B = ctx->C + d + E; +- ctx->C = ctx->D + e + A; +- ctx->D = ctx->E + a + B; +- ctx->E = ctx->A + b + C; +- ctx->A = D; +- +- } +-} +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_locl.h b/Cryptlib/OpenSSL/crypto/ripemd/rmd_locl.h +deleted file mode 100644 +index ce12a80..0000000 +--- a/Cryptlib/OpenSSL/crypto/ripemd/rmd_locl.h ++++ /dev/null +@@ -1,150 +0,0 @@ +-/* crypto/ripemd/rmd_locl.h */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include +-#include +- +-#ifndef RIPEMD160_LONG_LOG2 +-#define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */ +-#endif +- +-/* +- * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c +- * FOR EXPLANATIONS ON FOLLOWING "CODE." +- * +- */ +-#ifdef RMD160_ASM +-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) +-# define ripemd160_block_host_order ripemd160_block_asm_data_order +-# endif +-#endif +- +-void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); +- +-#define DATA_ORDER_IS_LITTLE_ENDIAN +- +-#define HASH_LONG RIPEMD160_LONG +-#define HASH_CTX RIPEMD160_CTX +-#define HASH_CBLOCK RIPEMD160_CBLOCK +-#define HASH_UPDATE RIPEMD160_Update +-#define HASH_TRANSFORM RIPEMD160_Transform +-#define HASH_FINAL RIPEMD160_Final +-#define HASH_MAKE_STRING(c,s) do { \ +- unsigned long ll; \ +- ll=(c)->A; HOST_l2c(ll,(s)); \ +- ll=(c)->B; HOST_l2c(ll,(s)); \ +- ll=(c)->C; HOST_l2c(ll,(s)); \ +- ll=(c)->D; HOST_l2c(ll,(s)); \ +- ll=(c)->E; HOST_l2c(ll,(s)); \ +- } while (0) +-#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order +- +-#include "md32_common.h" +- +-#if 0 +-#define F1(x,y,z) ((x)^(y)^(z)) +-#define F2(x,y,z) (((x)&(y))|((~x)&z)) +-#define F3(x,y,z) (((x)|(~y))^(z)) +-#define F4(x,y,z) (((x)&(z))|((y)&(~(z)))) +-#define F5(x,y,z) ((x)^((y)|(~(z)))) +-#else +-/* +- * Transformed F2 and F4 are courtesy of Wei Dai +- */ +-#define F1(x,y,z) ((x) ^ (y) ^ (z)) +-#define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) +-#define F3(x,y,z) (((~(y)) | (x)) ^ (z)) +-#define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) +-#define F5(x,y,z) (((~(z)) | (y)) ^ (x)) +-#endif +- +-#define RIPEMD160_A 0x67452301L +-#define RIPEMD160_B 0xEFCDAB89L +-#define RIPEMD160_C 0x98BADCFEL +-#define RIPEMD160_D 0x10325476L +-#define RIPEMD160_E 0xC3D2E1F0L +- +-#include "rmdconst.h" +- +-#define RIP1(a,b,c,d,e,w,s) { \ +- a+=F1(b,c,d)+X(w); \ +- a=ROTATE(a,s)+e; \ +- c=ROTATE(c,10); } +- +-#define RIP2(a,b,c,d,e,w,s,K) { \ +- a+=F2(b,c,d)+X(w)+K; \ +- a=ROTATE(a,s)+e; \ +- c=ROTATE(c,10); } +- +-#define RIP3(a,b,c,d,e,w,s,K) { \ +- a+=F3(b,c,d)+X(w)+K; \ +- a=ROTATE(a,s)+e; \ +- c=ROTATE(c,10); } +- +-#define RIP4(a,b,c,d,e,w,s,K) { \ +- a+=F4(b,c,d)+X(w)+K; \ +- a=ROTATE(a,s)+e; \ +- c=ROTATE(c,10); } +- +-#define RIP5(a,b,c,d,e,w,s,K) { \ +- a+=F5(b,c,d)+X(w)+K; \ +- a=ROTATE(a,s)+e; \ +- c=ROTATE(c,10); } +- +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c +deleted file mode 100644 +index 666e01a..0000000 +--- a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c ++++ /dev/null +@@ -1,77 +0,0 @@ +-/* crypto/ripemd/rmd_one.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include +-#include +- +-unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md) +-{ +- RIPEMD160_CTX c; +- static unsigned char m[RIPEMD160_DIGEST_LENGTH]; +- +- if (md == NULL) +- md = m; +- if (!RIPEMD160_Init(&c)) +- return NULL; +- RIPEMD160_Update(&c, d, n); +- RIPEMD160_Final(md, &c); +- OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ +- return (md); +-} +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmdconst.h b/Cryptlib/OpenSSL/crypto/ripemd/rmdconst.h +deleted file mode 100644 +index 59c48de..0000000 +--- a/Cryptlib/OpenSSL/crypto/ripemd/rmdconst.h ++++ /dev/null +@@ -1,399 +0,0 @@ +-/* crypto/ripemd/rmdconst.h */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +-#define KL0 0x00000000L +-#define KL1 0x5A827999L +-#define KL2 0x6ED9EBA1L +-#define KL3 0x8F1BBCDCL +-#define KL4 0xA953FD4EL +- +-#define KR0 0x50A28BE6L +-#define KR1 0x5C4DD124L +-#define KR2 0x6D703EF3L +-#define KR3 0x7A6D76E9L +-#define KR4 0x00000000L +- +-#define WL00 0 +-#define SL00 11 +-#define WL01 1 +-#define SL01 14 +-#define WL02 2 +-#define SL02 15 +-#define WL03 3 +-#define SL03 12 +-#define WL04 4 +-#define SL04 5 +-#define WL05 5 +-#define SL05 8 +-#define WL06 6 +-#define SL06 7 +-#define WL07 7 +-#define SL07 9 +-#define WL08 8 +-#define SL08 11 +-#define WL09 9 +-#define SL09 13 +-#define WL10 10 +-#define SL10 14 +-#define WL11 11 +-#define SL11 15 +-#define WL12 12 +-#define SL12 6 +-#define WL13 13 +-#define SL13 7 +-#define WL14 14 +-#define SL14 9 +-#define WL15 15 +-#define SL15 8 +- +-#define WL16 7 +-#define SL16 7 +-#define WL17 4 +-#define SL17 6 +-#define WL18 13 +-#define SL18 8 +-#define WL19 1 +-#define SL19 13 +-#define WL20 10 +-#define SL20 11 +-#define WL21 6 +-#define SL21 9 +-#define WL22 15 +-#define SL22 7 +-#define WL23 3 +-#define SL23 15 +-#define WL24 12 +-#define SL24 7 +-#define WL25 0 +-#define SL25 12 +-#define WL26 9 +-#define SL26 15 +-#define WL27 5 +-#define SL27 9 +-#define WL28 2 +-#define SL28 11 +-#define WL29 14 +-#define SL29 7 +-#define WL30 11 +-#define SL30 13 +-#define WL31 8 +-#define SL31 12 +- +-#define WL32 3 +-#define SL32 11 +-#define WL33 10 +-#define SL33 13 +-#define WL34 14 +-#define SL34 6 +-#define WL35 4 +-#define SL35 7 +-#define WL36 9 +-#define SL36 14 +-#define WL37 15 +-#define SL37 9 +-#define WL38 8 +-#define SL38 13 +-#define WL39 1 +-#define SL39 15 +-#define WL40 2 +-#define SL40 14 +-#define WL41 7 +-#define SL41 8 +-#define WL42 0 +-#define SL42 13 +-#define WL43 6 +-#define SL43 6 +-#define WL44 13 +-#define SL44 5 +-#define WL45 11 +-#define SL45 12 +-#define WL46 5 +-#define SL46 7 +-#define WL47 12 +-#define SL47 5 +- +-#define WL48 1 +-#define SL48 11 +-#define WL49 9 +-#define SL49 12 +-#define WL50 11 +-#define SL50 14 +-#define WL51 10 +-#define SL51 15 +-#define WL52 0 +-#define SL52 14 +-#define WL53 8 +-#define SL53 15 +-#define WL54 12 +-#define SL54 9 +-#define WL55 4 +-#define SL55 8 +-#define WL56 13 +-#define SL56 9 +-#define WL57 3 +-#define SL57 14 +-#define WL58 7 +-#define SL58 5 +-#define WL59 15 +-#define SL59 6 +-#define WL60 14 +-#define SL60 8 +-#define WL61 5 +-#define SL61 6 +-#define WL62 6 +-#define SL62 5 +-#define WL63 2 +-#define SL63 12 +- +-#define WL64 4 +-#define SL64 9 +-#define WL65 0 +-#define SL65 15 +-#define WL66 5 +-#define SL66 5 +-#define WL67 9 +-#define SL67 11 +-#define WL68 7 +-#define SL68 6 +-#define WL69 12 +-#define SL69 8 +-#define WL70 2 +-#define SL70 13 +-#define WL71 10 +-#define SL71 12 +-#define WL72 14 +-#define SL72 5 +-#define WL73 1 +-#define SL73 12 +-#define WL74 3 +-#define SL74 13 +-#define WL75 8 +-#define SL75 14 +-#define WL76 11 +-#define SL76 11 +-#define WL77 6 +-#define SL77 8 +-#define WL78 15 +-#define SL78 5 +-#define WL79 13 +-#define SL79 6 +- +-#define WR00 5 +-#define SR00 8 +-#define WR01 14 +-#define SR01 9 +-#define WR02 7 +-#define SR02 9 +-#define WR03 0 +-#define SR03 11 +-#define WR04 9 +-#define SR04 13 +-#define WR05 2 +-#define SR05 15 +-#define WR06 11 +-#define SR06 15 +-#define WR07 4 +-#define SR07 5 +-#define WR08 13 +-#define SR08 7 +-#define WR09 6 +-#define SR09 7 +-#define WR10 15 +-#define SR10 8 +-#define WR11 8 +-#define SR11 11 +-#define WR12 1 +-#define SR12 14 +-#define WR13 10 +-#define SR13 14 +-#define WR14 3 +-#define SR14 12 +-#define WR15 12 +-#define SR15 6 +- +-#define WR16 6 +-#define SR16 9 +-#define WR17 11 +-#define SR17 13 +-#define WR18 3 +-#define SR18 15 +-#define WR19 7 +-#define SR19 7 +-#define WR20 0 +-#define SR20 12 +-#define WR21 13 +-#define SR21 8 +-#define WR22 5 +-#define SR22 9 +-#define WR23 10 +-#define SR23 11 +-#define WR24 14 +-#define SR24 7 +-#define WR25 15 +-#define SR25 7 +-#define WR26 8 +-#define SR26 12 +-#define WR27 12 +-#define SR27 7 +-#define WR28 4 +-#define SR28 6 +-#define WR29 9 +-#define SR29 15 +-#define WR30 1 +-#define SR30 13 +-#define WR31 2 +-#define SR31 11 +- +-#define WR32 15 +-#define SR32 9 +-#define WR33 5 +-#define SR33 7 +-#define WR34 1 +-#define SR34 15 +-#define WR35 3 +-#define SR35 11 +-#define WR36 7 +-#define SR36 8 +-#define WR37 14 +-#define SR37 6 +-#define WR38 6 +-#define SR38 6 +-#define WR39 9 +-#define SR39 14 +-#define WR40 11 +-#define SR40 12 +-#define WR41 8 +-#define SR41 13 +-#define WR42 12 +-#define SR42 5 +-#define WR43 2 +-#define SR43 14 +-#define WR44 10 +-#define SR44 13 +-#define WR45 0 +-#define SR45 13 +-#define WR46 4 +-#define SR46 7 +-#define WR47 13 +-#define SR47 5 +- +-#define WR48 8 +-#define SR48 15 +-#define WR49 6 +-#define SR49 5 +-#define WR50 4 +-#define SR50 8 +-#define WR51 1 +-#define SR51 11 +-#define WR52 3 +-#define SR52 14 +-#define WR53 11 +-#define SR53 14 +-#define WR54 15 +-#define SR54 6 +-#define WR55 0 +-#define SR55 14 +-#define WR56 5 +-#define SR56 6 +-#define WR57 12 +-#define SR57 9 +-#define WR58 2 +-#define SR58 12 +-#define WR59 13 +-#define SR59 9 +-#define WR60 9 +-#define SR60 12 +-#define WR61 7 +-#define SR61 5 +-#define WR62 10 +-#define SR62 15 +-#define WR63 14 +-#define SR63 8 +- +-#define WR64 12 +-#define SR64 8 +-#define WR65 15 +-#define SR65 5 +-#define WR66 10 +-#define SR66 12 +-#define WR67 4 +-#define SR67 9 +-#define WR68 1 +-#define SR68 12 +-#define WR69 5 +-#define SR69 5 +-#define WR70 8 +-#define SR70 14 +-#define WR71 7 +-#define SR71 6 +-#define WR72 6 +-#define SR72 8 +-#define WR73 2 +-#define SR73 13 +-#define WR74 13 +-#define SR74 6 +-#define WR75 14 +-#define SR75 5 +-#define WR76 0 +-#define SR76 15 +-#define WR77 3 +-#define SR77 13 +-#define WR78 9 +-#define SR78 11 +-#define WR79 11 +-#define SR79 11 +- +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c +new file mode 100644 +index 0000000..cc9c3ce +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c +@@ -0,0 +1,969 @@ ++/* crypto/rsa/rsa_ameth.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#ifndef OPENSSL_NO_CMS ++# include ++#endif ++#include "asn1_locl.h" ++ ++#ifndef OPENSSL_NO_CMS ++static int rsa_cms_sign(CMS_SignerInfo *si); ++static int rsa_cms_verify(CMS_SignerInfo *si); ++static int rsa_cms_decrypt(CMS_RecipientInfo *ri); ++static int rsa_cms_encrypt(CMS_RecipientInfo *ri); ++#endif ++ ++static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) ++{ ++ unsigned char *penc = NULL; ++ int penclen; ++ penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); ++ if (penclen <= 0) ++ return 0; ++ if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), ++ V_ASN1_NULL, NULL, penc, penclen)) ++ return 1; ++ ++ OPENSSL_free(penc); ++ return 0; ++} ++ ++static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) ++{ ++ const unsigned char *p; ++ int pklen; ++ RSA *rsa = NULL; ++ if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) ++ return 0; ++ if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { ++ RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); ++ return 0; ++ } ++ EVP_PKEY_assign_RSA(pkey, rsa); ++ return 1; ++} ++ ++static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) ++{ ++ if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 ++ || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) ++ return 0; ++ return 1; ++} ++ ++static int old_rsa_priv_decode(EVP_PKEY *pkey, ++ const unsigned char **pder, int derlen) ++{ ++ RSA *rsa; ++ if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) { ++ RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); ++ return 0; ++ } ++ EVP_PKEY_assign_RSA(pkey, rsa); ++ return 1; ++} ++ ++static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) ++{ ++ return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); ++} ++ ++static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) ++{ ++ unsigned char *rk = NULL; ++ int rklen; ++ rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); ++ ++ if (rklen <= 0) { ++ RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, ++ V_ASN1_NULL, NULL, rk, rklen)) { ++ RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) ++{ ++ const unsigned char *p; ++ int pklen; ++ if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) ++ return 0; ++ return old_rsa_priv_decode(pkey, &p, pklen); ++} ++ ++static int int_rsa_size(const EVP_PKEY *pkey) ++{ ++ return RSA_size(pkey->pkey.rsa); ++} ++ ++static int rsa_bits(const EVP_PKEY *pkey) ++{ ++ return BN_num_bits(pkey->pkey.rsa->n); ++} ++ ++static void int_rsa_free(EVP_PKEY *pkey) ++{ ++ RSA_free(pkey->pkey.rsa); ++} ++ ++static void update_buflen(const BIGNUM *b, size_t *pbuflen) ++{ ++ size_t i; ++ if (!b) ++ return; ++ if (*pbuflen < (i = (size_t)BN_num_bytes(b))) ++ *pbuflen = i; ++} ++ ++static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) ++{ ++ char *str; ++ const char *s; ++ unsigned char *m = NULL; ++ int ret = 0, mod_len = 0; ++ size_t buf_len = 0; ++ ++ update_buflen(x->n, &buf_len); ++ update_buflen(x->e, &buf_len); ++ ++ if (priv) { ++ update_buflen(x->d, &buf_len); ++ update_buflen(x->p, &buf_len); ++ update_buflen(x->q, &buf_len); ++ update_buflen(x->dmp1, &buf_len); ++ update_buflen(x->dmq1, &buf_len); ++ update_buflen(x->iqmp, &buf_len); ++ } ++ ++ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); ++ if (m == NULL) { ++ RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (x->n != NULL) ++ mod_len = BN_num_bits(x->n); ++ ++ if (!BIO_indent(bp, off, 128)) ++ goto err; ++ ++ if (priv && x->d) { ++ if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) ++ <= 0) ++ goto err; ++ str = "modulus:"; ++ s = "publicExponent:"; ++ } else { ++ if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) ++ <= 0) ++ goto err; ++ str = "Modulus:"; ++ s = "Exponent:"; ++ } ++ if (!ASN1_bn_print(bp, str, x->n, m, off)) ++ goto err; ++ if (!ASN1_bn_print(bp, s, x->e, m, off)) ++ goto err; ++ if (priv) { ++ if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off)) ++ goto err; ++ if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) ++ goto err; ++ if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) ++ goto err; ++ if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) ++ goto err; ++ if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) ++ goto err; ++ if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) ++ goto err; ++ } ++ ret = 1; ++ err: ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); ++} ++ ++static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *ctx) ++{ ++ return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); ++} ++ ++static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *ctx) ++{ ++ return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); ++} ++ ++/* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */ ++static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) ++{ ++ const unsigned char *p; ++ int plen; ++ if (alg == NULL) ++ return NULL; ++ if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) ++ return NULL; ++ if (alg->parameter->type != V_ASN1_SEQUENCE) ++ return NULL; ++ ++ p = alg->parameter->value.sequence->data; ++ plen = alg->parameter->value.sequence->length; ++ return d2i_X509_ALGOR(NULL, &p, plen); ++} ++ ++static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, ++ X509_ALGOR **pmaskHash) ++{ ++ const unsigned char *p; ++ int plen; ++ RSA_PSS_PARAMS *pss; ++ ++ *pmaskHash = NULL; ++ ++ if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) ++ return NULL; ++ p = alg->parameter->value.sequence->data; ++ plen = alg->parameter->value.sequence->length; ++ pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); ++ ++ if (!pss) ++ return NULL; ++ ++ *pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm); ++ ++ return pss; ++} ++ ++static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, ++ X509_ALGOR *maskHash, int indent) ++{ ++ int rv = 0; ++ if (!pss) { ++ if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) ++ return 0; ++ return 1; ++ } ++ if (BIO_puts(bp, "\n") <= 0) ++ goto err; ++ if (!BIO_indent(bp, indent, 128)) ++ goto err; ++ if (BIO_puts(bp, "Hash Algorithm: ") <= 0) ++ goto err; ++ ++ if (pss->hashAlgorithm) { ++ if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) ++ goto err; ++ } else if (BIO_puts(bp, "sha1 (default)") <= 0) ++ goto err; ++ ++ if (BIO_puts(bp, "\n") <= 0) ++ goto err; ++ ++ if (!BIO_indent(bp, indent, 128)) ++ goto err; ++ ++ if (BIO_puts(bp, "Mask Algorithm: ") <= 0) ++ goto err; ++ if (pss->maskGenAlgorithm) { ++ if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) ++ goto err; ++ if (BIO_puts(bp, " with ") <= 0) ++ goto err; ++ if (maskHash) { ++ if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) ++ goto err; ++ } else if (BIO_puts(bp, "INVALID") <= 0) ++ goto err; ++ } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) ++ goto err; ++ BIO_puts(bp, "\n"); ++ ++ if (!BIO_indent(bp, indent, 128)) ++ goto err; ++ if (BIO_puts(bp, "Salt Length: 0x") <= 0) ++ goto err; ++ if (pss->saltLength) { ++ if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) ++ goto err; ++ } else if (BIO_puts(bp, "14 (default)") <= 0) ++ goto err; ++ BIO_puts(bp, "\n"); ++ ++ if (!BIO_indent(bp, indent, 128)) ++ goto err; ++ if (BIO_puts(bp, "Trailer Field: 0x") <= 0) ++ goto err; ++ if (pss->trailerField) { ++ if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) ++ goto err; ++ } else if (BIO_puts(bp, "BC (default)") <= 0) ++ goto err; ++ BIO_puts(bp, "\n"); ++ ++ rv = 1; ++ ++ err: ++ return rv; ++ ++} ++ ++static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, ++ const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) ++{ ++ if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) { ++ int rv; ++ RSA_PSS_PARAMS *pss; ++ X509_ALGOR *maskHash; ++ pss = rsa_pss_decode(sigalg, &maskHash); ++ rv = rsa_pss_param_print(bp, pss, maskHash, indent); ++ if (pss) ++ RSA_PSS_PARAMS_free(pss); ++ if (maskHash) ++ X509_ALGOR_free(maskHash); ++ if (!rv) ++ return 0; ++ } else if (!sig && BIO_puts(bp, "\n") <= 0) ++ return 0; ++ if (sig) ++ return X509_signature_dump(bp, sig, indent); ++ return 1; ++} ++ ++static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) ++{ ++ X509_ALGOR *alg = NULL; ++ switch (op) { ++ ++ case ASN1_PKEY_CTRL_PKCS7_SIGN: ++ if (arg1 == 0) ++ PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); ++ break; ++ ++ case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: ++ if (arg1 == 0) ++ PKCS7_RECIP_INFO_get0_alg(arg2, &alg); ++ break; ++#ifndef OPENSSL_NO_CMS ++ case ASN1_PKEY_CTRL_CMS_SIGN: ++ if (arg1 == 0) ++ return rsa_cms_sign(arg2); ++ else if (arg1 == 1) ++ return rsa_cms_verify(arg2); ++ break; ++ ++ case ASN1_PKEY_CTRL_CMS_ENVELOPE: ++ if (arg1 == 0) ++ return rsa_cms_encrypt(arg2); ++ else if (arg1 == 1) ++ return rsa_cms_decrypt(arg2); ++ break; ++ ++ case ASN1_PKEY_CTRL_CMS_RI_TYPE: ++ *(int *)arg2 = CMS_RECIPINFO_TRANS; ++ return 1; ++#endif ++ ++ case ASN1_PKEY_CTRL_DEFAULT_MD_NID: ++ *(int *)arg2 = NID_sha256; ++ return 1; ++ ++ default: ++ return -2; ++ ++ } ++ ++ if (alg) ++ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); ++ ++ return 1; ++ ++} ++ ++/* allocate and set algorithm ID from EVP_MD, default SHA1 */ ++static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) ++{ ++ if (EVP_MD_type(md) == NID_sha1) ++ return 1; ++ *palg = X509_ALGOR_new(); ++ if (!*palg) ++ return 0; ++ X509_ALGOR_set_md(*palg, md); ++ return 1; ++} ++ ++/* Allocate and set MGF1 algorithm ID from EVP_MD */ ++static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) ++{ ++ X509_ALGOR *algtmp = NULL; ++ ASN1_STRING *stmp = NULL; ++ *palg = NULL; ++ if (EVP_MD_type(mgf1md) == NID_sha1) ++ return 1; ++ /* need to embed algorithm ID inside another */ ++ if (!rsa_md_to_algor(&algtmp, mgf1md)) ++ goto err; ++ if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) ++ goto err; ++ *palg = X509_ALGOR_new(); ++ if (!*palg) ++ goto err; ++ X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); ++ stmp = NULL; ++ err: ++ if (stmp) ++ ASN1_STRING_free(stmp); ++ if (algtmp) ++ X509_ALGOR_free(algtmp); ++ if (*palg) ++ return 1; ++ return 0; ++} ++ ++/* convert algorithm ID to EVP_MD, default SHA1 */ ++static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg) ++{ ++ const EVP_MD *md; ++ if (!alg) ++ return EVP_sha1(); ++ md = EVP_get_digestbyobj(alg->algorithm); ++ if (md == NULL) ++ RSAerr(RSA_F_RSA_ALGOR_TO_MD, RSA_R_UNKNOWN_DIGEST); ++ return md; ++} ++ ++/* convert MGF1 algorithm ID to EVP_MD, default SHA1 */ ++static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash) ++{ ++ const EVP_MD *md; ++ if (!alg) ++ return EVP_sha1(); ++ /* Check mask and lookup mask hash algorithm */ ++ if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) { ++ RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_ALGORITHM); ++ return NULL; ++ } ++ if (!maskHash) { ++ RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_PARAMETER); ++ return NULL; ++ } ++ md = EVP_get_digestbyobj(maskHash->algorithm); ++ if (md == NULL) { ++ RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNKNOWN_MASK_DIGEST); ++ return NULL; ++ } ++ return md; ++} ++ ++/* ++ * Convert EVP_PKEY_CTX is PSS mode into corresponding algorithm parameter, ++ * suitable for setting an AlgorithmIdentifier. ++ */ ++ ++static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) ++{ ++ const EVP_MD *sigmd, *mgf1md; ++ RSA_PSS_PARAMS *pss = NULL; ++ ASN1_STRING *os = NULL; ++ EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); ++ int saltlen, rv = 0; ++ if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0) ++ goto err; ++ if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) ++ goto err; ++ if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) ++ goto err; ++ if (saltlen == -1) ++ saltlen = EVP_MD_size(sigmd); ++ else if (saltlen == -2) { ++ saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; ++ if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) ++ saltlen--; ++ } ++ pss = RSA_PSS_PARAMS_new(); ++ if (!pss) ++ goto err; ++ if (saltlen != 20) { ++ pss->saltLength = ASN1_INTEGER_new(); ++ if (!pss->saltLength) ++ goto err; ++ if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) ++ goto err; ++ } ++ if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd)) ++ goto err; ++ if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) ++ goto err; ++ /* Finally create string with pss parameter encoding. */ ++ if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) ++ goto err; ++ rv = 1; ++ err: ++ if (pss) ++ RSA_PSS_PARAMS_free(pss); ++ if (rv) ++ return os; ++ if (os) ++ ASN1_STRING_free(os); ++ return NULL; ++} ++ ++/* ++ * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL ++ * then the EVP_MD_CTX is setup and initalised. If it is NULL parameters are ++ * passed to pkctx instead. ++ */ ++ ++static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, ++ X509_ALGOR *sigalg, EVP_PKEY *pkey) ++{ ++ int rv = -1; ++ int saltlen; ++ const EVP_MD *mgf1md = NULL, *md = NULL; ++ RSA_PSS_PARAMS *pss; ++ X509_ALGOR *maskHash; ++ /* Sanity check: make sure it is PSS */ ++ if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { ++ RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); ++ return -1; ++ } ++ /* Decode PSS parameters */ ++ pss = rsa_pss_decode(sigalg, &maskHash); ++ ++ if (pss == NULL) { ++ RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS); ++ goto err; ++ } ++ mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash); ++ if (!mgf1md) ++ goto err; ++ md = rsa_algor_to_md(pss->hashAlgorithm); ++ if (!md) ++ goto err; ++ ++ if (pss->saltLength) { ++ saltlen = ASN1_INTEGER_get(pss->saltLength); ++ ++ /* ++ * Could perform more salt length sanity checks but the main RSA ++ * routines will trap other invalid values anyway. ++ */ ++ if (saltlen < 0) { ++ RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_SALT_LENGTH); ++ goto err; ++ } ++ } else ++ saltlen = 20; ++ ++ /* ++ * low-level routines support only trailer field 0xbc (value 1) and ++ * PKCS#1 says we should reject any other value anyway. ++ */ ++ if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { ++ RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_TRAILER); ++ goto err; ++ } ++ ++ /* We have all parameters now set up context */ ++ ++ if (pkey) { ++ if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) ++ goto err; ++ } else { ++ const EVP_MD *checkmd; ++ if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0) ++ goto err; ++ if (EVP_MD_type(md) != EVP_MD_type(checkmd)) { ++ RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_DIGEST_DOES_NOT_MATCH); ++ goto err; ++ } ++ } ++ ++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) ++ goto err; ++ ++ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) ++ goto err; ++ ++ if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) ++ goto err; ++ /* Carry on */ ++ rv = 1; ++ ++ err: ++ RSA_PSS_PARAMS_free(pss); ++ if (maskHash) ++ X509_ALGOR_free(maskHash); ++ return rv; ++} ++ ++#ifndef OPENSSL_NO_CMS ++static int rsa_cms_verify(CMS_SignerInfo *si) ++{ ++ int nid, nid2; ++ X509_ALGOR *alg; ++ EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); ++ CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); ++ nid = OBJ_obj2nid(alg->algorithm); ++ if (nid == NID_rsaEncryption) ++ return 1; ++ if (nid == NID_rsassaPss) ++ return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); ++ /* Workaround for some implementation that use a signature OID */ ++ if (OBJ_find_sigid_algs(nid, NULL, &nid2)) { ++ if (nid2 == NID_rsaEncryption) ++ return 1; ++ } ++ return 0; ++} ++#endif ++ ++/* ++ * Customised RSA item verification routine. This is called when a signature ++ * is encountered requiring special handling. We currently only handle PSS. ++ */ ++ ++static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ++ X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, ++ EVP_PKEY *pkey) ++{ ++ /* Sanity check: make sure it is PSS */ ++ if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { ++ RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); ++ return -1; ++ } ++ if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) { ++ /* Carry on */ ++ return 2; ++ } ++ return -1; ++} ++ ++#ifndef OPENSSL_NO_CMS ++static int rsa_cms_sign(CMS_SignerInfo *si) ++{ ++ int pad_mode = RSA_PKCS1_PADDING; ++ X509_ALGOR *alg; ++ EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); ++ ASN1_STRING *os = NULL; ++ CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); ++ if (pkctx) { ++ if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) ++ return 0; ++ } ++ if (pad_mode == RSA_PKCS1_PADDING) { ++ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); ++ return 1; ++ } ++ /* We don't support it */ ++ if (pad_mode != RSA_PKCS1_PSS_PADDING) ++ return 0; ++ os = rsa_ctx_to_pss(pkctx); ++ if (!os) ++ return 0; ++ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os); ++ return 1; ++} ++#endif ++ ++static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ++ X509_ALGOR *alg1, X509_ALGOR *alg2, ++ ASN1_BIT_STRING *sig) ++{ ++ int pad_mode; ++ EVP_PKEY_CTX *pkctx = ctx->pctx; ++ if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) ++ return 0; ++ if (pad_mode == RSA_PKCS1_PADDING) ++ return 2; ++ if (pad_mode == RSA_PKCS1_PSS_PADDING) { ++ ASN1_STRING *os1 = NULL; ++ os1 = rsa_ctx_to_pss(pkctx); ++ if (!os1) ++ return 0; ++ /* Duplicate parameters if we have to */ ++ if (alg2) { ++ ASN1_STRING *os2 = ASN1_STRING_dup(os1); ++ if (!os2) { ++ ASN1_STRING_free(os1); ++ return 0; ++ } ++ X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), ++ V_ASN1_SEQUENCE, os2); ++ } ++ X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), ++ V_ASN1_SEQUENCE, os1); ++ return 3; ++ } ++ return 2; ++} ++ ++static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, ++ X509_ALGOR **pmaskHash) ++{ ++ const unsigned char *p; ++ int plen; ++ RSA_OAEP_PARAMS *pss; ++ ++ *pmaskHash = NULL; ++ ++ if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) ++ return NULL; ++ p = alg->parameter->value.sequence->data; ++ plen = alg->parameter->value.sequence->length; ++ pss = d2i_RSA_OAEP_PARAMS(NULL, &p, plen); ++ ++ if (!pss) ++ return NULL; ++ ++ *pmaskHash = rsa_mgf1_decode(pss->maskGenFunc); ++ ++ return pss; ++} ++ ++#ifndef OPENSSL_NO_CMS ++static int rsa_cms_decrypt(CMS_RecipientInfo *ri) ++{ ++ EVP_PKEY_CTX *pkctx; ++ X509_ALGOR *cmsalg; ++ int nid; ++ int rv = -1; ++ unsigned char *label = NULL; ++ int labellen = 0; ++ const EVP_MD *mgf1md = NULL, *md = NULL; ++ RSA_OAEP_PARAMS *oaep; ++ X509_ALGOR *maskHash; ++ pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); ++ if (!pkctx) ++ return 0; ++ if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg)) ++ return -1; ++ nid = OBJ_obj2nid(cmsalg->algorithm); ++ if (nid == NID_rsaEncryption) ++ return 1; ++ if (nid != NID_rsaesOaep) { ++ RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE); ++ return -1; ++ } ++ /* Decode OAEP parameters */ ++ oaep = rsa_oaep_decode(cmsalg, &maskHash); ++ ++ if (oaep == NULL) { ++ RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS); ++ goto err; ++ } ++ ++ mgf1md = rsa_mgf1_to_md(oaep->maskGenFunc, maskHash); ++ if (!mgf1md) ++ goto err; ++ md = rsa_algor_to_md(oaep->hashFunc); ++ if (!md) ++ goto err; ++ ++ if (oaep->pSourceFunc) { ++ X509_ALGOR *plab = oaep->pSourceFunc; ++ if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { ++ RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE); ++ goto err; ++ } ++ if (plab->parameter->type != V_ASN1_OCTET_STRING) { ++ RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL); ++ goto err; ++ } ++ ++ label = plab->parameter->value.octet_string->data; ++ /* Stop label being freed when OAEP parameters are freed */ ++ plab->parameter->value.octet_string->data = NULL; ++ labellen = plab->parameter->value.octet_string->length; ++ } ++ ++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) ++ goto err; ++ if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0) ++ goto err; ++ if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) ++ goto err; ++ if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) ++ goto err; ++ /* Carry on */ ++ rv = 1; ++ ++ err: ++ RSA_OAEP_PARAMS_free(oaep); ++ if (maskHash) ++ X509_ALGOR_free(maskHash); ++ return rv; ++} ++#endif ++ ++#ifndef OPENSSL_NO_CMS ++static int rsa_cms_encrypt(CMS_RecipientInfo *ri) ++{ ++ const EVP_MD *md, *mgf1md; ++ RSA_OAEP_PARAMS *oaep = NULL; ++ ASN1_STRING *os = NULL; ++ X509_ALGOR *alg; ++ EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); ++ int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; ++ unsigned char *label; ++ CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg); ++ if (pkctx) { ++ if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) ++ return 0; ++ } ++ if (pad_mode == RSA_PKCS1_PADDING) { ++ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); ++ return 1; ++ } ++ /* Not supported */ ++ if (pad_mode != RSA_PKCS1_OAEP_PADDING) ++ return 0; ++ if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0) ++ goto err; ++ if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) ++ goto err; ++ labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label); ++ if (labellen < 0) ++ goto err; ++ oaep = RSA_OAEP_PARAMS_new(); ++ if (!oaep) ++ goto err; ++ if (!rsa_md_to_algor(&oaep->hashFunc, md)) ++ goto err; ++ if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) ++ goto err; ++ if (labellen > 0) { ++ ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new(); ++ oaep->pSourceFunc = X509_ALGOR_new(); ++ if (!oaep->pSourceFunc) ++ goto err; ++ if (!los) ++ goto err; ++ if (!ASN1_OCTET_STRING_set(los, label, labellen)) { ++ ASN1_OCTET_STRING_free(los); ++ goto err; ++ } ++ X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), ++ V_ASN1_OCTET_STRING, los); ++ } ++ /* create string with pss parameter encoding. */ ++ if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os)) ++ goto err; ++ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os); ++ os = NULL; ++ rv = 1; ++ err: ++ if (oaep) ++ RSA_OAEP_PARAMS_free(oaep); ++ if (os) ++ ASN1_STRING_free(os); ++ return rv; ++} ++#endif ++ ++const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { ++ { ++ EVP_PKEY_RSA, ++ EVP_PKEY_RSA, ++ ASN1_PKEY_SIGPARAM_NULL, ++ ++ "RSA", ++ "OpenSSL RSA method", ++ ++ rsa_pub_decode, ++ rsa_pub_encode, ++ rsa_pub_cmp, ++ rsa_pub_print, ++ ++ rsa_priv_decode, ++ rsa_priv_encode, ++ rsa_priv_print, ++ ++ int_rsa_size, ++ rsa_bits, ++ ++ 0, 0, 0, 0, 0, 0, ++ ++ rsa_sig_print, ++ int_rsa_free, ++ rsa_pkey_ctrl, ++ old_rsa_priv_decode, ++ old_rsa_priv_encode, ++ rsa_item_verify, ++ rsa_item_sign}, ++ ++ { ++ EVP_PKEY_RSA2, ++ EVP_PKEY_RSA, ++ ASN1_PKEY_ALIAS} ++}; +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c +index 5286321..aff8b58 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c +@@ -4,7 +4,7 @@ + * 2000. + */ + /* ==================================================================== +- * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -61,22 +61,12 @@ + #include "cryptlib.h" + #include + #include ++#include + #include + +-static ASN1_METHOD method = { +- (I2D_OF(void)) i2d_RSAPrivateKey, +- (D2I_OF(void)) d2i_RSAPrivateKey, +- (void *(*)(void))RSA_new, +- (void (*)(void *))RSA_free +-}; +- +-ASN1_METHOD *RSAPrivateKey_asn1_meth(void) +-{ +- return (&method); +-} +- + /* Override the default free and new methods */ +-static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ++static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) + { + if (operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)RSA_new(); +@@ -109,6 +99,23 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { + ASN1_SIMPLE(RSA, e, BIGNUM), + } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) + ++ASN1_SEQUENCE(RSA_PSS_PARAMS) = { ++ ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), ++ ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1), ++ ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2), ++ ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3) ++} ASN1_SEQUENCE_END(RSA_PSS_PARAMS) ++ ++IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS) ++ ++ASN1_SEQUENCE(RSA_OAEP_PARAMS) = { ++ ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0), ++ ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1), ++ ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2), ++} ASN1_SEQUENCE_END(RSA_OAEP_PARAMS) ++ ++IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) ++ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) + + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey) +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c +index 67724f8..f438386 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c +@@ -59,6 +59,11 @@ int RSA_check_key(const RSA *key) + int r; + int ret = 1; + ++ if (!key->p || !key->q || !key->n || !key->e || !key->d) { ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING); ++ return 0; ++ } ++ + i = BN_new(); + j = BN_new(); + k = BN_new(); +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c +new file mode 100644 +index 0000000..5c416b5 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c +@@ -0,0 +1,247 @@ ++/* crypto/rsa/rsa_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++ ++int RSA_size(const RSA *r) ++{ ++ return (BN_num_bytes(r->n)); ++} ++ ++int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, ++ RSA *rsa, int padding) ++{ ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif ++ return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); ++} ++ ++int RSA_private_encrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding) ++{ ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif ++ return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); ++} ++ ++int RSA_private_decrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding) ++{ ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif ++ return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); ++} ++ ++int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, ++ RSA *rsa, int padding) ++{ ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif ++ return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); ++} ++ ++int RSA_flags(const RSA *r) ++{ ++ return ((r == NULL) ? 0 : r->meth->flags); ++} ++ ++void RSA_blinding_off(RSA *rsa) ++{ ++ if (rsa->blinding != NULL) { ++ BN_BLINDING_free(rsa->blinding); ++ rsa->blinding = NULL; ++ } ++ rsa->flags &= ~RSA_FLAG_BLINDING; ++ rsa->flags |= RSA_FLAG_NO_BLINDING; ++} ++ ++int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) ++{ ++ int ret = 0; ++ ++ if (rsa->blinding != NULL) ++ RSA_blinding_off(rsa); ++ ++ rsa->blinding = RSA_setup_blinding(rsa, ctx); ++ if (rsa->blinding == NULL) ++ goto err; ++ ++ rsa->flags |= RSA_FLAG_BLINDING; ++ rsa->flags &= ~RSA_FLAG_NO_BLINDING; ++ ret = 1; ++ err: ++ return (ret); ++} ++ ++static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, ++ const BIGNUM *q, BN_CTX *ctx) ++{ ++ BIGNUM *ret = NULL, *r0, *r1, *r2; ++ ++ if (d == NULL || p == NULL || q == NULL) ++ return NULL; ++ ++ BN_CTX_start(ctx); ++ r0 = BN_CTX_get(ctx); ++ r1 = BN_CTX_get(ctx); ++ r2 = BN_CTX_get(ctx); ++ if (r2 == NULL) ++ goto err; ++ ++ if (!BN_sub(r1, p, BN_value_one())) ++ goto err; ++ if (!BN_sub(r2, q, BN_value_one())) ++ goto err; ++ if (!BN_mul(r0, r1, r2, ctx)) ++ goto err; ++ ++ ret = BN_mod_inverse(NULL, d, r0, ctx); ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} ++ ++BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) ++{ ++ BIGNUM local_n; ++ BIGNUM *e, *n; ++ BN_CTX *ctx; ++ BN_BLINDING *ret = NULL; ++ ++ if (in_ctx == NULL) { ++ if ((ctx = BN_CTX_new()) == NULL) ++ return 0; ++ } else ++ ctx = in_ctx; ++ ++ BN_CTX_start(ctx); ++ e = BN_CTX_get(ctx); ++ if (e == NULL) { ++ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (rsa->e == NULL) { ++ e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); ++ if (e == NULL) { ++ RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); ++ goto err; ++ } ++ } else ++ e = rsa->e; ++ ++ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) { ++ /* ++ * if PRNG is not properly seeded, resort to secret exponent as ++ * unpredictable seed ++ */ ++ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ /* Set BN_FLG_CONSTTIME flag */ ++ n = &local_n; ++ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); ++ } else ++ n = rsa->n; ++ ++ ret = BN_BLINDING_create_param(NULL, e, n, ctx, ++ rsa->meth->bn_mod_exp, rsa->_method_mod_n); ++ if (ret == NULL) { ++ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); ++ goto err; ++ } ++ CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); ++ err: ++ BN_CTX_end(ctx); ++ if (in_ctx == NULL) ++ BN_CTX_free(ctx); ++ if (rsa->e == NULL) ++ BN_free(e); ++ ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c +index 57b5d25..b147fff 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c +@@ -115,7 +115,7 @@ + #include + #include + +-#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) ++#ifndef RSA_NULL + + static int RSA_eay_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +@@ -257,6 +257,7 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) + { + BN_BLINDING *ret; + int got_write_lock = 0; ++ CRYPTO_THREADID cur; + + CRYPTO_r_lock(CRYPTO_LOCK_RSA); + +@@ -273,7 +274,8 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) + if (ret == NULL) + goto err; + +- if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) { ++ CRYPTO_THREADID_current(&cur); ++ if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) { + /* rsa->blinding is ours! */ + + *local = 1; +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c +deleted file mode 100644 +index e1f8a52..0000000 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c ++++ /dev/null +@@ -1,357 +0,0 @@ +-/* crypto/rsa/rsa_lib.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +- +-const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT; +- +-static const RSA_METHOD *default_RSA_meth = NULL; +- +-RSA *RSA_new(void) +-{ +- RSA *r = RSA_new_method(NULL); +- +- return r; +-} +- +-void RSA_set_default_method(const RSA_METHOD *meth) +-{ +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { +- RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD); +- return; +- } +-#endif +- default_RSA_meth = meth; +-} +- +-const RSA_METHOD *RSA_get_default_method(void) +-{ +- if (default_RSA_meth == NULL) { +-#ifdef RSA_NULL +- default_RSA_meth = RSA_null_method(); +-#else +-# if 0 /* was: #ifdef RSAref */ +- default_RSA_meth = RSA_PKCS1_RSAref(); +-# else +- default_RSA_meth = RSA_PKCS1_SSLeay(); +-# endif +-#endif +- } +- +- return default_RSA_meth; +-} +- +-const RSA_METHOD *RSA_get_method(const RSA *rsa) +-{ +- return rsa->meth; +-} +- +-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) +-{ +- /* +- * NB: The caller is specifically setting a method, so it's not up to us +- * to deal with which ENGINE it comes from. +- */ +- const RSA_METHOD *mtmp; +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { +- RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD); +- return 0; +- } +-#endif +- mtmp = rsa->meth; +- if (mtmp->finish) +- mtmp->finish(rsa); +-#ifndef OPENSSL_NO_ENGINE +- if (rsa->engine) { +- ENGINE_finish(rsa->engine); +- rsa->engine = NULL; +- } +-#endif +- rsa->meth = meth; +- if (meth->init) +- meth->init(rsa); +- return 1; +-} +- +-RSA *RSA_new_method(ENGINE *engine) +-{ +- RSA *ret; +- +- ret = (RSA *)OPENSSL_malloc(sizeof(RSA)); +- if (ret == NULL) { +- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- ret->meth = RSA_get_default_method(); +-#ifndef OPENSSL_NO_ENGINE +- if (engine) { +- if (!ENGINE_init(engine)) { +- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); +- OPENSSL_free(ret); +- return NULL; +- } +- ret->engine = engine; +- } else +- ret->engine = ENGINE_get_default_RSA(); +- if (ret->engine) { +- ret->meth = ENGINE_get_RSA(ret->engine); +- if (!ret->meth) { +- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); +- ENGINE_finish(ret->engine); +- OPENSSL_free(ret); +- return NULL; +- } +- } +-#endif +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) { +- RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD); +-# ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); +-# endif +- OPENSSL_free(ret); +- return NULL; +- } +-#endif +- +- ret->pad = 0; +- ret->version = 0; +- ret->n = NULL; +- ret->e = NULL; +- ret->d = NULL; +- ret->p = NULL; +- ret->q = NULL; +- ret->dmp1 = NULL; +- ret->dmq1 = NULL; +- ret->iqmp = NULL; +- ret->references = 1; +- ret->_method_mod_n = NULL; +- ret->_method_mod_p = NULL; +- ret->_method_mod_q = NULL; +- ret->blinding = NULL; +- ret->mt_blinding = NULL; +- ret->bignum_data = NULL; +- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; +- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { +-#ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); +-#endif +- OPENSSL_free(ret); +- return (NULL); +- } +- +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +-#ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); +-#endif +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); +- OPENSSL_free(ret); +- ret = NULL; +- } +- return (ret); +-} +- +-void RSA_free(RSA *r) +-{ +- int i; +- +- if (r == NULL) +- return; +- +- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA); +-#ifdef REF_PRINT +- REF_PRINT("RSA", r); +-#endif +- if (i > 0) +- return; +-#ifdef REF_CHECK +- if (i < 0) { +- fprintf(stderr, "RSA_free, bad reference count\n"); +- abort(); +- } +-#endif +- +- if (r->meth->finish) +- r->meth->finish(r); +-#ifndef OPENSSL_NO_ENGINE +- if (r->engine) +- ENGINE_finish(r->engine); +-#endif +- +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); +- +- if (r->n != NULL) +- BN_clear_free(r->n); +- if (r->e != NULL) +- BN_clear_free(r->e); +- if (r->d != NULL) +- BN_clear_free(r->d); +- if (r->p != NULL) +- BN_clear_free(r->p); +- if (r->q != NULL) +- BN_clear_free(r->q); +- if (r->dmp1 != NULL) +- BN_clear_free(r->dmp1); +- if (r->dmq1 != NULL) +- BN_clear_free(r->dmq1); +- if (r->iqmp != NULL) +- BN_clear_free(r->iqmp); +- if (r->blinding != NULL) +- BN_BLINDING_free(r->blinding); +- if (r->mt_blinding != NULL) +- BN_BLINDING_free(r->mt_blinding); +- if (r->bignum_data != NULL) +- OPENSSL_free_locked(r->bignum_data); +- OPENSSL_free(r); +-} +- +-int RSA_up_ref(RSA *r) +-{ +- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); +-#ifdef REF_PRINT +- REF_PRINT("RSA", r); +-#endif +-#ifdef REF_CHECK +- if (i < 2) { +- fprintf(stderr, "RSA_up_ref, bad reference count\n"); +- abort(); +- } +-#endif +- return ((i > 1) ? 1 : 0); +-} +- +-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +-{ +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, +- new_func, dup_func, free_func); +-} +- +-int RSA_set_ex_data(RSA *r, int idx, void *arg) +-{ +- return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); +-} +- +-void *RSA_get_ex_data(const RSA *r, int idx) +-{ +- return (CRYPTO_get_ex_data(&r->ex_data, idx)); +-} +- +-int RSA_flags(const RSA *r) +-{ +- return ((r == NULL) ? 0 : r->meth->flags); +-} +- +-int RSA_memory_lock(RSA *r) +-{ +- int i, j, k, off; +- char *p; +- BIGNUM *bn, **t[6], *b; +- BN_ULONG *ul; +- +- if (r->d == NULL) +- return (1); +- t[0] = &r->d; +- t[1] = &r->p; +- t[2] = &r->q; +- t[3] = &r->dmp1; +- t[4] = &r->dmq1; +- t[5] = &r->iqmp; +- k = sizeof(BIGNUM) * 6; +- off = k / sizeof(BN_ULONG) + 1; +- j = 1; +- for (i = 0; i < 6; i++) +- j += (*t[i])->top; +- if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) { +- RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE); +- return (0); +- } +- bn = (BIGNUM *)p; +- ul = (BN_ULONG *)&(p[off]); +- for (i = 0; i < 6; i++) { +- b = *(t[i]); +- *(t[i]) = &(bn[i]); +- memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM)); +- bn[i].flags = BN_FLG_STATIC_DATA; +- bn[i].d = ul; +- memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top); +- ul += b->top; +- BN_clear_free(b); +- } +- +- /* I should fix this so it can still be done */ +- r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC); +- +- r->bignum_data = p; +- return (1); +-} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c +index 4457c42..0bab05e 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c +@@ -1,6 +1,6 @@ + /* crypto/rsa/rsa_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -70,17 +70,29 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) + + static ERR_STRING_DATA RSA_str_functs[] = { +- {ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"}, +- {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"}, ++ {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"}, ++ {ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"}, ++ {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"}, + {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, ++ {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"}, ++ {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "RSA_ALGOR_TO_MD"}, + {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, + {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, ++ {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "RSA_CMS_DECRYPT"}, + {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, + {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, + {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, + {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, + {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, ++ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"}, ++ {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"}, + {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, ++ {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "RSA_MGF1_TO_MD"}, + {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, + {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, + {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, +@@ -91,7 +103,11 @@ static ERR_STRING_DATA RSA_str_functs[] = { + {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, + {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), + "RSA_padding_add_PKCS1_OAEP"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1), ++ "RSA_padding_add_PKCS1_OAEP_mgf1"}, + {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1), ++ "RSA_padding_add_PKCS1_PSS_mgf1"}, + {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), + "RSA_padding_add_PKCS1_type_1"}, + {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), +@@ -101,6 +117,8 @@ static ERR_STRING_DATA RSA_str_functs[] = { + {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"}, + {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), + "RSA_padding_check_PKCS1_OAEP"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1), ++ "RSA_padding_check_PKCS1_OAEP_mgf1"}, + {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), + "RSA_padding_check_PKCS1_type_1"}, + {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), +@@ -109,11 +127,15 @@ static ERR_STRING_DATA RSA_str_functs[] = { + {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, + {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, + {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, ++ {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"}, + {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, ++ {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"}, ++ {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "RSA_PSS_TO_CTX"}, + {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, + {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, +- {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, +- {ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, + {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, + {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), + "RSA_sign_ASN1_OCTET_STRING"}, +@@ -121,6 +143,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { + {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), + "RSA_verify_ASN1_OCTET_STRING"}, + {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, ++ {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"}, + {0, NULL} + }; + +@@ -142,21 +165,35 @@ static ERR_STRING_DATA RSA_str_reasons[] = { + {ERR_REASON(RSA_R_DATA_TOO_SMALL), "data too small"}, + {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), + "data too small for key size"}, ++ {ERR_REASON(RSA_R_DIGEST_DOES_NOT_MATCH), "digest does not match"}, + {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), + "digest too big for rsa key"}, + {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"}, + {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"}, + {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"}, + {ERR_REASON(RSA_R_FIRST_OCTET_INVALID), "first octet invalid"}, ++ {ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), ++ "illegal or unsupported padding mode"}, ++ {ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"}, ++ {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, + {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"}, ++ {ERR_REASON(RSA_R_INVALID_KEYBITS), "invalid keybits"}, ++ {ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"}, + {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"}, ++ {ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"}, ++ {ERR_REASON(RSA_R_INVALID_OAEP_PARAMETERS), "invalid oaep parameters"}, + {ERR_REASON(RSA_R_INVALID_PADDING), "invalid padding"}, ++ {ERR_REASON(RSA_R_INVALID_PADDING_MODE), "invalid padding mode"}, ++ {ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"}, ++ {ERR_REASON(RSA_R_INVALID_PSS_SALTLEN), "invalid pss saltlen"}, ++ {ERR_REASON(RSA_R_INVALID_SALT_LENGTH), "invalid salt length"}, + {ERR_REASON(RSA_R_INVALID_TRAILER), "invalid trailer"}, ++ {ERR_REASON(RSA_R_INVALID_X931_DIGEST), "invalid x931 digest"}, + {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q), "iqmp not inverse of q"}, + {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, + {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, +- {ERR_REASON(RSA_R_NON_FIPS_METHOD), "non fips method"}, ++ {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD), "non fips rsa method"}, + {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, + {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), + "null before block missing"}, +@@ -164,6 +201,8 @@ static ERR_STRING_DATA RSA_str_reasons[] = { + {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, + {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), + "operation not allowed in fips mode"}, ++ {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), ++ "operation not supported for this keytype"}, + {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, + {ERR_REASON(RSA_R_PKCS_DECODING_ERROR), "pkcs decoding error"}, + {ERR_REASON(RSA_R_P_NOT_PRIME), "p not prime"}, +@@ -176,7 +215,20 @@ static ERR_STRING_DATA RSA_str_reasons[] = { + {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), + "the asn1 object identifier is not known for this md"}, + {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"}, ++ {ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"}, ++ {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"}, + {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"}, ++ {ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST), "unknown pss digest"}, ++ {ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE), ++ "unsupported encryption type"}, ++ {ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"}, ++ {ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM), ++ "unsupported mask algorithm"}, ++ {ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER), ++ "unsupported mask parameter"}, ++ {ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE), ++ "unsupported signature type"}, ++ {ERR_REASON(RSA_R_VALUE_MISSING), "value missing"}, + {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, + {0, NULL} + }; +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c +index 5522827..2465fbd 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c +@@ -67,8 +67,9 @@ + #include "cryptlib.h" + #include + #include +- +-#ifndef OPENSSL_FIPS ++#ifdef OPENSSL_FIPS ++# include ++#endif + + static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + BN_GENCB *cb); +@@ -82,8 +83,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + */ + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif + if (rsa->meth->rsa_keygen) + return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); ++#endif + return rsa_builtin_keygen(rsa, bits, e_value, cb); + } + +@@ -234,5 +246,3 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + + return ok; + } +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c +index 6638728..a6805de 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c +@@ -67,162 +67,270 @@ + # include + #endif + +-int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, +- RSA *rsa, int padding) ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ ++const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT; ++ ++static const RSA_METHOD *default_RSA_meth = NULL; ++ ++RSA *RSA_new(void) + { +- return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); ++ RSA *r = RSA_new_method(NULL); ++ ++ return r; + } + +-int RSA_private_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) ++void RSA_set_default_method(const RSA_METHOD *meth) + { ++ default_RSA_meth = meth; ++} ++ ++const RSA_METHOD *RSA_get_default_method(void) ++{ ++ if (default_RSA_meth == NULL) { + #ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { +- RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, +- RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } ++ if (FIPS_mode()) ++ return FIPS_rsa_pkcs1_ssleay(); ++ else ++ return RSA_PKCS1_SSLeay(); ++#else ++# ifdef RSA_NULL ++ default_RSA_meth = RSA_null_method(); ++# else ++ default_RSA_meth = RSA_PKCS1_SSLeay(); ++# endif + #endif +- return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); ++ } ++ ++ return default_RSA_meth; + } + +-int RSA_private_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) ++const RSA_METHOD *RSA_get_method(const RSA *rsa) + { +- return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); ++ return rsa->meth; + } + +-int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, +- RSA *rsa, int padding) ++int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) + { +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { +- RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, +- RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; ++ /* ++ * NB: The caller is specifically setting a method, so it's not up to us ++ * to deal with which ENGINE it comes from. ++ */ ++ const RSA_METHOD *mtmp; ++ mtmp = rsa->meth; ++ if (mtmp->finish) ++ mtmp->finish(rsa); ++#ifndef OPENSSL_NO_ENGINE ++ if (rsa->engine) { ++ ENGINE_finish(rsa->engine); ++ rsa->engine = NULL; + } + #endif +- return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); ++ rsa->meth = meth; ++ if (meth->init) ++ meth->init(rsa); ++ return 1; + } + +-int RSA_size(const RSA *r) ++RSA *RSA_new_method(ENGINE *engine) + { +- return (BN_num_bytes(r->n)); +-} ++ RSA *ret; + +-void RSA_blinding_off(RSA *rsa) +-{ +- if (rsa->blinding != NULL) { +- BN_BLINDING_free(rsa->blinding); +- rsa->blinding = NULL; ++ ret = (RSA *)OPENSSL_malloc(sizeof(RSA)); ++ if (ret == NULL) { ++ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ ret->meth = RSA_get_default_method(); ++#ifndef OPENSSL_NO_ENGINE ++ if (engine) { ++ if (!ENGINE_init(engine)) { ++ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ ret->engine = engine; ++ } else ++ ret->engine = ENGINE_get_default_RSA(); ++ if (ret->engine) { ++ ret->meth = ENGINE_get_RSA(ret->engine); ++ if (!ret->meth) { ++ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); ++ ENGINE_finish(ret->engine); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ } ++#endif ++ ++ ret->pad = 0; ++ ret->version = 0; ++ ret->n = NULL; ++ ret->e = NULL; ++ ret->d = NULL; ++ ret->p = NULL; ++ ret->q = NULL; ++ ret->dmp1 = NULL; ++ ret->dmq1 = NULL; ++ ret->iqmp = NULL; ++ ret->references = 1; ++ ret->_method_mod_n = NULL; ++ ret->_method_mod_p = NULL; ++ ret->_method_mod_q = NULL; ++ ret->blinding = NULL; ++ ret->mt_blinding = NULL; ++ ret->bignum_data = NULL; ++ ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { ++#ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) ++ ENGINE_finish(ret->engine); ++#endif ++ OPENSSL_free(ret); ++ return (NULL); ++ } ++ ++ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ++#ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) ++ ENGINE_finish(ret->engine); ++#endif ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); ++ OPENSSL_free(ret); ++ ret = NULL; + } +- rsa->flags &= ~RSA_FLAG_BLINDING; +- rsa->flags |= RSA_FLAG_NO_BLINDING; ++ return (ret); + } + +-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) ++void RSA_free(RSA *r) + { +- int ret = 0; ++ int i; + +- if (rsa->blinding != NULL) +- RSA_blinding_off(rsa); ++ if (r == NULL) ++ return; + +- rsa->blinding = RSA_setup_blinding(rsa, ctx); +- if (rsa->blinding == NULL) +- goto err; ++ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA); ++#ifdef REF_PRINT ++ REF_PRINT("RSA", r); ++#endif ++ if (i > 0) ++ return; ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "RSA_free, bad reference count\n"); ++ abort(); ++ } ++#endif + +- rsa->flags |= RSA_FLAG_BLINDING; +- rsa->flags &= ~RSA_FLAG_NO_BLINDING; +- ret = 1; +- err: +- return (ret); ++ if (r->meth->finish) ++ r->meth->finish(r); ++#ifndef OPENSSL_NO_ENGINE ++ if (r->engine) ++ ENGINE_finish(r->engine); ++#endif ++ ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); ++ ++ if (r->n != NULL) ++ BN_clear_free(r->n); ++ if (r->e != NULL) ++ BN_clear_free(r->e); ++ if (r->d != NULL) ++ BN_clear_free(r->d); ++ if (r->p != NULL) ++ BN_clear_free(r->p); ++ if (r->q != NULL) ++ BN_clear_free(r->q); ++ if (r->dmp1 != NULL) ++ BN_clear_free(r->dmp1); ++ if (r->dmq1 != NULL) ++ BN_clear_free(r->dmq1); ++ if (r->iqmp != NULL) ++ BN_clear_free(r->iqmp); ++ if (r->blinding != NULL) ++ BN_BLINDING_free(r->blinding); ++ if (r->mt_blinding != NULL) ++ BN_BLINDING_free(r->mt_blinding); ++ if (r->bignum_data != NULL) ++ OPENSSL_free_locked(r->bignum_data); ++ OPENSSL_free(r); ++} ++ ++int RSA_up_ref(RSA *r) ++{ ++ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); ++#ifdef REF_PRINT ++ REF_PRINT("RSA", r); ++#endif ++#ifdef REF_CHECK ++ if (i < 2) { ++ fprintf(stderr, "RSA_up_ref, bad reference count\n"); ++ abort(); ++ } ++#endif ++ return ((i > 1) ? 1 : 0); + } + +-static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, +- const BIGNUM *q, BN_CTX *ctx) ++int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { +- BIGNUM *ret = NULL, *r0, *r1, *r2; ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, ++ new_func, dup_func, free_func); ++} + +- if (d == NULL || p == NULL || q == NULL) +- return NULL; ++int RSA_set_ex_data(RSA *r, int idx, void *arg) ++{ ++ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); ++} + +- BN_CTX_start(ctx); +- r0 = BN_CTX_get(ctx); +- r1 = BN_CTX_get(ctx); +- r2 = BN_CTX_get(ctx); +- if (r2 == NULL) +- goto err; +- +- if (!BN_sub(r1, p, BN_value_one())) +- goto err; +- if (!BN_sub(r2, q, BN_value_one())) +- goto err; +- if (!BN_mul(r0, r1, r2, ctx)) +- goto err; +- +- ret = BN_mod_inverse(NULL, d, r0, ctx); +- err: +- BN_CTX_end(ctx); +- return ret; ++void *RSA_get_ex_data(const RSA *r, int idx) ++{ ++ return (CRYPTO_get_ex_data(&r->ex_data, idx)); + } + +-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) ++int RSA_memory_lock(RSA *r) + { +- BIGNUM local_n; +- BIGNUM *e, *n; +- BN_CTX *ctx; +- BN_BLINDING *ret = NULL; +- +- if (in_ctx == NULL) { +- if ((ctx = BN_CTX_new()) == NULL) +- return 0; +- } else +- ctx = in_ctx; ++ int i, j, k, off; ++ char *p; ++ BIGNUM *bn, **t[6], *b; ++ BN_ULONG *ul; + +- BN_CTX_start(ctx); +- e = BN_CTX_get(ctx); +- if (e == NULL) { +- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); +- goto err; ++ if (r->d == NULL) ++ return (1); ++ t[0] = &r->d; ++ t[1] = &r->p; ++ t[2] = &r->q; ++ t[3] = &r->dmp1; ++ t[4] = &r->dmq1; ++ t[5] = &r->iqmp; ++ k = sizeof(BIGNUM) * 6; ++ off = k / sizeof(BN_ULONG) + 1; ++ j = 1; ++ for (i = 0; i < 6; i++) ++ j += (*t[i])->top; ++ if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) { ++ RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE); ++ return (0); + } +- +- if (rsa->e == NULL) { +- e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); +- if (e == NULL) { +- RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); +- goto err; +- } +- } else +- e = rsa->e; +- +- if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) { +- /* +- * if PRNG is not properly seeded, resort to secret exponent as +- * unpredictable seed +- */ +- RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); ++ bn = (BIGNUM *)p; ++ ul = (BN_ULONG *)&(p[off]); ++ for (i = 0; i < 6; i++) { ++ b = *(t[i]); ++ *(t[i]) = &(bn[i]); ++ memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM)); ++ bn[i].flags = BN_FLG_STATIC_DATA; ++ bn[i].d = ul; ++ memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top); ++ ul += b->top; ++ BN_clear_free(b); + } + +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { +- /* Set BN_FLG_CONSTTIME flag */ +- n = &local_n; +- BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); +- } else +- n = rsa->n; ++ /* I should fix this so it can still be done */ ++ r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC); + +- ret = BN_BLINDING_create_param(NULL, e, n, ctx, +- rsa->meth->bn_mod_exp, rsa->_method_mod_n); +- if (ret == NULL) { +- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); +- goto err; +- } +- BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); +- err: +- BN_CTX_end(ctx); +- if (in_ctx == NULL) +- BN_CTX_free(ctx); +- if (rsa->e == NULL) +- BN_free(e); +- +- return ret; ++ r->bignum_data = p; ++ return (1); + } +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h b/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h +new file mode 100644 +index 0000000..3e88187 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h +@@ -0,0 +1,4 @@ ++extern int int_rsa_verify(int dtype, const unsigned char *m, ++ unsigned int m_len, unsigned char *rm, ++ size_t *prm_len, const unsigned char *sigbuf, ++ size_t siglen, RSA *rsa); +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +index c2d4955..9c2a943 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +@@ -28,38 +28,53 @@ + # include + # include + +-int MGF1(unsigned char *mask, long len, +- const unsigned char *seed, long seedlen); +- + int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen) + { ++ return RSA_padding_add_PKCS1_OAEP_mgf1(to, tlen, from, flen, ++ param, plen, NULL, NULL); ++} ++ ++int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, int plen, ++ const EVP_MD *md, const EVP_MD *mgf1md) ++{ + int i, emlen = tlen - 1; + unsigned char *db, *seed; +- unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; ++ unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE]; ++ int mdlen; ++ ++ if (md == NULL) ++ md = EVP_sha1(); ++ if (mgf1md == NULL) ++ mgf1md = md; + +- if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ++ mdlen = EVP_MD_size(md); ++ ++ if (flen > emlen - 2 * mdlen - 1) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return 0; + } + +- if (emlen < 2 * SHA_DIGEST_LENGTH + 1) { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); ++ if (emlen < 2 * mdlen + 1) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ++ RSA_R_KEY_SIZE_TOO_SMALL); + return 0; + } + + to[0] = 0; + seed = to + 1; +- db = to + SHA_DIGEST_LENGTH + 1; +- +- EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); +- memset(db + SHA_DIGEST_LENGTH, 0, +- emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); +- db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; +- memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int)flen); +- if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) ++ db = to + mdlen + 1; ++ ++ if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL)) ++ return 0; ++ memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1); ++ db[emlen - flen - mdlen - 1] = 0x01; ++ memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); ++ if (RAND_bytes(seed, mdlen) <= 0) + return 0; + # ifdef PKCS_TESTVECT + memcpy(seed, +@@ -67,18 +82,20 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + 20); + # endif + +- dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); ++ dbmask = OPENSSL_malloc(emlen - mdlen); + if (dbmask == NULL) { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE); + return 0; + } + +- MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); +- for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) ++ if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0) ++ return 0; ++ for (i = 0; i < emlen - mdlen; i++) + db[i] ^= dbmask[i]; + +- MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); +- for (i = 0; i < SHA_DIGEST_LENGTH; i++) ++ if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0) ++ return 0; ++ for (i = 0; i < mdlen; i++) + seed[i] ^= seedmask[i]; + + OPENSSL_free(dbmask); +@@ -89,6 +106,16 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *from, int flen, int num, + const unsigned char *param, int plen) + { ++ return RSA_padding_check_PKCS1_OAEP_mgf1(to, tlen, from, flen, num, ++ param, plen, NULL, NULL); ++} ++ ++int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ int num, const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md) ++{ + int i, dblen, mlen = -1, one_index = 0, msg_index; + unsigned int good, found_one_byte; + const unsigned char *maskedseed, *maskeddb; +@@ -98,26 +125,33 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + */ + unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE], + phash[EVP_MAX_MD_SIZE]; ++ int mdlen; ++ ++ if (md == NULL) ++ md = EVP_sha1(); ++ if (mgf1md == NULL) ++ mgf1md = md; ++ ++ mdlen = EVP_MD_size(md); + + if (tlen <= 0 || flen <= 0) + return -1; +- + /* + * |num| is the length of the modulus; |flen| is the length of the + * encoded message. Therefore, for any |from| that was obtained by + * decrypting a ciphertext, we must have |flen| <= |num|. Similarly, +- * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus +- * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2. ++ * num < 2 * mdlen + 2 must hold for the modulus irrespective of ++ * the ciphertext, see PKCS #1 v2.2, section 7.1.2. + * This does not leak any side-channel information. + */ +- if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2) ++ if (num < flen || num < 2 * mdlen + 2) + goto decoding_err; + +- dblen = num - SHA_DIGEST_LENGTH - 1; ++ dblen = num - mdlen - 1; + db = OPENSSL_malloc(dblen); + em = OPENSSL_malloc(num); + if (db == NULL || em == NULL) { +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + +@@ -140,23 +174,25 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + good = constant_time_is_zero(em[0]); + + maskedseed = em + 1; +- maskeddb = em + 1 + SHA_DIGEST_LENGTH; ++ maskeddb = em + 1 + mdlen; + +- MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); +- for (i = 0; i < SHA_DIGEST_LENGTH; i++) ++ if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) ++ goto cleanup; ++ for (i = 0; i < mdlen; i++) + seed[i] ^= maskedseed[i]; + +- MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); ++ if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) ++ goto cleanup; + for (i = 0; i < dblen; i++) + db[i] ^= maskeddb[i]; + +- EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); ++ if (!EVP_Digest((void *)param, plen, phash, NULL, md, NULL)) ++ goto cleanup; + +- good &= +- constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH)); ++ good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, mdlen)); + + found_one_byte = 0; +- for (i = SHA_DIGEST_LENGTH; i < dblen; i++) { ++ for (i = mdlen; i < dblen; i++) { + /* + * Padding consists of a number of 0-bytes, followed by a 1. + */ +@@ -182,7 +218,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + mlen = dblen - msg_index; + + if (tlen < mlen) { +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_DATA_TOO_LARGE); + mlen = -1; + } else { + memcpy(to, db + msg_index, mlen); +@@ -194,7 +230,8 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + * To avoid chosen ciphertext attacks, the error message should not + * reveal which kind of decoding error happened. + */ +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ++ RSA_R_OAEP_DECODING_ERROR); + cleanup: + if (db != NULL) + OPENSSL_free(db); +@@ -211,33 +248,36 @@ int PKCS1_MGF1(unsigned char *mask, long len, + EVP_MD_CTX c; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdlen; ++ int rv = -1; + + EVP_MD_CTX_init(&c); +- mdlen = M_EVP_MD_size(dgst); ++ mdlen = EVP_MD_size(dgst); ++ if (mdlen < 0) ++ goto err; + for (i = 0; outlen < len; i++) { + cnt[0] = (unsigned char)((i >> 24) & 255); + cnt[1] = (unsigned char)((i >> 16) & 255); + cnt[2] = (unsigned char)((i >> 8)) & 255; + cnt[3] = (unsigned char)(i & 255); +- EVP_DigestInit_ex(&c, dgst, NULL); +- EVP_DigestUpdate(&c, seed, seedlen); +- EVP_DigestUpdate(&c, cnt, 4); ++ if (!EVP_DigestInit_ex(&c, dgst, NULL) ++ || !EVP_DigestUpdate(&c, seed, seedlen) ++ || !EVP_DigestUpdate(&c, cnt, 4)) ++ goto err; + if (outlen + mdlen <= len) { +- EVP_DigestFinal_ex(&c, mask + outlen, NULL); ++ if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) ++ goto err; + outlen += mdlen; + } else { +- EVP_DigestFinal_ex(&c, md, NULL); ++ if (!EVP_DigestFinal_ex(&c, md, NULL)) ++ goto err; + memcpy(mask + outlen, md, len - outlen); + outlen = len; + } + } ++ rv = 0; ++ err: + EVP_MD_CTX_cleanup(&c); +- return 0; ++ return rv; + } + +-int MGF1(unsigned char *mask, long len, const unsigned char *seed, +- long seedlen) +-{ +- return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); +-} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c +new file mode 100644 +index 0000000..2036355 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c +@@ -0,0 +1,784 @@ ++/* crypto/rsa/rsa_pmeth.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include ++#include ++#ifndef OPENSSL_NO_CMS ++# include ++#endif ++#ifdef OPENSSL_FIPS ++# include ++#endif ++#include "evp_locl.h" ++#include "rsa_locl.h" ++ ++/* RSA pkey context structure */ ++ ++typedef struct { ++ /* Key gen parameters */ ++ int nbits; ++ BIGNUM *pub_exp; ++ /* Keygen callback info */ ++ int gentmp[2]; ++ /* RSA padding mode */ ++ int pad_mode; ++ /* message digest */ ++ const EVP_MD *md; ++ /* message digest for MGF1 */ ++ const EVP_MD *mgf1md; ++ /* PSS salt length */ ++ int saltlen; ++ /* Temp buffer */ ++ unsigned char *tbuf; ++ /* OAEP label */ ++ unsigned char *oaep_label; ++ size_t oaep_labellen; ++} RSA_PKEY_CTX; ++ ++static int pkey_rsa_init(EVP_PKEY_CTX *ctx) ++{ ++ RSA_PKEY_CTX *rctx; ++ rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); ++ if (!rctx) ++ return 0; ++ rctx->nbits = 1024; ++ rctx->pub_exp = NULL; ++ rctx->pad_mode = RSA_PKCS1_PADDING; ++ rctx->md = NULL; ++ rctx->mgf1md = NULL; ++ rctx->tbuf = NULL; ++ ++ rctx->saltlen = -2; ++ ++ rctx->oaep_label = NULL; ++ rctx->oaep_labellen = 0; ++ ++ ctx->data = rctx; ++ ctx->keygen_info = rctx->gentmp; ++ ctx->keygen_info_count = 2; ++ ++ return 1; ++} ++ ++static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) ++{ ++ RSA_PKEY_CTX *dctx, *sctx; ++ if (!pkey_rsa_init(dst)) ++ return 0; ++ sctx = src->data; ++ dctx = dst->data; ++ dctx->nbits = sctx->nbits; ++ if (sctx->pub_exp) { ++ dctx->pub_exp = BN_dup(sctx->pub_exp); ++ if (!dctx->pub_exp) ++ return 0; ++ } ++ dctx->pad_mode = sctx->pad_mode; ++ dctx->md = sctx->md; ++ dctx->mgf1md = sctx->mgf1md; ++ if (sctx->oaep_label) { ++ if (dctx->oaep_label) ++ OPENSSL_free(dctx->oaep_label); ++ dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen); ++ if (!dctx->oaep_label) ++ return 0; ++ dctx->oaep_labellen = sctx->oaep_labellen; ++ } ++ return 1; ++} ++ ++static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) ++{ ++ if (ctx->tbuf) ++ return 1; ++ ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); ++ if (!ctx->tbuf) ++ return 0; ++ return 1; ++} ++ ++static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) ++{ ++ RSA_PKEY_CTX *rctx = ctx->data; ++ if (rctx) { ++ if (rctx->pub_exp) ++ BN_free(rctx->pub_exp); ++ if (rctx->tbuf) ++ OPENSSL_free(rctx->tbuf); ++ if (rctx->oaep_label) ++ OPENSSL_free(rctx->oaep_label); ++ OPENSSL_free(rctx); ++ } ++} ++ ++#ifdef OPENSSL_FIPS ++/* ++ * FIP checker. Return value indicates status of context parameters: 1 : ++ * redirect to FIPS. 0 : don't redirect to FIPS. -1 : illegal operation in ++ * FIPS mode. ++ */ ++ ++static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx) ++{ ++ RSA_PKEY_CTX *rctx = ctx->data; ++ RSA *rsa = ctx->pkey->pkey.rsa; ++ int rv = -1; ++ if (!FIPS_mode()) ++ return 0; ++ if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ rv = 0; ++ if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) ++ return -1; ++ if (rctx->md) { ++ const EVP_MD *fmd; ++ fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md)); ++ if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) ++ return rv; ++ } ++ if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) { ++ const EVP_MD *fmd; ++ fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md)); ++ if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) ++ return rv; ++ } ++ return 1; ++} ++#endif ++ ++static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, ++ size_t *siglen, const unsigned char *tbs, ++ size_t tbslen) ++{ ++ int ret; ++ RSA_PKEY_CTX *rctx = ctx->data; ++ RSA *rsa = ctx->pkey->pkey.rsa; ++ ++#ifdef OPENSSL_FIPS ++ ret = pkey_fips_check_ctx(ctx); ++ if (ret < 0) { ++ RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return -1; ++ } ++#endif ++ ++ if (rctx->md) { ++ if (tbslen != (size_t)EVP_MD_size(rctx->md)) { ++ RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); ++ return -1; ++ } ++#ifdef OPENSSL_FIPS ++ if (ret > 0) { ++ unsigned int slen; ++ ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, ++ rctx->pad_mode, ++ rctx->saltlen, ++ rctx->mgf1md, sig, &slen); ++ if (ret > 0) ++ *siglen = slen; ++ else ++ *siglen = 0; ++ return ret; ++ } ++#endif ++ ++ if (EVP_MD_type(rctx->md) == NID_mdc2) { ++ unsigned int sltmp; ++ if (rctx->pad_mode != RSA_PKCS1_PADDING) ++ return -1; ++ ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, ++ tbs, tbslen, sig, &sltmp, rsa); ++ ++ if (ret <= 0) ++ return ret; ++ ret = sltmp; ++ } else if (rctx->pad_mode == RSA_X931_PADDING) { ++ if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) { ++ RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++ if (!setup_tbuf(rctx, ctx)) { ++ RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ memcpy(rctx->tbuf, tbs, tbslen); ++ rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); ++ ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, ++ sig, rsa, RSA_X931_PADDING); ++ } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { ++ unsigned int sltmp; ++ ret = RSA_sign(EVP_MD_type(rctx->md), ++ tbs, tbslen, sig, &sltmp, rsa); ++ if (ret <= 0) ++ return ret; ++ ret = sltmp; ++ } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { ++ if (!setup_tbuf(rctx, ctx)) ++ return -1; ++ if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, ++ rctx->tbuf, tbs, ++ rctx->md, rctx->mgf1md, ++ rctx->saltlen)) ++ return -1; ++ ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, ++ sig, rsa, RSA_NO_PADDING); ++ } else ++ return -1; ++ } else ++ ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, ++ rctx->pad_mode); ++ if (ret < 0) ++ return ret; ++ *siglen = ret; ++ return 1; ++} ++ ++static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, ++ unsigned char *rout, size_t *routlen, ++ const unsigned char *sig, size_t siglen) ++{ ++ int ret; ++ RSA_PKEY_CTX *rctx = ctx->data; ++ ++ if (rctx->md) { ++ if (rctx->pad_mode == RSA_X931_PADDING) { ++ if (!setup_tbuf(rctx, ctx)) ++ return -1; ++ ret = RSA_public_decrypt(siglen, sig, ++ rctx->tbuf, ctx->pkey->pkey.rsa, ++ RSA_X931_PADDING); ++ if (ret < 1) ++ return 0; ++ ret--; ++ if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) { ++ RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, ++ RSA_R_ALGORITHM_MISMATCH); ++ return 0; ++ } ++ if (ret != EVP_MD_size(rctx->md)) { ++ RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, ++ RSA_R_INVALID_DIGEST_LENGTH); ++ return 0; ++ } ++ if (rout) ++ memcpy(rout, rctx->tbuf, ret); ++ } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { ++ size_t sltmp; ++ ret = int_rsa_verify(EVP_MD_type(rctx->md), ++ NULL, 0, rout, &sltmp, ++ sig, siglen, ctx->pkey->pkey.rsa); ++ if (ret <= 0) ++ return 0; ++ ret = sltmp; ++ } else ++ return -1; ++ } else ++ ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, ++ rctx->pad_mode); ++ if (ret < 0) ++ return ret; ++ *routlen = ret; ++ return 1; ++} ++ ++static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, ++ const unsigned char *sig, size_t siglen, ++ const unsigned char *tbs, size_t tbslen) ++{ ++ RSA_PKEY_CTX *rctx = ctx->data; ++ RSA *rsa = ctx->pkey->pkey.rsa; ++ size_t rslen; ++#ifdef OPENSSL_FIPS ++ int rv; ++ rv = pkey_fips_check_ctx(ctx); ++ if (rv < 0) { ++ RSAerr(RSA_F_PKEY_RSA_VERIFY, ++ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return -1; ++ } ++#endif ++ if (rctx->md) { ++#ifdef OPENSSL_FIPS ++ if (rv > 0) { ++ return FIPS_rsa_verify_digest(rsa, ++ tbs, tbslen, ++ rctx->md, ++ rctx->pad_mode, ++ rctx->saltlen, ++ rctx->mgf1md, sig, siglen); ++ ++ } ++#endif ++ if (rctx->pad_mode == RSA_PKCS1_PADDING) ++ return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, ++ sig, siglen, rsa); ++ if (rctx->pad_mode == RSA_X931_PADDING) { ++ if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) ++ return 0; ++ } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { ++ int ret; ++ if (!setup_tbuf(rctx, ctx)) ++ return -1; ++ ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, ++ rsa, RSA_NO_PADDING); ++ if (ret <= 0) ++ return 0; ++ ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, ++ rctx->md, rctx->mgf1md, ++ rctx->tbuf, rctx->saltlen); ++ if (ret <= 0) ++ return 0; ++ return 1; ++ } else ++ return -1; ++ } else { ++ if (!setup_tbuf(rctx, ctx)) ++ return -1; ++ rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, ++ rsa, rctx->pad_mode); ++ if (rslen == 0) ++ return 0; ++ } ++ ++ if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) ++ return 0; ++ ++ return 1; ++ ++} ++ ++static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, ++ unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen) ++{ ++ int ret; ++ RSA_PKEY_CTX *rctx = ctx->data; ++ if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { ++ int klen = RSA_size(ctx->pkey->pkey.rsa); ++ if (!setup_tbuf(rctx, ctx)) ++ return -1; ++ if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen, ++ in, inlen, ++ rctx->oaep_label, ++ rctx->oaep_labellen, ++ rctx->md, rctx->mgf1md)) ++ return -1; ++ ret = RSA_public_encrypt(klen, rctx->tbuf, out, ++ ctx->pkey->pkey.rsa, RSA_NO_PADDING); ++ } else ++ ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, ++ rctx->pad_mode); ++ if (ret < 0) ++ return ret; ++ *outlen = ret; ++ return 1; ++} ++ ++static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, ++ unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen) ++{ ++ int ret; ++ RSA_PKEY_CTX *rctx = ctx->data; ++ if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { ++ int i; ++ if (!setup_tbuf(rctx, ctx)) ++ return -1; ++ ret = RSA_private_decrypt(inlen, in, rctx->tbuf, ++ ctx->pkey->pkey.rsa, RSA_NO_PADDING); ++ if (ret <= 0) ++ return ret; ++ for (i = 0; i < ret; i++) { ++ if (rctx->tbuf[i]) ++ break; ++ } ++ ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf + i, ++ ret - i, ret, ++ rctx->oaep_label, ++ rctx->oaep_labellen, ++ rctx->md, rctx->mgf1md); ++ } else ++ ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, ++ rctx->pad_mode); ++ if (ret < 0) ++ return ret; ++ *outlen = ret; ++ return 1; ++} ++ ++static int check_padding_md(const EVP_MD *md, int padding) ++{ ++ if (!md) ++ return 1; ++ ++ if (padding == RSA_NO_PADDING) { ++ RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); ++ return 0; ++ } ++ ++ if (padding == RSA_X931_PADDING) { ++ if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { ++ RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); ++ return 0; ++ } ++ return 1; ++ } ++ ++ return 1; ++} ++ ++static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++{ ++ RSA_PKEY_CTX *rctx = ctx->data; ++ switch (type) { ++ case EVP_PKEY_CTRL_RSA_PADDING: ++ if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) { ++ if (!check_padding_md(rctx->md, p1)) ++ return 0; ++ if (p1 == RSA_PKCS1_PSS_PADDING) { ++ if (!(ctx->operation & ++ (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) ++ goto bad_pad; ++ if (!rctx->md) ++ rctx->md = EVP_sha1(); ++ } ++ if (p1 == RSA_PKCS1_OAEP_PADDING) { ++ if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) ++ goto bad_pad; ++ if (!rctx->md) ++ rctx->md = EVP_sha1(); ++ } ++ rctx->pad_mode = p1; ++ return 1; ++ } ++ bad_pad: ++ RSAerr(RSA_F_PKEY_RSA_CTRL, ++ RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); ++ return -2; ++ ++ case EVP_PKEY_CTRL_GET_RSA_PADDING: ++ *(int *)p2 = rctx->pad_mode; ++ return 1; ++ ++ case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: ++ case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: ++ if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); ++ return -2; ++ } ++ if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) ++ *(int *)p2 = rctx->saltlen; ++ else { ++ if (p1 < -2) ++ return -2; ++ rctx->saltlen = p1; ++ } ++ return 1; ++ ++ case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: ++ if (p1 < 256) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); ++ return -2; ++ } ++ rctx->nbits = p1; ++ return 1; ++ ++ case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: ++ if (!p2) ++ return -2; ++ BN_free(rctx->pub_exp); ++ rctx->pub_exp = p2; ++ return 1; ++ ++ case EVP_PKEY_CTRL_RSA_OAEP_MD: ++ case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: ++ if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); ++ return -2; ++ } ++ if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) ++ *(const EVP_MD **)p2 = rctx->md; ++ else ++ rctx->md = p2; ++ return 1; ++ ++ case EVP_PKEY_CTRL_MD: ++ if (!check_padding_md(p2, rctx->pad_mode)) ++ return 0; ++ rctx->md = p2; ++ return 1; ++ ++ case EVP_PKEY_CTRL_GET_MD: ++ *(const EVP_MD **)p2 = rctx->md; ++ return 1; ++ ++ case EVP_PKEY_CTRL_RSA_MGF1_MD: ++ case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: ++ if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING ++ && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD); ++ return -2; ++ } ++ if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { ++ if (rctx->mgf1md) ++ *(const EVP_MD **)p2 = rctx->mgf1md; ++ else ++ *(const EVP_MD **)p2 = rctx->md; ++ } else ++ rctx->mgf1md = p2; ++ return 1; ++ ++ case EVP_PKEY_CTRL_RSA_OAEP_LABEL: ++ if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); ++ return -2; ++ } ++ if (rctx->oaep_label) ++ OPENSSL_free(rctx->oaep_label); ++ if (p2 && p1 > 0) { ++ rctx->oaep_label = p2; ++ rctx->oaep_labellen = p1; ++ } else { ++ rctx->oaep_label = NULL; ++ rctx->oaep_labellen = 0; ++ } ++ return 1; ++ ++ case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL: ++ if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); ++ return -2; ++ } ++ *(unsigned char **)p2 = rctx->oaep_label; ++ return rctx->oaep_labellen; ++ ++ case EVP_PKEY_CTRL_DIGESTINIT: ++ case EVP_PKEY_CTRL_PKCS7_ENCRYPT: ++ case EVP_PKEY_CTRL_PKCS7_DECRYPT: ++ case EVP_PKEY_CTRL_PKCS7_SIGN: ++ return 1; ++#ifndef OPENSSL_NO_CMS ++ case EVP_PKEY_CTRL_CMS_DECRYPT: ++ case EVP_PKEY_CTRL_CMS_ENCRYPT: ++ case EVP_PKEY_CTRL_CMS_SIGN: ++ return 1; ++#endif ++ case EVP_PKEY_CTRL_PEER_KEY: ++ RSAerr(RSA_F_PKEY_RSA_CTRL, ++ RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ++ return -2; ++ ++ default: ++ return -2; ++ ++ } ++} ++ ++static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, ++ const char *type, const char *value) ++{ ++ if (!value) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); ++ return 0; ++ } ++ if (!strcmp(type, "rsa_padding_mode")) { ++ int pm; ++ if (!strcmp(value, "pkcs1")) ++ pm = RSA_PKCS1_PADDING; ++ else if (!strcmp(value, "sslv23")) ++ pm = RSA_SSLV23_PADDING; ++ else if (!strcmp(value, "none")) ++ pm = RSA_NO_PADDING; ++ else if (!strcmp(value, "oeap")) ++ pm = RSA_PKCS1_OAEP_PADDING; ++ else if (!strcmp(value, "oaep")) ++ pm = RSA_PKCS1_OAEP_PADDING; ++ else if (!strcmp(value, "x931")) ++ pm = RSA_X931_PADDING; ++ else if (!strcmp(value, "pss")) ++ pm = RSA_PKCS1_PSS_PADDING; ++ else { ++ RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE); ++ return -2; ++ } ++ return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); ++ } ++ ++ if (!strcmp(type, "rsa_pss_saltlen")) { ++ int saltlen; ++ saltlen = atoi(value); ++ return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); ++ } ++ ++ if (!strcmp(type, "rsa_keygen_bits")) { ++ int nbits; ++ nbits = atoi(value); ++ return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); ++ } ++ ++ if (!strcmp(type, "rsa_keygen_pubexp")) { ++ int ret; ++ BIGNUM *pubexp = NULL; ++ if (!BN_asc2bn(&pubexp, value)) ++ return 0; ++ ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp); ++ if (ret <= 0) ++ BN_free(pubexp); ++ return ret; ++ } ++ ++ if (!strcmp(type, "rsa_mgf1_md")) { ++ const EVP_MD *md; ++ if (!(md = EVP_get_digestbyname(value))) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); ++ return 0; ++ } ++ return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md); ++ } ++ ++ if (!strcmp(type, "rsa_oaep_md")) { ++ const EVP_MD *md; ++ if (!(md = EVP_get_digestbyname(value))) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); ++ return 0; ++ } ++ return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md); ++ } ++ if (!strcmp(type, "rsa_oaep_label")) { ++ unsigned char *lab; ++ long lablen; ++ int ret; ++ lab = string_to_hex(value, &lablen); ++ if (!lab) ++ return 0; ++ ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); ++ if (ret <= 0) ++ OPENSSL_free(lab); ++ return ret; ++ } ++ ++ return -2; ++} ++ ++static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ++{ ++ RSA *rsa = NULL; ++ RSA_PKEY_CTX *rctx = ctx->data; ++ BN_GENCB *pcb, cb; ++ int ret; ++ if (!rctx->pub_exp) { ++ rctx->pub_exp = BN_new(); ++ if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) ++ return 0; ++ } ++ rsa = RSA_new(); ++ if (!rsa) ++ return 0; ++ if (ctx->pkey_gencb) { ++ pcb = &cb; ++ evp_pkey_set_cb_translate(pcb, ctx); ++ } else ++ pcb = NULL; ++ ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); ++ if (ret > 0) ++ EVP_PKEY_assign_RSA(pkey, rsa); ++ else ++ RSA_free(rsa); ++ return ret; ++} ++ ++const EVP_PKEY_METHOD rsa_pkey_meth = { ++ EVP_PKEY_RSA, ++ EVP_PKEY_FLAG_AUTOARGLEN, ++ pkey_rsa_init, ++ pkey_rsa_copy, ++ pkey_rsa_cleanup, ++ ++ 0, 0, ++ ++ 0, ++ pkey_rsa_keygen, ++ ++ 0, ++ pkey_rsa_sign, ++ ++ 0, ++ pkey_rsa_verify, ++ ++ 0, ++ pkey_rsa_verifyrecover, ++ ++ 0, 0, 0, 0, ++ ++ 0, ++ pkey_rsa_encrypt, ++ ++ 0, ++ pkey_rsa_decrypt, ++ ++ 0, 0, ++ ++ pkey_rsa_ctrl, ++ pkey_rsa_ctrl_str ++}; +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c +new file mode 100644 +index 0000000..076f871 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c +@@ -0,0 +1,92 @@ ++/* crypto/rsa/rsa_prn.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++ ++#ifndef OPENSSL_NO_FP_API ++int RSA_print_fp(FILE *fp, const RSA *x, int off) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = RSA_print(b, x, off); ++ BIO_free(b); ++ return (ret); ++} ++#endif ++ ++int RSA_print(BIO *bp, const RSA *x, int off) ++{ ++ EVP_PKEY *pk; ++ int ret; ++ pk = EVP_PKEY_new(); ++ if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) ++ return 0; ++ ret = EVP_PKEY_print_private(bp, pk, off, NULL); ++ EVP_PKEY_free(pk); ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c +index c405425..41bc084 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c +@@ -75,6 +75,13 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, + int sLen) + { ++ return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen); ++} ++ ++int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, ++ const EVP_MD *Hash, const EVP_MD *mgf1Hash, ++ const unsigned char *EM, int sLen) ++{ + int i; + int ret = 0; + int hLen, maskedDBLen, MSBits, emLen; +@@ -82,8 +89,14 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + unsigned char *DB = NULL; + EVP_MD_CTX ctx; + unsigned char H_[EVP_MAX_MD_SIZE]; ++ EVP_MD_CTX_init(&ctx); ++ ++ if (mgf1Hash == NULL) ++ mgf1Hash = Hash; + +- hLen = M_EVP_MD_size(Hash); ++ hLen = EVP_MD_size(Hash); ++ if (hLen < 0) ++ goto err; + /*- + * Negative sLen has special meanings: + * -1 sLen == hLen +@@ -95,14 +108,14 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + else if (sLen == -2) + sLen = -2; + else if (sLen < -2) { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); + goto err; + } + + MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; + emLen = RSA_size(rsa); + if (EM[0] & (0xFF << MSBits)) { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID); ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_FIRST_OCTET_INVALID); + goto err; + } + if (MSBits == 0) { +@@ -110,44 +123,47 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + emLen--; + } + if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */ +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE); ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); + goto err; + } + if (EM[emLen - 1] != 0xbc) { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID); ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_LAST_OCTET_INVALID); + goto err; + } + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + DB = OPENSSL_malloc(maskedDBLen); + if (!DB) { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE); + goto err; + } +- PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); ++ if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) ++ goto err; + for (i = 0; i < maskedDBLen; i++) + DB[i] ^= EM[i]; + if (MSBits) + DB[0] &= 0xFF >> (8 - MSBits); + for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ; + if (DB[i++] != 0x1) { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED); ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED); + goto err; + } + if (sLen >= 0 && (maskedDBLen - i) != sLen) { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); + goto err; + } +- EVP_MD_CTX_init(&ctx); +- EVP_DigestInit_ex(&ctx, Hash, NULL); +- EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); +- EVP_DigestUpdate(&ctx, mHash, hLen); +- if (maskedDBLen - i) +- EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i); +- EVP_DigestFinal(&ctx, H_, NULL); +- EVP_MD_CTX_cleanup(&ctx); ++ if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ++ || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ++ || !EVP_DigestUpdate(&ctx, mHash, hLen)) ++ goto err; ++ if (maskedDBLen - i) { ++ if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i)) ++ goto err; ++ } ++ if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) ++ goto err; + if (memcmp(H_, H, hLen)) { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE); ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE); + ret = 0; + } else + ret = 1; +@@ -155,6 +171,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + err: + if (DB) + OPENSSL_free(DB); ++ EVP_MD_CTX_cleanup(&ctx); + + return ret; + +@@ -164,13 +181,26 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, int sLen) + { ++ return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen); ++} ++ ++int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ++ const unsigned char *mHash, ++ const EVP_MD *Hash, const EVP_MD *mgf1Hash, ++ int sLen) ++{ + int i; + int ret = 0; + int hLen, maskedDBLen, MSBits, emLen; + unsigned char *H, *salt = NULL, *p; + EVP_MD_CTX ctx; + +- hLen = M_EVP_MD_size(Hash); ++ if (mgf1Hash == NULL) ++ mgf1Hash = Hash; ++ ++ hLen = EVP_MD_size(Hash); ++ if (hLen < 0) ++ goto err; + /*- + * Negative sLen has special meanings: + * -1 sLen == hLen +@@ -182,7 +212,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + else if (sLen == -2) + sLen = -2; + else if (sLen < -2) { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); + goto err; + } + +@@ -195,14 +225,15 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + if (sLen == -2) { + sLen = emLen - hLen - 2; + } else if (emLen < (hLen + sLen + 2)) { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + if (sLen > 0) { + salt = OPENSSL_malloc(sLen); + if (!salt) { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, ERR_R_MALLOC_FAILURE); ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, ++ ERR_R_MALLOC_FAILURE); + goto err; + } + if (RAND_bytes(salt, sLen) <= 0) +@@ -211,16 +242,19 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + EVP_MD_CTX_init(&ctx); +- EVP_DigestInit_ex(&ctx, Hash, NULL); +- EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); +- EVP_DigestUpdate(&ctx, mHash, hLen); +- if (sLen) +- EVP_DigestUpdate(&ctx, salt, sLen); +- EVP_DigestFinal(&ctx, H, NULL); ++ if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ++ || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ++ || !EVP_DigestUpdate(&ctx, mHash, hLen)) ++ goto err; ++ if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&ctx, H, NULL)) ++ goto err; + EVP_MD_CTX_cleanup(&ctx); + + /* Generate dbMask in place then perform XOR on it */ +- PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); ++ if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) ++ goto err; + + p = EM; + +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c +index b58c0ec..19461c6 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c +@@ -62,6 +62,7 @@ + #include + #include + #include ++#include "rsa_locl.h" + + /* Size of an SSL signature: MD5+SHA1 */ + #define SSL_SIG_LENGTH 36 +@@ -76,6 +77,13 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, + const unsigned char *s = NULL; + X509_ALGOR algor; + ASN1_OCTET_STRING digest; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif + if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { + return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); + } +@@ -88,13 +96,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, + i = SSL_SIG_LENGTH; + s = m; + } else { +- /* NB: in FIPS mode block anything that isn't a TLS signature */ +-#ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { +- RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } +-#endif + sig.algor = &algor; + sig.algor->algorithm = OBJ_nid2obj(type); + if (sig.algor->algorithm == NULL) { +@@ -131,12 +132,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, + i2d_X509_SIG(&sig, &p); + s = tmps; + } +-#ifdef OPENSSL_FIPS +- /* Bypass algorithm blocking: this is allowed if we get this far */ +- i = rsa->meth->rsa_priv_enc(i, s, sigret, rsa, RSA_PKCS1_PADDING); +-#else + i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); +-#endif + if (i <= 0) + ret = 0; + else +@@ -169,53 +165,69 @@ static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, + return ret; + } + +-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, +- unsigned char *sigbuf, unsigned int siglen, RSA *rsa) ++int int_rsa_verify(int dtype, const unsigned char *m, ++ unsigned int m_len, ++ unsigned char *rm, size_t *prm_len, ++ const unsigned char *sigbuf, size_t siglen, RSA *rsa) + { + int i, ret = 0, sigtype; + unsigned char *s; + X509_SIG *sig = NULL; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif ++ + if (siglen != (unsigned int)RSA_size(rsa)) { +- RSAerr(RSA_F_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); + return (0); + } + +- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { +- return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); ++ if ((dtype == NID_md5_sha1) && rm) { ++ i = RSA_public_decrypt((int)siglen, ++ sigbuf, rm, rsa, RSA_PKCS1_PADDING); ++ if (i <= 0) ++ return 0; ++ *prm_len = i; ++ return 1; + } + + s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen); + if (s == NULL) { +- RSAerr(RSA_F_RSA_VERIFY, ERR_R_MALLOC_FAILURE); ++ RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } +- if (dtype == NID_md5_sha1) { +- if (m_len != SSL_SIG_LENGTH) { +- RSAerr(RSA_F_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); +- goto err; +- } +- } +- /* NB: in FIPS mode block anything that isn't a TLS signature */ +-#ifdef OPENSSL_FIPS +- else if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { +- RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; ++ if ((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH)) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); ++ goto err; + } +- /* Bypass algorithm blocking: this is allowed */ +- i = rsa->meth->rsa_pub_dec((int)siglen, sigbuf, s, rsa, +- RSA_PKCS1_PADDING); +-#else + i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); +-#endif + + if (i <= 0) + goto err; ++ /* ++ * Oddball MDC2 case: signature can be OCTET STRING. check for correct ++ * tag and length octets. ++ */ ++ if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) { ++ if (rm) { ++ memcpy(rm, s + 2, 16); ++ *prm_len = 16; ++ ret = 1; ++ } else if (memcmp(m, s + 2, 16)) ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ else ++ ret = 1; ++ } + + /* Special case: SSL signature */ + if (dtype == NID_md5_sha1) { + if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) +- RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); + else + ret = 1; + } else { +@@ -227,7 +239,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, + + /* Excess data can be used to create forgeries */ + if (p != s + i || !rsa_check_digestinfo(sig, s, i)) { +- RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); + goto err; + } + +@@ -237,7 +249,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, + */ + if (sig->algor->parameter + && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) { +- RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); + goto err; + } + +@@ -249,23 +261,22 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, + OBJ_nid2ln(dtype)); + #endif + if (sigtype != dtype) { +- if (((dtype == NID_md5) && +- (sigtype == NID_md5WithRSAEncryption)) || +- ((dtype == NID_md2) && +- (sigtype == NID_md2WithRSAEncryption))) { +- /* ok, we will let it through */ +-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) +- fprintf(stderr, +- "signature has problems, re-make with post SSLeay045\n"); +-#endif +- } else { +- RSAerr(RSA_F_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); +- goto err; +- } ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); ++ goto err; + } +- if (((unsigned int)sig->digest->length != m_len) || +- (memcmp(m, sig->digest->data, m_len) != 0)) { +- RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ if (rm) { ++ const EVP_MD *md; ++ md = EVP_get_digestbynid(dtype); ++ if (md && (EVP_MD_size(md) != sig->digest->length)) ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); ++ else { ++ memcpy(rm, sig->digest->data, sig->digest->length); ++ *prm_len = sig->digest->length; ++ ret = 1; ++ } ++ } else if (((unsigned int)sig->digest->length != m_len) || ++ (memcmp(m, sig->digest->data, m_len) != 0)) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); + } else + ret = 1; + } +@@ -278,3 +289,14 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, + } + return (ret); + } ++ ++int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, ++ const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) ++{ ++ ++ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { ++ return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); ++ } ++ ++ return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c +deleted file mode 100644 +index f29c501..0000000 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c ++++ /dev/null +@@ -1,252 +0,0 @@ +-/* crypto/rsa/rsa_gen.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +- +-#ifndef OPENSSL_FIPS +- +-/* X9.31 RSA key derivation and generation */ +- +-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, +- BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, +- const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, +- const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb) +-{ +- BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL; +- BN_CTX *ctx = NULL, *ctx2 = NULL; +- +- if (!rsa) +- goto err; +- +- ctx = BN_CTX_new(); +- if (!ctx) +- goto err; +- BN_CTX_start(ctx); +- +- r0 = BN_CTX_get(ctx); +- r1 = BN_CTX_get(ctx); +- r2 = BN_CTX_get(ctx); +- r3 = BN_CTX_get(ctx); +- +- if (r3 == NULL) +- goto err; +- if (!rsa->e) { +- rsa->e = BN_dup(e); +- if (!rsa->e) +- goto err; +- } else +- e = rsa->e; +- +- /* +- * If not all parameters present only calculate what we can. This allows +- * test programs to output selective parameters. +- */ +- +- if (Xp && !rsa->p) { +- rsa->p = BN_new(); +- if (!rsa->p) +- goto err; +- +- if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, +- Xp, Xp1, Xp2, e, ctx, cb)) +- goto err; +- } +- +- if (Xq && !rsa->q) { +- rsa->q = BN_new(); +- if (!rsa->q) +- goto err; +- if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, +- Xq, Xq1, Xq2, e, ctx, cb)) +- goto err; +- } +- +- if (!rsa->p || !rsa->q) { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- return 2; +- } +- +- /* +- * Since both primes are set we can now calculate all remaining +- * components. +- */ +- +- /* calculate n */ +- rsa->n = BN_new(); +- if (rsa->n == NULL) +- goto err; +- if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) +- goto err; +- +- /* calculate d */ +- if (!BN_sub(r1, rsa->p, BN_value_one())) +- goto err; /* p-1 */ +- if (!BN_sub(r2, rsa->q, BN_value_one())) +- goto err; /* q-1 */ +- if (!BN_mul(r0, r1, r2, ctx)) +- goto err; /* (p-1)(q-1) */ +- +- if (!BN_gcd(r3, r1, r2, ctx)) +- goto err; +- +- if (!BN_div(r0, NULL, r0, r3, ctx)) +- goto err; /* LCM((p-1)(q-1)) */ +- +- ctx2 = BN_CTX_new(); +- if (!ctx2) +- goto err; +- +- rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */ +- if (rsa->d == NULL) +- goto err; +- +- /* calculate d mod (p-1) */ +- rsa->dmp1 = BN_new(); +- if (rsa->dmp1 == NULL) +- goto err; +- if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx)) +- goto err; +- +- /* calculate d mod (q-1) */ +- rsa->dmq1 = BN_new(); +- if (rsa->dmq1 == NULL) +- goto err; +- if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx)) +- goto err; +- +- /* calculate inverse of q mod p */ +- rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2); +- +- err: +- if (ctx) { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- if (ctx2) +- BN_CTX_free(ctx2); +- /* If this is set all calls successful */ +- if (rsa && rsa->iqmp != NULL) +- return 1; +- +- return 0; +- +-} +- +-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, +- BN_GENCB *cb) +-{ +- int ok = 0; +- BIGNUM *Xp = NULL, *Xq = NULL; +- BN_CTX *ctx = NULL; +- +- ctx = BN_CTX_new(); +- if (!ctx) +- goto error; +- +- BN_CTX_start(ctx); +- Xp = BN_CTX_get(ctx); +- Xq = BN_CTX_get(ctx); +- if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) +- goto error; +- +- rsa->p = BN_new(); +- rsa->q = BN_new(); +- if (!rsa->p || !rsa->q) +- goto error; +- +- /* Generate two primes from Xp, Xq */ +- +- if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, +- e, ctx, cb)) +- goto error; +- +- if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, +- e, ctx, cb)) +- goto error; +- +- /* +- * Since rsa->p and rsa->q are valid this call will just derive remaining +- * RSA components. +- */ +- +- if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, +- NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) +- goto error; +- +- ok = 1; +- +- error: +- if (ctx) { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- +- if (ok) +- return 1; +- +- return 0; +- +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c +index cf68f10..a6dd760 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c +@@ -58,10 +58,10 @@ + + #include + #include +-#include + #include ++#include + +-#if !defined(OPENSSL_NO_SHA1) ++#ifndef OPENSSL_NO_SHA1 + unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) + { + SHA_CTX c; +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c +index 16aa0ef..a67f1fe 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c +@@ -56,6 +56,7 @@ + * [including the GNU Public Licence.] + */ + ++#include + #include + #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) + +@@ -63,9 +64,6 @@ + # define SHA_1 + + # include +-# ifdef OPENSSL_FIPS +-# include +-# endif + + const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT; + +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c +index 980cc29..72a1159 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha256.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha256.c +@@ -12,19 +12,13 @@ + + # include + # include +-# ifdef OPENSSL_FIPS +-# include +-# endif +- + # include + + const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; + +-int SHA224_Init(SHA256_CTX *c) ++fips_md_init_ctx(SHA224, SHA256) + { +-# ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-# endif ++ memset(c, 0, sizeof(*c)); + c->h[0] = 0xc1059ed8UL; + c->h[1] = 0x367cd507UL; + c->h[2] = 0x3070dd17UL; +@@ -33,18 +27,13 @@ int SHA224_Init(SHA256_CTX *c) + c->h[5] = 0x68581511UL; + c->h[6] = 0x64f98fa7UL; + c->h[7] = 0xbefa4fa4UL; +- c->Nl = 0; +- c->Nh = 0; +- c->num = 0; + c->md_len = SHA224_DIGEST_LENGTH; + return 1; + } + +-int SHA256_Init(SHA256_CTX *c) ++fips_md_init(SHA256) + { +-# ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-# endif ++ memset(c, 0, sizeof(*c)); + c->h[0] = 0x6a09e667UL; + c->h[1] = 0xbb67ae85UL; + c->h[2] = 0x3c6ef372UL; +@@ -53,9 +42,6 @@ int SHA256_Init(SHA256_CTX *c) + c->h[5] = 0x9b05688cUL; + c->h[6] = 0x1f83d9abUL; + c->h[7] = 0x5be0cd19UL; +- c->Nl = 0; +- c->Nh = 0; +- c->num = 0; + c->md_len = SHA256_DIGEST_LENGTH; + return 1; + } +@@ -113,21 +99,21 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) + */ + # define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ +- unsigned int xn; \ ++ unsigned int nn; \ + switch ((c)->md_len) \ + { case SHA224_DIGEST_LENGTH: \ +- for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ ++ for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ + break; \ + case SHA256_DIGEST_LENGTH: \ +- for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ ++ for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ + break; \ + default: \ + if ((c)->md_len > SHA256_DIGEST_LENGTH) \ + return 0; \ +- for (xn=0;xn<(c)->md_len/4;xn++) \ +- { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ ++ for (nn=0;nn<(c)->md_len/4;nn++) \ ++ { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ + break; \ + } \ + } while (0) +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c +index abcbe53..3bf66ae 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha512.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha512.c +@@ -5,10 +5,6 @@ + * ==================================================================== + */ + #include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) + /*- + * IMPLEMENTATION NOTES. +@@ -59,15 +55,13 @@ const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT; + # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) || \ ++ defined(__aarch64__) || \ + defined(SHA512_ASM) + # define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + # endif + +-int SHA384_Init(SHA512_CTX *c) ++fips_md_init_ctx(SHA384, SHA512) + { +-# ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-# endif + c->h[0] = U64(0xcbbb9d5dc1059ed8); + c->h[1] = U64(0x629a292a367cd507); + c->h[2] = U64(0x9159015a3070dd17); +@@ -76,6 +70,7 @@ int SHA384_Init(SHA512_CTX *c) + c->h[5] = U64(0x8eb44a8768581511); + c->h[6] = U64(0xdb0c2e0d64f98fa7); + c->h[7] = U64(0x47b5481dbefa4fa4); ++ + c->Nl = 0; + c->Nh = 0; + c->num = 0; +@@ -83,11 +78,8 @@ int SHA384_Init(SHA512_CTX *c) + return 1; + } + +-int SHA512_Init(SHA512_CTX *c) ++fips_md_init(SHA512) + { +-# ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-# endif + c->h[0] = U64(0x6a09e667f3bcc908); + c->h[1] = U64(0xbb67ae8584caa73b); + c->h[2] = U64(0x3c6ef372fe94f82b); +@@ -96,6 +88,7 @@ int SHA512_Init(SHA512_CTX *c) + c->h[5] = U64(0x9b05688c2b3e6c1f); + c->h[6] = U64(0x1f83d9abfb41bd6b); + c->h[7] = U64(0x5be0cd19137e2179); ++ + c->Nl = 0; + c->Nh = 0; + c->num = 0; +@@ -210,7 +203,7 @@ int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len) + size_t n = sizeof(c->u) - c->num; + + if (len < n) { +- memcpy(p + c->num, data, len), c->num += len; ++ memcpy(p + c->num, data, len), c->num += (unsigned int)len; + return 1; + } else { + memcpy(p + c->num, data, n), c->num = 0; +@@ -245,6 +238,10 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) + + void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) + { ++# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA ++ if ((size_t)data % sizeof(c->u.d[0]) != 0) ++ memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p; ++# endif + sha512_block_data_order(c, data, 1); + } + +@@ -323,7 +320,7 @@ static const SHA_LONG64 K512[80] = { + # ifndef PEDANTIC + # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) + # if defined(__x86_64) || defined(__x86_64__) +-# define ROTR(a,n) ({ unsigned long ret; \ ++# define ROTR(a,n) ({ SHA_LONG64 ret; \ + asm ("rorq %1,%0" \ + : "=r"(ret) \ + : "J"(n),"0"(a) \ +@@ -346,20 +343,33 @@ static const SHA_LONG64 K512[80] = { + ((SHA_LONG64)hi)<<32|lo; }) + # else + # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ +- unsigned int hi=p[0],lo=p[1]; \ ++ unsigned int hi=p[0],lo=p[1]; \ + asm ("bswapl %0; bswapl %1;" \ + : "=r"(lo),"=r"(hi) \ + : "0"(lo),"1"(hi)); \ + ((SHA_LONG64)hi)<<32|lo; }) + # endif + # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) +-# define ROTR(a,n) ({ unsigned long ret; \ ++# define ROTR(a,n) ({ SHA_LONG64 ret; \ + asm ("rotrdi %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a),"K"(n)); ret; }) ++# elif defined(__aarch64__) ++# define ROTR(a,n) ({ SHA_LONG64 ret; \ ++ asm ("ror %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a),"I"(n)); ret; }) ++# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ ++ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ ++# define PULL64(x) ({ SHA_LONG64 ret; \ ++ asm ("rev %0,%1" \ ++ : "=r"(ret) \ ++ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) ++# endif + # endif + # elif defined(_MSC_VER) + # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ ++# pragma intrinsic(_rotr64) + # define ROTR(a,n) _rotr64((a),n) + # endif + # if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +@@ -398,14 +408,71 @@ _asm bswap edx _asm bswap eax} + # define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + # define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) + # define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +-# if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) +-# define GO_FOR_SSE2(ctx,in,num) do { \ +- void sha512_block_sse2(void *,const void *,size_t); \ +- if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ +- sha512_block_sse2(ctx->h,in,num); return; \ +- } while (0) +-# endif +-# ifdef OPENSSL_SMALL_FOOTPRINT ++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) ++/* ++ * This code should give better results on 32-bit CPU with less than ++ * ~24 registers, both size and performance wise... ++ */ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, ++ size_t num) ++{ ++ const SHA_LONG64 *W = in; ++ SHA_LONG64 A, E, T; ++ SHA_LONG64 X[9 + 80], *F; ++ int i; ++ ++ while (num--) { ++ ++ F = X + 80; ++ A = ctx->h[0]; ++ F[1] = ctx->h[1]; ++ F[2] = ctx->h[2]; ++ F[3] = ctx->h[3]; ++ E = ctx->h[4]; ++ F[5] = ctx->h[5]; ++ F[6] = ctx->h[6]; ++ F[7] = ctx->h[7]; ++ ++ for (i = 0; i < 16; i++, F--) { ++# ifdef B_ENDIAN ++ T = W[i]; ++# else ++ T = PULL64(W[i]); ++# endif ++ F[0] = A; ++ F[4] = E; ++ F[8] = T; ++ T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i]; ++ E = F[3] + T; ++ A = T + Sigma0(A) + Maj(A, F[1], F[2]); ++ } ++ ++ for (; i < 80; i++, F--) { ++ T = sigma0(F[8 + 16 - 1]); ++ T += sigma1(F[8 + 16 - 14]); ++ T += F[8 + 16] + F[8 + 16 - 9]; ++ ++ F[0] = A; ++ F[4] = E; ++ F[8] = T; ++ T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i]; ++ E = F[3] + T; ++ A = T + Sigma0(A) + Maj(A, F[1], F[2]); ++ } ++ ++ ctx->h[0] += A; ++ ctx->h[1] += F[1]; ++ ctx->h[2] += F[2]; ++ ctx->h[3] += F[3]; ++ ctx->h[4] += E; ++ ctx->h[5] += F[5]; ++ ctx->h[6] += F[6]; ++ ctx->h[7] += F[7]; ++ ++ W += SHA_LBLOCK; ++ } ++} ++ ++# elif defined(OPENSSL_SMALL_FOOTPRINT) + static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + size_t num) + { +@@ -414,10 +481,6 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + SHA_LONG64 X[16]; + int i; + +-# ifdef GO_FOR_SSE2 +- GO_FOR_SSE2(ctx, in, num); +-# endif +- + while (num--) { + + a = ctx->h[0]; +@@ -484,11 +547,11 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) +-# define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ +- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ +- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ +- T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ +- ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) ++# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ ++ s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ ++ s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ ++ T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ ++ ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) + static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + size_t num) + { +@@ -497,10 +560,6 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + SHA_LONG64 X[16]; + int i; + +-# ifdef GO_FOR_SSE2 +- GO_FOR_SSE2(ctx, in, num); +-# endif +- + while (num--) { + + a = ctx->h[0]; +@@ -580,15 +639,23 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + ROUND_00_15(15, b, c, d, e, f, g, h, a); + # endif + +- for (i = 16; i < 80; i += 8) { +- ROUND_16_80(i + 0, a, b, c, d, e, f, g, h, X); +- ROUND_16_80(i + 1, h, a, b, c, d, e, f, g, X); +- ROUND_16_80(i + 2, g, h, a, b, c, d, e, f, X); +- ROUND_16_80(i + 3, f, g, h, a, b, c, d, e, X); +- ROUND_16_80(i + 4, e, f, g, h, a, b, c, d, X); +- ROUND_16_80(i + 5, d, e, f, g, h, a, b, c, X); +- ROUND_16_80(i + 6, c, d, e, f, g, h, a, b, X); +- ROUND_16_80(i + 7, b, c, d, e, f, g, h, a, X); ++ for (i = 16; i < 80; i += 16) { ++ ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X); ++ ROUND_16_80(i, 1, h, a, b, c, d, e, f, g, X); ++ ROUND_16_80(i, 2, g, h, a, b, c, d, e, f, X); ++ ROUND_16_80(i, 3, f, g, h, a, b, c, d, e, X); ++ ROUND_16_80(i, 4, e, f, g, h, a, b, c, d, X); ++ ROUND_16_80(i, 5, d, e, f, g, h, a, b, c, X); ++ ROUND_16_80(i, 6, c, d, e, f, g, h, a, b, X); ++ ROUND_16_80(i, 7, b, c, d, e, f, g, h, a, X); ++ ROUND_16_80(i, 8, a, b, c, d, e, f, g, h, X); ++ ROUND_16_80(i, 9, h, a, b, c, d, e, f, g, X); ++ ROUND_16_80(i, 10, g, h, a, b, c, d, e, f, X); ++ ROUND_16_80(i, 11, f, g, h, a, b, c, d, e, X); ++ ROUND_16_80(i, 12, e, f, g, h, a, b, c, d, X); ++ ROUND_16_80(i, 13, d, e, f, g, h, a, b, c, X); ++ ROUND_16_80(i, 14, c, d, e, f, g, h, a, b, X); ++ ROUND_16_80(i, 15, b, c, d, e, f, g, h, a, X); + } + + ctx->h[0] += a; +@@ -608,14 +675,10 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + + # endif /* SHA512_ASM */ + +-#else /* OPENSSL_NO_SHA512 */ ++#else /* !OPENSSL_NO_SHA512 */ + +-/* +- * Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for example) +- * dislike a statement-free file, complaining: "%CC-W-EMPTYFILE, Source file +- * does not contain any declarations." +- */ +- +-int sha512_dummy(); ++# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) ++static void *dummy = &dummy; ++# endif + +-#endif /* OPENSSL_NO_SHA512 */ ++#endif /* !OPENSSL_NO_SHA512 */ +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c +index 41ed7e9..f77cf5e 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c +@@ -56,13 +56,8 @@ + * [including the GNU Public Licence.] + */ + +-#include + #include +-#ifdef OPENSSL_FIPS +-# include +-#endif +- +-#include ++#include + #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) + + # undef SHA_1 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_locl.h b/Cryptlib/OpenSSL/crypto/sha/sha_locl.h +index da46ddf..03bd411 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha_locl.h ++++ b/Cryptlib/OpenSSL/crypto/sha/sha_locl.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -67,48 +67,48 @@ + #define HASH_LONG SHA_LONG + #define HASH_CTX SHA_CTX + #define HASH_CBLOCK SHA_CBLOCK +-#define HASH_MAKE_STRING(c,s) do { \ +- unsigned long ll; \ +- ll=(c)->h0; HOST_l2c(ll,(s)); \ +- ll=(c)->h1; HOST_l2c(ll,(s)); \ +- ll=(c)->h2; HOST_l2c(ll,(s)); \ +- ll=(c)->h3; HOST_l2c(ll,(s)); \ +- ll=(c)->h4; HOST_l2c(ll,(s)); \ +- } while (0) ++#define HASH_MAKE_STRING(c,s) do { \ ++ unsigned long ll; \ ++ ll=(c)->h0; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->h1; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->h2; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->h3; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ ++ } while (0) + + #if defined(SHA_0) + +-# define HASH_UPDATE SHA_Update +-# define HASH_TRANSFORM SHA_Transform +-# define HASH_FINAL SHA_Final +-# define HASH_INIT SHA_Init +-# define HASH_BLOCK_DATA_ORDER sha_block_data_order +-# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) ++# define HASH_UPDATE SHA_Update ++# define HASH_TRANSFORM SHA_Transform ++# define HASH_FINAL SHA_Final ++# define HASH_INIT SHA_Init ++# define HASH_BLOCK_DATA_ORDER sha_block_data_order ++# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) + +-static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); ++static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num); + + #elif defined(SHA_1) + +-# define HASH_UPDATE SHA1_Update +-# define HASH_TRANSFORM SHA1_Transform +-# define HASH_FINAL SHA1_Final +-# define HASH_INIT SHA1_Init +-# define HASH_BLOCK_DATA_ORDER sha1_block_data_order ++# define HASH_UPDATE SHA1_Update ++# define HASH_TRANSFORM SHA1_Transform ++# define HASH_FINAL SHA1_Final ++# define HASH_INIT SHA1_Init ++# define HASH_BLOCK_DATA_ORDER sha1_block_data_order + # if defined(__MWERKS__) && defined(__MC68K__) + /* Metrowerks for Motorola fails otherwise:-( */ +-# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ +- ix=(a)=ROTATE((a),1); \ +- } while (0) ++# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ ++ ix=(a)=ROTATE((a),1); \ ++ } while (0) + # else +-# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ +- ix=(a)=ROTATE((a),1) \ +- ) ++# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ ++ ix=(a)=ROTATE((a),1) \ ++ ) + # endif + +-#ifndef SHA1_ASM ++# ifndef SHA1_ASM + static +-#endif +-void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); ++# endif ++void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); + + #else + # error "Either SHA_0 or SHA_1 must be defined." +@@ -122,78 +122,73 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); + #define INIT_DATA_h3 0x10325476UL + #define INIT_DATA_h4 0xc3d2e1f0UL + +-#if defined(SHA_0) && defined(OPENSSL_FIPS) +-FIPS_NON_FIPS_MD_Init(SHA) ++#ifdef SHA_0 ++fips_md_init(SHA) + #else +-int HASH_INIT (SHA_CTX *c) +-#endif +- { +-#if defined(SHA_1) && defined(OPENSSL_FIPS) +- FIPS_selftest_check(); ++fips_md_init_ctx(SHA1, SHA) + #endif +- c->h0=INIT_DATA_h0; +- c->h1=INIT_DATA_h1; +- c->h2=INIT_DATA_h2; +- c->h3=INIT_DATA_h3; +- c->h4=INIT_DATA_h4; +- c->Nl=0; +- c->Nh=0; +- c->num=0; +- return 1; +- } +- +-#define K_00_19 0x5a827999UL ++{ ++ memset(c, 0, sizeof(*c)); ++ c->h0 = INIT_DATA_h0; ++ c->h1 = INIT_DATA_h1; ++ c->h2 = INIT_DATA_h2; ++ c->h3 = INIT_DATA_h3; ++ c->h4 = INIT_DATA_h4; ++ return 1; ++} ++ ++#define K_00_19 0x5a827999UL + #define K_20_39 0x6ed9eba1UL + #define K_40_59 0x8f1bbcdcUL + #define K_60_79 0xca62c1d6UL + +-/* As pointed out by Wei Dai , F() below can be +- * simplified to the code in F_00_19. Wei attributes these optimisations +- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. +- * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) +- * I've just become aware of another tweak to be made, again from Wei Dai, +- * in F_40_59, (x&a)|(y&a) -> (x|y)&a ++/* ++ * As pointed out by Wei Dai , F() below can be simplified ++ * to the code in F_00_19. Wei attributes these optimisations to Peter ++ * Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define ++ * F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another ++ * tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a + */ +-#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +-#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) +-#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) +-#define F_60_79(b,c,d) F_20_39(b,c,d) ++#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) ++#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) ++#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) ++#define F_60_79(b,c,d) F_20_39(b,c,d) + + #ifndef OPENSSL_SMALL_FOOTPRINT + +-#define BODY_00_15(i,a,b,c,d,e,f,xi) \ +- (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ +- (b)=ROTATE((b),30); +- +-#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ +- Xupdate(f,xi,xa,xb,xc,xd); \ +- (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ +- (b)=ROTATE((b),30); +- +-#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ +- Xupdate(f,xi,xa,xb,xc,xd); \ +- (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ +- (b)=ROTATE((b),30); +- +-#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ +- Xupdate(f,xa,xa,xb,xc,xd); \ +- (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ +- (b)=ROTATE((b),30); +- +-#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ +- Xupdate(f,xa,xa,xb,xc,xd); \ +- (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ +- (b)=ROTATE((b),30); +- +-#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ +- Xupdate(f,xa,xa,xb,xc,xd); \ +- (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ +- (b)=ROTATE((b),30); +- +-#ifdef X +-#undef X +-#endif +-#ifndef MD32_XARRAY ++# define BODY_00_15(i,a,b,c,d,e,f,xi) \ ++ (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ ++ (b)=ROTATE((b),30); ++ ++# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ ++ Xupdate(f,xi,xa,xb,xc,xd); \ ++ (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ ++ (b)=ROTATE((b),30); ++ ++# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ ++ Xupdate(f,xi,xa,xb,xc,xd); \ ++ (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ ++ (b)=ROTATE((b),30); ++ ++# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ ++ Xupdate(f,xa,xa,xb,xc,xd); \ ++ (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ ++ (b)=ROTATE((b),30); ++ ++# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ ++ Xupdate(f,xa,xa,xb,xc,xd); \ ++ (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ ++ (b)=ROTATE((b),30); ++ ++# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ ++ Xupdate(f,xa,xa,xb,xc,xd); \ ++ (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ ++ (b)=ROTATE((b),30); ++ ++# ifdef X ++# undef X ++# endif ++# ifndef MD32_XARRAY + /* + * Originally X was an array. As it's automatic it's natural + * to expect RISC compiler to accomodate at least part of it in +@@ -201,246 +196,305 @@ int HASH_INIT (SHA_CTX *c) + * "find" this expectation reasonable:-( On order to make such + * compilers generate better code I replace X[] with a bunch of + * X0, X1, etc. See the function body below... +- * ++ * + */ +-# define X(i) XX##i +-#else ++# define X(i) XX##i ++# else + /* + * However! Some compilers (most notably HP C) get overwhelmed by + * that many local variables so that we have to have the way to + * fall down to the original behavior. + */ +-# define X(i) XX[i] +-#endif +- +-#if !defined(SHA_1) || !defined(SHA1_ASM) +-static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) +- { +- const unsigned char *data=p; +- register unsigned MD32_REG_T A,B,C,D,E,T,l; +-#ifndef MD32_XARRAY +- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, +- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; +-#else +- SHA_LONG XX[16]; +-#endif ++# define X(i) XX[i] ++# endif + +- A=c->h0; +- B=c->h1; +- C=c->h2; +- D=c->h3; +- E=c->h4; +- +- for (;;) +- { +- const union { long one; char little; } is_endian = {1}; +- +- if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0) +- { +- const SHA_LONG *W=(const SHA_LONG *)data; +- +- X( 0) = W[0]; X( 1) = W[ 1]; +- BODY_00_15( 0,A,B,C,D,E,T,X( 0)); X( 2) = W[ 2]; +- BODY_00_15( 1,T,A,B,C,D,E,X( 1)); X( 3) = W[ 3]; +- BODY_00_15( 2,E,T,A,B,C,D,X( 2)); X( 4) = W[ 4]; +- BODY_00_15( 3,D,E,T,A,B,C,X( 3)); X( 5) = W[ 5]; +- BODY_00_15( 4,C,D,E,T,A,B,X( 4)); X( 6) = W[ 6]; +- BODY_00_15( 5,B,C,D,E,T,A,X( 5)); X( 7) = W[ 7]; +- BODY_00_15( 6,A,B,C,D,E,T,X( 6)); X( 8) = W[ 8]; +- BODY_00_15( 7,T,A,B,C,D,E,X( 7)); X( 9) = W[ 9]; +- BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10]; +- BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11]; +- BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12]; +- BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13]; +- BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14]; +- BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15]; +- BODY_00_15(14,E,T,A,B,C,D,X(14)); +- BODY_00_15(15,D,E,T,A,B,C,X(15)); +- +- data += SHA_CBLOCK; +- } +- else +- { +- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; +- BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; +- BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; +- BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; +- BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; +- BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; +- BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; +- BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; +- BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; +- BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; +- BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; +- BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; +- BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; +- BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; +- BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; +- BODY_00_15(14,E,T,A,B,C,D,X(14)); +- BODY_00_15(15,D,E,T,A,B,C,X(15)); +- } +- +- BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); +- BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); +- BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); +- BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); +- +- BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); +- BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); +- BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); +- BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); +- BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5)); +- BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6)); +- BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7)); +- BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8)); +- BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9)); +- BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10)); +- BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11)); +- BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12)); +- +- BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); +- BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); +- BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); +- BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); +- BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); +- BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); +- BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); +- BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); +- +- BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); +- BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); +- BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); +- BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); +- BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); +- BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); +- BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); +- BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); +- BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); +- BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); +- BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); +- BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); +- BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); +- BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); +- BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); +- BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); +- BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); +- BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); +- BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); +- BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); +- +- BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); +- BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); +- BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); +- BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); +- BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); +- BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); +- BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); +- BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); +- BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); +- BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); +- BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); +- BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); +- BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); +- BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); +- BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); +- BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); +- BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); +- BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); +- BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); +- BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); +- +- c->h0=(c->h0+E)&0xffffffffL; +- c->h1=(c->h1+T)&0xffffffffL; +- c->h2=(c->h2+A)&0xffffffffL; +- c->h3=(c->h3+B)&0xffffffffL; +- c->h4=(c->h4+C)&0xffffffffL; +- +- if (--num == 0) break; +- +- A=c->h0; +- B=c->h1; +- C=c->h2; +- D=c->h3; +- E=c->h4; +- +- } +- } +-#endif ++# if !defined(SHA_1) || !defined(SHA1_ASM) ++static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) ++{ ++ const unsigned char *data = p; ++ register unsigned MD32_REG_T A, B, C, D, E, T, l; ++# ifndef MD32_XARRAY ++ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, ++ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; ++# else ++ SHA_LONG XX[16]; ++# endif ++ ++ A = c->h0; ++ B = c->h1; ++ C = c->h2; ++ D = c->h3; ++ E = c->h4; ++ ++ for (;;) { ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++ if (!is_endian.little && sizeof(SHA_LONG) == 4 ++ && ((size_t)p % 4) == 0) { ++ const SHA_LONG *W = (const SHA_LONG *)data; ++ ++ X(0) = W[0]; ++ X(1) = W[1]; ++ BODY_00_15(0, A, B, C, D, E, T, X(0)); ++ X(2) = W[2]; ++ BODY_00_15(1, T, A, B, C, D, E, X(1)); ++ X(3) = W[3]; ++ BODY_00_15(2, E, T, A, B, C, D, X(2)); ++ X(4) = W[4]; ++ BODY_00_15(3, D, E, T, A, B, C, X(3)); ++ X(5) = W[5]; ++ BODY_00_15(4, C, D, E, T, A, B, X(4)); ++ X(6) = W[6]; ++ BODY_00_15(5, B, C, D, E, T, A, X(5)); ++ X(7) = W[7]; ++ BODY_00_15(6, A, B, C, D, E, T, X(6)); ++ X(8) = W[8]; ++ BODY_00_15(7, T, A, B, C, D, E, X(7)); ++ X(9) = W[9]; ++ BODY_00_15(8, E, T, A, B, C, D, X(8)); ++ X(10) = W[10]; ++ BODY_00_15(9, D, E, T, A, B, C, X(9)); ++ X(11) = W[11]; ++ BODY_00_15(10, C, D, E, T, A, B, X(10)); ++ X(12) = W[12]; ++ BODY_00_15(11, B, C, D, E, T, A, X(11)); ++ X(13) = W[13]; ++ BODY_00_15(12, A, B, C, D, E, T, X(12)); ++ X(14) = W[14]; ++ BODY_00_15(13, T, A, B, C, D, E, X(13)); ++ X(15) = W[15]; ++ BODY_00_15(14, E, T, A, B, C, D, X(14)); ++ BODY_00_15(15, D, E, T, A, B, C, X(15)); ++ ++ data += SHA_CBLOCK; ++ } else { ++ (void)HOST_c2l(data, l); ++ X(0) = l; ++ (void)HOST_c2l(data, l); ++ X(1) = l; ++ BODY_00_15(0, A, B, C, D, E, T, X(0)); ++ (void)HOST_c2l(data, l); ++ X(2) = l; ++ BODY_00_15(1, T, A, B, C, D, E, X(1)); ++ (void)HOST_c2l(data, l); ++ X(3) = l; ++ BODY_00_15(2, E, T, A, B, C, D, X(2)); ++ (void)HOST_c2l(data, l); ++ X(4) = l; ++ BODY_00_15(3, D, E, T, A, B, C, X(3)); ++ (void)HOST_c2l(data, l); ++ X(5) = l; ++ BODY_00_15(4, C, D, E, T, A, B, X(4)); ++ (void)HOST_c2l(data, l); ++ X(6) = l; ++ BODY_00_15(5, B, C, D, E, T, A, X(5)); ++ (void)HOST_c2l(data, l); ++ X(7) = l; ++ BODY_00_15(6, A, B, C, D, E, T, X(6)); ++ (void)HOST_c2l(data, l); ++ X(8) = l; ++ BODY_00_15(7, T, A, B, C, D, E, X(7)); ++ (void)HOST_c2l(data, l); ++ X(9) = l; ++ BODY_00_15(8, E, T, A, B, C, D, X(8)); ++ (void)HOST_c2l(data, l); ++ X(10) = l; ++ BODY_00_15(9, D, E, T, A, B, C, X(9)); ++ (void)HOST_c2l(data, l); ++ X(11) = l; ++ BODY_00_15(10, C, D, E, T, A, B, X(10)); ++ (void)HOST_c2l(data, l); ++ X(12) = l; ++ BODY_00_15(11, B, C, D, E, T, A, X(11)); ++ (void)HOST_c2l(data, l); ++ X(13) = l; ++ BODY_00_15(12, A, B, C, D, E, T, X(12)); ++ (void)HOST_c2l(data, l); ++ X(14) = l; ++ BODY_00_15(13, T, A, B, C, D, E, X(13)); ++ (void)HOST_c2l(data, l); ++ X(15) = l; ++ BODY_00_15(14, E, T, A, B, C, D, X(14)); ++ BODY_00_15(15, D, E, T, A, B, C, X(15)); ++ } ++ ++ BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13)); ++ BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14)); ++ BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15)); ++ BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0)); ++ ++ BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1)); ++ BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2)); ++ BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3)); ++ BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4)); ++ BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5)); ++ BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6)); ++ BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7)); ++ BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8)); ++ BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9)); ++ BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10)); ++ BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11)); ++ BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12)); ++ ++ BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13)); ++ BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14)); ++ BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15)); ++ BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0)); ++ BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1)); ++ BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2)); ++ BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3)); ++ BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4)); ++ ++ BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5)); ++ BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6)); ++ BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7)); ++ BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8)); ++ BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9)); ++ BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10)); ++ BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11)); ++ BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12)); ++ BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13)); ++ BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14)); ++ BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15)); ++ BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0)); ++ BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1)); ++ BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2)); ++ BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3)); ++ BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4)); ++ BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5)); ++ BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6)); ++ BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7)); ++ BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8)); ++ ++ BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9)); ++ BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10)); ++ BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11)); ++ BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12)); ++ BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13)); ++ BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14)); ++ BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15)); ++ BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0)); ++ BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1)); ++ BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2)); ++ BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3)); ++ BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4)); ++ BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5)); ++ BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6)); ++ BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7)); ++ BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8)); ++ BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9)); ++ BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10)); ++ BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11)); ++ BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12)); ++ ++ c->h0 = (c->h0 + E) & 0xffffffffL; ++ c->h1 = (c->h1 + T) & 0xffffffffL; ++ c->h2 = (c->h2 + A) & 0xffffffffL; ++ c->h3 = (c->h3 + B) & 0xffffffffL; ++ c->h4 = (c->h4 + C) & 0xffffffffL; ++ ++ if (--num == 0) ++ break; ++ ++ A = c->h0; ++ B = c->h1; ++ C = c->h2; ++ D = c->h3; ++ E = c->h4; ++ ++ } ++} ++# endif + +-#else /* OPENSSL_SMALL_FOOTPRINT */ +- +-#define BODY_00_15(xi) do { \ +- T=E+K_00_19+F_00_19(B,C,D); \ +- E=D, D=C, C=ROTATE(B,30), B=A; \ +- A=ROTATE(A,5)+T+xi; } while(0) +- +-#define BODY_16_19(xa,xb,xc,xd) do { \ +- Xupdate(T,xa,xa,xb,xc,xd); \ +- T+=E+K_00_19+F_00_19(B,C,D); \ +- E=D, D=C, C=ROTATE(B,30), B=A; \ +- A=ROTATE(A,5)+T; } while(0) +- +-#define BODY_20_39(xa,xb,xc,xd) do { \ +- Xupdate(T,xa,xa,xb,xc,xd); \ +- T+=E+K_20_39+F_20_39(B,C,D); \ +- E=D, D=C, C=ROTATE(B,30), B=A; \ +- A=ROTATE(A,5)+T; } while(0) +- +-#define BODY_40_59(xa,xb,xc,xd) do { \ +- Xupdate(T,xa,xa,xb,xc,xd); \ +- T+=E+K_40_59+F_40_59(B,C,D); \ +- E=D, D=C, C=ROTATE(B,30), B=A; \ +- A=ROTATE(A,5)+T; } while(0) +- +-#define BODY_60_79(xa,xb,xc,xd) do { \ +- Xupdate(T,xa,xa,xb,xc,xd); \ +- T=E+K_60_79+F_60_79(B,C,D); \ +- E=D, D=C, C=ROTATE(B,30), B=A; \ +- A=ROTATE(A,5)+T+xa; } while(0) +- +-#if !defined(SHA_1) || !defined(SHA1_ASM) +-static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) +- { +- const unsigned char *data=p; +- register unsigned MD32_REG_T A,B,C,D,E,T,l; +- int i; +- SHA_LONG X[16]; +- +- A=c->h0; +- B=c->h1; +- C=c->h2; +- D=c->h3; +- E=c->h4; +- +- for (;;) +- { +- for (i=0;i<16;i++) +- { HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); } +- for (i=0;i<4;i++) +- { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); } +- for (;i<24;i++) +- { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); } +- for (i=0;i<20;i++) +- { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } +- for (i=4;i<24;i++) +- { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } +- +- c->h0=(c->h0+A)&0xffffffffL; +- c->h1=(c->h1+B)&0xffffffffL; +- c->h2=(c->h2+C)&0xffffffffL; +- c->h3=(c->h3+D)&0xffffffffL; +- c->h4=(c->h4+E)&0xffffffffL; +- +- if (--num == 0) break; +- +- A=c->h0; +- B=c->h1; +- C=c->h2; +- D=c->h3; +- E=c->h4; +- +- } +- } +-#endif ++#else /* OPENSSL_SMALL_FOOTPRINT */ ++ ++# define BODY_00_15(xi) do { \ ++ T=E+K_00_19+F_00_19(B,C,D); \ ++ E=D, D=C, C=ROTATE(B,30), B=A; \ ++ A=ROTATE(A,5)+T+xi; } while(0) ++ ++# define BODY_16_19(xa,xb,xc,xd) do { \ ++ Xupdate(T,xa,xa,xb,xc,xd); \ ++ T+=E+K_00_19+F_00_19(B,C,D); \ ++ E=D, D=C, C=ROTATE(B,30), B=A; \ ++ A=ROTATE(A,5)+T; } while(0) ++ ++# define BODY_20_39(xa,xb,xc,xd) do { \ ++ Xupdate(T,xa,xa,xb,xc,xd); \ ++ T+=E+K_20_39+F_20_39(B,C,D); \ ++ E=D, D=C, C=ROTATE(B,30), B=A; \ ++ A=ROTATE(A,5)+T; } while(0) ++ ++# define BODY_40_59(xa,xb,xc,xd) do { \ ++ Xupdate(T,xa,xa,xb,xc,xd); \ ++ T+=E+K_40_59+F_40_59(B,C,D); \ ++ E=D, D=C, C=ROTATE(B,30), B=A; \ ++ A=ROTATE(A,5)+T; } while(0) ++ ++# define BODY_60_79(xa,xb,xc,xd) do { \ ++ Xupdate(T,xa,xa,xb,xc,xd); \ ++ T=E+K_60_79+F_60_79(B,C,D); \ ++ E=D, D=C, C=ROTATE(B,30), B=A; \ ++ A=ROTATE(A,5)+T+xa; } while(0) ++ ++# if !defined(SHA_1) || !defined(SHA1_ASM) ++static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) ++{ ++ const unsigned char *data = p; ++ register unsigned MD32_REG_T A, B, C, D, E, T, l; ++ int i; ++ SHA_LONG X[16]; ++ ++ A = c->h0; ++ B = c->h1; ++ C = c->h2; ++ D = c->h3; ++ E = c->h4; ++ ++ for (;;) { ++ for (i = 0; i < 16; i++) { ++ HOST_c2l(data, l); ++ X[i] = l; ++ BODY_00_15(X[i]); ++ } ++ for (i = 0; i < 4; i++) { ++ BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]); ++ } ++ for (; i < 24; i++) { ++ BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15], ++ X[(i + 13) & 15]); ++ } ++ for (i = 0; i < 20; i++) { ++ BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], ++ X[(i + 5) & 15]); ++ } ++ for (i = 4; i < 24; i++) { ++ BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], ++ X[(i + 5) & 15]); ++ } ++ ++ c->h0 = (c->h0 + A) & 0xffffffffL; ++ c->h1 = (c->h1 + B) & 0xffffffffL; ++ c->h2 = (c->h2 + C) & 0xffffffffL; ++ c->h3 = (c->h3 + D) & 0xffffffffL; ++ c->h4 = (c->h4 + E) & 0xffffffffL; ++ ++ if (--num == 0) ++ break; ++ ++ A = c->h0; ++ B = c->h1; ++ C = c->h2; ++ D = c->h3; ++ E = c->h4; ++ ++ } ++} ++# endif + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c +index c59f0bb..de437ac 100644 +--- a/Cryptlib/OpenSSL/crypto/stack/stack.c ++++ b/Cryptlib/OpenSSL/crypto/stack/stack.c +@@ -78,10 +78,9 @@ const char STACK_version[] = "Stack" OPENSSL_VERSION_PTEXT; + + #include + +-int (*sk_set_cmp_func +- (STACK * sk, int (*c) (const char *const *, const char *const *))) +- (const char *const *, const char *const *) { +- int (*old) (const char *const *, const char *const *) = sk->comp; ++int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *))) ++ (const void *, const void *) { ++ int (*old) (const void *, const void *) = sk->comp; + + if (sk->comp != c) + sk->sorted = 0; +@@ -90,9 +89,9 @@ int (*sk_set_cmp_func + return old; + } + +-STACK *sk_dup(STACK * sk) ++_STACK *sk_dup(_STACK *sk) + { +- STACK *ret; ++ _STACK *ret; + char **s; + + if ((ret = sk_new(sk->comp)) == NULL) +@@ -116,20 +115,53 @@ STACK *sk_dup(STACK * sk) + return (NULL); + } + +-STACK *sk_new_null(void) ++_STACK *sk_deep_copy(_STACK *sk, void *(*copy_func) (void *), ++ void (*free_func) (void *)) + { +- return sk_new((int (*)(const char *const *, const char *const *))0); ++ _STACK *ret; ++ int i; ++ ++ if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL) ++ return ret; ++ ret->comp = sk->comp; ++ ret->sorted = sk->sorted; ++ ret->num = sk->num; ++ ret->num_alloc = sk->num > MIN_NODES ? sk->num : MIN_NODES; ++ ret->data = OPENSSL_malloc(sizeof(char *) * ret->num_alloc); ++ if (ret->data == NULL) { ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ for (i = 0; i < ret->num_alloc; i++) ++ ret->data[i] = NULL; ++ ++ for (i = 0; i < ret->num; ++i) { ++ if (sk->data[i] == NULL) ++ continue; ++ if ((ret->data[i] = copy_func(sk->data[i])) == NULL) { ++ while (--i >= 0) ++ if (ret->data[i] != NULL) ++ free_func(ret->data[i]); ++ sk_free(ret); ++ return NULL; ++ } ++ } ++ return ret; + } + +-STACK *sk_new(int (*c) (const char *const *, const char *const *)) ++_STACK *sk_new_null(void) + { +- STACK *ret; ++ return sk_new((int (*)(const void *, const void *))0); ++} ++ ++_STACK *sk_new(int (*c) (const void *, const void *)) ++{ ++ _STACK *ret; + int i; + +- if ((ret = (STACK *) OPENSSL_malloc(sizeof(STACK))) == NULL) ++ if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL) + goto err; +- if ((ret->data = +- (char **)OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL) ++ if ((ret->data = OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL) + goto err; + for (i = 0; i < MIN_NODES; i++) + ret->data[i] = NULL; +@@ -144,16 +176,15 @@ STACK *sk_new(int (*c) (const char *const *, const char *const *)) + return (NULL); + } + +-int sk_insert(STACK * st, char *data, int loc) ++int sk_insert(_STACK *st, void *data, int loc) + { + char **s; + + if (st == NULL) + return 0; + if (st->num_alloc <= st->num + 1) { +- s = (char **)OPENSSL_realloc((char *)st->data, +- (unsigned int)sizeof(char *) * +- st->num_alloc * 2); ++ s = OPENSSL_realloc((char *)st->data, ++ (unsigned int)sizeof(char *) * st->num_alloc * 2); + if (s == NULL) + return (0); + st->data = s; +@@ -165,14 +196,14 @@ int sk_insert(STACK * st, char *data, int loc) + int i; + char **f, **t; + +- f = (char **)st->data; +- t = (char **)&(st->data[1]); ++ f = st->data; ++ t = &(st->data[1]); + for (i = st->num; i >= loc; i--) + t[i] = f[i]; + + #ifdef undef /* no memmove on sunos :-( */ +- memmove((char *)&(st->data[loc + 1]), +- (char *)&(st->data[loc]), sizeof(char *) * (st->num - loc)); ++ memmove(&(st->data[loc + 1]), ++ &(st->data[loc]), sizeof(char *) * (st->num - loc)); + #endif + st->data[loc] = data; + } +@@ -181,7 +212,7 @@ int sk_insert(STACK * st, char *data, int loc) + return (st->num); + } + +-char *sk_delete_ptr(STACK * st, char *p) ++void *sk_delete_ptr(_STACK *st, void *p) + { + int i; + +@@ -191,7 +222,7 @@ char *sk_delete_ptr(STACK * st, char *p) + return (NULL); + } + +-char *sk_delete(STACK * st, int loc) ++void *sk_delete(_STACK *st, int loc) + { + char *ret; + int i, j; +@@ -213,11 +244,11 @@ char *sk_delete(STACK * st, int loc) + return (ret); + } + +-static int internal_find(STACK * st, char *data, int ret_val_options) ++static int internal_find(_STACK *st, void *data, int ret_val_options) + { +- char **r; ++ const void *const *r; + int i; +- int (*comp_func) (const void *, const void *); ++ + if (st == NULL) + return -1; + +@@ -230,44 +261,34 @@ static int internal_find(STACK * st, char *data, int ret_val_options) + sk_sort(st); + if (data == NULL) + return (-1); +- /* +- * This (and the "qsort" below) are the two places in OpenSSL where we +- * need to convert from our standard (type **,type **) compare callback +- * type to the (void *,void *) type required by bsearch. However, the +- * "data" it is being called(back) with are not (type *) pointers, but +- * the *pointers* to (type *) pointers, so we get our extra level of +- * pointer dereferencing that way. +- */ +- comp_func = (int (*)(const void *, const void *))(st->comp); +- r = (char **)OBJ_bsearch_ex((char *)&data, (char *)st->data, +- st->num, sizeof(char *), comp_func, +- ret_val_options); ++ r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp, ++ ret_val_options); + if (r == NULL) + return (-1); +- return ((int)(r - st->data)); ++ return (int)((char **)r - st->data); + } + +-int sk_find(STACK * st, char *data) ++int sk_find(_STACK *st, void *data) + { + return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); + } + +-int sk_find_ex(STACK * st, char *data) ++int sk_find_ex(_STACK *st, void *data) + { + return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); + } + +-int sk_push(STACK * st, char *data) ++int sk_push(_STACK *st, void *data) + { + return (sk_insert(st, data, st->num)); + } + +-int sk_unshift(STACK * st, char *data) ++int sk_unshift(_STACK *st, void *data) + { + return (sk_insert(st, data, 0)); + } + +-char *sk_shift(STACK * st) ++void *sk_shift(_STACK *st) + { + if (st == NULL) + return (NULL); +@@ -276,7 +297,7 @@ char *sk_shift(STACK * st) + return (sk_delete(st, 0)); + } + +-char *sk_pop(STACK * st) ++void *sk_pop(_STACK *st) + { + if (st == NULL) + return (NULL); +@@ -285,17 +306,17 @@ char *sk_pop(STACK * st) + return (sk_delete(st, st->num - 1)); + } + +-void sk_zero(STACK * st) ++void sk_zero(_STACK *st) + { + if (st == NULL) + return; + if (st->num <= 0) + return; +- memset((char *)st->data, 0, sizeof(st->data) * st->num); ++ memset((char *)st->data, 0, sizeof(*st->data) * st->num); + st->num = 0; + } + +-void sk_pop_free(STACK * st, void (*func) (void *)) ++void sk_pop_free(_STACK *st, void (*func) (void *)) + { + int i; + +@@ -307,7 +328,7 @@ void sk_pop_free(STACK * st, void (*func) (void *)) + sk_free(st); + } + +-void sk_free(STACK * st) ++void sk_free(_STACK *st) + { + if (st == NULL) + return; +@@ -316,28 +337,28 @@ void sk_free(STACK * st) + OPENSSL_free(st); + } + +-int sk_num(const STACK * st) ++int sk_num(const _STACK *st) + { + if (st == NULL) + return -1; + return st->num; + } + +-char *sk_value(const STACK * st, int i) ++void *sk_value(const _STACK *st, int i) + { + if (!st || (i < 0) || (i >= st->num)) + return NULL; + return st->data[i]; + } + +-char *sk_set(STACK * st, int i, char *value) ++void *sk_set(_STACK *st, int i, void *value) + { + if (!st || (i < 0) || (i >= st->num)) + return NULL; + return (st->data[i] = value); + } + +-void sk_sort(STACK * st) ++void sk_sort(_STACK *st) + { + if (st && !st->sorted) { + int (*comp_func) (const void *, const void *); +@@ -355,7 +376,7 @@ void sk_sort(STACK * st) + } + } + +-int sk_is_sorted(const STACK * st) ++int sk_is_sorted(const _STACK *st) + { + if (!st) + return 1; +diff --git a/Cryptlib/OpenSSL/crypto/store/str_err.c b/Cryptlib/OpenSSL/crypto/store/str_err.c +deleted file mode 100644 +index fb03c53..0000000 +--- a/Cryptlib/OpenSSL/crypto/store/str_err.c ++++ /dev/null +@@ -1,258 +0,0 @@ +-/* crypto/store/str_err.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* +- * NOTE: this file was auto generated by the mkerr.pl script: any changes +- * made to it will be overwritten when the script next updates this file, +- * only reason strings will be preserved. +- */ +- +-#include +-#include +-#include +- +-/* BEGIN ERROR CODES */ +-#ifndef OPENSSL_NO_ERR +- +-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0) +-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason) +- +-static ERR_STRING_DATA STORE_str_functs[] = { +- {ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"}, +- {ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"}, +- {ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"}, +- {ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"}, +- {ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"}, +- {ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"}, +- {ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR), +- "STORE_ATTR_INFO_get0_cstr"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), +- "STORE_ATTR_INFO_get0_number"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR), +- "STORE_ATTR_INFO_get0_sha1str"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), +- "STORE_ATTR_INFO_modify_cstr"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN), +- "STORE_ATTR_INFO_modify_dn"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER), +- "STORE_ATTR_INFO_modify_number"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR), +- "STORE_ATTR_INFO_modify_sha1str"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR), "STORE_ATTR_INFO_set_cstr"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN), "STORE_ATTR_INFO_set_dn"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER), +- "STORE_ATTR_INFO_set_number"}, +- {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), +- "STORE_ATTR_INFO_set_sha1str"}, +- {ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"}, +- {ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"}, +- {ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"}, +- {ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"}, +- {ERR_FUNC(STORE_F_STORE_DELETE_CRL), "STORE_delete_crl"}, +- {ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"}, +- {ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY), "STORE_delete_private_key"}, +- {ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY), "STORE_delete_public_key"}, +- {ERR_FUNC(STORE_F_STORE_GENERATE_CRL), "STORE_generate_crl"}, +- {ERR_FUNC(STORE_F_STORE_GENERATE_KEY), "STORE_generate_key"}, +- {ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"}, +- {ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE), "STORE_get_certificate"}, +- {ERR_FUNC(STORE_F_STORE_GET_CRL), "STORE_get_crl"}, +- {ERR_FUNC(STORE_F_STORE_GET_NUMBER), "STORE_get_number"}, +- {ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY), "STORE_get_private_key"}, +- {ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY), "STORE_get_public_key"}, +- {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END), +- "STORE_list_certificate_end"}, +- {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), +- "STORE_list_certificate_endp"}, +- {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), +- "STORE_list_certificate_next"}, +- {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START), +- "STORE_list_certificate_start"}, +- {ERR_FUNC(STORE_F_STORE_LIST_CRL_END), "STORE_list_crl_end"}, +- {ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"}, +- {ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"}, +- {ERR_FUNC(STORE_F_STORE_LIST_CRL_START), "STORE_list_crl_start"}, +- {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END), +- "STORE_list_private_key_end"}, +- {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), +- "STORE_list_private_key_endp"}, +- {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), +- "STORE_list_private_key_next"}, +- {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START), +- "STORE_list_private_key_start"}, +- {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END), +- "STORE_list_public_key_end"}, +- {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP), +- "STORE_list_public_key_endp"}, +- {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT), +- "STORE_list_public_key_next"}, +- {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), +- "STORE_list_public_key_start"}, +- {ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY), "STORE_modify_arbitrary"}, +- {ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE), "STORE_modify_certificate"}, +- {ERR_FUNC(STORE_F_STORE_MODIFY_CRL), "STORE_modify_crl"}, +- {ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"}, +- {ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY), "STORE_modify_private_key"}, +- {ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY), "STORE_modify_public_key"}, +- {ERR_FUNC(STORE_F_STORE_NEW_ENGINE), "STORE_new_engine"}, +- {ERR_FUNC(STORE_F_STORE_NEW_METHOD), "STORE_new_method"}, +- {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END), "STORE_parse_attrs_end"}, +- {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP), "STORE_parse_attrs_endp"}, +- {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT), "STORE_parse_attrs_next"}, +- {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START), "STORE_parse_attrs_start"}, +- {ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE), "STORE_revoke_certificate"}, +- {ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY), "STORE_revoke_private_key"}, +- {ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY), "STORE_revoke_public_key"}, +- {ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY), "STORE_store_arbitrary"}, +- {ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE), "STORE_store_certificate"}, +- {ERR_FUNC(STORE_F_STORE_STORE_CRL), "STORE_store_crl"}, +- {ERR_FUNC(STORE_F_STORE_STORE_NUMBER), "STORE_store_number"}, +- {ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY), "STORE_store_private_key"}, +- {ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY), "STORE_store_public_key"}, +- {0, NULL} +-}; +- +-static ERR_STRING_DATA STORE_str_reasons[] = { +- {ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE), "already has a value"}, +- {ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY), +- "failed deleting arbitrary"}, +- {ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE), +- "failed deleting certificate"}, +- {ERR_REASON(STORE_R_FAILED_DELETING_KEY), "failed deleting key"}, +- {ERR_REASON(STORE_R_FAILED_DELETING_NUMBER), "failed deleting number"}, +- {ERR_REASON(STORE_R_FAILED_GENERATING_CRL), "failed generating crl"}, +- {ERR_REASON(STORE_R_FAILED_GENERATING_KEY), "failed generating key"}, +- {ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY), +- "failed getting arbitrary"}, +- {ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE), +- "failed getting certificate"}, +- {ERR_REASON(STORE_R_FAILED_GETTING_KEY), "failed getting key"}, +- {ERR_REASON(STORE_R_FAILED_GETTING_NUMBER), "failed getting number"}, +- {ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES), +- "failed listing certificates"}, +- {ERR_REASON(STORE_R_FAILED_LISTING_KEYS), "failed listing keys"}, +- {ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY), +- "failed modifying arbitrary"}, +- {ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE), +- "failed modifying certificate"}, +- {ERR_REASON(STORE_R_FAILED_MODIFYING_CRL), "failed modifying crl"}, +- {ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER), "failed modifying number"}, +- {ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY), +- "failed modifying private key"}, +- {ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY), +- "failed modifying public key"}, +- {ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE), +- "failed revoking certificate"}, +- {ERR_REASON(STORE_R_FAILED_REVOKING_KEY), "failed revoking key"}, +- {ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY), +- "failed storing arbitrary"}, +- {ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE), +- "failed storing certificate"}, +- {ERR_REASON(STORE_R_FAILED_STORING_KEY), "failed storing key"}, +- {ERR_REASON(STORE_R_FAILED_STORING_NUMBER), "failed storing number"}, +- {ERR_REASON(STORE_R_NOT_IMPLEMENTED), "not implemented"}, +- {ERR_REASON(STORE_R_NO_CONTROL_FUNCTION), "no control function"}, +- {ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION), +- "no delete arbitrary function"}, +- {ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION), +- "no delete number function"}, +- {ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION), +- "no delete object function"}, +- {ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION), +- "no generate crl function"}, +- {ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION), +- "no generate object function"}, +- {ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION), +- "no get object arbitrary function"}, +- {ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION), "no get object function"}, +- {ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION), +- "no get object number function"}, +- {ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION), +- "no list object endp function"}, +- {ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION), +- "no list object end function"}, +- {ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION), +- "no list object next function"}, +- {ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION), +- "no list object start function"}, +- {ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION), +- "no modify object function"}, +- {ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION), +- "no revoke object function"}, +- {ERR_REASON(STORE_R_NO_STORE), "no store"}, +- {ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION), +- "no store object arbitrary function"}, +- {ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION), +- "no store object function"}, +- {ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION), +- "no store object number function"}, +- {ERR_REASON(STORE_R_NO_VALUE), "no value"}, +- {0, NULL} +-}; +- +-#endif +- +-void ERR_load_STORE_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- +- if (ERR_func_error_string(STORE_str_functs[0].error) == NULL) { +- ERR_load_strings(0, STORE_str_functs); +- ERR_load_strings(0, STORE_str_reasons); +- } +-#endif +-} +diff --git a/Cryptlib/OpenSSL/crypto/store/str_lib.c b/Cryptlib/OpenSSL/crypto/store/str_lib.c +deleted file mode 100644 +index c968319..0000000 +--- a/Cryptlib/OpenSSL/crypto/store/str_lib.c ++++ /dev/null +@@ -1,1771 +0,0 @@ +-/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */ +-/* +- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project +- * 2003. +- */ +-/* ==================================================================== +- * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include +-#include +-#ifndef OPENSSL_NO_ENGINE +-# include +-#endif +-#include +-#include +-#include "str_locl.h" +- +-const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = { +- 0, +- "X.509 Certificate", +- "X.509 CRL", +- "Private Key", +- "Public Key", +- "Number", +- "Arbitrary Data" +-}; +- +-const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = { +- 0, +- sizeof(int), /* EVP_TYPE */ +- sizeof(size_t), /* BITS */ +- -1, /* KEY_PARAMETERS */ +- 0 /* KEY_NO_PARAMETERS */ +-}; +- +-const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = { +- 0, +- -1, /* FRIENDLYNAME: C string */ +- SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ +- SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ +- SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ +- SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ +- sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ +- sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ +- sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */ +- SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */ +- -1, /* EMAIL: C string */ +- -1, /* FILENAME: C string */ +-}; +- +-STORE *STORE_new_method(const STORE_METHOD *method) +-{ +- STORE *ret; +- +- if (method == NULL) { +- STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- +- ret = (STORE *)OPENSSL_malloc(sizeof(STORE)); +- if (ret == NULL) { +- STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- ret->meth = method; +- +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); +- if (ret->meth->init && !ret->meth->init(ret)) { +- STORE_free(ret); +- ret = NULL; +- } +- return ret; +-} +- +-STORE *STORE_new_engine(ENGINE *engine) +-{ +- STORE *ret = NULL; +- ENGINE *e = engine; +- const STORE_METHOD *meth = 0; +- +-#ifdef OPENSSL_NO_ENGINE +- e = NULL; +-#else +- if (engine) { +- if (!ENGINE_init(engine)) { +- STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); +- return NULL; +- } +- e = engine; +- } else { +- STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (e) { +- meth = ENGINE_get_STORE(e); +- if (!meth) { +- STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); +- ENGINE_finish(e); +- return NULL; +- } +- } +-#endif +- +- ret = STORE_new_method(meth); +- if (ret == NULL) { +- STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB); +- return NULL; +- } +- +- ret->engine = e; +- +- return (ret); +-} +- +-void STORE_free(STORE *store) +-{ +- if (store == NULL) +- return; +- if (store->meth->clean) +- store->meth->clean(store); +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data); +- OPENSSL_free(store); +-} +- +-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void)) +-{ +- if (store == NULL) { +- STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (store->meth->ctrl) +- return store->meth->ctrl(store, cmd, i, p, f); +- STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION); +- return 0; +-} +- +-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +-{ +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, +- new_func, dup_func, free_func); +-} +- +-int STORE_set_ex_data(STORE *r, int idx, void *arg) +-{ +- return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); +-} +- +-void *STORE_get_ex_data(STORE *r, int idx) +-{ +- return (CRYPTO_get_ex_data(&r->ex_data, idx)); +-} +- +-const STORE_METHOD *STORE_get_method(STORE *store) +-{ +- return store->meth; +-} +- +-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) +-{ +- store->meth = meth; +- return store->meth; +-} +- +-/* API helpers */ +- +-#define check_store(s,fncode,fnname,fnerrcode) \ +- do \ +- { \ +- if ((s) == NULL || (s)->meth == NULL) \ +- { \ +- STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ +- return 0; \ +- } \ +- if ((s)->meth->fnname == NULL) \ +- { \ +- STOREerr((fncode), (fnerrcode)); \ +- return 0; \ +- } \ +- } \ +- while(0) +- +-/* API functions */ +- +-X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- X509 *x; +- +- check_store(s, STORE_F_STORE_GET_CERTIFICATE, +- get_object, STORE_R_NO_GET_OBJECT_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- attributes, parameters); +- if (!object || !object->data.x509.certificate) { +- STOREerr(STORE_F_STORE_GET_CERTIFICATE, +- STORE_R_FAILED_GETTING_CERTIFICATE); +- return 0; +- } +- CRYPTO_add(&object->data.x509.certificate->references, 1, +- CRYPTO_LOCK_X509); +-#ifdef REF_PRINT +- REF_PRINT("X509", data); +-#endif +- x = object->data.x509.certificate; +- STORE_OBJECT_free(object); +- return x; +-} +- +-int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- int i; +- +- check_store(s, STORE_F_STORE_CERTIFICATE, +- store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) { +- STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509); +-#ifdef REF_PRINT +- REF_PRINT("X509", data); +-#endif +- object->data.x509.certificate = data; +- +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- object, attributes, parameters); +- +- STORE_OBJECT_free(object); +- +- if (!i) { +- STOREerr(STORE_F_STORE_STORE_CERTIFICATE, +- STORE_R_FAILED_STORING_CERTIFICATE); +- return 0; +- } +- return 1; +-} +- +-int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE, +- modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- search_attributes, add_attributes, +- modify_attributes, delete_attributes, +- parameters)) { +- STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE, +- STORE_R_FAILED_MODIFYING_CERTIFICATE); +- return 0; +- } +- return 1; +-} +- +-int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE, +- revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION); +- +- if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- attributes, parameters)) { +- STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, +- STORE_R_FAILED_REVOKING_CERTIFICATE); +- return 0; +- } +- return 1; +-} +- +-int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_DELETE_CERTIFICATE, +- delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- attributes, parameters)) { +- STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, +- STORE_R_FAILED_DELETING_CERTIFICATE); +- return 0; +- } +- return 1; +-} +- +-void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- void *handle; +- +- check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START, +- list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); +- +- handle = s->meth->list_object_start(s, +- STORE_OBJECT_TYPE_X509_CERTIFICATE, +- attributes, parameters); +- if (!handle) { +- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, +- STORE_R_FAILED_LISTING_CERTIFICATES); +- return 0; +- } +- return handle; +-} +- +-X509 *STORE_list_certificate_next(STORE *s, void *handle) +-{ +- STORE_OBJECT *object; +- X509 *x; +- +- check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT, +- list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); +- +- object = s->meth->list_object_next(s, handle); +- if (!object || !object->data.x509.certificate) { +- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT, +- STORE_R_FAILED_LISTING_CERTIFICATES); +- return 0; +- } +- CRYPTO_add(&object->data.x509.certificate->references, 1, +- CRYPTO_LOCK_X509); +-#ifdef REF_PRINT +- REF_PRINT("X509", data); +-#endif +- x = object->data.x509.certificate; +- STORE_OBJECT_free(object); +- return x; +-} +- +-int STORE_list_certificate_end(STORE *s, void *handle) +-{ +- check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END, +- list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); +- +- if (!s->meth->list_object_end(s, handle)) { +- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END, +- STORE_R_FAILED_LISTING_CERTIFICATES); +- return 0; +- } +- return 1; +-} +- +-int STORE_list_certificate_endp(STORE *s, void *handle) +-{ +- check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP, +- list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); +- +- if (!s->meth->list_object_endp(s, handle)) { +- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP, +- STORE_R_FAILED_LISTING_CERTIFICATES); +- return 0; +- } +- return 1; +-} +- +-EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s, STORE_F_STORE_GENERATE_KEY, +- generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION); +- +- object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters); +- if (!object || !object->data.key) { +- STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY); +- return 0; +- } +- CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); +-#ifdef REF_PRINT +- REF_PRINT("EVP_PKEY", data); +-#endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +-} +- +-EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s, STORE_F_STORE_GET_PRIVATE_KEY, +- get_object, STORE_R_NO_GET_OBJECT_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters); +- if (!object || !object->data.key || !object->data.key) { +- STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY); +- return 0; +- } +- CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); +-#ifdef REF_PRINT +- REF_PRINT("EVP_PKEY", data); +-#endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +-} +- +-int STORE_store_private_key(STORE *s, EVP_PKEY *data, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- int i; +- +- check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY, +- store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) { +- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- object->data.key = EVP_PKEY_new(); +- if (!object->data.key) { +- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY); +-#ifdef REF_PRINT +- REF_PRINT("EVP_PKEY", data); +-#endif +- object->data.key = data; +- +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, +- attributes, parameters); +- +- STORE_OBJECT_free(object); +- +- if (!i) { +- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY); +- return 0; +- } +- return i; +-} +- +-int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY, +- modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- search_attributes, add_attributes, +- modify_attributes, delete_attributes, +- parameters)) { +- STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY, +- STORE_R_FAILED_MODIFYING_PRIVATE_KEY); +- return 0; +- } +- return 1; +-} +- +-int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- int i; +- +- check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY, +- revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION); +- +- i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters); +- +- if (!i) { +- STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY, +- STORE_R_FAILED_REVOKING_KEY); +- return 0; +- } +- return i; +-} +- +-int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY, +- delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters)) { +- STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, +- STORE_R_FAILED_DELETING_KEY); +- return 0; +- } +- return 1; +-} +- +-void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- void *handle; +- +- check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START, +- list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); +- +- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters); +- if (!handle) { +- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return handle; +-} +- +-EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle) +-{ +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, +- list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); +- +- object = s->meth->list_object_next(s, handle); +- if (!object || !object->data.key || !object->data.key) { +- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); +-#ifdef REF_PRINT +- REF_PRINT("EVP_PKEY", data); +-#endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +-} +- +-int STORE_list_private_key_end(STORE *s, void *handle) +-{ +- check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END, +- list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); +- +- if (!s->meth->list_object_end(s, handle)) { +- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +-} +- +-int STORE_list_private_key_endp(STORE *s, void *handle) +-{ +- check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, +- list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); +- +- if (!s->meth->list_object_endp(s, handle)) { +- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +-} +- +-EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s, STORE_F_STORE_GET_PUBLIC_KEY, +- get_object, STORE_R_NO_GET_OBJECT_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- attributes, parameters); +- if (!object || !object->data.key || !object->data.key) { +- STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY); +- return 0; +- } +- CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); +-#ifdef REF_PRINT +- REF_PRINT("EVP_PKEY", data); +-#endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +-} +- +-int STORE_store_public_key(STORE *s, EVP_PKEY *data, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- int i; +- +- check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY, +- store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) { +- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- object->data.key = EVP_PKEY_new(); +- if (!object->data.key) { +- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY); +-#ifdef REF_PRINT +- REF_PRINT("EVP_PKEY", data); +-#endif +- object->data.key = data; +- +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, +- attributes, parameters); +- +- STORE_OBJECT_free(object); +- +- if (!i) { +- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY); +- return 0; +- } +- return i; +-} +- +-int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY, +- modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- search_attributes, add_attributes, +- modify_attributes, delete_attributes, +- parameters)) { +- STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY, +- STORE_R_FAILED_MODIFYING_PUBLIC_KEY); +- return 0; +- } +- return 1; +-} +- +-int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- int i; +- +- check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY, +- revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION); +- +- i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- attributes, parameters); +- +- if (!i) { +- STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY, +- STORE_R_FAILED_REVOKING_KEY); +- return 0; +- } +- return i; +-} +- +-int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY, +- delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- attributes, parameters)) { +- STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, +- STORE_R_FAILED_DELETING_KEY); +- return 0; +- } +- return 1; +-} +- +-void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- void *handle; +- +- check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START, +- list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); +- +- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- attributes, parameters); +- if (!handle) { +- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return handle; +-} +- +-EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle) +-{ +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, +- list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); +- +- object = s->meth->list_object_next(s, handle); +- if (!object || !object->data.key || !object->data.key) { +- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); +-#ifdef REF_PRINT +- REF_PRINT("EVP_PKEY", data); +-#endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +-} +- +-int STORE_list_public_key_end(STORE *s, void *handle) +-{ +- check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END, +- list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); +- +- if (!s->meth->list_object_end(s, handle)) { +- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +-} +- +-int STORE_list_public_key_endp(STORE *s, void *handle) +-{ +- check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, +- list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); +- +- if (!s->meth->list_object_endp(s, handle)) { +- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +-} +- +-X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- X509_CRL *crl; +- +- check_store(s, STORE_F_STORE_GENERATE_CRL, +- generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION); +- +- object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, +- attributes, parameters); +- if (!object || !object->data.crl) { +- STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL); +- return 0; +- } +- CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); +-#ifdef REF_PRINT +- REF_PRINT("X509_CRL", data); +-#endif +- crl = object->data.crl; +- STORE_OBJECT_free(object); +- return crl; +-} +- +-X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- X509_CRL *crl; +- +- check_store(s, STORE_F_STORE_GET_CRL, +- get_object, STORE_R_NO_GET_OBJECT_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, +- attributes, parameters); +- if (!object || !object->data.crl) { +- STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY); +- return 0; +- } +- CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); +-#ifdef REF_PRINT +- REF_PRINT("X509_CRL", data); +-#endif +- crl = object->data.crl; +- STORE_OBJECT_free(object); +- return crl; +-} +- +-int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- int i; +- +- check_store(s, STORE_F_STORE_STORE_CRL, +- store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) { +- STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509_CRL); +-#ifdef REF_PRINT +- REF_PRINT("X509_CRL", data); +-#endif +- object->data.crl = data; +- +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, +- attributes, parameters); +- +- STORE_OBJECT_free(object); +- +- if (!i) { +- STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY); +- return 0; +- } +- return i; +-} +- +-int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_MODIFY_CRL, +- modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL, +- search_attributes, add_attributes, +- modify_attributes, delete_attributes, +- parameters)) { +- STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL); +- return 0; +- } +- return 1; +-} +- +-int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_DELETE_CRL, +- delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, +- attributes, parameters)) { +- STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY); +- return 0; +- } +- return 1; +-} +- +-void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- void *handle; +- +- check_store(s, STORE_F_STORE_LIST_CRL_START, +- list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); +- +- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, +- attributes, parameters); +- if (!handle) { +- STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return handle; +-} +- +-X509_CRL *STORE_list_crl_next(STORE *s, void *handle) +-{ +- STORE_OBJECT *object; +- X509_CRL *crl; +- +- check_store(s, STORE_F_STORE_LIST_CRL_NEXT, +- list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); +- +- object = s->meth->list_object_next(s, handle); +- if (!object || !object->data.crl) { +- STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); +-#ifdef REF_PRINT +- REF_PRINT("X509_CRL", data); +-#endif +- crl = object->data.crl; +- STORE_OBJECT_free(object); +- return crl; +-} +- +-int STORE_list_crl_end(STORE *s, void *handle) +-{ +- check_store(s, STORE_F_STORE_LIST_CRL_END, +- list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); +- +- if (!s->meth->list_object_end(s, handle)) { +- STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +-} +- +-int STORE_list_crl_endp(STORE *s, void *handle) +-{ +- check_store(s, STORE_F_STORE_LIST_CRL_ENDP, +- list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); +- +- if (!s->meth->list_object_endp(s, handle)) { +- STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +-} +- +-int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- int i; +- +- check_store(s, STORE_F_STORE_STORE_NUMBER, +- store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) { +- STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- object->data.number = data; +- +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, +- attributes, parameters); +- +- STORE_OBJECT_free(object); +- +- if (!i) { +- STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER); +- return 0; +- } +- return 1; +-} +- +-int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_MODIFY_NUMBER, +- modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER, +- search_attributes, add_attributes, +- modify_attributes, delete_attributes, +- parameters)) { +- STOREerr(STORE_F_STORE_MODIFY_NUMBER, +- STORE_R_FAILED_MODIFYING_NUMBER); +- return 0; +- } +- return 1; +-} +- +-BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- BIGNUM *n; +- +- check_store(s, STORE_F_STORE_GET_NUMBER, +- get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, +- parameters); +- if (!object || !object->data.number) { +- STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER); +- return 0; +- } +- n = object->data.number; +- object->data.number = NULL; +- STORE_OBJECT_free(object); +- return n; +-} +- +-int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_DELETE_NUMBER, +- delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, +- parameters)) { +- STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER); +- return 0; +- } +- return 1; +-} +- +-int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- int i; +- +- check_store(s, STORE_F_STORE_STORE_ARBITRARY, +- store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) { +- STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- object->data.arbitrary = data; +- +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, +- attributes, parameters); +- +- STORE_OBJECT_free(object); +- +- if (!i) { +- STOREerr(STORE_F_STORE_STORE_ARBITRARY, +- STORE_R_FAILED_STORING_ARBITRARY); +- return 0; +- } +- return 1; +-} +- +-int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_MODIFY_ARBITRARY, +- modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY, +- search_attributes, add_attributes, +- modify_attributes, delete_attributes, +- parameters)) { +- STOREerr(STORE_F_STORE_MODIFY_ARBITRARY, +- STORE_R_FAILED_MODIFYING_ARBITRARY); +- return 0; +- } +- return 1; +-} +- +-BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STORE_OBJECT *object; +- BUF_MEM *b; +- +- check_store(s, STORE_F_STORE_GET_ARBITRARY, +- get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, +- attributes, parameters); +- if (!object || !object->data.arbitrary) { +- STOREerr(STORE_F_STORE_GET_ARBITRARY, +- STORE_R_FAILED_GETTING_ARBITRARY); +- return 0; +- } +- b = object->data.arbitrary; +- object->data.arbitrary = NULL; +- STORE_OBJECT_free(object); +- return b; +-} +- +-int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- check_store(s, STORE_F_STORE_DELETE_ARBITRARY, +- delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes, +- parameters)) { +- STOREerr(STORE_F_STORE_DELETE_ARBITRARY, +- STORE_R_FAILED_DELETING_ARBITRARY); +- return 0; +- } +- return 1; +-} +- +-STORE_OBJECT *STORE_OBJECT_new(void) +-{ +- STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); +- if (object) +- memset(object, 0, sizeof(STORE_OBJECT)); +- return object; +-} +- +-void STORE_OBJECT_free(STORE_OBJECT *data) +-{ +- if (!data) +- return; +- switch (data->type) { +- case STORE_OBJECT_TYPE_X509_CERTIFICATE: +- X509_free(data->data.x509.certificate); +- break; +- case STORE_OBJECT_TYPE_X509_CRL: +- X509_CRL_free(data->data.crl); +- break; +- case STORE_OBJECT_TYPE_PRIVATE_KEY: +- case STORE_OBJECT_TYPE_PUBLIC_KEY: +- EVP_PKEY_free(data->data.key); +- break; +- case STORE_OBJECT_TYPE_NUMBER: +- BN_free(data->data.number); +- break; +- case STORE_OBJECT_TYPE_ARBITRARY: +- BUF_MEM_free(data->data.arbitrary); +- break; +- } +- OPENSSL_free(data); +-} +- +-IMPLEMENT_STACK_OF(STORE_OBJECT*) +- +-struct STORE_attr_info_st { +- unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8]; +- union { +- char *cstring; +- unsigned char *sha1string; +- X509_NAME *dn; +- BIGNUM *number; +- void *any; +- } values[STORE_ATTR_TYPE_NUM + 1]; +- size_t value_sizes[STORE_ATTR_TYPE_NUM + 1]; +-}; +- +-#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \ +- && ((a)->set[(i) / 8] & (1 << ((i) % 8)))) +-#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8))) +-#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8))) +- +-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void) +-{ +- return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO)); +-} +- +-static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code) +-{ +- if (ATTR_IS_SET(attrs, code)) { +- switch (code) { +- case STORE_ATTR_FRIENDLYNAME: +- case STORE_ATTR_EMAIL: +- case STORE_ATTR_FILENAME: +- STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0); +- break; +- case STORE_ATTR_KEYID: +- case STORE_ATTR_ISSUERKEYID: +- case STORE_ATTR_SUBJECTKEYID: +- case STORE_ATTR_ISSUERSERIALHASH: +- case STORE_ATTR_CERTHASH: +- STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0); +- break; +- case STORE_ATTR_ISSUER: +- case STORE_ATTR_SUBJECT: +- STORE_ATTR_INFO_modify_dn(attrs, code, NULL); +- break; +- case STORE_ATTR_SERIAL: +- STORE_ATTR_INFO_modify_number(attrs, code, NULL); +- break; +- default: +- break; +- } +- } +-} +- +-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs) +-{ +- if (attrs) { +- STORE_ATTR_TYPES i; +- for (i = 0; i++ < STORE_ATTR_TYPE_NUM;) +- STORE_ATTR_INFO_attr_free(attrs, i); +- OPENSSL_free(attrs); +- } +- return 1; +-} +- +-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, +- ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (ATTR_IS_SET(attrs, code)) +- return attrs->values[code].cstring; +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE); +- return NULL; +-} +- +-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, +- ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (ATTR_IS_SET(attrs, code)) +- return attrs->values[code].sha1string; +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE); +- return NULL; +-} +- +-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, +- ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (ATTR_IS_SET(attrs, code)) +- return attrs->values[code].dn; +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE); +- return NULL; +-} +- +-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, +- ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (ATTR_IS_SET(attrs, code)) +- return attrs->values[code].number; +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE); +- return NULL; +-} +- +-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- char *cstr, size_t cstr_size) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (!ATTR_IS_SET(attrs, code)) { +- if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size))) +- return 1; +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE); +- return 0; +-} +- +-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- unsigned char *sha1str, size_t sha1str_size) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (!ATTR_IS_SET(attrs, code)) { +- if ((attrs->values[code].sha1string = +- (unsigned char *)BUF_memdup(sha1str, sha1str_size))) +- return 1; +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, +- STORE_R_ALREADY_HAS_A_VALUE); +- return 0; +-} +- +-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- X509_NAME *dn) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (!ATTR_IS_SET(attrs, code)) { +- if ((attrs->values[code].dn = X509_NAME_dup(dn))) +- return 1; +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE); +- return 0; +-} +- +-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- BIGNUM *number) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (!ATTR_IS_SET(attrs, code)) { +- if ((attrs->values[code].number = BN_dup(number))) +- return 1; +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE); +- return 0; +-} +- +-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- char *cstr, size_t cstr_size) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (ATTR_IS_SET(attrs, code)) { +- OPENSSL_free(attrs->values[code].cstring); +- attrs->values[code].cstring = NULL; +- CLEAR_ATTRBIT(attrs, code); +- } +- return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size); +-} +- +-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code, +- unsigned char *sha1str, +- size_t sha1str_size) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (ATTR_IS_SET(attrs, code)) { +- OPENSSL_free(attrs->values[code].sha1string); +- attrs->values[code].sha1string = NULL; +- CLEAR_ATTRBIT(attrs, code); +- } +- return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size); +-} +- +-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- X509_NAME *dn) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (ATTR_IS_SET(attrs, code)) { +- OPENSSL_free(attrs->values[code].dn); +- attrs->values[code].dn = NULL; +- CLEAR_ATTRBIT(attrs, code); +- } +- return STORE_ATTR_INFO_set_dn(attrs, code, dn); +-} +- +-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code, BIGNUM *number) +-{ +- if (!attrs) { +- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (ATTR_IS_SET(attrs, code)) { +- OPENSSL_free(attrs->values[code].number); +- attrs->values[code].number = NULL; +- CLEAR_ATTRBIT(attrs, code); +- } +- return STORE_ATTR_INFO_set_number(attrs, code, number); +-} +- +-struct attr_list_ctx_st { +- OPENSSL_ITEM *attributes; +-}; +-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes) +-{ +- if (attributes) { +- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *) +- OPENSSL_malloc(sizeof(struct attr_list_ctx_st)); +- if (context) +- context->attributes = attributes; +- else +- STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE); +- return context; +- } +- STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +-} +- +-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) +-{ +- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; +- +- if (context && context->attributes) { +- STORE_ATTR_INFO *attrs = NULL; +- +- while (context->attributes +- && context->attributes->code != STORE_ATTR_OR +- && context->attributes->code != STORE_ATTR_END) { +- switch (context->attributes->code) { +- case STORE_ATTR_FRIENDLYNAME: +- case STORE_ATTR_EMAIL: +- case STORE_ATTR_FILENAME: +- if (!attrs) +- attrs = STORE_ATTR_INFO_new(); +- if (attrs == NULL) { +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- STORE_ATTR_INFO_set_cstr(attrs, +- context->attributes->code, +- context->attributes->value, +- context->attributes->value_size); +- break; +- case STORE_ATTR_KEYID: +- case STORE_ATTR_ISSUERKEYID: +- case STORE_ATTR_SUBJECTKEYID: +- case STORE_ATTR_ISSUERSERIALHASH: +- case STORE_ATTR_CERTHASH: +- if (!attrs) +- attrs = STORE_ATTR_INFO_new(); +- if (attrs == NULL) { +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- STORE_ATTR_INFO_set_sha1str(attrs, +- context->attributes->code, +- context->attributes->value, +- context->attributes->value_size); +- break; +- case STORE_ATTR_ISSUER: +- case STORE_ATTR_SUBJECT: +- if (!attrs) +- attrs = STORE_ATTR_INFO_new(); +- if (attrs == NULL) { +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- STORE_ATTR_INFO_modify_dn(attrs, +- context->attributes->code, +- context->attributes->value); +- break; +- case STORE_ATTR_SERIAL: +- if (!attrs) +- attrs = STORE_ATTR_INFO_new(); +- if (attrs == NULL) { +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- STORE_ATTR_INFO_modify_number(attrs, +- context->attributes->code, +- context->attributes->value); +- break; +- } +- context->attributes++; +- } +- if (context->attributes->code == STORE_ATTR_OR) +- context->attributes++; +- return attrs; +- err: +- while (context->attributes +- && context->attributes->code != STORE_ATTR_OR +- && context->attributes->code != STORE_ATTR_END) +- context->attributes++; +- if (context->attributes->code == STORE_ATTR_OR) +- context->attributes++; +- return NULL; +- } +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +-} +- +-int STORE_parse_attrs_end(void *handle) +-{ +- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; +- +- if (context && context->attributes) { +-#if 0 +- OPENSSL_ITEM *attributes = context->attributes; +-#endif +- OPENSSL_free(context); +- return 1; +- } +- STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +-} +- +-int STORE_parse_attrs_endp(void *handle) +-{ +- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; +- +- if (context && context->attributes) { +- return context->attributes->code == STORE_ATTR_END; +- } +- STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +-} +- +-static int attr_info_compare_compute_range(unsigned char *abits, +- unsigned char *bbits, +- unsigned int *alowp, +- unsigned int *ahighp, +- unsigned int *blowp, +- unsigned int *bhighp) +-{ +- unsigned int alow = (unsigned int)-1, ahigh = 0; +- unsigned int blow = (unsigned int)-1, bhigh = 0; +- int i, res = 0; +- +- for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) { +- if (res == 0) { +- if (*abits < *bbits) +- res = -1; +- if (*abits > *bbits) +- res = 1; +- } +- if (*abits) { +- if (alow == (unsigned int)-1) { +- alow = i * 8; +- if (!(*abits & 0x01)) +- alow++; +- if (!(*abits & 0x02)) +- alow++; +- if (!(*abits & 0x04)) +- alow++; +- if (!(*abits & 0x08)) +- alow++; +- if (!(*abits & 0x10)) +- alow++; +- if (!(*abits & 0x20)) +- alow++; +- if (!(*abits & 0x40)) +- alow++; +- } +- ahigh = i * 8 + 7; +- if (!(*abits & 0x80)) +- ahigh++; +- if (!(*abits & 0x40)) +- ahigh++; +- if (!(*abits & 0x20)) +- ahigh++; +- if (!(*abits & 0x10)) +- ahigh++; +- if (!(*abits & 0x08)) +- ahigh++; +- if (!(*abits & 0x04)) +- ahigh++; +- if (!(*abits & 0x02)) +- ahigh++; +- } +- if (*bbits) { +- if (blow == (unsigned int)-1) { +- blow = i * 8; +- if (!(*bbits & 0x01)) +- blow++; +- if (!(*bbits & 0x02)) +- blow++; +- if (!(*bbits & 0x04)) +- blow++; +- if (!(*bbits & 0x08)) +- blow++; +- if (!(*bbits & 0x10)) +- blow++; +- if (!(*bbits & 0x20)) +- blow++; +- if (!(*bbits & 0x40)) +- blow++; +- } +- bhigh = i * 8 + 7; +- if (!(*bbits & 0x80)) +- bhigh++; +- if (!(*bbits & 0x40)) +- bhigh++; +- if (!(*bbits & 0x20)) +- bhigh++; +- if (!(*bbits & 0x10)) +- bhigh++; +- if (!(*bbits & 0x08)) +- bhigh++; +- if (!(*bbits & 0x04)) +- bhigh++; +- if (!(*bbits & 0x02)) +- bhigh++; +- } +- } +- if (ahigh + alow < bhigh + blow) +- res = -1; +- if (ahigh + alow > bhigh + blow) +- res = 1; +- if (alowp) +- *alowp = alow; +- if (ahighp) +- *ahighp = ahigh; +- if (blowp) +- *blowp = blow; +- if (bhighp) +- *bhighp = bhigh; +- return res; +-} +- +-int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +-{ +- if (a == b) +- return 0; +- if (!a) +- return -1; +- if (!b) +- return 1; +- return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); +-} +- +-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +-{ +- unsigned int alow, ahigh, blow, bhigh; +- +- if (a == b) +- return 1; +- if (!a) +- return 0; +- if (!b) +- return 0; +- attr_info_compare_compute_range(a->set, b->set, +- &alow, &ahigh, &blow, &bhigh); +- if (alow >= blow && ahigh <= bhigh) +- return 1; +- return 0; +-} +- +-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +-{ +- unsigned char *abits, *bbits; +- int i; +- +- if (a == b) +- return 1; +- if (!a) +- return 0; +- if (!b) +- return 0; +- abits = a->set; +- bbits = b->set; +- for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) { +- if (*abits && (*bbits & *abits) != *abits) +- return 0; +- } +- return 1; +-} +- +-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +-{ +- STORE_ATTR_TYPES i; +- +- if (a == b) +- return 1; +- if (!STORE_ATTR_INFO_in(a, b)) +- return 0; +- for (i = 1; i < STORE_ATTR_TYPE_NUM; i++) +- if (ATTR_IS_SET(a, i)) { +- switch (i) { +- case STORE_ATTR_FRIENDLYNAME: +- case STORE_ATTR_EMAIL: +- case STORE_ATTR_FILENAME: +- if (strcmp(a->values[i].cstring, b->values[i].cstring)) +- return 0; +- break; +- case STORE_ATTR_KEYID: +- case STORE_ATTR_ISSUERKEYID: +- case STORE_ATTR_SUBJECTKEYID: +- case STORE_ATTR_ISSUERSERIALHASH: +- case STORE_ATTR_CERTHASH: +- if (memcmp(a->values[i].sha1string, +- b->values[i].sha1string, a->value_sizes[i])) +- return 0; +- break; +- case STORE_ATTR_ISSUER: +- case STORE_ATTR_SUBJECT: +- if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn)) +- return 0; +- break; +- case STORE_ATTR_SERIAL: +- if (BN_cmp(a->values[i].number, b->values[i].number)) +- return 0; +- break; +- default: +- break; +- } +- } +- +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/store/str_locl.h b/Cryptlib/OpenSSL/crypto/store/str_locl.h +deleted file mode 100644 +index 3f8cb75..0000000 +--- a/Cryptlib/OpenSSL/crypto/store/str_locl.h ++++ /dev/null +@@ -1,124 +0,0 @@ +-/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2003. +- */ +-/* ==================================================================== +- * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#ifndef HEADER_STORE_LOCL_H +-#define HEADER_STORE_LOCL_H +- +-#include +-#include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-struct store_method_st +- { +- char *name; +- +- /* All the functions return a positive integer or non-NULL for success +- and 0, a negative integer or NULL for failure */ +- +- /* Initialise the STORE with private data */ +- STORE_INITIALISE_FUNC_PTR init; +- /* Initialise the STORE with private data */ +- STORE_CLEANUP_FUNC_PTR clean; +- /* Generate an object of a given type */ +- STORE_GENERATE_OBJECT_FUNC_PTR generate_object; +- /* Get an object of a given type. This function isn't really very +- useful since the listing functions (below) can be used for the +- same purpose and are much more general. */ +- STORE_GET_OBJECT_FUNC_PTR get_object; +- /* Store an object of a given type. */ +- STORE_STORE_OBJECT_FUNC_PTR store_object; +- /* Modify the attributes bound to an object of a given type. */ +- STORE_MODIFY_OBJECT_FUNC_PTR modify_object; +- /* Revoke an object of a given type. */ +- STORE_HANDLE_OBJECT_FUNC_PTR revoke_object; +- /* Delete an object of a given type. */ +- STORE_HANDLE_OBJECT_FUNC_PTR delete_object; +- /* List a bunch of objects of a given type and with the associated +- attributes. */ +- STORE_START_OBJECT_FUNC_PTR list_object_start; +- STORE_NEXT_OBJECT_FUNC_PTR list_object_next; +- STORE_END_OBJECT_FUNC_PTR list_object_end; +- STORE_END_OBJECT_FUNC_PTR list_object_endp; +- /* Store-level function to make any necessary update operations. */ +- STORE_GENERIC_FUNC_PTR update_store; +- /* Store-level function to get exclusive access to the store. */ +- STORE_GENERIC_FUNC_PTR lock_store; +- /* Store-level function to release exclusive access to the store. */ +- STORE_GENERIC_FUNC_PTR unlock_store; +- +- /* Generic control function */ +- STORE_CTRL_FUNC_PTR ctrl; +- }; +- +-struct store_st +- { +- const STORE_METHOD *meth; +- /* functional reference if 'meth' is ENGINE-provided */ +- ENGINE *engine; +- +- CRYPTO_EX_DATA ex_data; +- int references; +- }; +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/store/str_mem.c b/Cryptlib/OpenSSL/crypto/store/str_mem.c +deleted file mode 100644 +index 99e5a21..0000000 +--- a/Cryptlib/OpenSSL/crypto/store/str_mem.c ++++ /dev/null +@@ -1,377 +0,0 @@ +-/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */ +-/* +- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project +- * 2003. +- */ +-/* ==================================================================== +- * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include +-#include "str_locl.h" +- +-/* +- * The memory store is currently highly experimental. It's meant to become a +- * base store used by other stores for internal caching (for full caching +- * support, aging needs to be added). +- * +- * The database use is meant to support as much attribute association as +- * possible, while providing for as small search ranges as possible. This is +- * currently provided for by sorting the entries by numbers that are composed +- * of bits set at the positions indicated by attribute type codes. This +- * provides for ranges determined by the highest attribute type code value. +- * A better idea might be to sort by values computed from the range of +- * attributes associated with the object (basically, the difference between +- * the highest and lowest attribute type code) and it's distance from a base +- * (basically, the lowest associated attribute type code). +- */ +- +-struct mem_object_data_st { +- STORE_OBJECT *object; +- STORE_ATTR_INFO *attr_info; +- int references; +-}; +- +-struct mem_data_st { +- /* +- * A stack of mem_object_data_st, +- * sorted with STORE_ATTR_INFO_compare(). +- */ +- STACK *data; +- /* +- * Currently unused, but can be used to add attributes from parts of the +- * data. +- */ +- unsigned int compute_components:1; +-}; +- +-struct mem_ctx_st { +- /* The type we're searching for */ +- int type; +- /* +- * Sets of attributes to search for. +- * Each element is a STORE_ATTR_INFO. +- */ +- STACK *search_attributes; +- /* +- * which of the search attributes we found a match +- * for, -1 when we still haven't found any +- */ +- int search_index; +- /* -1 as long as we're searching for the first */ +- int index; +-}; +- +-static int mem_init(STORE *s); +-static void mem_clean(STORE *s); +-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-static int mem_store(STORE *s, STORE_OBJECT_TYPES type, STORE_OBJECT *data, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]); +-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-static STORE_OBJECT *mem_list_next(STORE *s, void *handle); +-static int mem_list_end(STORE *s, void *handle); +-static int mem_list_endp(STORE *s, void *handle); +-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void)); +- +-static STORE_METHOD store_memory = { +- "OpenSSL memory store interface", +- mem_init, +- mem_clean, +- mem_generate, +- mem_get, +- mem_store, +- mem_modify, +- NULL, /* revoke */ +- mem_delete, +- mem_list_start, +- mem_list_next, +- mem_list_end, +- mem_list_endp, +- NULL, /* update */ +- mem_lock, +- mem_unlock, +- mem_ctrl +-}; +- +-const STORE_METHOD *STORE_Memory(void) +-{ +- return &store_memory; +-} +- +-static int mem_init(STORE *s) +-{ +- return 1; +-} +- +-static void mem_clean(STORE *s) +-{ +- return; +-} +- +-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); +- return 0; +-} +- +-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- void *context = mem_list_start(s, type, attributes, parameters); +- +- if (context) { +- STORE_OBJECT *object = mem_list_next(s, context); +- +- if (mem_list_end(s, context)) +- return object; +- } +- return NULL; +-} +- +-static int mem_store(STORE *s, STORE_OBJECT_TYPES type, +- STORE_OBJECT *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); +- return 0; +-} +- +-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED); +- return 0; +-} +- +-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) +-{ +- STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); +- return 0; +-} +- +-/* +- * The list functions may be the hardest to understand. Basically, +- * mem_list_start compiles a stack of attribute info elements, and puts that +- * stack into the context to be returned. mem_list_next will then find the +- * first matching element in the store, and then walk all the way to the end +- * of the store (since any combination of attribute bits above the starting +- * point may match the searched for bit pattern...). +- */ +-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- struct mem_ctx_st *context = +- (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); +- void *attribute_context = NULL; +- STORE_ATTR_INFO *attrs = NULL; +- +- if (!context) { +- STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- memset(context, 0, sizeof(struct mem_ctx_st)); +- +- attribute_context = STORE_parse_attrs_start(attributes); +- if (!attribute_context) { +- STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB); +- goto err; +- } +- +- while ((attrs = STORE_parse_attrs_next(attribute_context))) { +- if (context->search_attributes == NULL) { +- context->search_attributes = +- sk_new((int (*)(const char *const *, const char *const *)) +- STORE_ATTR_INFO_compare); +- if (!context->search_attributes) { +- STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- sk_push(context->search_attributes, (char *)attrs); +- } +- if (!STORE_parse_attrs_endp(attribute_context)) +- goto err; +- STORE_parse_attrs_end(attribute_context); +- context->search_index = -1; +- context->index = -1; +- return context; +- err: +- if (attribute_context) +- STORE_parse_attrs_end(attribute_context); +- mem_list_end(s, context); +- return NULL; +-} +- +-static STORE_OBJECT *mem_list_next(STORE *s, void *handle) +-{ +- int i; +- struct mem_ctx_st *context = (struct mem_ctx_st *)handle; +- struct mem_object_data_st key = { 0, 0, 1 }; +- struct mem_data_st *store = (struct mem_data_st *)STORE_get_ex_data(s, 1); +- int srch; +- int cres = 0; +- +- if (!context) { +- STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (!store) { +- STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE); +- return NULL; +- } +- +- if (context->search_index == -1) { +- for (i = 0; i < sk_num(context->search_attributes); i++) { +- key.attr_info = +- (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); +- srch = sk_find_ex(store->data, (char *)&key); +- +- if (srch >= 0) { +- context->search_index = srch; +- break; +- } +- } +- } +- if (context->search_index < 0) +- return NULL; +- +- key.attr_info = +- (STORE_ATTR_INFO *)sk_value(context->search_attributes, +- context->search_index); +- for (srch = context->search_index; srch < sk_num(store->data) +- && STORE_ATTR_INFO_in_range(key.attr_info, +- (STORE_ATTR_INFO *)sk_value(store->data, +- srch)) +- && !(cres = +- STORE_ATTR_INFO_in_ex(key.attr_info, +- (STORE_ATTR_INFO *)sk_value(store->data, +- srch))); +- srch++) ; +- +- context->search_index = srch; +- if (cres) +- return ((struct mem_object_data_st *)sk_value(store->data, +- srch))->object; +- return NULL; +-} +- +-static int mem_list_end(STORE *s, void *handle) +-{ +- struct mem_ctx_st *context = (struct mem_ctx_st *)handle; +- +- if (!context) { +- STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (context && context->search_attributes) +- sk_free(context->search_attributes); +- if (context) +- OPENSSL_free(context); +- return 1; +-} +- +-static int mem_list_endp(STORE *s, void *handle) +-{ +- struct mem_ctx_st *context = (struct mem_ctx_st *)handle; +- +- if (!context +- || context->search_index == sk_num(context->search_attributes)) +- return 1; +- return 0; +-} +- +-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- return 1; +-} +- +-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +-{ +- return 1; +-} +- +-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void)) +-{ +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/store/str_meth.c b/Cryptlib/OpenSSL/crypto/store/str_meth.c +deleted file mode 100644 +index d83a6de..0000000 +--- a/Cryptlib/OpenSSL/crypto/store/str_meth.c ++++ /dev/null +@@ -1,280 +0,0 @@ +-/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */ +-/* +- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project +- * 2003. +- */ +-/* ==================================================================== +- * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@openssl.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-#include +-#include +-#include "str_locl.h" +- +-STORE_METHOD *STORE_create_method(char *name) +-{ +- STORE_METHOD *store_method = +- (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD)); +- +- if (store_method) { +- memset(store_method, 0, sizeof(*store_method)); +- store_method->name = BUF_strdup(name); +- } +- return store_method; +-} +- +-/* +- * BIG FSCKING WARNING!!!! If you use this on a statically allocated method +- * (that is, it hasn't been allocated using STORE_create_method(), you +- * deserve anything Murphy can throw at you and more! You have been warned. +- */ +-void STORE_destroy_method(STORE_METHOD *store_method) +-{ +- if (!store_method) +- return; +- OPENSSL_free(store_method->name); +- store_method->name = NULL; +- OPENSSL_free(store_method); +-} +- +-int STORE_method_set_initialise_function(STORE_METHOD *sm, +- STORE_INITIALISE_FUNC_PTR init_f) +-{ +- sm->init = init_f; +- return 1; +-} +- +-int STORE_method_set_cleanup_function(STORE_METHOD *sm, +- STORE_CLEANUP_FUNC_PTR clean_f) +-{ +- sm->clean = clean_f; +- return 1; +-} +- +-int STORE_method_set_generate_function(STORE_METHOD *sm, +- STORE_GENERATE_OBJECT_FUNC_PTR +- generate_f) +-{ +- sm->generate_object = generate_f; +- return 1; +-} +- +-int STORE_method_set_get_function(STORE_METHOD *sm, +- STORE_GET_OBJECT_FUNC_PTR get_f) +-{ +- sm->get_object = get_f; +- return 1; +-} +- +-int STORE_method_set_store_function(STORE_METHOD *sm, +- STORE_STORE_OBJECT_FUNC_PTR store_f) +-{ +- sm->store_object = store_f; +- return 1; +-} +- +-int STORE_method_set_modify_function(STORE_METHOD *sm, +- STORE_MODIFY_OBJECT_FUNC_PTR modify_f) +-{ +- sm->modify_object = modify_f; +- return 1; +-} +- +-int STORE_method_set_revoke_function(STORE_METHOD *sm, +- STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) +-{ +- sm->revoke_object = revoke_f; +- return 1; +-} +- +-int STORE_method_set_delete_function(STORE_METHOD *sm, +- STORE_HANDLE_OBJECT_FUNC_PTR delete_f) +-{ +- sm->delete_object = delete_f; +- return 1; +-} +- +-int STORE_method_set_list_start_function(STORE_METHOD *sm, +- STORE_START_OBJECT_FUNC_PTR +- list_start_f) +-{ +- sm->list_object_start = list_start_f; +- return 1; +-} +- +-int STORE_method_set_list_next_function(STORE_METHOD *sm, +- STORE_NEXT_OBJECT_FUNC_PTR +- list_next_f) +-{ +- sm->list_object_next = list_next_f; +- return 1; +-} +- +-int STORE_method_set_list_end_function(STORE_METHOD *sm, +- STORE_END_OBJECT_FUNC_PTR list_end_f) +-{ +- sm->list_object_end = list_end_f; +- return 1; +-} +- +-int STORE_method_set_update_store_function(STORE_METHOD *sm, +- STORE_GENERIC_FUNC_PTR update_f) +-{ +- sm->update_store = update_f; +- return 1; +-} +- +-int STORE_method_set_lock_store_function(STORE_METHOD *sm, +- STORE_GENERIC_FUNC_PTR lock_f) +-{ +- sm->lock_store = lock_f; +- return 1; +-} +- +-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, +- STORE_GENERIC_FUNC_PTR unlock_f) +-{ +- sm->unlock_store = unlock_f; +- return 1; +-} +- +-int STORE_method_set_ctrl_function(STORE_METHOD *sm, +- STORE_CTRL_FUNC_PTR ctrl_f) +-{ +- sm->ctrl = ctrl_f; +- return 1; +-} +- +-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD +- *sm) +-{ +- return sm->init; +-} +- +-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm) +-{ +- return sm->clean; +-} +- +-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD +- *sm) +-{ +- return sm->generate_object; +-} +- +-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm) +-{ +- return sm->get_object; +-} +- +-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm) +-{ +- return sm->store_object; +-} +- +-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD +- *sm) +-{ +- return sm->modify_object; +-} +- +-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD +- *sm) +-{ +- return sm->revoke_object; +-} +- +-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD +- *sm) +-{ +- return sm->delete_object; +-} +- +-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD +- *sm) +-{ +- return sm->list_object_start; +-} +- +-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD +- *sm) +-{ +- return sm->list_object_next; +-} +- +-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm) +-{ +- return sm->list_object_end; +-} +- +-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD +- *sm) +-{ +- return sm->update_store; +-} +- +-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm) +-{ +- return sm->lock_store; +-} +- +-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD +- *sm) +-{ +- return sm->unlock_store; +-} +- +-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm) +-{ +- return sm->ctrl; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts.h b/Cryptlib/OpenSSL/crypto/ts/ts.h +new file mode 100644 +index 0000000..16eccbb +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts.h +@@ -0,0 +1,862 @@ ++/* crypto/ts/ts.h */ ++/* ++ * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project ++ * 2002, 2003, 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_TS_H ++# define HEADER_TS_H ++ ++# include ++# include ++# ifndef OPENSSL_NO_BUFFER ++# include ++# endif ++# ifndef OPENSSL_NO_EVP ++# include ++# endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# include ++# include ++# include ++ ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++ ++# ifndef OPENSSL_NO_DSA ++# include ++# endif ++ ++# ifndef OPENSSL_NO_DH ++# include ++# endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# ifdef WIN32 ++/* Under Win32 this is defined in wincrypt.h */ ++# undef X509_NAME ++# endif ++ ++# include ++# include ++ ++/*- ++MessageImprint ::= SEQUENCE { ++ hashAlgorithm AlgorithmIdentifier, ++ hashedMessage OCTET STRING } ++*/ ++ ++typedef struct TS_msg_imprint_st { ++ X509_ALGOR *hash_algo; ++ ASN1_OCTET_STRING *hashed_msg; ++} TS_MSG_IMPRINT; ++ ++/*- ++TimeStampReq ::= SEQUENCE { ++ version INTEGER { v1(1) }, ++ messageImprint MessageImprint, ++ --a hash algorithm OID and the hash value of the data to be ++ --time-stamped ++ reqPolicy TSAPolicyId OPTIONAL, ++ nonce INTEGER OPTIONAL, ++ certReq BOOLEAN DEFAULT FALSE, ++ extensions [0] IMPLICIT Extensions OPTIONAL } ++*/ ++ ++typedef struct TS_req_st { ++ ASN1_INTEGER *version; ++ TS_MSG_IMPRINT *msg_imprint; ++ ASN1_OBJECT *policy_id; /* OPTIONAL */ ++ ASN1_INTEGER *nonce; /* OPTIONAL */ ++ ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ ++ STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ ++} TS_REQ; ++ ++/*- ++Accuracy ::= SEQUENCE { ++ seconds INTEGER OPTIONAL, ++ millis [0] INTEGER (1..999) OPTIONAL, ++ micros [1] INTEGER (1..999) OPTIONAL } ++*/ ++ ++typedef struct TS_accuracy_st { ++ ASN1_INTEGER *seconds; ++ ASN1_INTEGER *millis; ++ ASN1_INTEGER *micros; ++} TS_ACCURACY; ++ ++/*- ++TSTInfo ::= SEQUENCE { ++ version INTEGER { v1(1) }, ++ policy TSAPolicyId, ++ messageImprint MessageImprint, ++ -- MUST have the same value as the similar field in ++ -- TimeStampReq ++ serialNumber INTEGER, ++ -- Time-Stamping users MUST be ready to accommodate integers ++ -- up to 160 bits. ++ genTime GeneralizedTime, ++ accuracy Accuracy OPTIONAL, ++ ordering BOOLEAN DEFAULT FALSE, ++ nonce INTEGER OPTIONAL, ++ -- MUST be present if the similar field was present ++ -- in TimeStampReq. In that case it MUST have the same value. ++ tsa [0] GeneralName OPTIONAL, ++ extensions [1] IMPLICIT Extensions OPTIONAL } ++*/ ++ ++typedef struct TS_tst_info_st { ++ ASN1_INTEGER *version; ++ ASN1_OBJECT *policy_id; ++ TS_MSG_IMPRINT *msg_imprint; ++ ASN1_INTEGER *serial; ++ ASN1_GENERALIZEDTIME *time; ++ TS_ACCURACY *accuracy; ++ ASN1_BOOLEAN ordering; ++ ASN1_INTEGER *nonce; ++ GENERAL_NAME *tsa; ++ STACK_OF(X509_EXTENSION) *extensions; ++} TS_TST_INFO; ++ ++/*- ++PKIStatusInfo ::= SEQUENCE { ++ status PKIStatus, ++ statusString PKIFreeText OPTIONAL, ++ failInfo PKIFailureInfo OPTIONAL } ++ ++From RFC 1510 - section 3.1.1: ++PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String ++ -- text encoded as UTF-8 String (note: each UTF8String SHOULD ++ -- include an RFC 1766 language tag to indicate the language ++ -- of the contained text) ++*/ ++ ++/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ ++ ++# define TS_STATUS_GRANTED 0 ++# define TS_STATUS_GRANTED_WITH_MODS 1 ++# define TS_STATUS_REJECTION 2 ++# define TS_STATUS_WAITING 3 ++# define TS_STATUS_REVOCATION_WARNING 4 ++# define TS_STATUS_REVOCATION_NOTIFICATION 5 ++ ++/* ++ * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c ++ */ ++ ++# define TS_INFO_BAD_ALG 0 ++# define TS_INFO_BAD_REQUEST 2 ++# define TS_INFO_BAD_DATA_FORMAT 5 ++# define TS_INFO_TIME_NOT_AVAILABLE 14 ++# define TS_INFO_UNACCEPTED_POLICY 15 ++# define TS_INFO_UNACCEPTED_EXTENSION 16 ++# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 ++# define TS_INFO_SYSTEM_FAILURE 25 ++ ++typedef struct TS_status_info_st { ++ ASN1_INTEGER *status; ++ STACK_OF(ASN1_UTF8STRING) *text; ++ ASN1_BIT_STRING *failure_info; ++} TS_STATUS_INFO; ++ ++DECLARE_STACK_OF(ASN1_UTF8STRING) ++DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) ++ ++/*- ++TimeStampResp ::= SEQUENCE { ++ status PKIStatusInfo, ++ timeStampToken TimeStampToken OPTIONAL } ++*/ ++ ++typedef struct TS_resp_st { ++ TS_STATUS_INFO *status_info; ++ PKCS7 *token; ++ TS_TST_INFO *tst_info; ++} TS_RESP; ++ ++/* The structure below would belong to the ESS component. */ ++ ++/*- ++IssuerSerial ::= SEQUENCE { ++ issuer GeneralNames, ++ serialNumber CertificateSerialNumber ++ } ++*/ ++ ++typedef struct ESS_issuer_serial { ++ STACK_OF(GENERAL_NAME) *issuer; ++ ASN1_INTEGER *serial; ++} ESS_ISSUER_SERIAL; ++ ++/*- ++ESSCertID ::= SEQUENCE { ++ certHash Hash, ++ issuerSerial IssuerSerial OPTIONAL ++} ++*/ ++ ++typedef struct ESS_cert_id { ++ ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ ++ ESS_ISSUER_SERIAL *issuer_serial; ++} ESS_CERT_ID; ++ ++DECLARE_STACK_OF(ESS_CERT_ID) ++DECLARE_ASN1_SET_OF(ESS_CERT_ID) ++ ++/*- ++SigningCertificate ::= SEQUENCE { ++ certs SEQUENCE OF ESSCertID, ++ policies SEQUENCE OF PolicyInformation OPTIONAL ++} ++*/ ++ ++typedef struct ESS_signing_cert { ++ STACK_OF(ESS_CERT_ID) *cert_ids; ++ STACK_OF(POLICYINFO) *policy_info; ++} ESS_SIGNING_CERT; ++ ++TS_REQ *TS_REQ_new(void); ++void TS_REQ_free(TS_REQ *a); ++int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); ++TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); ++ ++TS_REQ *TS_REQ_dup(TS_REQ *a); ++ ++TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); ++int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); ++TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); ++int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); ++ ++TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); ++void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); ++int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); ++TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, ++ const unsigned char **pp, long length); ++ ++TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); ++ ++TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); ++int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); ++TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); ++int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); ++ ++TS_RESP *TS_RESP_new(void); ++void TS_RESP_free(TS_RESP *a); ++int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); ++TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); ++TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); ++TS_RESP *TS_RESP_dup(TS_RESP *a); ++ ++TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); ++int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); ++TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); ++int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); ++ ++TS_STATUS_INFO *TS_STATUS_INFO_new(void); ++void TS_STATUS_INFO_free(TS_STATUS_INFO *a); ++int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); ++TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, ++ const unsigned char **pp, long length); ++TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); ++ ++TS_TST_INFO *TS_TST_INFO_new(void); ++void TS_TST_INFO_free(TS_TST_INFO *a); ++int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); ++TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, ++ long length); ++TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); ++ ++TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); ++int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); ++TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); ++int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); ++ ++TS_ACCURACY *TS_ACCURACY_new(void); ++void TS_ACCURACY_free(TS_ACCURACY *a); ++int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); ++TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, ++ long length); ++TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); ++ ++ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); ++void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); ++int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp); ++ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, ++ const unsigned char **pp, ++ long length); ++ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); ++ ++ESS_CERT_ID *ESS_CERT_ID_new(void); ++void ESS_CERT_ID_free(ESS_CERT_ID *a); ++int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); ++ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, ++ long length); ++ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); ++ ++ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); ++void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); ++int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp); ++ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, ++ const unsigned char **pp, long length); ++ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); ++ ++void ERR_load_TS_strings(void); ++ ++int TS_REQ_set_version(TS_REQ *a, long version); ++long TS_REQ_get_version(const TS_REQ *a); ++ ++int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); ++TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); ++ ++int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); ++X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); ++ ++int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); ++ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); ++ ++int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); ++ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); ++ ++int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); ++const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); ++ ++int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); ++int TS_REQ_get_cert_req(const TS_REQ *a); ++ ++STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); ++void TS_REQ_ext_free(TS_REQ *a); ++int TS_REQ_get_ext_count(TS_REQ *a); ++int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); ++int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); ++int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); ++X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); ++X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); ++int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); ++void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); ++ ++/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ ++ ++int TS_REQ_print_bio(BIO *bio, TS_REQ *a); ++ ++/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ ++ ++int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); ++TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); ++ ++/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ ++void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); ++PKCS7 *TS_RESP_get_token(TS_RESP *a); ++TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); ++ ++int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); ++long TS_TST_INFO_get_version(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); ++ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); ++TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); ++const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); ++const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); ++TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); ++ ++int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); ++const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); ++ ++int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); ++const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); ++ ++int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); ++const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); ++ ++int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); ++int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); ++const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); ++ ++int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); ++GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); ++ ++STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); ++void TS_TST_INFO_ext_free(TS_TST_INFO *a); ++int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); ++int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); ++int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); ++int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); ++X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); ++X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); ++int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); ++void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); ++ ++/* ++ * Declarations related to response generation, defined in ts/ts_resp_sign.c. ++ */ ++ ++/* Optional flags for response generation. */ ++ ++/* Don't include the TSA name in response. */ ++# define TS_TSA_NAME 0x01 ++ ++/* Set ordering to true in response. */ ++# define TS_ORDERING 0x02 ++ ++/* ++ * Include the signer certificate and the other specified certificates in ++ * the ESS signing certificate attribute beside the PKCS7 signed data. ++ * Only the signer certificates is included by default. ++ */ ++# define TS_ESS_CERT_ID_CHAIN 0x04 ++ ++/* Forward declaration. */ ++struct TS_resp_ctx; ++ ++/* This must return a unique number less than 160 bits long. */ ++typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); ++ ++/* ++ * This must return the seconds and microseconds since Jan 1, 1970 in the sec ++ * and usec variables allocated by the caller. Return non-zero for success ++ * and zero for failure. ++ */ ++typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, ++ long *usec); ++ ++/* ++ * This must process the given extension. It can modify the TS_TST_INFO ++ * object of the context. Return values: !0 (processed), 0 (error, it must ++ * set the status info/failure info of the response). ++ */ ++typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, ++ void *); ++ ++typedef struct TS_resp_ctx { ++ X509 *signer_cert; ++ EVP_PKEY *signer_key; ++ STACK_OF(X509) *certs; /* Certs to include in signed data. */ ++ STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ ++ ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ ++ STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ ++ ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ ++ ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ ++ ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ ++ unsigned clock_precision_digits; /* fraction of seconds in time stamp ++ * token. */ ++ unsigned flags; /* Optional info, see values above. */ ++ /* Callback functions. */ ++ TS_serial_cb serial_cb; ++ void *serial_cb_data; /* User data for serial_cb. */ ++ TS_time_cb time_cb; ++ void *time_cb_data; /* User data for time_cb. */ ++ TS_extension_cb extension_cb; ++ void *extension_cb_data; /* User data for extension_cb. */ ++ /* These members are used only while creating the response. */ ++ TS_REQ *request; ++ TS_RESP *response; ++ TS_TST_INFO *tst_info; ++} TS_RESP_CTX; ++ ++DECLARE_STACK_OF(EVP_MD) ++DECLARE_ASN1_SET_OF(EVP_MD) ++ ++/* Creates a response context that can be used for generating responses. */ ++TS_RESP_CTX *TS_RESP_CTX_new(void); ++void TS_RESP_CTX_free(TS_RESP_CTX *ctx); ++ ++/* This parameter must be set. */ ++int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); ++ ++/* This parameter must be set. */ ++int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); ++ ++/* This parameter must be set. */ ++int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); ++ ++/* No additional certs are included in the response by default. */ ++int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); ++ ++/* ++ * Adds a new acceptable policy, only the default policy is accepted by ++ * default. ++ */ ++int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); ++ ++/* ++ * Adds a new acceptable message digest. Note that no message digests are ++ * accepted by default. The md argument is shared with the caller. ++ */ ++int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); ++ ++/* Accuracy is not included by default. */ ++int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, ++ int secs, int millis, int micros); ++ ++/* ++ * Clock precision digits, i.e. the number of decimal digits: '0' means sec, ++ * '3' msec, '6' usec, and so on. Default is 0. ++ */ ++int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, ++ unsigned clock_precision_digits); ++/* At most we accept usec precision. */ ++# define TS_MAX_CLOCK_PRECISION_DIGITS 6 ++ ++/* No flags are set by default. */ ++void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); ++ ++/* Default callback always returns a constant. */ ++void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); ++ ++/* Default callback uses the gettimeofday() and gmtime() system calls. */ ++void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); ++ ++/* ++ * Default callback rejects all extensions. The extension callback is called ++ * when the TS_TST_INFO object is already set up and not signed yet. ++ */ ++/* FIXME: extension handling is not tested yet. */ ++void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, ++ TS_extension_cb cb, void *data); ++ ++/* The following methods can be used in the callbacks. */ ++int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, ++ int status, const char *text); ++ ++/* Sets the status info only if it is still TS_STATUS_GRANTED. */ ++int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, ++ int status, const char *text); ++ ++int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); ++ ++/* The get methods below can be used in the extension callback. */ ++TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); ++ ++TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); ++ ++/* ++ * Creates the signed TS_TST_INFO and puts it in TS_RESP. ++ * In case of errors it sets the status info properly. ++ * Returns NULL only in case of memory allocation/fatal error. ++ */ ++TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); ++ ++/* ++ * Declarations related to response verification, ++ * they are defined in ts/ts_resp_verify.c. ++ */ ++ ++int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, ++ X509_STORE *store, X509 **signer_out); ++ ++/* Context structure for the generic verify method. */ ++ ++/* Verify the signer's certificate and the signature of the response. */ ++# define TS_VFY_SIGNATURE (1u << 0) ++/* Verify the version number of the response. */ ++# define TS_VFY_VERSION (1u << 1) ++/* Verify if the policy supplied by the user matches the policy of the TSA. */ ++# define TS_VFY_POLICY (1u << 2) ++/* ++ * Verify the message imprint provided by the user. This flag should not be ++ * specified with TS_VFY_DATA. ++ */ ++# define TS_VFY_IMPRINT (1u << 3) ++/* ++ * Verify the message imprint computed by the verify method from the user ++ * provided data and the MD algorithm of the response. This flag should not ++ * be specified with TS_VFY_IMPRINT. ++ */ ++# define TS_VFY_DATA (1u << 4) ++/* Verify the nonce value. */ ++# define TS_VFY_NONCE (1u << 5) ++/* Verify if the TSA name field matches the signer certificate. */ ++# define TS_VFY_SIGNER (1u << 6) ++/* Verify if the TSA name field equals to the user provided name. */ ++# define TS_VFY_TSA_NAME (1u << 7) ++ ++/* You can use the following convenience constants. */ ++# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ ++ | TS_VFY_VERSION \ ++ | TS_VFY_POLICY \ ++ | TS_VFY_IMPRINT \ ++ | TS_VFY_NONCE \ ++ | TS_VFY_SIGNER \ ++ | TS_VFY_TSA_NAME) ++# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ ++ | TS_VFY_VERSION \ ++ | TS_VFY_POLICY \ ++ | TS_VFY_DATA \ ++ | TS_VFY_NONCE \ ++ | TS_VFY_SIGNER \ ++ | TS_VFY_TSA_NAME) ++ ++typedef struct TS_verify_ctx { ++ /* Set this to the union of TS_VFY_... flags you want to carry out. */ ++ unsigned flags; ++ /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ ++ X509_STORE *store; ++ STACK_OF(X509) *certs; ++ /* Must be set only with TS_VFY_POLICY. */ ++ ASN1_OBJECT *policy; ++ /* ++ * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the ++ * algorithm from the response is used. ++ */ ++ X509_ALGOR *md_alg; ++ unsigned char *imprint; ++ unsigned imprint_len; ++ /* Must be set only with TS_VFY_DATA. */ ++ BIO *data; ++ /* Must be set only with TS_VFY_TSA_NAME. */ ++ ASN1_INTEGER *nonce; ++ /* Must be set only with TS_VFY_TSA_NAME. */ ++ GENERAL_NAME *tsa_name; ++} TS_VERIFY_CTX; ++ ++int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); ++int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); ++ ++/* ++ * Declarations related to response verification context, ++ * they are defined in ts/ts_verify_ctx.c. ++ */ ++ ++/* Set all fields to zero. */ ++TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); ++void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); ++void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); ++void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); ++ ++/*- ++ * If ctx is NULL, it allocates and returns a new object, otherwise ++ * it returns ctx. It initialises all the members as follows: ++ * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) ++ * certs = NULL ++ * store = NULL ++ * policy = policy from the request or NULL if absent (in this case ++ * TS_VFY_POLICY is cleared from flags as well) ++ * md_alg = MD algorithm from request ++ * imprint, imprint_len = imprint from request ++ * data = NULL ++ * nonce, nonce_len = nonce from the request or NULL if absent (in this case ++ * TS_VFY_NONCE is cleared from flags as well) ++ * tsa_name = NULL ++ * Important: after calling this method TS_VFY_SIGNATURE should be added! ++ */ ++TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); ++ ++/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ ++ ++int TS_RESP_print_bio(BIO *bio, TS_RESP *a); ++int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); ++int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); ++ ++/* Common utility functions defined in ts/ts_lib.c */ ++ ++int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); ++int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); ++int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); ++int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); ++int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); ++ ++/* ++ * Function declarations for handling configuration options, defined in ++ * ts/ts_conf.c ++ */ ++ ++X509 *TS_CONF_load_cert(const char *file); ++STACK_OF(X509) *TS_CONF_load_certs(const char *file); ++EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); ++const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); ++int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, ++ TS_RESP_CTX *ctx); ++int TS_CONF_set_crypto_device(CONF *conf, const char *section, ++ const char *device); ++int TS_CONF_set_default_engine(const char *name); ++int TS_CONF_set_signer_cert(CONF *conf, const char *section, ++ const char *cert, TS_RESP_CTX *ctx); ++int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, ++ TS_RESP_CTX *ctx); ++int TS_CONF_set_signer_key(CONF *conf, const char *section, ++ const char *key, const char *pass, ++ TS_RESP_CTX *ctx); ++int TS_CONF_set_def_policy(CONF *conf, const char *section, ++ const char *policy, TS_RESP_CTX *ctx); ++int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, ++ TS_RESP_CTX *ctx); ++int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); ++int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, ++ TS_RESP_CTX *ctx); ++ ++/* -------------------------------------------------- */ ++/* BEGIN ERROR CODES */ ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++void ERR_load_TS_strings(void); ++ ++/* Error codes for the TS functions. */ ++ ++/* Function codes. */ ++# define TS_F_D2I_TS_RESP 147 ++# define TS_F_DEF_SERIAL_CB 110 ++# define TS_F_DEF_TIME_CB 111 ++# define TS_F_ESS_ADD_SIGNING_CERT 112 ++# define TS_F_ESS_CERT_ID_NEW_INIT 113 ++# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 ++# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 ++# define TS_F_PKCS7_TO_TS_TST_INFO 148 ++# define TS_F_TS_ACCURACY_SET_MICROS 115 ++# define TS_F_TS_ACCURACY_SET_MILLIS 116 ++# define TS_F_TS_ACCURACY_SET_SECONDS 117 ++# define TS_F_TS_CHECK_IMPRINTS 100 ++# define TS_F_TS_CHECK_NONCES 101 ++# define TS_F_TS_CHECK_POLICY 102 ++# define TS_F_TS_CHECK_SIGNING_CERTS 103 ++# define TS_F_TS_CHECK_STATUS_INFO 104 ++# define TS_F_TS_COMPUTE_IMPRINT 145 ++# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 ++# define TS_F_TS_GET_STATUS_TEXT 105 ++# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 ++# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 ++# define TS_F_TS_REQ_SET_NONCE 120 ++# define TS_F_TS_REQ_SET_POLICY_ID 121 ++# define TS_F_TS_RESP_CREATE_RESPONSE 122 ++# define TS_F_TS_RESP_CREATE_TST_INFO 123 ++# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 ++# define TS_F_TS_RESP_CTX_ADD_MD 125 ++# define TS_F_TS_RESP_CTX_ADD_POLICY 126 ++# define TS_F_TS_RESP_CTX_NEW 127 ++# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 ++# define TS_F_TS_RESP_CTX_SET_CERTS 129 ++# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 ++# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 ++# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 ++# define TS_F_TS_RESP_GET_POLICY 133 ++# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 ++# define TS_F_TS_RESP_SET_STATUS_INFO 135 ++# define TS_F_TS_RESP_SET_TST_INFO 150 ++# define TS_F_TS_RESP_SIGN 136 ++# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 ++# define TS_F_TS_RESP_VERIFY_TOKEN 107 ++# define TS_F_TS_TST_INFO_SET_ACCURACY 137 ++# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 ++# define TS_F_TS_TST_INFO_SET_NONCE 139 ++# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 ++# define TS_F_TS_TST_INFO_SET_SERIAL 141 ++# define TS_F_TS_TST_INFO_SET_TIME 142 ++# define TS_F_TS_TST_INFO_SET_TSA 143 ++# define TS_F_TS_VERIFY 108 ++# define TS_F_TS_VERIFY_CERT 109 ++# define TS_F_TS_VERIFY_CTX_NEW 144 ++ ++/* Reason codes. */ ++# define TS_R_BAD_PKCS7_TYPE 132 ++# define TS_R_BAD_TYPE 133 ++# define TS_R_CERTIFICATE_VERIFY_ERROR 100 ++# define TS_R_COULD_NOT_SET_ENGINE 127 ++# define TS_R_COULD_NOT_SET_TIME 115 ++# define TS_R_D2I_TS_RESP_INT_FAILED 128 ++# define TS_R_DETACHED_CONTENT 134 ++# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 ++# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 ++# define TS_R_INVALID_NULL_POINTER 102 ++# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 ++# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 ++# define TS_R_NONCE_MISMATCH 104 ++# define TS_R_NONCE_NOT_RETURNED 105 ++# define TS_R_NO_CONTENT 106 ++# define TS_R_NO_TIME_STAMP_TOKEN 107 ++# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 ++# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 ++# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 ++# define TS_R_POLICY_MISMATCH 108 ++# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 ++# define TS_R_RESPONSE_SETUP_ERROR 121 ++# define TS_R_SIGNATURE_FAILURE 109 ++# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 ++# define TS_R_TIME_SYSCALL_ERROR 122 ++# define TS_R_TOKEN_NOT_PRESENT 130 ++# define TS_R_TOKEN_PRESENT 131 ++# define TS_R_TSA_NAME_MISMATCH 111 ++# define TS_R_TSA_UNTRUSTED 112 ++# define TS_R_TST_INFO_SETUP_ERROR 123 ++# define TS_R_TS_DATASIGN 124 ++# define TS_R_UNACCEPTABLE_POLICY 125 ++# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 ++# define TS_R_UNSUPPORTED_VERSION 113 ++# define TS_R_WRONG_CONTENT_TYPE 114 ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_asn1.c b/Cryptlib/OpenSSL/crypto/ts/ts_asn1.c +new file mode 100644 +index 0000000..657dc4c +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_asn1.c +@@ -0,0 +1,326 @@ ++/* crypto/ts/ts_asn1.c */ ++/* ++ * Written by Nils Larsch for the OpenSSL project 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++#include ++ ++ASN1_SEQUENCE(TS_MSG_IMPRINT) = { ++ ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), ++ ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING) ++} ASN1_SEQUENCE_END(TS_MSG_IMPRINT) ++ ++IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT) ++IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) ++#ifndef OPENSSL_NO_BIO ++TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a) ++{ ++ return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, ++ d2i_TS_MSG_IMPRINT, bp, a); ++} ++ ++int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a) ++{ ++ return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a); ++} ++#endif ++#ifndef OPENSSL_NO_FP_API ++TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a) ++{ ++ return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, ++ d2i_TS_MSG_IMPRINT, fp, a); ++} ++ ++int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a) ++{ ++ return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a); ++} ++#endif ++ ++ASN1_SEQUENCE(TS_REQ) = { ++ ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER), ++ ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT), ++ ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT), ++ ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER), ++ ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN), ++ ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0) ++} ASN1_SEQUENCE_END(TS_REQ) ++ ++IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ) ++IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ) ++#ifndef OPENSSL_NO_BIO ++TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a) ++{ ++ return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a); ++} ++ ++int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a) ++{ ++ return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a); ++} ++#endif ++#ifndef OPENSSL_NO_FP_API ++TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a) ++{ ++ return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a); ++} ++ ++int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a) ++{ ++ return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a); ++} ++#endif ++ ++ASN1_SEQUENCE(TS_ACCURACY) = { ++ ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER), ++ ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0), ++ ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1) ++} ASN1_SEQUENCE_END(TS_ACCURACY) ++ ++IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY) ++IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY) ++ ++ASN1_SEQUENCE(TS_TST_INFO) = { ++ ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER), ++ ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT), ++ ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT), ++ ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER), ++ ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME), ++ ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY), ++ ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN), ++ ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER), ++ ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0), ++ ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1) ++} ASN1_SEQUENCE_END(TS_TST_INFO) ++ ++IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO) ++IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO) ++#ifndef OPENSSL_NO_BIO ++TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a) ++{ ++ return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp, ++ a); ++} ++ ++int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a) ++{ ++ return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a); ++} ++#endif ++#ifndef OPENSSL_NO_FP_API ++TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a) ++{ ++ return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp, ++ a); ++} ++ ++int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a) ++{ ++ return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a); ++} ++#endif ++ ++ASN1_SEQUENCE(TS_STATUS_INFO) = { ++ ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER), ++ ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING), ++ ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING) ++} ASN1_SEQUENCE_END(TS_STATUS_INFO) ++ ++IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO) ++IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO) ++ ++static int ts_resp_set_tst_info(TS_RESP *a) ++{ ++ long status; ++ ++ status = ASN1_INTEGER_get(a->status_info->status); ++ ++ if (a->token) { ++ if (status != 0 && status != 1) { ++ TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT); ++ return 0; ++ } ++ if (a->tst_info != NULL) ++ TS_TST_INFO_free(a->tst_info); ++ a->tst_info = PKCS7_to_TS_TST_INFO(a->token); ++ if (!a->tst_info) { ++ TSerr(TS_F_TS_RESP_SET_TST_INFO, ++ TS_R_PKCS7_TO_TS_TST_INFO_FAILED); ++ return 0; ++ } ++ } else if (status == 0 || status == 1) { ++ TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ TS_RESP *ts_resp = (TS_RESP *)*pval; ++ if (op == ASN1_OP_NEW_POST) { ++ ts_resp->tst_info = NULL; ++ } else if (op == ASN1_OP_FREE_POST) { ++ if (ts_resp->tst_info != NULL) ++ TS_TST_INFO_free(ts_resp->tst_info); ++ } else if (op == ASN1_OP_D2I_POST) { ++ if (ts_resp_set_tst_info(ts_resp) == 0) ++ return 0; ++ } ++ return 1; ++} ++ ++ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = { ++ ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO), ++ ASN1_OPT(TS_RESP, token, PKCS7), ++} ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP) ++ ++IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP) ++ ++IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP) ++ ++#ifndef OPENSSL_NO_BIO ++TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a) ++{ ++ return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a); ++} ++ ++int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a) ++{ ++ return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a); ++} ++#endif ++#ifndef OPENSSL_NO_FP_API ++TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a) ++{ ++ return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a); ++} ++ ++int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a) ++{ ++ return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a); ++} ++#endif ++ ++ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = { ++ ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME), ++ ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER) ++} ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL) ++ ++IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL) ++IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) ++ ++ASN1_SEQUENCE(ESS_CERT_ID) = { ++ ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING), ++ ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL) ++} ASN1_SEQUENCE_END(ESS_CERT_ID) ++ ++IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID) ++IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID) ++ ++ASN1_SEQUENCE(ESS_SIGNING_CERT) = { ++ ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID), ++ ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO) ++} ASN1_SEQUENCE_END(ESS_SIGNING_CERT) ++ ++IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT) ++IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) ++ ++/* Getting encapsulated TS_TST_INFO object from PKCS7. */ ++TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token) ++{ ++ PKCS7_SIGNED *pkcs7_signed; ++ PKCS7 *enveloped; ++ ASN1_TYPE *tst_info_wrapper; ++ ASN1_OCTET_STRING *tst_info_der; ++ const unsigned char *p; ++ ++ if (!PKCS7_type_is_signed(token)) { ++ TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); ++ return NULL; ++ } ++ ++ /* Content must be present. */ ++ if (PKCS7_get_detached(token)) { ++ TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT); ++ return NULL; ++ } ++ ++ /* We have a signed data with content. */ ++ pkcs7_signed = token->d.sign; ++ enveloped = pkcs7_signed->contents; ++ if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) { ++ TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); ++ return NULL; ++ } ++ ++ /* We have a DER encoded TST_INFO as the signed data. */ ++ tst_info_wrapper = enveloped->d.other; ++ if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) { ++ TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE); ++ return NULL; ++ } ++ ++ /* We have the correct ASN1_OCTET_STRING type. */ ++ tst_info_der = tst_info_wrapper->value.octet_string; ++ /* At last, decode the TST_INFO. */ ++ p = tst_info_der->data; ++ return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_conf.c b/Cryptlib/OpenSSL/crypto/ts/ts_conf.c +new file mode 100644 +index 0000000..4716b23 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_conf.c +@@ -0,0 +1,491 @@ ++/* crypto/ts/ts_conf.c */ ++/* ++ * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++ ++#include ++#include "cryptlib.h" ++#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++#include ++ ++/* Macro definitions for the configuration file. */ ++ ++#define BASE_SECTION "tsa" ++#define ENV_DEFAULT_TSA "default_tsa" ++#define ENV_SERIAL "serial" ++#define ENV_CRYPTO_DEVICE "crypto_device" ++#define ENV_SIGNER_CERT "signer_cert" ++#define ENV_CERTS "certs" ++#define ENV_SIGNER_KEY "signer_key" ++#define ENV_DEFAULT_POLICY "default_policy" ++#define ENV_OTHER_POLICIES "other_policies" ++#define ENV_DIGESTS "digests" ++#define ENV_ACCURACY "accuracy" ++#define ENV_ORDERING "ordering" ++#define ENV_TSA_NAME "tsa_name" ++#define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" ++#define ENV_VALUE_SECS "secs" ++#define ENV_VALUE_MILLISECS "millisecs" ++#define ENV_VALUE_MICROSECS "microsecs" ++#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" ++#define ENV_VALUE_YES "yes" ++#define ENV_VALUE_NO "no" ++ ++/* Function definitions for certificate and key loading. */ ++ ++X509 *TS_CONF_load_cert(const char *file) ++{ ++ BIO *cert = NULL; ++ X509 *x = NULL; ++ ++ if ((cert = BIO_new_file(file, "r")) == NULL) ++ goto end; ++ x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); ++ end: ++ if (x == NULL) ++ fprintf(stderr, "unable to load certificate: %s\n", file); ++ BIO_free(cert); ++ return x; ++} ++ ++STACK_OF(X509) *TS_CONF_load_certs(const char *file) ++{ ++ BIO *certs = NULL; ++ STACK_OF(X509) *othercerts = NULL; ++ STACK_OF(X509_INFO) *allcerts = NULL; ++ int i; ++ ++ if (!(certs = BIO_new_file(file, "r"))) ++ goto end; ++ ++ if (!(othercerts = sk_X509_new_null())) ++ goto end; ++ allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); ++ for (i = 0; i < sk_X509_INFO_num(allcerts); i++) { ++ X509_INFO *xi = sk_X509_INFO_value(allcerts, i); ++ if (xi->x509) { ++ sk_X509_push(othercerts, xi->x509); ++ xi->x509 = NULL; ++ } ++ } ++ end: ++ if (othercerts == NULL) ++ fprintf(stderr, "unable to load certificates: %s\n", file); ++ sk_X509_INFO_pop_free(allcerts, X509_INFO_free); ++ BIO_free(certs); ++ return othercerts; ++} ++ ++EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) ++{ ++ BIO *key = NULL; ++ EVP_PKEY *pkey = NULL; ++ ++ if (!(key = BIO_new_file(file, "r"))) ++ goto end; ++ pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass); ++ end: ++ if (pkey == NULL) ++ fprintf(stderr, "unable to load private key: %s\n", file); ++ BIO_free(key); ++ return pkey; ++} ++ ++/* Function definitions for handling configuration options. */ ++ ++static void TS_CONF_lookup_fail(const char *name, const char *tag) ++{ ++ fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag); ++} ++ ++static void TS_CONF_invalid(const char *name, const char *tag) ++{ ++ fprintf(stderr, "invalid variable value for %s::%s\n", name, tag); ++} ++ ++const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) ++{ ++ if (!section) { ++ section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); ++ if (!section) ++ TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); ++ } ++ return section; ++} ++ ++int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, ++ TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ char *serial = NCONF_get_string(conf, section, ENV_SERIAL); ++ if (!serial) { ++ TS_CONF_lookup_fail(section, ENV_SERIAL); ++ goto err; ++ } ++ TS_RESP_CTX_set_serial_cb(ctx, cb, serial); ++ ++ ret = 1; ++ err: ++ return ret; ++} ++ ++#ifndef OPENSSL_NO_ENGINE ++ ++int TS_CONF_set_crypto_device(CONF *conf, const char *section, ++ const char *device) ++{ ++ int ret = 0; ++ ++ if (!device) ++ device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); ++ ++ if (device && !TS_CONF_set_default_engine(device)) { ++ TS_CONF_invalid(section, ENV_CRYPTO_DEVICE); ++ goto err; ++ } ++ ret = 1; ++ err: ++ return ret; ++} ++ ++int TS_CONF_set_default_engine(const char *name) ++{ ++ ENGINE *e = NULL; ++ int ret = 0; ++ ++ /* Leave the default if builtin specified. */ ++ if (strcmp(name, "builtin") == 0) ++ return 1; ++ ++ if (!(e = ENGINE_by_id(name))) ++ goto err; ++ /* Enable the use of the NCipher HSM for forked children. */ ++ if (strcmp(name, "chil") == 0) ++ ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); ++ /* All the operations are going to be carried out by the engine. */ ++ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) ++ goto err; ++ ret = 1; ++ err: ++ if (!ret) { ++ TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, TS_R_COULD_NOT_SET_ENGINE); ++ ERR_add_error_data(2, "engine:", name); ++ } ++ if (e) ++ ENGINE_free(e); ++ return ret; ++} ++ ++#endif ++ ++int TS_CONF_set_signer_cert(CONF *conf, const char *section, ++ const char *cert, TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ X509 *cert_obj = NULL; ++ if (!cert) ++ cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); ++ if (!cert) { ++ TS_CONF_lookup_fail(section, ENV_SIGNER_CERT); ++ goto err; ++ } ++ if (!(cert_obj = TS_CONF_load_cert(cert))) ++ goto err; ++ if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) ++ goto err; ++ ++ ret = 1; ++ err: ++ X509_free(cert_obj); ++ return ret; ++} ++ ++int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, ++ TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ STACK_OF(X509) *certs_obj = NULL; ++ if (!certs) ++ certs = NCONF_get_string(conf, section, ENV_CERTS); ++ /* Certificate chain is optional. */ ++ if (!certs) ++ goto end; ++ if (!(certs_obj = TS_CONF_load_certs(certs))) ++ goto err; ++ if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) ++ goto err; ++ end: ++ ret = 1; ++ err: ++ sk_X509_pop_free(certs_obj, X509_free); ++ return ret; ++} ++ ++int TS_CONF_set_signer_key(CONF *conf, const char *section, ++ const char *key, const char *pass, ++ TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ EVP_PKEY *key_obj = NULL; ++ if (!key) ++ key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); ++ if (!key) { ++ TS_CONF_lookup_fail(section, ENV_SIGNER_KEY); ++ goto err; ++ } ++ if (!(key_obj = TS_CONF_load_key(key, pass))) ++ goto err; ++ if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) ++ goto err; ++ ++ ret = 1; ++ err: ++ EVP_PKEY_free(key_obj); ++ return ret; ++} ++ ++int TS_CONF_set_def_policy(CONF *conf, const char *section, ++ const char *policy, TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ ASN1_OBJECT *policy_obj = NULL; ++ if (!policy) ++ policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY); ++ if (!policy) { ++ TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); ++ goto err; ++ } ++ if (!(policy_obj = OBJ_txt2obj(policy, 0))) { ++ TS_CONF_invalid(section, ENV_DEFAULT_POLICY); ++ goto err; ++ } ++ if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) ++ goto err; ++ ++ ret = 1; ++ err: ++ ASN1_OBJECT_free(policy_obj); ++ return ret; ++} ++ ++int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ int i; ++ STACK_OF(CONF_VALUE) *list = NULL; ++ char *policies = NCONF_get_string(conf, section, ++ ENV_OTHER_POLICIES); ++ /* If no other policy is specified, that's fine. */ ++ if (policies && !(list = X509V3_parse_list(policies))) { ++ TS_CONF_invalid(section, ENV_OTHER_POLICIES); ++ goto err; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { ++ CONF_VALUE *val = sk_CONF_VALUE_value(list, i); ++ const char *extval = val->value ? val->value : val->name; ++ ASN1_OBJECT *objtmp; ++ if (!(objtmp = OBJ_txt2obj(extval, 0))) { ++ TS_CONF_invalid(section, ENV_OTHER_POLICIES); ++ goto err; ++ } ++ if (!TS_RESP_CTX_add_policy(ctx, objtmp)) ++ goto err; ++ ASN1_OBJECT_free(objtmp); ++ } ++ ++ ret = 1; ++ err: ++ sk_CONF_VALUE_pop_free(list, X509V3_conf_free); ++ return ret; ++} ++ ++int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ int i; ++ STACK_OF(CONF_VALUE) *list = NULL; ++ char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); ++ if (!digests) { ++ TS_CONF_lookup_fail(section, ENV_DIGESTS); ++ goto err; ++ } ++ if (!(list = X509V3_parse_list(digests))) { ++ TS_CONF_invalid(section, ENV_DIGESTS); ++ goto err; ++ } ++ if (sk_CONF_VALUE_num(list) == 0) { ++ TS_CONF_invalid(section, ENV_DIGESTS); ++ goto err; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { ++ CONF_VALUE *val = sk_CONF_VALUE_value(list, i); ++ const char *extval = val->value ? val->value : val->name; ++ const EVP_MD *md; ++ if (!(md = EVP_get_digestbyname(extval))) { ++ TS_CONF_invalid(section, ENV_DIGESTS); ++ goto err; ++ } ++ if (!TS_RESP_CTX_add_md(ctx, md)) ++ goto err; ++ } ++ ++ ret = 1; ++ err: ++ sk_CONF_VALUE_pop_free(list, X509V3_conf_free); ++ return ret; ++} ++ ++int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ int i; ++ int secs = 0, millis = 0, micros = 0; ++ STACK_OF(CONF_VALUE) *list = NULL; ++ char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); ++ ++ if (accuracy && !(list = X509V3_parse_list(accuracy))) { ++ TS_CONF_invalid(section, ENV_ACCURACY); ++ goto err; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { ++ CONF_VALUE *val = sk_CONF_VALUE_value(list, i); ++ if (strcmp(val->name, ENV_VALUE_SECS) == 0) { ++ if (val->value) ++ secs = atoi(val->value); ++ } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) { ++ if (val->value) ++ millis = atoi(val->value); ++ } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) { ++ if (val->value) ++ micros = atoi(val->value); ++ } else { ++ TS_CONF_invalid(section, ENV_ACCURACY); ++ goto err; ++ } ++ } ++ if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros)) ++ goto err; ++ ++ ret = 1; ++ err: ++ sk_CONF_VALUE_pop_free(list, X509V3_conf_free); ++ return ret; ++} ++ ++int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, ++ TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ long digits = 0; ++ ++ /* ++ * If not specified, set the default value to 0, i.e. sec precision ++ */ ++ if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS, ++ &digits)) ++ digits = 0; ++ if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) { ++ TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); ++ goto err; ++ } ++ ++ if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits)) ++ goto err; ++ ++ return 1; ++ err: ++ return ret; ++} ++ ++static int TS_CONF_add_flag(CONF *conf, const char *section, ++ const char *field, int flag, TS_RESP_CTX *ctx) ++{ ++ /* Default is false. */ ++ const char *value = NCONF_get_string(conf, section, field); ++ if (value) { ++ if (strcmp(value, ENV_VALUE_YES) == 0) ++ TS_RESP_CTX_add_flags(ctx, flag); ++ else if (strcmp(value, ENV_VALUE_NO) != 0) { ++ TS_CONF_invalid(section, field); ++ return 0; ++ } ++ } ++ ++ return 1; ++} ++ ++int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) ++{ ++ return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); ++} ++ ++int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) ++{ ++ return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); ++} ++ ++int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, ++ TS_RESP_CTX *ctx) ++{ ++ return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, ++ TS_ESS_CERT_ID_CHAIN, ctx); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_err.c b/Cryptlib/OpenSSL/crypto/ts/ts_err.c +new file mode 100644 +index 0000000..ff1abf4 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_err.c +@@ -0,0 +1,188 @@ ++/* crypto/ts/ts_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. ++ */ ++ ++#include ++#include ++#include ++ ++/* BEGIN ERROR CODES */ ++#ifndef OPENSSL_NO_ERR ++ ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason) ++ ++static ERR_STRING_DATA TS_str_functs[] = { ++ {ERR_FUNC(TS_F_D2I_TS_RESP), "d2i_TS_RESP"}, ++ {ERR_FUNC(TS_F_DEF_SERIAL_CB), "DEF_SERIAL_CB"}, ++ {ERR_FUNC(TS_F_DEF_TIME_CB), "DEF_TIME_CB"}, ++ {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_ADD_SIGNING_CERT"}, ++ {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ESS_CERT_ID_NEW_INIT"}, ++ {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ESS_SIGNING_CERT_NEW_INIT"}, ++ {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "INT_TS_RESP_VERIFY_TOKEN"}, ++ {ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"}, ++ {ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"}, ++ {ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"}, ++ {ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"}, ++ {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "TS_CHECK_IMPRINTS"}, ++ {ERR_FUNC(TS_F_TS_CHECK_NONCES), "TS_CHECK_NONCES"}, ++ {ERR_FUNC(TS_F_TS_CHECK_POLICY), "TS_CHECK_POLICY"}, ++ {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"}, ++ {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"}, ++ {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"}, ++ {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"}, ++ {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"}, ++ {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"}, ++ {ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"}, ++ {ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"}, ++ {ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"}, ++ {ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"}, ++ {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "TS_RESP_CREATE_TST_INFO"}, ++ {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO), ++ "TS_RESP_CTX_add_failure_info"}, ++ {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"}, ++ {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"}, ++ {ERR_FUNC(TS_F_TS_RESP_CTX_NEW), "TS_RESP_CTX_new"}, ++ {ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY), "TS_RESP_CTX_set_accuracy"}, ++ {ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS), "TS_RESP_CTX_set_certs"}, ++ {ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY), "TS_RESP_CTX_set_def_policy"}, ++ {ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT), ++ "TS_RESP_CTX_set_signer_cert"}, ++ {ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO), ++ "TS_RESP_CTX_set_status_info"}, ++ {ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "TS_RESP_GET_POLICY"}, ++ {ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION), ++ "TS_RESP_SET_GENTIME_WITH_PRECISION"}, ++ {ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"}, ++ {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"}, ++ {ERR_FUNC(TS_F_TS_RESP_SIGN), "TS_RESP_SIGN"}, ++ {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"}, ++ {ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN), "TS_RESP_verify_token"}, ++ {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"}, ++ {ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT), ++ "TS_TST_INFO_set_msg_imprint"}, ++ {ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE), "TS_TST_INFO_set_nonce"}, ++ {ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID), "TS_TST_INFO_set_policy_id"}, ++ {ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"}, ++ {ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"}, ++ {ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"}, ++ {ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"}, ++ {ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"}, ++ {ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"}, ++ {0, NULL} ++}; ++ ++static ERR_STRING_DATA TS_str_reasons[] = { ++ {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"}, ++ {ERR_REASON(TS_R_BAD_TYPE), "bad type"}, ++ {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, ++ {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"}, ++ {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"}, ++ {ERR_REASON(TS_R_D2I_TS_RESP_INT_FAILED), "d2i ts resp int failed"}, ++ {ERR_REASON(TS_R_DETACHED_CONTENT), "detached content"}, ++ {ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR), ++ "ess add signing cert error"}, ++ {ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR), ++ "ess signing certificate error"}, ++ {ERR_REASON(TS_R_INVALID_NULL_POINTER), "invalid null pointer"}, ++ {ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE), ++ "invalid signer certificate purpose"}, ++ {ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH), "message imprint mismatch"}, ++ {ERR_REASON(TS_R_NONCE_MISMATCH), "nonce mismatch"}, ++ {ERR_REASON(TS_R_NONCE_NOT_RETURNED), "nonce not returned"}, ++ {ERR_REASON(TS_R_NO_CONTENT), "no content"}, ++ {ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"}, ++ {ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"}, ++ {ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR), ++ "pkcs7 add signed attr error"}, ++ {ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED), ++ "pkcs7 to ts tst info failed"}, ++ {ERR_REASON(TS_R_POLICY_MISMATCH), "policy mismatch"}, ++ {ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), ++ "private key does not match certificate"}, ++ {ERR_REASON(TS_R_RESPONSE_SETUP_ERROR), "response setup error"}, ++ {ERR_REASON(TS_R_SIGNATURE_FAILURE), "signature failure"}, ++ {ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER), "there must be one signer"}, ++ {ERR_REASON(TS_R_TIME_SYSCALL_ERROR), "time syscall error"}, ++ {ERR_REASON(TS_R_TOKEN_NOT_PRESENT), "token not present"}, ++ {ERR_REASON(TS_R_TOKEN_PRESENT), "token present"}, ++ {ERR_REASON(TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"}, ++ {ERR_REASON(TS_R_TSA_UNTRUSTED), "tsa untrusted"}, ++ {ERR_REASON(TS_R_TST_INFO_SETUP_ERROR), "tst info setup error"}, ++ {ERR_REASON(TS_R_TS_DATASIGN), "ts datasign"}, ++ {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"}, ++ {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"}, ++ {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"}, ++ {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"}, ++ {0, NULL} ++}; ++ ++#endif ++ ++void ERR_load_TS_strings(void) ++{ ++#ifndef OPENSSL_NO_ERR ++ ++ if (ERR_func_error_string(TS_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, TS_str_functs); ++ ERR_load_strings(0, TS_str_reasons); ++ } ++#endif ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_lib.c b/Cryptlib/OpenSSL/crypto/ts/ts_lib.c +new file mode 100644 +index 0000000..c51538a +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_lib.c +@@ -0,0 +1,143 @@ ++/* crypto/ts/ts_lib.c */ ++/* ++ * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include "ts.h" ++ ++/* Local function declarations. */ ++ ++/* Function definitions. */ ++ ++int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) ++{ ++ BIGNUM num_bn; ++ int result = 0; ++ char *hex; ++ ++ BN_init(&num_bn); ++ ASN1_INTEGER_to_BN(num, &num_bn); ++ if ((hex = BN_bn2hex(&num_bn))) { ++ result = BIO_write(bio, "0x", 2) > 0; ++ result = result && BIO_write(bio, hex, strlen(hex)) > 0; ++ OPENSSL_free(hex); ++ } ++ BN_free(&num_bn); ++ ++ return result; ++} ++ ++int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) ++{ ++ char obj_txt[128]; ++ ++ int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); ++ BIO_write(bio, obj_txt, len); ++ BIO_write(bio, "\n", 1); ++ ++ return 1; ++} ++ ++int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions) ++{ ++ int i, critical, n; ++ X509_EXTENSION *ex; ++ ASN1_OBJECT *obj; ++ ++ BIO_printf(bio, "Extensions:\n"); ++ n = X509v3_get_ext_count(extensions); ++ for (i = 0; i < n; i++) { ++ ex = X509v3_get_ext(extensions, i); ++ obj = X509_EXTENSION_get_object(ex); ++ i2a_ASN1_OBJECT(bio, obj); ++ critical = X509_EXTENSION_get_critical(ex); ++ BIO_printf(bio, ": %s\n", critical ? "critical" : ""); ++ if (!X509V3_EXT_print(bio, ex, 0, 4)) { ++ BIO_printf(bio, "%4s", ""); ++ M_ASN1_OCTET_STRING_print(bio, ex->value); ++ } ++ BIO_write(bio, "\n", 1); ++ } ++ ++ return 1; ++} ++ ++int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg) ++{ ++ int i = OBJ_obj2nid(alg->algorithm); ++ return BIO_printf(bio, "Hash Algorithm: %s\n", ++ (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); ++} ++ ++int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a) ++{ ++ const ASN1_OCTET_STRING *msg; ++ ++ TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a)); ++ ++ BIO_printf(bio, "Message data:\n"); ++ msg = TS_MSG_IMPRINT_get_msg(a); ++ BIO_dump_indent(bio, (const char *)M_ASN1_STRING_data(msg), ++ M_ASN1_STRING_length(msg), 4); ++ ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_req_print.c b/Cryptlib/OpenSSL/crypto/ts/ts_req_print.c +new file mode 100644 +index 0000000..31940ee +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_req_print.c +@@ -0,0 +1,104 @@ ++/* crypto/ts/ts_req_print.c */ ++/* ++ * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++ ++/* Function definitions. */ ++ ++int TS_REQ_print_bio(BIO *bio, TS_REQ *a) ++{ ++ int v; ++ ASN1_OBJECT *policy_id; ++ const ASN1_INTEGER *nonce; ++ ++ if (a == NULL) ++ return 0; ++ ++ v = TS_REQ_get_version(a); ++ BIO_printf(bio, "Version: %d\n", v); ++ ++ TS_MSG_IMPRINT_print_bio(bio, TS_REQ_get_msg_imprint(a)); ++ ++ BIO_printf(bio, "Policy OID: "); ++ policy_id = TS_REQ_get_policy_id(a); ++ if (policy_id == NULL) ++ BIO_printf(bio, "unspecified\n"); ++ else ++ TS_OBJ_print_bio(bio, policy_id); ++ ++ BIO_printf(bio, "Nonce: "); ++ nonce = TS_REQ_get_nonce(a); ++ if (nonce == NULL) ++ BIO_printf(bio, "unspecified"); ++ else ++ TS_ASN1_INTEGER_print_bio(bio, nonce); ++ BIO_write(bio, "\n", 1); ++ ++ BIO_printf(bio, "Certificate required: %s\n", ++ TS_REQ_get_cert_req(a) ? "yes" : "no"); ++ ++ TS_ext_print_bio(bio, TS_REQ_get_exts(a)); ++ ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_req_utils.c b/Cryptlib/OpenSSL/crypto/ts/ts_req_utils.c +new file mode 100644 +index 0000000..362e5e5 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_req_utils.c +@@ -0,0 +1,232 @@ ++/* crypto/ts/ts_req_utils.c */ ++/* ++ * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++ ++int TS_REQ_set_version(TS_REQ *a, long version) ++{ ++ return ASN1_INTEGER_set(a->version, version); ++} ++ ++long TS_REQ_get_version(const TS_REQ *a) ++{ ++ return ASN1_INTEGER_get(a->version); ++} ++ ++int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint) ++{ ++ TS_MSG_IMPRINT *new_msg_imprint; ++ ++ if (a->msg_imprint == msg_imprint) ++ return 1; ++ new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); ++ if (new_msg_imprint == NULL) { ++ TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ TS_MSG_IMPRINT_free(a->msg_imprint); ++ a->msg_imprint = new_msg_imprint; ++ return 1; ++} ++ ++TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a) ++{ ++ return a->msg_imprint; ++} ++ ++int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg) ++{ ++ X509_ALGOR *new_alg; ++ ++ if (a->hash_algo == alg) ++ return 1; ++ new_alg = X509_ALGOR_dup(alg); ++ if (new_alg == NULL) { ++ TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ X509_ALGOR_free(a->hash_algo); ++ a->hash_algo = new_alg; ++ return 1; ++} ++ ++X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a) ++{ ++ return a->hash_algo; ++} ++ ++int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len) ++{ ++ return ASN1_OCTET_STRING_set(a->hashed_msg, d, len); ++} ++ ++ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a) ++{ ++ return a->hashed_msg; ++} ++ ++int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy) ++{ ++ ASN1_OBJECT *new_policy; ++ ++ if (a->policy_id == policy) ++ return 1; ++ new_policy = OBJ_dup(policy); ++ if (new_policy == NULL) { ++ TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ASN1_OBJECT_free(a->policy_id); ++ a->policy_id = new_policy; ++ return 1; ++} ++ ++ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a) ++{ ++ return a->policy_id; ++} ++ ++int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce) ++{ ++ ASN1_INTEGER *new_nonce; ++ ++ if (a->nonce == nonce) ++ return 1; ++ new_nonce = ASN1_INTEGER_dup(nonce); ++ if (new_nonce == NULL) { ++ TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ASN1_INTEGER_free(a->nonce); ++ a->nonce = new_nonce; ++ return 1; ++} ++ ++const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a) ++{ ++ return a->nonce; ++} ++ ++int TS_REQ_set_cert_req(TS_REQ *a, int cert_req) ++{ ++ a->cert_req = cert_req ? 0xFF : 0x00; ++ return 1; ++} ++ ++int TS_REQ_get_cert_req(const TS_REQ *a) ++{ ++ return a->cert_req ? 1 : 0; ++} ++ ++STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a) ++{ ++ return a->extensions; ++} ++ ++void TS_REQ_ext_free(TS_REQ *a) ++{ ++ if (!a) ++ return; ++ sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); ++ a->extensions = NULL; ++} ++ ++int TS_REQ_get_ext_count(TS_REQ *a) ++{ ++ return X509v3_get_ext_count(a->extensions); ++} ++ ++int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos) ++{ ++ return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); ++} ++ ++int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos) ++{ ++ return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); ++} ++ ++int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos) ++{ ++ return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); ++} ++ ++X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc) ++{ ++ return X509v3_get_ext(a->extensions, loc); ++} ++ ++X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc) ++{ ++ return X509v3_delete_ext(a->extensions, loc); ++} ++ ++int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc) ++{ ++ return X509v3_add_ext(&a->extensions, ex, loc) != NULL; ++} ++ ++void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx) ++{ ++ return X509V3_get_d2i(a->extensions, nid, crit, idx); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_rsp_print.c b/Cryptlib/OpenSSL/crypto/ts/ts_rsp_print.c +new file mode 100644 +index 0000000..e706a56 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_rsp_print.c +@@ -0,0 +1,281 @@ ++/* crypto/ts/ts_resp_print.c */ ++/* ++ * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include "ts.h" ++ ++struct status_map_st { ++ int bit; ++ const char *text; ++}; ++ ++/* Local function declarations. */ ++ ++static int TS_status_map_print(BIO *bio, struct status_map_st *a, ++ ASN1_BIT_STRING *v); ++static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); ++ ++/* Function definitions. */ ++ ++int TS_RESP_print_bio(BIO *bio, TS_RESP *a) ++{ ++ TS_TST_INFO *tst_info; ++ ++ BIO_printf(bio, "Status info:\n"); ++ TS_STATUS_INFO_print_bio(bio, TS_RESP_get_status_info(a)); ++ ++ BIO_printf(bio, "\nTST info:\n"); ++ tst_info = TS_RESP_get_tst_info(a); ++ if (tst_info != NULL) ++ TS_TST_INFO_print_bio(bio, TS_RESP_get_tst_info(a)); ++ else ++ BIO_printf(bio, "Not included.\n"); ++ ++ return 1; ++} ++ ++int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) ++{ ++ static const char *status_map[] = { ++ "Granted.", ++ "Granted with modifications.", ++ "Rejected.", ++ "Waiting.", ++ "Revocation warning.", ++ "Revoked." ++ }; ++ static struct status_map_st failure_map[] = { ++ {TS_INFO_BAD_ALG, ++ "unrecognized or unsupported algorithm identifier"}, ++ {TS_INFO_BAD_REQUEST, ++ "transaction not permitted or supported"}, ++ {TS_INFO_BAD_DATA_FORMAT, ++ "the data submitted has the wrong format"}, ++ {TS_INFO_TIME_NOT_AVAILABLE, ++ "the TSA's time source is not available"}, ++ {TS_INFO_UNACCEPTED_POLICY, ++ "the requested TSA policy is not supported by the TSA"}, ++ {TS_INFO_UNACCEPTED_EXTENSION, ++ "the requested extension is not supported by the TSA"}, ++ {TS_INFO_ADD_INFO_NOT_AVAILABLE, ++ "the additional information requested could not be understood " ++ "or is not available"}, ++ {TS_INFO_SYSTEM_FAILURE, ++ "the request cannot be handled due to system failure"}, ++ {-1, NULL} ++ }; ++ long status; ++ int i, lines = 0; ++ ++ /* Printing status code. */ ++ BIO_printf(bio, "Status: "); ++ status = ASN1_INTEGER_get(a->status); ++ if (0 <= status ++ && status < (long)(sizeof(status_map) / sizeof(status_map[0]))) ++ BIO_printf(bio, "%s\n", status_map[status]); ++ else ++ BIO_printf(bio, "out of bounds\n"); ++ ++ /* Printing status description. */ ++ BIO_printf(bio, "Status description: "); ++ for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i) { ++ if (i > 0) ++ BIO_puts(bio, "\t"); ++ ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i), 0); ++ BIO_puts(bio, "\n"); ++ } ++ if (i == 0) ++ BIO_printf(bio, "unspecified\n"); ++ ++ /* Printing failure information. */ ++ BIO_printf(bio, "Failure info: "); ++ if (a->failure_info != NULL) ++ lines = TS_status_map_print(bio, failure_map, a->failure_info); ++ if (lines == 0) ++ BIO_printf(bio, "unspecified"); ++ BIO_printf(bio, "\n"); ++ ++ return 1; ++} ++ ++static int TS_status_map_print(BIO *bio, struct status_map_st *a, ++ ASN1_BIT_STRING *v) ++{ ++ int lines = 0; ++ ++ for (; a->bit >= 0; ++a) { ++ if (ASN1_BIT_STRING_get_bit(v, a->bit)) { ++ if (++lines > 1) ++ BIO_printf(bio, ", "); ++ BIO_printf(bio, "%s", a->text); ++ } ++ } ++ ++ return lines; ++} ++ ++int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) ++{ ++ int v; ++ ASN1_OBJECT *policy_id; ++ const ASN1_INTEGER *serial; ++ const ASN1_GENERALIZEDTIME *gtime; ++ TS_ACCURACY *accuracy; ++ const ASN1_INTEGER *nonce; ++ GENERAL_NAME *tsa_name; ++ ++ if (a == NULL) ++ return 0; ++ ++ /* Print version. */ ++ v = TS_TST_INFO_get_version(a); ++ BIO_printf(bio, "Version: %d\n", v); ++ ++ /* Print policy id. */ ++ BIO_printf(bio, "Policy OID: "); ++ policy_id = TS_TST_INFO_get_policy_id(a); ++ TS_OBJ_print_bio(bio, policy_id); ++ ++ /* Print message imprint. */ ++ TS_MSG_IMPRINT_print_bio(bio, TS_TST_INFO_get_msg_imprint(a)); ++ ++ /* Print serial number. */ ++ BIO_printf(bio, "Serial number: "); ++ serial = TS_TST_INFO_get_serial(a); ++ if (serial == NULL) ++ BIO_printf(bio, "unspecified"); ++ else ++ TS_ASN1_INTEGER_print_bio(bio, serial); ++ BIO_write(bio, "\n", 1); ++ ++ /* Print time stamp. */ ++ BIO_printf(bio, "Time stamp: "); ++ gtime = TS_TST_INFO_get_time(a); ++ ASN1_GENERALIZEDTIME_print(bio, gtime); ++ BIO_write(bio, "\n", 1); ++ ++ /* Print accuracy. */ ++ BIO_printf(bio, "Accuracy: "); ++ accuracy = TS_TST_INFO_get_accuracy(a); ++ if (accuracy == NULL) ++ BIO_printf(bio, "unspecified"); ++ else ++ TS_ACCURACY_print_bio(bio, accuracy); ++ BIO_write(bio, "\n", 1); ++ ++ /* Print ordering. */ ++ BIO_printf(bio, "Ordering: %s\n", ++ TS_TST_INFO_get_ordering(a) ? "yes" : "no"); ++ ++ /* Print nonce. */ ++ BIO_printf(bio, "Nonce: "); ++ nonce = TS_TST_INFO_get_nonce(a); ++ if (nonce == NULL) ++ BIO_printf(bio, "unspecified"); ++ else ++ TS_ASN1_INTEGER_print_bio(bio, nonce); ++ BIO_write(bio, "\n", 1); ++ ++ /* Print TSA name. */ ++ BIO_printf(bio, "TSA: "); ++ tsa_name = TS_TST_INFO_get_tsa(a); ++ if (tsa_name == NULL) ++ BIO_printf(bio, "unspecified"); ++ else { ++ STACK_OF(CONF_VALUE) *nval; ++ if ((nval = i2v_GENERAL_NAME(NULL, tsa_name, NULL))) ++ X509V3_EXT_val_prn(bio, nval, 0, 0); ++ sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); ++ } ++ BIO_write(bio, "\n", 1); ++ ++ /* Print extensions. */ ++ TS_ext_print_bio(bio, TS_TST_INFO_get_exts(a)); ++ ++ return 1; ++} ++ ++static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) ++{ ++ const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy); ++ const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy); ++ const ASN1_INTEGER *micros = TS_ACCURACY_get_micros(accuracy); ++ ++ if (seconds != NULL) ++ TS_ASN1_INTEGER_print_bio(bio, seconds); ++ else ++ BIO_printf(bio, "unspecified"); ++ BIO_printf(bio, " seconds, "); ++ if (millis != NULL) ++ TS_ASN1_INTEGER_print_bio(bio, millis); ++ else ++ BIO_printf(bio, "unspecified"); ++ BIO_printf(bio, " millis, "); ++ if (micros != NULL) ++ TS_ASN1_INTEGER_print_bio(bio, micros); ++ else ++ BIO_printf(bio, "unspecified"); ++ BIO_printf(bio, " micros"); ++ ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_rsp_sign.c b/Cryptlib/OpenSSL/crypto/ts/ts_rsp_sign.c +new file mode 100644 +index 0000000..db6ce32 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_rsp_sign.c +@@ -0,0 +1,1020 @@ ++/* crypto/ts/ts_resp_sign.c */ ++/* ++ * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include "cryptlib.h" ++ ++#if defined(OPENSSL_SYS_UNIX) ++# include ++#endif ++ ++#include ++#include ++#include ++ ++/* Private function declarations. */ ++ ++static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); ++static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); ++static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); ++ ++static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); ++static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx); ++static int TS_RESP_check_request(TS_RESP_CTX *ctx); ++static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx); ++static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, ++ ASN1_OBJECT *policy); ++static int TS_RESP_process_extensions(TS_RESP_CTX *ctx); ++static int TS_RESP_sign(TS_RESP_CTX *ctx); ++ ++static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, ++ STACK_OF(X509) *certs); ++static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); ++static int TS_TST_INFO_content_new(PKCS7 *p7); ++static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); ++ ++static ASN1_GENERALIZEDTIME ++*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long, ++ unsigned); ++ ++/* Default callbacks for response generation. */ ++ ++static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) ++{ ++ ASN1_INTEGER *serial = ASN1_INTEGER_new(); ++ if (!serial) ++ goto err; ++ if (!ASN1_INTEGER_set(serial, 1)) ++ goto err; ++ return serial; ++ err: ++ TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Error during serial number generation."); ++ return NULL; ++} ++ ++#if defined(OPENSSL_SYS_UNIX) ++ ++/* Use the gettimeofday function call. */ ++static int def_time_cb(struct TS_resp_ctx *ctx, void *data, ++ long *sec, long *usec) ++{ ++ struct timeval tv; ++ if (gettimeofday(&tv, NULL) != 0) { ++ TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Time is not available."); ++ TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); ++ return 0; ++ } ++ /* Return time to caller. */ ++ *sec = tv.tv_sec; ++ *usec = tv.tv_usec; ++ ++ return 1; ++} ++ ++#else ++ ++/* Use the time function call that provides only seconds precision. */ ++static int def_time_cb(struct TS_resp_ctx *ctx, void *data, ++ long *sec, long *usec) ++{ ++ time_t t; ++ if (time(&t) == (time_t)-1) { ++ TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Time is not available."); ++ TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); ++ return 0; ++ } ++ /* Return time to caller, only second precision. */ ++ *sec = (long)t; ++ *usec = 0; ++ ++ return 1; ++} ++ ++#endif ++ ++static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, ++ void *data) ++{ ++ /* No extensions are processed here. */ ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Unsupported extension."); ++ TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION); ++ return 0; ++} ++ ++/* TS_RESP_CTX management functions. */ ++ ++TS_RESP_CTX *TS_RESP_CTX_new() ++{ ++ TS_RESP_CTX *ctx; ++ ++ if (!(ctx = (TS_RESP_CTX *)OPENSSL_malloc(sizeof(TS_RESP_CTX)))) { ++ TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ memset(ctx, 0, sizeof(TS_RESP_CTX)); ++ ++ /* Setting default callbacks. */ ++ ctx->serial_cb = def_serial_cb; ++ ctx->time_cb = def_time_cb; ++ ctx->extension_cb = def_extension_cb; ++ ++ return ctx; ++} ++ ++void TS_RESP_CTX_free(TS_RESP_CTX *ctx) ++{ ++ if (!ctx) ++ return; ++ ++ X509_free(ctx->signer_cert); ++ EVP_PKEY_free(ctx->signer_key); ++ sk_X509_pop_free(ctx->certs, X509_free); ++ sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free); ++ ASN1_OBJECT_free(ctx->default_policy); ++ sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */ ++ ASN1_INTEGER_free(ctx->seconds); ++ ASN1_INTEGER_free(ctx->millis); ++ ASN1_INTEGER_free(ctx->micros); ++ OPENSSL_free(ctx); ++} ++ ++int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) ++{ ++ if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) { ++ TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, ++ TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); ++ return 0; ++ } ++ if (ctx->signer_cert) ++ X509_free(ctx->signer_cert); ++ ctx->signer_cert = signer; ++ CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); ++ return 1; ++} ++ ++int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) ++{ ++ if (ctx->signer_key) ++ EVP_PKEY_free(ctx->signer_key); ++ ctx->signer_key = key; ++ CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY); ++ ++ return 1; ++} ++ ++int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) ++{ ++ if (ctx->default_policy) ++ ASN1_OBJECT_free(ctx->default_policy); ++ if (!(ctx->default_policy = OBJ_dup(def_policy))) ++ goto err; ++ return 1; ++ err: ++ TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE); ++ return 0; ++} ++ ++int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) ++{ ++ ++ if (ctx->certs) { ++ sk_X509_pop_free(ctx->certs, X509_free); ++ ctx->certs = NULL; ++ } ++ if (!certs) ++ return 1; ++ if (!(ctx->certs = X509_chain_up_ref(certs))) { ++ TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) ++{ ++ ASN1_OBJECT *copy = NULL; ++ ++ /* Create new policy stack if necessary. */ ++ if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null())) ++ goto err; ++ if (!(copy = OBJ_dup(policy))) ++ goto err; ++ if (!sk_ASN1_OBJECT_push(ctx->policies, copy)) ++ goto err; ++ ++ return 1; ++ err: ++ TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE); ++ ASN1_OBJECT_free(copy); ++ return 0; ++} ++ ++int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md) ++{ ++ /* Create new md stack if necessary. */ ++ if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null())) ++ goto err; ++ /* Add the shared md, no copy needed. */ ++ if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md)) ++ goto err; ++ ++ return 1; ++ err: ++ TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE); ++ return 0; ++} ++ ++#define TS_RESP_CTX_accuracy_free(ctx) \ ++ ASN1_INTEGER_free(ctx->seconds); \ ++ ctx->seconds = NULL; \ ++ ASN1_INTEGER_free(ctx->millis); \ ++ ctx->millis = NULL; \ ++ ASN1_INTEGER_free(ctx->micros); \ ++ ctx->micros = NULL; ++ ++int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, ++ int secs, int millis, int micros) ++{ ++ ++ TS_RESP_CTX_accuracy_free(ctx); ++ if (secs && (!(ctx->seconds = ASN1_INTEGER_new()) ++ || !ASN1_INTEGER_set(ctx->seconds, secs))) ++ goto err; ++ if (millis && (!(ctx->millis = ASN1_INTEGER_new()) ++ || !ASN1_INTEGER_set(ctx->millis, millis))) ++ goto err; ++ if (micros && (!(ctx->micros = ASN1_INTEGER_new()) ++ || !ASN1_INTEGER_set(ctx->micros, micros))) ++ goto err; ++ ++ return 1; ++ err: ++ TS_RESP_CTX_accuracy_free(ctx); ++ TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE); ++ return 0; ++} ++ ++void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags) ++{ ++ ctx->flags |= flags; ++} ++ ++void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data) ++{ ++ ctx->serial_cb = cb; ++ ctx->serial_cb_data = data; ++} ++ ++void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data) ++{ ++ ctx->time_cb = cb; ++ ctx->time_cb_data = data; ++} ++ ++void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, ++ TS_extension_cb cb, void *data) ++{ ++ ctx->extension_cb = cb; ++ ctx->extension_cb_data = data; ++} ++ ++int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, ++ int status, const char *text) ++{ ++ TS_STATUS_INFO *si = NULL; ++ ASN1_UTF8STRING *utf8_text = NULL; ++ int ret = 0; ++ ++ if (!(si = TS_STATUS_INFO_new())) ++ goto err; ++ if (!ASN1_INTEGER_set(si->status, status)) ++ goto err; ++ if (text) { ++ if (!(utf8_text = ASN1_UTF8STRING_new()) ++ || !ASN1_STRING_set(utf8_text, text, strlen(text))) ++ goto err; ++ if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null())) ++ goto err; ++ if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) ++ goto err; ++ utf8_text = NULL; /* Ownership is lost. */ ++ } ++ if (!TS_RESP_set_status_info(ctx->response, si)) ++ goto err; ++ ret = 1; ++ err: ++ if (!ret) ++ TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); ++ TS_STATUS_INFO_free(si); ++ ASN1_UTF8STRING_free(utf8_text); ++ return ret; ++} ++ ++int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, ++ int status, const char *text) ++{ ++ int ret = 1; ++ TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); ++ ++ if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) { ++ /* Status has not been set, set it now. */ ++ ret = TS_RESP_CTX_set_status_info(ctx, status, text); ++ } ++ return ret; ++} ++ ++int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) ++{ ++ TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); ++ if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new())) ++ goto err; ++ if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1)) ++ goto err; ++ return 1; ++ err: ++ TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE); ++ return 0; ++} ++ ++TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx) ++{ ++ return ctx->request; ++} ++ ++TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx) ++{ ++ return ctx->tst_info; ++} ++ ++int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, ++ unsigned precision) ++{ ++ if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) ++ return 0; ++ ctx->clock_precision_digits = precision; ++ return 1; ++} ++ ++/* Main entry method of the response generation. */ ++TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) ++{ ++ ASN1_OBJECT *policy; ++ TS_RESP *response; ++ int result = 0; ++ ++ TS_RESP_CTX_init(ctx); ++ ++ /* Creating the response object. */ ++ if (!(ctx->response = TS_RESP_new())) { ++ TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ ++ /* Parsing DER request. */ ++ if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) { ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Bad request format or " "system error."); ++ TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); ++ goto end; ++ } ++ ++ /* Setting default status info. */ ++ if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL)) ++ goto end; ++ ++ /* Checking the request format. */ ++ if (!TS_RESP_check_request(ctx)) ++ goto end; ++ ++ /* Checking acceptable policies. */ ++ if (!(policy = TS_RESP_get_policy(ctx))) ++ goto end; ++ ++ /* Creating the TS_TST_INFO object. */ ++ if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy))) ++ goto end; ++ ++ /* Processing extensions. */ ++ if (!TS_RESP_process_extensions(ctx)) ++ goto end; ++ ++ /* Generating the signature. */ ++ if (!TS_RESP_sign(ctx)) ++ goto end; ++ ++ /* Everything was successful. */ ++ result = 1; ++ end: ++ if (!result) { ++ TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR); ++ if (ctx->response != NULL) { ++ if (TS_RESP_CTX_set_status_info_cond(ctx, ++ TS_STATUS_REJECTION, ++ "Error during response " ++ "generation.") == 0) { ++ TS_RESP_free(ctx->response); ++ ctx->response = NULL; ++ } ++ } ++ } ++ response = ctx->response; ++ ctx->response = NULL; /* Ownership will be returned to caller. */ ++ TS_RESP_CTX_cleanup(ctx); ++ return response; ++} ++ ++/* Initializes the variable part of the context. */ ++static void TS_RESP_CTX_init(TS_RESP_CTX *ctx) ++{ ++ ctx->request = NULL; ++ ctx->response = NULL; ++ ctx->tst_info = NULL; ++} ++ ++/* Cleans up the variable part of the context. */ ++static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx) ++{ ++ TS_REQ_free(ctx->request); ++ ctx->request = NULL; ++ TS_RESP_free(ctx->response); ++ ctx->response = NULL; ++ TS_TST_INFO_free(ctx->tst_info); ++ ctx->tst_info = NULL; ++} ++ ++/* Checks the format and content of the request. */ ++static int TS_RESP_check_request(TS_RESP_CTX *ctx) ++{ ++ TS_REQ *request = ctx->request; ++ TS_MSG_IMPRINT *msg_imprint; ++ X509_ALGOR *md_alg; ++ int md_alg_id; ++ const ASN1_OCTET_STRING *digest; ++ EVP_MD *md = NULL; ++ int i; ++ ++ /* Checking request version. */ ++ if (TS_REQ_get_version(request) != 1) { ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Bad request version."); ++ TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST); ++ return 0; ++ } ++ ++ /* Checking message digest algorithm. */ ++ msg_imprint = TS_REQ_get_msg_imprint(request); ++ md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint); ++ md_alg_id = OBJ_obj2nid(md_alg->algorithm); ++ for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) { ++ EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i); ++ if (md_alg_id == EVP_MD_type(current_md)) ++ md = current_md; ++ } ++ if (!md) { ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Message digest algorithm is " ++ "not supported."); ++ TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); ++ return 0; ++ } ++ ++ /* No message digest takes parameter. */ ++ if (md_alg->parameter && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) { ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Superfluous message digest " ++ "parameter."); ++ TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); ++ return 0; ++ } ++ /* Checking message digest size. */ ++ digest = TS_MSG_IMPRINT_get_msg(msg_imprint); ++ if (digest->length != EVP_MD_size(md)) { ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Bad message digest."); ++ TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++/* Returns the TSA policy based on the requested and acceptable policies. */ ++static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx) ++{ ++ ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request); ++ ASN1_OBJECT *policy = NULL; ++ int i; ++ ++ if (ctx->default_policy == NULL) { ++ TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER); ++ return NULL; ++ } ++ /* ++ * Return the default policy if none is requested or the default is ++ * requested. ++ */ ++ if (!requested || !OBJ_cmp(requested, ctx->default_policy)) ++ policy = ctx->default_policy; ++ ++ /* Check if the policy is acceptable. */ ++ for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) { ++ ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i); ++ if (!OBJ_cmp(requested, current)) ++ policy = current; ++ } ++ if (!policy) { ++ TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY); ++ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, ++ "Requested policy is not " "supported."); ++ TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY); ++ } ++ return policy; ++} ++ ++/* Creates the TS_TST_INFO object based on the settings of the context. */ ++static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, ++ ASN1_OBJECT *policy) ++{ ++ int result = 0; ++ TS_TST_INFO *tst_info = NULL; ++ ASN1_INTEGER *serial = NULL; ++ ASN1_GENERALIZEDTIME *asn1_time = NULL; ++ long sec, usec; ++ TS_ACCURACY *accuracy = NULL; ++ const ASN1_INTEGER *nonce; ++ GENERAL_NAME *tsa_name = NULL; ++ ++ if (!(tst_info = TS_TST_INFO_new())) ++ goto end; ++ if (!TS_TST_INFO_set_version(tst_info, 1)) ++ goto end; ++ if (!TS_TST_INFO_set_policy_id(tst_info, policy)) ++ goto end; ++ if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint)) ++ goto end; ++ if (!(serial = (*ctx->serial_cb) (ctx, ctx->serial_cb_data)) ++ || !TS_TST_INFO_set_serial(tst_info, serial)) ++ goto end; ++ if (!(*ctx->time_cb) (ctx, ctx->time_cb_data, &sec, &usec) ++ || !(asn1_time = TS_RESP_set_genTime_with_precision(NULL, ++ sec, usec, ++ ctx->clock_precision_digits)) ++ || !TS_TST_INFO_set_time(tst_info, asn1_time)) ++ goto end; ++ ++ /* Setting accuracy if needed. */ ++ if ((ctx->seconds || ctx->millis || ctx->micros) ++ && !(accuracy = TS_ACCURACY_new())) ++ goto end; ++ ++ if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds)) ++ goto end; ++ if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis)) ++ goto end; ++ if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros)) ++ goto end; ++ if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy)) ++ goto end; ++ ++ /* Setting ordering. */ ++ if ((ctx->flags & TS_ORDERING) ++ && !TS_TST_INFO_set_ordering(tst_info, 1)) ++ goto end; ++ ++ /* Setting nonce if needed. */ ++ if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL ++ && !TS_TST_INFO_set_nonce(tst_info, nonce)) ++ goto end; ++ ++ /* Setting TSA name to subject of signer certificate. */ ++ if (ctx->flags & TS_TSA_NAME) { ++ if (!(tsa_name = GENERAL_NAME_new())) ++ goto end; ++ tsa_name->type = GEN_DIRNAME; ++ tsa_name->d.dirn = ++ X509_NAME_dup(ctx->signer_cert->cert_info->subject); ++ if (!tsa_name->d.dirn) ++ goto end; ++ if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) ++ goto end; ++ } ++ ++ result = 1; ++ end: ++ if (!result) { ++ TS_TST_INFO_free(tst_info); ++ tst_info = NULL; ++ TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR); ++ TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, ++ "Error during TSTInfo " ++ "generation."); ++ } ++ GENERAL_NAME_free(tsa_name); ++ TS_ACCURACY_free(accuracy); ++ ASN1_GENERALIZEDTIME_free(asn1_time); ++ ASN1_INTEGER_free(serial); ++ ++ return tst_info; ++} ++ ++/* Processing the extensions of the request. */ ++static int TS_RESP_process_extensions(TS_RESP_CTX *ctx) ++{ ++ STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request); ++ int i; ++ int ok = 1; ++ ++ for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) { ++ X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); ++ /* ++ * XXXXX The last argument was previously (void *)ctx->extension_cb, ++ * but ISO C doesn't permit converting a function pointer to void *. ++ * For lack of better information, I'm placing a NULL there instead. ++ * The callback can pick its own address out from the ctx anyway... ++ */ ++ ok = (*ctx->extension_cb) (ctx, ext, NULL); ++ } ++ ++ return ok; ++} ++ ++/* Functions for signing the TS_TST_INFO structure of the context. */ ++static int TS_RESP_sign(TS_RESP_CTX *ctx) ++{ ++ int ret = 0; ++ PKCS7 *p7 = NULL; ++ PKCS7_SIGNER_INFO *si; ++ STACK_OF(X509) *certs; /* Certificates to include in sc. */ ++ ESS_SIGNING_CERT *sc = NULL; ++ ASN1_OBJECT *oid; ++ BIO *p7bio = NULL; ++ int i; ++ ++ /* Check if signcert and pkey match. */ ++ if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { ++ TSerr(TS_F_TS_RESP_SIGN, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); ++ goto err; ++ } ++ ++ /* Create a new PKCS7 signed object. */ ++ if (!(p7 = PKCS7_new())) { ++ TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!PKCS7_set_type(p7, NID_pkcs7_signed)) ++ goto err; ++ ++ /* Force SignedData version to be 3 instead of the default 1. */ ++ if (!ASN1_INTEGER_set(p7->d.sign->version, 3)) ++ goto err; ++ ++ /* Add signer certificate and optional certificate chain. */ ++ if (TS_REQ_get_cert_req(ctx->request)) { ++ PKCS7_add_certificate(p7, ctx->signer_cert); ++ if (ctx->certs) { ++ for (i = 0; i < sk_X509_num(ctx->certs); ++i) { ++ X509 *cert = sk_X509_value(ctx->certs, i); ++ PKCS7_add_certificate(p7, cert); ++ } ++ } ++ } ++ ++ /* Add a new signer info. */ ++ if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, ++ ctx->signer_key, EVP_sha1()))) { ++ TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR); ++ goto err; ++ } ++ ++ /* Add content type signed attribute to the signer info. */ ++ oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); ++ if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, ++ V_ASN1_OBJECT, oid)) { ++ TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); ++ goto err; ++ } ++ ++ /* ++ * Create the ESS SigningCertificate attribute which contains the signer ++ * certificate id and optionally the certificate chain. ++ */ ++ certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; ++ if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs))) ++ goto err; ++ ++ /* Add SigningCertificate signed attribute to the signer info. */ ++ if (!ESS_add_signing_cert(si, sc)) { ++ TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR); ++ goto err; ++ } ++ ++ /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */ ++ if (!TS_TST_INFO_content_new(p7)) ++ goto err; ++ ++ /* Add the DER encoded tst_info to the PKCS7 structure. */ ++ if (!(p7bio = PKCS7_dataInit(p7, NULL))) { ++ TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Convert tst_info to DER. */ ++ if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) { ++ TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); ++ goto err; ++ } ++ ++ /* Create the signature and add it to the signer info. */ ++ if (!PKCS7_dataFinal(p7, p7bio)) { ++ TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); ++ goto err; ++ } ++ ++ /* Set new PKCS7 and TST_INFO objects. */ ++ TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info); ++ p7 = NULL; /* Ownership is lost. */ ++ ctx->tst_info = NULL; /* Ownership is lost. */ ++ ++ ret = 1; ++ err: ++ if (!ret) ++ TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, ++ "Error during signature " ++ "generation."); ++ BIO_free_all(p7bio); ++ ESS_SIGNING_CERT_free(sc); ++ PKCS7_free(p7); ++ return ret; ++} ++ ++static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, ++ STACK_OF(X509) *certs) ++{ ++ ESS_CERT_ID *cid; ++ ESS_SIGNING_CERT *sc = NULL; ++ int i; ++ ++ /* Creating the ESS_CERT_ID stack. */ ++ if (!(sc = ESS_SIGNING_CERT_new())) ++ goto err; ++ if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null())) ++ goto err; ++ ++ /* Adding the signing certificate id. */ ++ if (!(cid = ESS_CERT_ID_new_init(signcert, 0)) ++ || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) ++ goto err; ++ /* Adding the certificate chain ids. */ ++ for (i = 0; i < sk_X509_num(certs); ++i) { ++ X509 *cert = sk_X509_value(certs, i); ++ if (!(cid = ESS_CERT_ID_new_init(cert, 1)) ++ || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) ++ goto err; ++ } ++ ++ return sc; ++ err: ++ ESS_SIGNING_CERT_free(sc); ++ TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE); ++ return NULL; ++} ++ ++static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) ++{ ++ ESS_CERT_ID *cid = NULL; ++ GENERAL_NAME *name = NULL; ++ ++ /* Recompute SHA1 hash of certificate if necessary (side effect). */ ++ X509_check_purpose(cert, -1, 0); ++ ++ if (!(cid = ESS_CERT_ID_new())) ++ goto err; ++ if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, ++ sizeof(cert->sha1_hash))) ++ goto err; ++ ++ /* Setting the issuer/serial if requested. */ ++ if (issuer_needed) { ++ /* Creating issuer/serial structure. */ ++ if (!cid->issuer_serial ++ && !(cid->issuer_serial = ESS_ISSUER_SERIAL_new())) ++ goto err; ++ /* Creating general name from the certificate issuer. */ ++ if (!(name = GENERAL_NAME_new())) ++ goto err; ++ name->type = GEN_DIRNAME; ++ if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer))) ++ goto err; ++ if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) ++ goto err; ++ name = NULL; /* Ownership is lost. */ ++ /* Setting the serial number. */ ++ ASN1_INTEGER_free(cid->issuer_serial->serial); ++ if (!(cid->issuer_serial->serial = ++ ASN1_INTEGER_dup(cert->cert_info->serialNumber))) ++ goto err; ++ } ++ ++ return cid; ++ err: ++ GENERAL_NAME_free(name); ++ ESS_CERT_ID_free(cid); ++ TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE); ++ return NULL; ++} ++ ++static int TS_TST_INFO_content_new(PKCS7 *p7) ++{ ++ PKCS7 *ret = NULL; ++ ASN1_OCTET_STRING *octet_string = NULL; ++ ++ /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ ++ if (!(ret = PKCS7_new())) ++ goto err; ++ if (!(ret->d.other = ASN1_TYPE_new())) ++ goto err; ++ ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); ++ if (!(octet_string = ASN1_OCTET_STRING_new())) ++ goto err; ++ ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string); ++ octet_string = NULL; ++ ++ /* Add encapsulated content to signed PKCS7 structure. */ ++ if (!PKCS7_set_content(p7, ret)) ++ goto err; ++ ++ return 1; ++ err: ++ ASN1_OCTET_STRING_free(octet_string); ++ PKCS7_free(ret); ++ return 0; ++} ++ ++static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) ++{ ++ ASN1_STRING *seq = NULL; ++ unsigned char *p, *pp = NULL; ++ int len; ++ ++ len = i2d_ESS_SIGNING_CERT(sc, NULL); ++ if (!(pp = (unsigned char *)OPENSSL_malloc(len))) { ++ TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p = pp; ++ i2d_ESS_SIGNING_CERT(sc, &p); ++ if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { ++ TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ OPENSSL_free(pp); ++ pp = NULL; ++ return PKCS7_add_signed_attribute(si, ++ NID_id_smime_aa_signingCertificate, ++ V_ASN1_SEQUENCE, seq); ++ err: ++ ASN1_STRING_free(seq); ++ OPENSSL_free(pp); ++ ++ return 0; ++} ++ ++static ASN1_GENERALIZEDTIME ++*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, ++ long sec, long usec, unsigned precision) ++{ ++ time_t time_sec = (time_t)sec; ++ struct tm *tm = NULL; ++ char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; ++ char *p = genTime_str; ++ char *p_end = genTime_str + sizeof(genTime_str); ++ ++ if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) ++ goto err; ++ ++ if (!(tm = gmtime(&time_sec))) ++ goto err; ++ ++ /* ++ * Put "genTime_str" in GeneralizedTime format. We work around the ++ * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST ++ * NOT include fractional seconds") and OpenSSL related functions to ++ * meet the rfc3161 requirement: "GeneralizedTime syntax can include ++ * fraction-of-second details". ++ */ ++ p += BIO_snprintf(p, p_end - p, ++ "%04d%02d%02d%02d%02d%02d", ++ tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, ++ tm->tm_hour, tm->tm_min, tm->tm_sec); ++ if (precision > 0) { ++ /* Add fraction of seconds (leave space for dot and null). */ ++ BIO_snprintf(p, 2 + precision, ".%06ld", usec); ++ /* ++ * We cannot use the snprintf return value, because it might have ++ * been truncated. ++ */ ++ p += strlen(p); ++ ++ /* ++ * To make things a bit harder, X.690 | ISO/IEC 8825-1 provides the ++ * following restrictions for a DER-encoding, which OpenSSL ++ * (specifically ASN1_GENERALIZEDTIME_check() function) doesn't ++ * support: "The encoding MUST terminate with a "Z" (which means ++ * "Zulu" time). The decimal point element, if present, MUST be the ++ * point option ".". The fractional-seconds elements, if present, ++ * MUST omit all trailing 0's; if the elements correspond to 0, they ++ * MUST be wholly omitted, and the decimal point element also MUST be ++ * omitted." ++ */ ++ /* ++ * Remove trailing zeros. The dot guarantees the exit condition of ++ * this loop even if all the digits are zero. ++ */ ++ while (*--p == '0') ++ /* ++ * empty ++ */ ; ++ /* p points to either the dot or the last non-zero digit. */ ++ if (*p != '.') ++ ++p; ++ } ++ /* Add the trailing Z and the terminating null. */ ++ *p++ = 'Z'; ++ *p++ = '\0'; ++ ++ /* Now call OpenSSL to check and set our genTime value */ ++ if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) ++ goto err; ++ if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) { ++ ASN1_GENERALIZEDTIME_free(asn1_time); ++ goto err; ++ } ++ ++ return asn1_time; ++ err: ++ TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME); ++ return NULL; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_rsp_utils.c b/Cryptlib/OpenSSL/crypto/ts/ts_rsp_utils.c +new file mode 100644 +index 0000000..f6f6332 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_rsp_utils.c +@@ -0,0 +1,396 @@ ++/* crypto/ts/ts_resp_utils.c */ ++/* ++ * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++ ++/* Function definitions. */ ++ ++int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info) ++{ ++ TS_STATUS_INFO *new_status_info; ++ ++ if (a->status_info == status_info) ++ return 1; ++ new_status_info = TS_STATUS_INFO_dup(status_info); ++ if (new_status_info == NULL) { ++ TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ TS_STATUS_INFO_free(a->status_info); ++ a->status_info = new_status_info; ++ ++ return 1; ++} ++ ++TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a) ++{ ++ return a->status_info; ++} ++ ++/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ ++void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info) ++{ ++ /* Set new PKCS7 and TST_INFO objects. */ ++ PKCS7_free(a->token); ++ a->token = p7; ++ TS_TST_INFO_free(a->tst_info); ++ a->tst_info = tst_info; ++} ++ ++PKCS7 *TS_RESP_get_token(TS_RESP *a) ++{ ++ return a->token; ++} ++ ++TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a) ++{ ++ return a->tst_info; ++} ++ ++int TS_TST_INFO_set_version(TS_TST_INFO *a, long version) ++{ ++ return ASN1_INTEGER_set(a->version, version); ++} ++ ++long TS_TST_INFO_get_version(const TS_TST_INFO *a) ++{ ++ return ASN1_INTEGER_get(a->version); ++} ++ ++int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy) ++{ ++ ASN1_OBJECT *new_policy; ++ ++ if (a->policy_id == policy) ++ return 1; ++ new_policy = OBJ_dup(policy); ++ if (new_policy == NULL) { ++ TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ASN1_OBJECT_free(a->policy_id); ++ a->policy_id = new_policy; ++ return 1; ++} ++ ++ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a) ++{ ++ return a->policy_id; ++} ++ ++int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint) ++{ ++ TS_MSG_IMPRINT *new_msg_imprint; ++ ++ if (a->msg_imprint == msg_imprint) ++ return 1; ++ new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); ++ if (new_msg_imprint == NULL) { ++ TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ TS_MSG_IMPRINT_free(a->msg_imprint); ++ a->msg_imprint = new_msg_imprint; ++ return 1; ++} ++ ++TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a) ++{ ++ return a->msg_imprint; ++} ++ ++int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial) ++{ ++ ASN1_INTEGER *new_serial; ++ ++ if (a->serial == serial) ++ return 1; ++ new_serial = ASN1_INTEGER_dup(serial); ++ if (new_serial == NULL) { ++ TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ASN1_INTEGER_free(a->serial); ++ a->serial = new_serial; ++ return 1; ++} ++ ++const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a) ++{ ++ return a->serial; ++} ++ ++int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime) ++{ ++ ASN1_GENERALIZEDTIME *new_time; ++ ++ if (a->time == gtime) ++ return 1; ++ new_time = M_ASN1_GENERALIZEDTIME_dup(gtime); ++ if (new_time == NULL) { ++ TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ASN1_GENERALIZEDTIME_free(a->time); ++ a->time = new_time; ++ return 1; ++} ++ ++const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a) ++{ ++ return a->time; ++} ++ ++int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy) ++{ ++ TS_ACCURACY *new_accuracy; ++ ++ if (a->accuracy == accuracy) ++ return 1; ++ new_accuracy = TS_ACCURACY_dup(accuracy); ++ if (new_accuracy == NULL) { ++ TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ TS_ACCURACY_free(a->accuracy); ++ a->accuracy = new_accuracy; ++ return 1; ++} ++ ++TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a) ++{ ++ return a->accuracy; ++} ++ ++int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds) ++{ ++ ASN1_INTEGER *new_seconds; ++ ++ if (a->seconds == seconds) ++ return 1; ++ new_seconds = ASN1_INTEGER_dup(seconds); ++ if (new_seconds == NULL) { ++ TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ASN1_INTEGER_free(a->seconds); ++ a->seconds = new_seconds; ++ return 1; ++} ++ ++const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a) ++{ ++ return a->seconds; ++} ++ ++int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis) ++{ ++ ASN1_INTEGER *new_millis = NULL; ++ ++ if (a->millis == millis) ++ return 1; ++ if (millis != NULL) { ++ new_millis = ASN1_INTEGER_dup(millis); ++ if (new_millis == NULL) { ++ TSerr(TS_F_TS_ACCURACY_SET_MILLIS, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ ASN1_INTEGER_free(a->millis); ++ a->millis = new_millis; ++ return 1; ++} ++ ++const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a) ++{ ++ return a->millis; ++} ++ ++int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros) ++{ ++ ASN1_INTEGER *new_micros = NULL; ++ ++ if (a->micros == micros) ++ return 1; ++ if (micros != NULL) { ++ new_micros = ASN1_INTEGER_dup(micros); ++ if (new_micros == NULL) { ++ TSerr(TS_F_TS_ACCURACY_SET_MICROS, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ ASN1_INTEGER_free(a->micros); ++ a->micros = new_micros; ++ return 1; ++} ++ ++const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a) ++{ ++ return a->micros; ++} ++ ++int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering) ++{ ++ a->ordering = ordering ? 0xFF : 0x00; ++ return 1; ++} ++ ++int TS_TST_INFO_get_ordering(const TS_TST_INFO *a) ++{ ++ return a->ordering ? 1 : 0; ++} ++ ++int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce) ++{ ++ ASN1_INTEGER *new_nonce; ++ ++ if (a->nonce == nonce) ++ return 1; ++ new_nonce = ASN1_INTEGER_dup(nonce); ++ if (new_nonce == NULL) { ++ TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ASN1_INTEGER_free(a->nonce); ++ a->nonce = new_nonce; ++ return 1; ++} ++ ++const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a) ++{ ++ return a->nonce; ++} ++ ++int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa) ++{ ++ GENERAL_NAME *new_tsa; ++ ++ if (a->tsa == tsa) ++ return 1; ++ new_tsa = GENERAL_NAME_dup(tsa); ++ if (new_tsa == NULL) { ++ TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ GENERAL_NAME_free(a->tsa); ++ a->tsa = new_tsa; ++ return 1; ++} ++ ++GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a) ++{ ++ return a->tsa; ++} ++ ++STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a) ++{ ++ return a->extensions; ++} ++ ++void TS_TST_INFO_ext_free(TS_TST_INFO *a) ++{ ++ if (!a) ++ return; ++ sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); ++ a->extensions = NULL; ++} ++ ++int TS_TST_INFO_get_ext_count(TS_TST_INFO *a) ++{ ++ return X509v3_get_ext_count(a->extensions); ++} ++ ++int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos) ++{ ++ return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); ++} ++ ++int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos) ++{ ++ return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); ++} ++ ++int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos) ++{ ++ return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); ++} ++ ++X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc) ++{ ++ return X509v3_get_ext(a->extensions, loc); ++} ++ ++X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc) ++{ ++ return X509v3_delete_ext(a->extensions, loc); ++} ++ ++int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc) ++{ ++ return X509v3_add_ext(&a->extensions, ex, loc) != NULL; ++} ++ ++void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx) ++{ ++ return X509V3_get_d2i(a->extensions, nid, crit, idx); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_rsp_verify.c b/Cryptlib/OpenSSL/crypto/ts/ts_rsp_verify.c +new file mode 100644 +index 0000000..3ce765d +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_rsp_verify.c +@@ -0,0 +1,736 @@ ++/* crypto/ts/ts_resp_verify.c */ ++/* ++ * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++ ++/* Private function declarations. */ ++ ++static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, ++ X509 *signer, STACK_OF(X509) **chain); ++static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, ++ STACK_OF(X509) *chain); ++static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); ++static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); ++static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); ++static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, ++ PKCS7 *token, TS_TST_INFO *tst_info); ++static int TS_check_status_info(TS_RESP *response); ++static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); ++static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); ++static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, ++ X509_ALGOR **md_alg, ++ unsigned char **imprint, unsigned *imprint_len); ++static int TS_check_imprints(X509_ALGOR *algor_a, ++ unsigned char *imprint_a, unsigned len_a, ++ TS_TST_INFO *tst_info); ++static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); ++static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); ++static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, ++ GENERAL_NAME *name); ++ ++/* ++ * Local mapping between response codes and descriptions. ++ * Don't forget to change TS_STATUS_BUF_SIZE when modifying ++ * the elements of this array. ++ */ ++static const char *TS_status_text[] = { "granted", ++ "grantedWithMods", ++ "rejection", ++ "waiting", ++ "revocationWarning", ++ "revocationNotification" ++}; ++ ++#define TS_STATUS_TEXT_SIZE (sizeof(TS_status_text)/sizeof(*TS_status_text)) ++ ++/* ++ * This must be greater or equal to the sum of the strings in TS_status_text ++ * plus the number of its elements. ++ */ ++#define TS_STATUS_BUF_SIZE 256 ++ ++static struct { ++ int code; ++ const char *text; ++} TS_failure_info[] = { ++ { ++ TS_INFO_BAD_ALG, "badAlg" ++ }, ++ { ++ TS_INFO_BAD_REQUEST, "badRequest" ++ }, ++ { ++ TS_INFO_BAD_DATA_FORMAT, "badDataFormat" ++ }, ++ { ++ TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" ++ }, ++ { ++ TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" ++ }, ++ { ++ TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" ++ }, ++ { ++ TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" ++ }, ++ { ++ TS_INFO_SYSTEM_FAILURE, "systemFailure" ++ } ++}; ++ ++#define TS_FAILURE_INFO_SIZE (sizeof(TS_failure_info) / \ ++ sizeof(*TS_failure_info)) ++ ++/* Functions for verifying a signed TS_TST_INFO structure. */ ++ ++/*- ++ * This function carries out the following tasks: ++ * - Checks if there is one and only one signer. ++ * - Search for the signing certificate in 'certs' and in the response. ++ * - Check the extended key usage and key usage fields of the signer ++ * certificate (done by the path validation). ++ * - Build and validate the certificate path. ++ * - Check if the certificate path meets the requirements of the ++ * SigningCertificate ESS signed attribute. ++ * - Verify the signature value. ++ * - Returns the signer certificate in 'signer', if 'signer' is not NULL. ++ */ ++int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, ++ X509_STORE *store, X509 **signer_out) ++{ ++ STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL; ++ PKCS7_SIGNER_INFO *si; ++ STACK_OF(X509) *signers = NULL; ++ X509 *signer; ++ STACK_OF(X509) *chain = NULL; ++ char buf[4096]; ++ int i, j = 0, ret = 0; ++ BIO *p7bio = NULL; ++ ++ /* Some sanity checks first. */ ++ if (!token) { ++ TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER); ++ goto err; ++ } ++ ++ /* Check for the correct content type */ ++ if (!PKCS7_type_is_signed(token)) { ++ TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE); ++ goto err; ++ } ++ ++ /* Check if there is one and only one signer. */ ++ sinfos = PKCS7_get_signer_info(token); ++ if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) { ++ TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER); ++ goto err; ++ } ++ si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); ++ ++ /* Check for no content: no data to verify signature. */ ++ if (PKCS7_get_detached(token)) { ++ TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT); ++ goto err; ++ } ++ ++ /* ++ * Get hold of the signer certificate, search only internal certificates ++ * if it was requested. ++ */ ++ signers = PKCS7_get0_signers(token, certs, 0); ++ if (!signers || sk_X509_num(signers) != 1) ++ goto err; ++ signer = sk_X509_value(signers, 0); ++ ++ /* Now verify the certificate. */ ++ if (!TS_verify_cert(store, certs, signer, &chain)) ++ goto err; ++ ++ /* ++ * Check if the signer certificate is consistent with the ESS extension. ++ */ ++ if (!TS_check_signing_certs(si, chain)) ++ goto err; ++ ++ /* Creating the message digest. */ ++ p7bio = PKCS7_dataInit(token, NULL); ++ ++ /* We now have to 'read' from p7bio to calculate digests etc. */ ++ while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0) ; ++ ++ /* Verifying the signature. */ ++ j = PKCS7_signatureVerify(p7bio, token, si, signer); ++ if (j <= 0) { ++ TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE); ++ goto err; ++ } ++ ++ /* Return the signer certificate if needed. */ ++ if (signer_out) { ++ *signer_out = signer; ++ CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); ++ } ++ ++ ret = 1; ++ ++ err: ++ BIO_free_all(p7bio); ++ sk_X509_pop_free(chain, X509_free); ++ sk_X509_free(signers); ++ ++ return ret; ++} ++ ++/* ++ * The certificate chain is returned in chain. Caller is responsible for ++ * freeing the vector. ++ */ ++static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, ++ X509 *signer, STACK_OF(X509) **chain) ++{ ++ X509_STORE_CTX cert_ctx; ++ int i; ++ int ret = 1; ++ ++ /* chain is an out argument. */ ++ *chain = NULL; ++ X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted); ++ X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN); ++ i = X509_verify_cert(&cert_ctx); ++ if (i <= 0) { ++ int j = X509_STORE_CTX_get_error(&cert_ctx); ++ TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR); ++ ERR_add_error_data(2, "Verify error:", ++ X509_verify_cert_error_string(j)); ++ ret = 0; ++ } else { ++ /* Get a copy of the certificate chain. */ ++ *chain = X509_STORE_CTX_get1_chain(&cert_ctx); ++ } ++ ++ X509_STORE_CTX_cleanup(&cert_ctx); ++ ++ return ret; ++} ++ ++static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, ++ STACK_OF(X509) *chain) ++{ ++ ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si); ++ STACK_OF(ESS_CERT_ID) *cert_ids = NULL; ++ X509 *cert; ++ int i = 0; ++ int ret = 0; ++ ++ if (!ss) ++ goto err; ++ cert_ids = ss->cert_ids; ++ /* The signer certificate must be the first in cert_ids. */ ++ cert = sk_X509_value(chain, 0); ++ if (TS_find_cert(cert_ids, cert) != 0) ++ goto err; ++ ++ /* ++ * Check the other certificates of the chain if there are more than one ++ * certificate ids in cert_ids. ++ */ ++ if (sk_ESS_CERT_ID_num(cert_ids) > 1) { ++ /* All the certificates of the chain must be in cert_ids. */ ++ for (i = 1; i < sk_X509_num(chain); ++i) { ++ cert = sk_X509_value(chain, i); ++ if (TS_find_cert(cert_ids, cert) < 0) ++ goto err; ++ } ++ } ++ ret = 1; ++ err: ++ if (!ret) ++ TSerr(TS_F_TS_CHECK_SIGNING_CERTS, ++ TS_R_ESS_SIGNING_CERTIFICATE_ERROR); ++ ESS_SIGNING_CERT_free(ss); ++ return ret; ++} ++ ++static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) ++{ ++ ASN1_TYPE *attr; ++ const unsigned char *p; ++ attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate); ++ if (!attr) ++ return NULL; ++ p = attr->value.sequence->data; ++ return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); ++} ++ ++/* Returns < 0 if certificate is not found, certificate index otherwise. */ ++static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) ++{ ++ int i; ++ ++ if (!cert_ids || !cert) ++ return -1; ++ ++ /* Recompute SHA1 hash of certificate if necessary (side effect). */ ++ X509_check_purpose(cert, -1, 0); ++ ++ /* Look for cert in the cert_ids vector. */ ++ for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { ++ ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); ++ ++ /* Check the SHA-1 hash first. */ ++ if (cid->hash->length == sizeof(cert->sha1_hash) ++ && !memcmp(cid->hash->data, cert->sha1_hash, ++ sizeof(cert->sha1_hash))) { ++ /* Check the issuer/serial as well if specified. */ ++ ESS_ISSUER_SERIAL *is = cid->issuer_serial; ++ if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) ++ return i; ++ } ++ } ++ ++ return -1; ++} ++ ++static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) ++{ ++ GENERAL_NAME *issuer; ++ ++ if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1) ++ return -1; ++ ++ /* Check the issuer first. It must be a directory name. */ ++ issuer = sk_GENERAL_NAME_value(is->issuer, 0); ++ if (issuer->type != GEN_DIRNAME ++ || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer)) ++ return -1; ++ ++ /* Check the serial number, too. */ ++ if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber)) ++ return -1; ++ ++ return 0; ++} ++ ++/*- ++ * Verifies whether 'response' contains a valid response with regards ++ * to the settings of the context: ++ * - Gives an error message if the TS_TST_INFO is not present. ++ * - Calls _TS_RESP_verify_token to verify the token content. ++ */ ++int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) ++{ ++ PKCS7 *token = TS_RESP_get_token(response); ++ TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); ++ int ret = 0; ++ ++ /* Check if we have a successful TS_TST_INFO object in place. */ ++ if (!TS_check_status_info(response)) ++ goto err; ++ ++ /* Check the contents of the time stamp token. */ ++ if (!int_TS_RESP_verify_token(ctx, token, tst_info)) ++ goto err; ++ ++ ret = 1; ++ err: ++ return ret; ++} ++ ++/* ++ * Tries to extract a TS_TST_INFO structure from the PKCS7 token and ++ * calls the internal int_TS_RESP_verify_token function for verifying it. ++ */ ++int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) ++{ ++ TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); ++ int ret = 0; ++ if (tst_info) { ++ ret = int_TS_RESP_verify_token(ctx, token, tst_info); ++ TS_TST_INFO_free(tst_info); ++ } ++ return ret; ++} ++ ++/*- ++ * Verifies whether the 'token' contains a valid time stamp token ++ * with regards to the settings of the context. Only those checks are ++ * carried out that are specified in the context: ++ * - Verifies the signature of the TS_TST_INFO. ++ * - Checks the version number of the response. ++ * - Check if the requested and returned policies math. ++ * - Check if the message imprints are the same. ++ * - Check if the nonces are the same. ++ * - Check if the TSA name matches the signer. ++ * - Check if the TSA name is the expected TSA. ++ */ ++static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, ++ PKCS7 *token, TS_TST_INFO *tst_info) ++{ ++ X509 *signer = NULL; ++ GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info); ++ X509_ALGOR *md_alg = NULL; ++ unsigned char *imprint = NULL; ++ unsigned imprint_len = 0; ++ int ret = 0; ++ ++ /* Verify the signature. */ ++ if ((ctx->flags & TS_VFY_SIGNATURE) ++ && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer)) ++ goto err; ++ ++ /* Check version number of response. */ ++ if ((ctx->flags & TS_VFY_VERSION) ++ && TS_TST_INFO_get_version(tst_info) != 1) { ++ TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION); ++ goto err; ++ } ++ ++ /* Check policies. */ ++ if ((ctx->flags & TS_VFY_POLICY) ++ && !TS_check_policy(ctx->policy, tst_info)) ++ goto err; ++ ++ /* Check message imprints. */ ++ if ((ctx->flags & TS_VFY_IMPRINT) ++ && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, ++ tst_info)) ++ goto err; ++ ++ /* Compute and check message imprints. */ ++ if ((ctx->flags & TS_VFY_DATA) ++ && (!TS_compute_imprint(ctx->data, tst_info, ++ &md_alg, &imprint, &imprint_len) ++ || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info))) ++ goto err; ++ ++ /* Check nonces. */ ++ if ((ctx->flags & TS_VFY_NONCE) ++ && !TS_check_nonces(ctx->nonce, tst_info)) ++ goto err; ++ ++ /* Check whether TSA name and signer certificate match. */ ++ if ((ctx->flags & TS_VFY_SIGNER) ++ && tsa_name && !TS_check_signer_name(tsa_name, signer)) { ++ TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH); ++ goto err; ++ } ++ ++ /* Check whether the TSA is the expected one. */ ++ if ((ctx->flags & TS_VFY_TSA_NAME) ++ && !TS_check_signer_name(ctx->tsa_name, signer)) { ++ TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED); ++ goto err; ++ } ++ ++ ret = 1; ++ err: ++ X509_free(signer); ++ X509_ALGOR_free(md_alg); ++ OPENSSL_free(imprint); ++ return ret; ++} ++ ++static int TS_check_status_info(TS_RESP *response) ++{ ++ TS_STATUS_INFO *info = TS_RESP_get_status_info(response); ++ long status = ASN1_INTEGER_get(info->status); ++ const char *status_text = NULL; ++ char *embedded_status_text = NULL; ++ char failure_text[TS_STATUS_BUF_SIZE] = ""; ++ ++ /* Check if everything went fine. */ ++ if (status == 0 || status == 1) ++ return 1; ++ ++ /* There was an error, get the description in status_text. */ ++ if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE) ++ status_text = TS_status_text[status]; ++ else ++ status_text = "unknown code"; ++ ++ /* Set the embedded_status_text to the returned description. */ ++ if (sk_ASN1_UTF8STRING_num(info->text) > 0 ++ && !(embedded_status_text = TS_get_status_text(info->text))) ++ return 0; ++ ++ /* Filling in failure_text with the failure information. */ ++ if (info->failure_info) { ++ int i; ++ int first = 1; ++ for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) { ++ if (ASN1_BIT_STRING_get_bit(info->failure_info, ++ TS_failure_info[i].code)) { ++ if (!first) ++ strcpy(failure_text, ","); ++ else ++ first = 0; ++ strcat(failure_text, TS_failure_info[i].text); ++ } ++ } ++ } ++ if (failure_text[0] == '\0') ++ strcpy(failure_text, "unspecified"); ++ ++ /* Making up the error string. */ ++ TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN); ++ ERR_add_error_data(6, ++ "status code: ", status_text, ++ ", status text: ", embedded_status_text ? ++ embedded_status_text : "unspecified", ++ ", failure codes: ", failure_text); ++ OPENSSL_free(embedded_status_text); ++ ++ return 0; ++} ++ ++static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) ++{ ++ int i; ++ unsigned int length = 0; ++ char *result = NULL; ++ char *p; ++ ++ /* Determine length first. */ ++ for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) { ++ ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); ++ length += ASN1_STRING_length(current); ++ length += 1; /* separator character */ ++ } ++ /* Allocate memory (closing '\0' included). */ ++ if (!(result = OPENSSL_malloc(length))) { ++ TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ /* Concatenate the descriptions. */ ++ for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) { ++ ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); ++ length = ASN1_STRING_length(current); ++ if (i > 0) ++ *p++ = '/'; ++ strncpy(p, (const char *)ASN1_STRING_data(current), length); ++ p += length; ++ } ++ /* We do have space for this, too. */ ++ *p = '\0'; ++ ++ return result; ++} ++ ++static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) ++{ ++ ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); ++ ++ if (OBJ_cmp(req_oid, resp_oid) != 0) { ++ TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, ++ X509_ALGOR **md_alg, ++ unsigned char **imprint, unsigned *imprint_len) ++{ ++ TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); ++ X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); ++ const EVP_MD *md; ++ EVP_MD_CTX md_ctx; ++ unsigned char buffer[4096]; ++ int length; ++ ++ *md_alg = NULL; ++ *imprint = NULL; ++ ++ /* Return the MD algorithm of the response. */ ++ if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))) ++ goto err; ++ ++ /* Getting the MD object. */ ++ if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) { ++ TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM); ++ goto err; ++ } ++ ++ /* Compute message digest. */ ++ length = EVP_MD_size(md); ++ if (length < 0) ++ goto err; ++ *imprint_len = length; ++ if (!(*imprint = OPENSSL_malloc(*imprint_len))) { ++ TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!EVP_DigestInit(&md_ctx, md)) ++ goto err; ++ while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { ++ if (!EVP_DigestUpdate(&md_ctx, buffer, length)) ++ goto err; ++ } ++ if (!EVP_DigestFinal(&md_ctx, *imprint, NULL)) ++ goto err; ++ ++ return 1; ++ err: ++ X509_ALGOR_free(*md_alg); ++ OPENSSL_free(*imprint); ++ *imprint_len = 0; ++ *imprint = 0; ++ return 0; ++} ++ ++static int TS_check_imprints(X509_ALGOR *algor_a, ++ unsigned char *imprint_a, unsigned len_a, ++ TS_TST_INFO *tst_info) ++{ ++ TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info); ++ X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b); ++ int ret = 0; ++ ++ /* algor_a is optional. */ ++ if (algor_a) { ++ /* Compare algorithm OIDs. */ ++ if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) ++ goto err; ++ ++ /* The parameter must be NULL in both. */ ++ if ((algor_a->parameter ++ && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL) ++ || (algor_b->parameter ++ && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL)) ++ goto err; ++ } ++ ++ /* Compare octet strings. */ ++ ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) && ++ memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0; ++ err: ++ if (!ret) ++ TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH); ++ return ret; ++} ++ ++static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) ++{ ++ const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); ++ ++ /* Error if nonce is missing. */ ++ if (!b) { ++ TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED); ++ return 0; ++ } ++ ++ /* No error if a nonce is returned without being requested. */ ++ if (ASN1_INTEGER_cmp(a, b) != 0) { ++ TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++/* ++ * Check if the specified TSA name matches either the subject or one of the ++ * subject alternative names of the TSA certificate. ++ */ ++static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) ++{ ++ STACK_OF(GENERAL_NAME) *gen_names = NULL; ++ int idx = -1; ++ int found = 0; ++ ++ /* Check the subject name first. */ ++ if (tsa_name->type == GEN_DIRNAME ++ && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) ++ return 1; ++ ++ /* Check all the alternative names. */ ++ gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx); ++ while (gen_names != NULL ++ && !(found = TS_find_name(gen_names, tsa_name) >= 0)) { ++ /* ++ * Get the next subject alternative name, although there should be no ++ * more than one. ++ */ ++ GENERAL_NAMES_free(gen_names); ++ gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, ++ NULL, &idx); ++ } ++ if (gen_names) ++ GENERAL_NAMES_free(gen_names); ++ ++ return found; ++} ++ ++/* Returns 1 if name is in gen_names, 0 otherwise. */ ++static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) ++{ ++ int i, found; ++ for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) { ++ GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i); ++ found = GENERAL_NAME_cmp(current, name) == 0; ++ } ++ return found ? i - 1 : -1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ts/ts_verify_ctx.c b/Cryptlib/OpenSSL/crypto/ts/ts_verify_ctx.c +new file mode 100644 +index 0000000..3e6fcb5 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ts/ts_verify_ctx.c +@@ -0,0 +1,162 @@ ++/* crypto/ts/ts_verify_ctx.c */ ++/* ++ * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project ++ * 2003. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include "cryptlib.h" ++#include ++#include ++ ++TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) ++{ ++ TS_VERIFY_CTX *ctx = ++ (TS_VERIFY_CTX *)OPENSSL_malloc(sizeof(TS_VERIFY_CTX)); ++ if (ctx) ++ memset(ctx, 0, sizeof(TS_VERIFY_CTX)); ++ else ++ TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); ++ return ctx; ++} ++ ++void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) ++{ ++ OPENSSL_assert(ctx != NULL); ++ memset(ctx, 0, sizeof(TS_VERIFY_CTX)); ++} ++ ++void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) ++{ ++ if (!ctx) ++ return; ++ ++ TS_VERIFY_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++} ++ ++void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) ++{ ++ if (!ctx) ++ return; ++ ++ X509_STORE_free(ctx->store); ++ sk_X509_pop_free(ctx->certs, X509_free); ++ ++ ASN1_OBJECT_free(ctx->policy); ++ ++ X509_ALGOR_free(ctx->md_alg); ++ OPENSSL_free(ctx->imprint); ++ ++ BIO_free_all(ctx->data); ++ ++ ASN1_INTEGER_free(ctx->nonce); ++ ++ GENERAL_NAME_free(ctx->tsa_name); ++ ++ TS_VERIFY_CTX_init(ctx); ++} ++ ++TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) ++{ ++ TS_VERIFY_CTX *ret = ctx; ++ ASN1_OBJECT *policy; ++ TS_MSG_IMPRINT *imprint; ++ X509_ALGOR *md_alg; ++ ASN1_OCTET_STRING *msg; ++ const ASN1_INTEGER *nonce; ++ ++ OPENSSL_assert(req != NULL); ++ if (ret) ++ TS_VERIFY_CTX_cleanup(ret); ++ else if (!(ret = TS_VERIFY_CTX_new())) ++ return NULL; ++ ++ /* Setting flags. */ ++ ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); ++ ++ /* Setting policy. */ ++ if ((policy = TS_REQ_get_policy_id(req)) != NULL) { ++ if (!(ret->policy = OBJ_dup(policy))) ++ goto err; ++ } else ++ ret->flags &= ~TS_VFY_POLICY; ++ ++ /* Setting md_alg, imprint and imprint_len. */ ++ imprint = TS_REQ_get_msg_imprint(req); ++ md_alg = TS_MSG_IMPRINT_get_algo(imprint); ++ if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) ++ goto err; ++ msg = TS_MSG_IMPRINT_get_msg(imprint); ++ ret->imprint_len = ASN1_STRING_length(msg); ++ if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len))) ++ goto err; ++ memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len); ++ ++ /* Setting nonce. */ ++ if ((nonce = TS_REQ_get_nonce(req)) != NULL) { ++ if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) ++ goto err; ++ } else ++ ret->flags &= ~TS_VFY_NONCE; ++ ++ return ret; ++ err: ++ if (ctx) ++ TS_VERIFY_CTX_cleanup(ctx); ++ else ++ TS_VERIFY_CTX_free(ret); ++ return NULL; ++} +diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c +index a81eaae..f9b42ac 100644 +--- a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c ++++ b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c +@@ -77,7 +77,8 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + int i, add, n; + int size = BUFSIZE; + int offset = 0; +- char *p, **pp, *f; ++ char *p, *f; ++ OPENSSL_STRING *pp; + BUF_MEM *buf = NULL; + + if ((buf = BUF_MEM_new()) == NULL) +@@ -85,19 +86,16 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + if (!BUF_MEM_grow(buf, size)) + goto err; + +- if ((ret = (TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL) ++ if ((ret = OPENSSL_malloc(sizeof(TXT_DB))) == NULL) + goto err; + ret->num_fields = num; + ret->index = NULL; + ret->qual = NULL; +- if ((ret->data = sk_new_null()) == NULL) ++ if ((ret->data = sk_OPENSSL_PSTRING_new_null()) == NULL) + goto err; +- if ((ret->index = +- (LHASH **)OPENSSL_malloc(sizeof(LHASH *) * num)) == NULL) ++ if ((ret->index = OPENSSL_malloc(sizeof(*ret->index) * num)) == NULL) + goto err; +- if ((ret->qual = +- (int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **)) * +- num)) == NULL) ++ if ((ret->qual = OPENSSL_malloc(sizeof(*(ret->qual)) * num)) == NULL) + goto err; + for (i = 0; i < num; i++) { + ret->index[i] = NULL; +@@ -126,7 +124,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + continue; + else { + buf->data[offset - 1] = '\0'; /* blat the '\n' */ +- if (!(p = (char *)OPENSSL_malloc(add + offset))) ++ if (!(p = OPENSSL_malloc(add + offset))) + goto err; + offset = 0; + } +@@ -158,7 +156,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + } + *(p++) = '\0'; + if ((n != num) || (*f != '\0')) { +-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty ++#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary + * fix :-( */ + fprintf(stderr, + "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n", +@@ -168,8 +166,8 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + goto err; + } + pp[n] = p; +- if (!sk_push(ret->data, (char *)pp)) { +-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty ++ if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) { ++#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary + * fix :-( */ + fprintf(stderr, "failure in sk_push\n"); + #endif +@@ -187,7 +185,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + #endif + if (ret != NULL) { + if (ret->data != NULL) +- sk_free(ret->data); ++ sk_OPENSSL_PSTRING_free(ret->data); + if (ret->index != NULL) + OPENSSL_free(ret->index); + if (ret->qual != NULL) +@@ -200,10 +198,11 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + return (ret); + } + +-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) ++OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, ++ OPENSSL_STRING *value) + { +- char **ret; +- LHASH *lh; ++ OPENSSL_STRING *ret; ++ LHASH_OF(OPENSSL_STRING) *lh; + + if (idx >= db->num_fields) { + db->error = DB_ERROR_INDEX_OUT_OF_RANGE; +@@ -214,41 +213,42 @@ char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) + db->error = DB_ERROR_NO_INDEX; + return (NULL); + } +- ret = (char **)lh_retrieve(lh, value); ++ ret = lh_OPENSSL_STRING_retrieve(lh, value); + db->error = DB_ERROR_OK; + return (ret); + } + +-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **), ++int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) + { +- LHASH *idx; +- char **r; ++ LHASH_OF(OPENSSL_STRING) *idx; ++ OPENSSL_STRING *r; + int i, n; + + if (field >= db->num_fields) { + db->error = DB_ERROR_INDEX_OUT_OF_RANGE; + return (0); + } +- if ((idx = lh_new(hash, cmp)) == NULL) { ++ /* FIXME: we lose type checking at this point */ ++ if ((idx = (LHASH_OF(OPENSSL_STRING) *)lh_new(hash, cmp)) == NULL) { + db->error = DB_ERROR_MALLOC; + return (0); + } +- n = sk_num(db->data); ++ n = sk_OPENSSL_PSTRING_num(db->data); + for (i = 0; i < n; i++) { +- r = (char **)sk_value(db->data, i); ++ r = sk_OPENSSL_PSTRING_value(db->data, i); + if ((qual != NULL) && (qual(r) == 0)) + continue; +- if ((r = lh_insert(idx, r)) != NULL) { ++ if ((r = lh_OPENSSL_STRING_insert(idx, r)) != NULL) { + db->error = DB_ERROR_INDEX_CLASH; +- db->arg1 = sk_find(db->data, (char *)r); ++ db->arg1 = sk_OPENSSL_PSTRING_find(db->data, r); + db->arg2 = i; +- lh_free(idx); ++ lh_OPENSSL_STRING_free(idx); + return (0); + } + } + if (db->index[field] != NULL) +- lh_free(db->index[field]); ++ lh_OPENSSL_STRING_free(db->index[field]); + db->index[field] = idx; + db->qual[field] = qual; + return (1); +@@ -263,10 +263,10 @@ long TXT_DB_write(BIO *out, TXT_DB *db) + + if ((buf = BUF_MEM_new()) == NULL) + goto err; +- n = sk_num(db->data); ++ n = sk_OPENSSL_PSTRING_num(db->data); + nn = db->num_fields; + for (i = 0; i < n; i++) { +- pp = (char **)sk_value(db->data, i); ++ pp = sk_OPENSSL_PSTRING_value(db->data, i); + + l = 0; + for (j = 0; j < nn; j++) { +@@ -302,16 +302,16 @@ long TXT_DB_write(BIO *out, TXT_DB *db) + return (ret); + } + +-int TXT_DB_insert(TXT_DB *db, char **row) ++int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row) + { + int i; +- char **r; ++ OPENSSL_STRING *r; + + for (i = 0; i < db->num_fields; i++) { + if (db->index[i] != NULL) { + if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) + continue; +- r = (char **)lh_retrieve(db->index[i], row); ++ r = lh_OPENSSL_STRING_retrieve(db->index[i], row); + if (r != NULL) { + db->error = DB_ERROR_INDEX_CLASH; + db->arg1 = i; +@@ -321,7 +321,7 @@ int TXT_DB_insert(TXT_DB *db, char **row) + } + } + /* We have passed the index checks, now just append and insert */ +- if (!sk_push(db->data, (char *)row)) { ++ if (!sk_OPENSSL_PSTRING_push(db->data, row)) { + db->error = DB_ERROR_MALLOC; + goto err; + } +@@ -330,7 +330,7 @@ int TXT_DB_insert(TXT_DB *db, char **row) + if (db->index[i] != NULL) { + if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) + continue; +- lh_insert(db->index[i], row); ++ (void)lh_OPENSSL_STRING_insert(db->index[i], row); + } + } + return (1); +@@ -349,18 +349,18 @@ void TXT_DB_free(TXT_DB *db) + if (db->index != NULL) { + for (i = db->num_fields - 1; i >= 0; i--) + if (db->index[i] != NULL) +- lh_free(db->index[i]); ++ lh_OPENSSL_STRING_free(db->index[i]); + OPENSSL_free(db->index); + } + if (db->qual != NULL) + OPENSSL_free(db->qual); + if (db->data != NULL) { +- for (i = sk_num(db->data) - 1; i >= 0; i--) { ++ for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) { + /* + * check if any 'fields' have been allocated from outside of the + * initial block + */ +- p = (char **)sk_value(db->data, i); ++ p = sk_OPENSSL_PSTRING_value(db->data, i); + max = p[db->num_fields]; /* last address */ + if (max == NULL) { /* new row */ + for (n = 0; n < db->num_fields; n++) +@@ -373,9 +373,9 @@ void TXT_DB_free(TXT_DB *db) + OPENSSL_free(p[n]); + } + } +- OPENSSL_free(sk_value(db->data, i)); ++ OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data, i)); + } +- sk_free(db->data); ++ sk_OPENSSL_PSTRING_free(db->data); + } + OPENSSL_free(db); + } +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_err.c b/Cryptlib/OpenSSL/crypto/ui/ui_err.c +deleted file mode 100644 +index ffeb003..0000000 +--- a/Cryptlib/OpenSSL/crypto/ui/ui_err.c ++++ /dev/null +@@ -1,111 +0,0 @@ +-/* crypto/ui/ui_err.c */ +-/* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* +- * NOTE: this file was auto generated by the mkerr.pl script: any changes +- * made to it will be overwritten when the script next updates this file, +- * only reason strings will be preserved. +- */ +- +-#include +-#include +-#include +- +-/* BEGIN ERROR CODES */ +-#ifndef OPENSSL_NO_ERR +- +-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0) +-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason) +- +-static ERR_STRING_DATA UI_str_functs[] = { +- {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"}, +- {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"}, +- {ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"}, +- {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"}, +- {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"}, +- {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"}, +- {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"}, +- {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"}, +- {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"}, +- {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"}, +- {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"}, +- {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"}, +- {0, NULL} +-}; +- +-static ERR_STRING_DATA UI_str_reasons[] = { +- {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), +- "common ok and cancel characters"}, +- {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"}, +- {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"}, +- {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"}, +- {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"}, +- {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"}, +- {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"}, +- {0, NULL} +-}; +- +-#endif +- +-void ERR_load_UI_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- +- if (ERR_func_error_string(UI_str_functs[0].error) == NULL) { +- ERR_load_strings(0, UI_str_functs); +- ERR_load_strings(0, UI_str_reasons); +- } +-#endif +-} +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +index 84d65cb..5ddd731 100644 +--- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +@@ -655,6 +655,20 @@ int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)) + return -1; + } + ++int UI_method_set_prompt_constructor(UI_METHOD *method, ++ char *(*prompt_constructor) (UI *ui, ++ const char ++ *object_desc, ++ const char ++ *object_name)) ++{ ++ if (method) { ++ method->ui_construct_prompt = prompt_constructor; ++ return 0; ++ } else ++ return -1; ++} ++ + int (*UI_method_get_opener(UI_METHOD *method)) (UI *) { + if (method) + return method->ui_open_session; +@@ -690,6 +704,15 @@ int (*UI_method_get_closer(UI_METHOD *method)) (UI *) { + return NULL; + } + ++char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *, ++ const char *, ++ const char *) { ++ if (method) ++ return method->ui_construct_prompt; ++ else ++ return NULL; ++} ++ + enum UI_string_types UI_get_string_type(UI_STRING *uis) + { + if (!uis) +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_locl.h b/Cryptlib/OpenSSL/crypto/ui/ui_locl.h +index aa4a556..0d919cd 100644 +--- a/Cryptlib/OpenSSL/crypto/ui/ui_locl.h ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_locl.h +@@ -1,6 +1,7 @@ + /* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,97 +58,88 @@ + */ + + #ifndef HEADER_UI_LOCL_H +-#define HEADER_UI_LOCL_H +- +-#include +-#include +- +-#ifdef _ +-#undef _ +-#endif +- +-struct ui_method_st +- { +- char *name; +- +- /* All the functions return 1 or non-NULL for success and 0 or NULL +- for failure */ +- +- /* Open whatever channel for this, be it the console, an X window +- or whatever. +- This function should use the ex_data structure to save +- intermediate data. */ +- int (*ui_open_session)(UI *ui); +- +- int (*ui_write_string)(UI *ui, UI_STRING *uis); +- +- /* Flush the output. If a GUI dialog box is used, this function can +- be used to actually display it. */ +- int (*ui_flush)(UI *ui); +- +- int (*ui_read_string)(UI *ui, UI_STRING *uis); +- +- int (*ui_close_session)(UI *ui); +- +- /* Construct a prompt in a user-defined manner. object_desc is a +- textual short description of the object, for example "pass phrase", +- and object_name is the name of the object (might be a card name or +- a file name. +- The returned string shall always be allocated on the heap with +- OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */ +- char *(*ui_construct_prompt)(UI *ui, const char *object_desc, +- const char *object_name); +- }; +- +-struct ui_string_st +- { +- enum UI_string_types type; /* Input */ +- const char *out_string; /* Input */ +- int input_flags; /* Flags from the user */ +- +- /* The following parameters are completely irrelevant for UIT_INFO, +- and can therefore be set to 0 or NULL */ +- char *result_buf; /* Input and Output: If not NULL, user-defined +- with size in result_maxsize. Otherwise, it +- may be allocated by the UI routine, meaning +- result_minsize is going to be overwritten.*/ +- union +- { +- struct +- { +- int result_minsize; /* Input: minimum required +- size of the result. +- */ +- int result_maxsize; /* Input: maximum permitted +- size of the result */ +- +- const char *test_buf; /* Input: test string to verify +- against */ +- } string_data; +- struct +- { +- const char *action_desc; /* Input */ +- const char *ok_chars; /* Input */ +- const char *cancel_chars; /* Input */ +- } boolean_data; +- } _; +- +-#define OUT_STRING_FREEABLE 0x01 +- int flags; /* flags for internal use */ +- }; +- +-struct ui_st +- { +- const UI_METHOD *meth; +- STACK_OF(UI_STRING) *strings; /* We might want to prompt for more +- than one thing at a time, and +- with different echoing status. */ +- void *user_data; +- CRYPTO_EX_DATA ex_data; +- +-#define UI_FLAG_REDOABLE 0x0001 +-#define UI_FLAG_PRINT_ERRORS 0x0100 +- int flags; +- }; ++# define HEADER_UI_LOCL_H ++ ++# include ++# include ++ ++# ifdef _ ++# undef _ ++# endif ++ ++struct ui_method_st { ++ char *name; ++ /* ++ * All the functions return 1 or non-NULL for success and 0 or NULL for ++ * failure ++ */ ++ /* ++ * Open whatever channel for this, be it the console, an X window or ++ * whatever. This function should use the ex_data structure to save ++ * intermediate data. ++ */ ++ int (*ui_open_session) (UI *ui); ++ int (*ui_write_string) (UI *ui, UI_STRING *uis); ++ /* ++ * Flush the output. If a GUI dialog box is used, this function can be ++ * used to actually display it. ++ */ ++ int (*ui_flush) (UI *ui); ++ int (*ui_read_string) (UI *ui, UI_STRING *uis); ++ int (*ui_close_session) (UI *ui); ++ /* ++ * Construct a prompt in a user-defined manner. object_desc is a textual ++ * short description of the object, for example "pass phrase", and ++ * object_name is the name of the object (might be a card name or a file ++ * name. The returned string shall always be allocated on the heap with ++ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). ++ */ ++ char *(*ui_construct_prompt) (UI *ui, const char *object_desc, ++ const char *object_name); ++}; ++ ++struct ui_string_st { ++ enum UI_string_types type; /* Input */ ++ const char *out_string; /* Input */ ++ int input_flags; /* Flags from the user */ ++ /* ++ * The following parameters are completely irrelevant for UIT_INFO, and ++ * can therefore be set to 0 or NULL ++ */ ++ char *result_buf; /* Input and Output: If not NULL, ++ * user-defined with size in result_maxsize. ++ * Otherwise, it may be allocated by the UI ++ * routine, meaning result_minsize is going ++ * to be overwritten. */ ++ union { ++ struct { ++ int result_minsize; /* Input: minimum required size of the ++ * result. */ ++ int result_maxsize; /* Input: maximum permitted size of the ++ * result */ ++ const char *test_buf; /* Input: test string to verify against */ ++ } string_data; ++ struct { ++ const char *action_desc; /* Input */ ++ const char *ok_chars; /* Input */ ++ const char *cancel_chars; /* Input */ ++ } boolean_data; ++ } _; ++ ++# define OUT_STRING_FREEABLE 0x01 ++ int flags; /* flags for internal use */ ++}; ++ ++struct ui_st { ++ const UI_METHOD *meth; ++ STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than ++ * one thing at a time, and with different ++ * echoing status. */ ++ void *user_data; ++ CRYPTO_EX_DATA ex_data; ++# define UI_FLAG_REDOABLE 0x0001 ++# define UI_FLAG_PRINT_ERRORS 0x0100 ++ int flags; ++}; + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c +deleted file mode 100644 +index 5a12743..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/by_dir.c ++++ /dev/null +@@ -1,368 +0,0 @@ +-/* crypto/x509/by_dir.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include +- +-#include "cryptlib.h" +- +-#ifndef NO_SYS_TYPES_H +-# include +-#endif +-#ifdef MAC_OS_pre_X +-# include +-#else +-# include +-#endif +- +-#include +-#include +- +-#ifdef _WIN32 +-# define stat _stat +-#endif +- +-typedef struct lookup_dir_st { +- BUF_MEM *buffer; +- int num_dirs; +- char **dirs; +- int *dirs_type; +- int num_dirs_alloced; +-} BY_DIR; +- +-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, +- char **ret); +-static int new_dir(X509_LOOKUP *lu); +-static void free_dir(X509_LOOKUP *lu); +-static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); +-static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, +- X509_OBJECT *ret); +-X509_LOOKUP_METHOD x509_dir_lookup = { +- "Load certs from files in a directory", +- new_dir, /* new */ +- free_dir, /* free */ +- NULL, /* init */ +- NULL, /* shutdown */ +- dir_ctrl, /* ctrl */ +- get_cert_by_subject, /* get_by_subject */ +- NULL, /* get_by_issuer_serial */ +- NULL, /* get_by_fingerprint */ +- NULL, /* get_by_alias */ +-}; +- +-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) +-{ +- return (&x509_dir_lookup); +-} +- +-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, +- char **retp) +-{ +- int ret = 0; +- BY_DIR *ld; +- char *dir = NULL; +- +- ld = (BY_DIR *)ctx->method_data; +- +- switch (cmd) { +- case X509_L_ADD_DIR: +- if (argl == X509_FILETYPE_DEFAULT) { +- dir = (char *)Getenv(X509_get_default_cert_dir_env()); +- if (dir) +- ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); +- else +- ret = add_cert_dir(ld, X509_get_default_cert_dir(), +- X509_FILETYPE_PEM); +- if (!ret) { +- X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR); +- } +- } else +- ret = add_cert_dir(ld, argp, (int)argl); +- break; +- } +- return (ret); +-} +- +-static int new_dir(X509_LOOKUP *lu) +-{ +- BY_DIR *a; +- +- if ((a = (BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) +- return (0); +- if ((a->buffer = BUF_MEM_new()) == NULL) { +- OPENSSL_free(a); +- return (0); +- } +- a->num_dirs = 0; +- a->dirs = NULL; +- a->dirs_type = NULL; +- a->num_dirs_alloced = 0; +- lu->method_data = (char *)a; +- return (1); +-} +- +-static void free_dir(X509_LOOKUP *lu) +-{ +- BY_DIR *a; +- int i; +- +- a = (BY_DIR *)lu->method_data; +- for (i = 0; i < a->num_dirs; i++) +- if (a->dirs[i] != NULL) +- OPENSSL_free(a->dirs[i]); +- if (a->dirs != NULL) +- OPENSSL_free(a->dirs); +- if (a->dirs_type != NULL) +- OPENSSL_free(a->dirs_type); +- if (a->buffer != NULL) +- BUF_MEM_free(a->buffer); +- OPENSSL_free(a); +-} +- +-static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) +-{ +- int j, len; +- int *ip; +- const char *s, *ss, *p; +- char **pp; +- +- if (dir == NULL || !*dir) { +- X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY); +- return 0; +- } +- +- s = dir; +- p = s; +- for (;; p++) { +- if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { +- ss = s; +- s = p + 1; +- len = (int)(p - ss); +- if (len == 0) +- continue; +- for (j = 0; j < ctx->num_dirs; j++) +- if (strlen(ctx->dirs[j]) == (size_t)len && +- strncmp(ctx->dirs[j], ss, (unsigned int)len) == 0) +- break; +- if (j < ctx->num_dirs) +- continue; +- if (ctx->num_dirs_alloced < (ctx->num_dirs + 1)) { +- ctx->num_dirs_alloced += 10; +- pp = (char **)OPENSSL_malloc(ctx->num_dirs_alloced * +- sizeof(char *)); +- ip = (int *)OPENSSL_malloc(ctx->num_dirs_alloced * +- sizeof(int)); +- if ((pp == NULL) || (ip == NULL)) { +- X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); +- return (0); +- } +- memcpy(pp, ctx->dirs, (ctx->num_dirs_alloced - 10) * +- sizeof(char *)); +- memcpy(ip, ctx->dirs_type, (ctx->num_dirs_alloced - 10) * +- sizeof(int)); +- if (ctx->dirs != NULL) +- OPENSSL_free(ctx->dirs); +- if (ctx->dirs_type != NULL) +- OPENSSL_free(ctx->dirs_type); +- ctx->dirs = pp; +- ctx->dirs_type = ip; +- } +- ctx->dirs_type[ctx->num_dirs] = type; +- ctx->dirs[ctx->num_dirs] = +- (char *)OPENSSL_malloc((unsigned int)len + 1); +- if (ctx->dirs[ctx->num_dirs] == NULL) +- return (0); +- strncpy(ctx->dirs[ctx->num_dirs], ss, (unsigned int)len); +- ctx->dirs[ctx->num_dirs][len] = '\0'; +- ctx->num_dirs++; +- } +- if (*p == '\0') +- break; +- } +- return (1); +-} +- +-static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, +- X509_OBJECT *ret) +-{ +- BY_DIR *ctx; +- union { +- struct { +- X509 st_x509; +- X509_CINF st_x509_cinf; +- } x509; +- struct { +- X509_CRL st_crl; +- X509_CRL_INFO st_crl_info; +- } crl; +- } data; +- int ok = 0; +- int i, j, k; +- unsigned long h; +- BUF_MEM *b = NULL; +- struct stat st; +- X509_OBJECT stmp, *tmp; +- const char *postfix = ""; +- +- if (name == NULL) +- return (0); +- +- stmp.type = type; +- if (type == X509_LU_X509) { +- data.x509.st_x509.cert_info = &data.x509.st_x509_cinf; +- data.x509.st_x509_cinf.subject = name; +- stmp.data.x509 = &data.x509.st_x509; +- postfix = ""; +- } else if (type == X509_LU_CRL) { +- data.crl.st_crl.crl = &data.crl.st_crl_info; +- data.crl.st_crl_info.issuer = name; +- stmp.data.crl = &data.crl.st_crl; +- postfix = "r"; +- } else { +- X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE); +- goto finish; +- } +- +- if ((b = BUF_MEM_new()) == NULL) { +- X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB); +- goto finish; +- } +- +- ctx = (BY_DIR *)xl->method_data; +- +- h = X509_NAME_hash(name); +- for (i = 0; i < ctx->num_dirs; i++) { +- j = strlen(ctx->dirs[i]) + 1 + 8 + 6 + 1 + 1; +- if (!BUF_MEM_grow(b, j)) { +- X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); +- goto finish; +- } +- k = 0; +- for (;;) { +- char c = '/'; +-#ifdef OPENSSL_SYS_VMS +- c = ctx->dirs[i][strlen(ctx->dirs[i]) - 1]; +- if (c != ':' && c != '>' && c != ']') { +- /* +- * If no separator is present, we assume the directory +- * specifier is a logical name, and add a colon. We really +- * should use better VMS routines for merging things like +- * this, but this will do for now... -- Richard Levitte +- */ +- c = ':'; +- } else { +- c = '\0'; +- } +-#endif +- if (c == '\0') { +- /* +- * This is special. When c == '\0', no directory separator +- * should be added. +- */ +- BIO_snprintf(b->data, b->max, +- "%s%08lx.%s%d", ctx->dirs[i], h, postfix, k); +- } else { +- BIO_snprintf(b->data, b->max, +- "%s%c%08lx.%s%d", ctx->dirs[i], c, h, +- postfix, k); +- } +- k++; +- if (stat(b->data, &st) < 0) +- break; +- /* found one. */ +- if (type == X509_LU_X509) { +- if ((X509_load_cert_file(xl, b->data, +- ctx->dirs_type[i])) == 0) +- break; +- } else if (type == X509_LU_CRL) { +- if ((X509_load_crl_file(xl, b->data, ctx->dirs_type[i])) == 0) +- break; +- } +- /* else case will caught higher up */ +- } +- +- /* +- * we have added it to the cache so now pull it out again +- */ +- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); +- j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); +- if (j != -1) +- tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); +- else +- tmp = NULL; +- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); +- +- if (tmp != NULL) { +- ok = 1; +- ret->type = tmp->type; +- memcpy(&ret->data, &tmp->data, sizeof(ret->data)); +- /* +- * If we were going to up the reference count, we would need to +- * do it on a perl 'type' basis +- */ +- /*- CRYPTO_add(&tmp->data.x509->references,1, +- CRYPTO_LOCK_X509);*/ +- goto finish; +- } +- } +- finish: +- if (b != NULL) +- BUF_MEM_free(b); +- return (ok); +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c +deleted file mode 100644 +index 737a825..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/by_file.c ++++ /dev/null +@@ -1,277 +0,0 @@ +-/* crypto/x509/by_file.c */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-#include +-#include +-#include +- +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +- +-#ifndef OPENSSL_NO_STDIO +- +-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, +- long argl, char **ret); +-X509_LOOKUP_METHOD x509_file_lookup = { +- "Load file into cache", +- NULL, /* new */ +- NULL, /* free */ +- NULL, /* init */ +- NULL, /* shutdown */ +- by_file_ctrl, /* ctrl */ +- NULL, /* get_by_subject */ +- NULL, /* get_by_issuer_serial */ +- NULL, /* get_by_fingerprint */ +- NULL, /* get_by_alias */ +-}; +- +-X509_LOOKUP_METHOD *X509_LOOKUP_file(void) +-{ +- return (&x509_file_lookup); +-} +- +-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, +- long argl, char **ret) +-{ +- int ok = 0; +- char *file; +- +- switch (cmd) { +- case X509_L_FILE_LOAD: +- if (argl == X509_FILETYPE_DEFAULT) { +- file = (char *)Getenv(X509_get_default_cert_file_env()); +- if (file) +- ok = (X509_load_cert_crl_file(ctx, file, +- X509_FILETYPE_PEM) != 0); +- +- else +- ok = (X509_load_cert_crl_file +- (ctx, X509_get_default_cert_file(), +- X509_FILETYPE_PEM) != 0); +- +- if (!ok) { +- X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS); +- } +- } else { +- if (argl == X509_FILETYPE_PEM) +- ok = (X509_load_cert_crl_file(ctx, argp, +- X509_FILETYPE_PEM) != 0); +- else +- ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0); +- } +- break; +- } +- return (ok); +-} +- +-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) +-{ +- int ret = 0; +- BIO *in = NULL; +- int i, count = 0; +- X509 *x = NULL; +- +- if (file == NULL) +- return (1); +- in = BIO_new(BIO_s_file_internal()); +- +- if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { +- X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB); +- goto err; +- } +- +- if (type == X509_FILETYPE_PEM) { +- for (;;) { +- x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); +- if (x == NULL) { +- if ((ERR_GET_REASON(ERR_peek_last_error()) == +- PEM_R_NO_START_LINE) && (count > 0)) { +- ERR_clear_error(); +- break; +- } else { +- X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB); +- goto err; +- } +- } +- i = X509_STORE_add_cert(ctx->store_ctx, x); +- if (!i) +- goto err; +- count++; +- X509_free(x); +- x = NULL; +- } +- ret = count; +- } else if (type == X509_FILETYPE_ASN1) { +- x = d2i_X509_bio(in, NULL); +- if (x == NULL) { +- X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB); +- goto err; +- } +- i = X509_STORE_add_cert(ctx->store_ctx, x); +- if (!i) +- goto err; +- ret = i; +- } else { +- X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE); +- goto err; +- } +- err: +- if (x != NULL) +- X509_free(x); +- if (in != NULL) +- BIO_free(in); +- return (ret); +-} +- +-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) +-{ +- int ret = 0; +- BIO *in = NULL; +- int i, count = 0; +- X509_CRL *x = NULL; +- +- if (file == NULL) +- return (1); +- in = BIO_new(BIO_s_file_internal()); +- +- if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { +- X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB); +- goto err; +- } +- +- if (type == X509_FILETYPE_PEM) { +- for (;;) { +- x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); +- if (x == NULL) { +- if ((ERR_GET_REASON(ERR_peek_last_error()) == +- PEM_R_NO_START_LINE) && (count > 0)) { +- ERR_clear_error(); +- break; +- } else { +- X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB); +- goto err; +- } +- } +- i = X509_STORE_add_crl(ctx->store_ctx, x); +- if (!i) +- goto err; +- count++; +- X509_CRL_free(x); +- x = NULL; +- } +- ret = count; +- } else if (type == X509_FILETYPE_ASN1) { +- x = d2i_X509_CRL_bio(in, NULL); +- if (x == NULL) { +- X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB); +- goto err; +- } +- i = X509_STORE_add_crl(ctx->store_ctx, x); +- if (!i) +- goto err; +- ret = i; +- } else { +- X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE); +- goto err; +- } +- err: +- if (x != NULL) +- X509_CRL_free(x); +- if (in != NULL) +- BIO_free(in); +- return (ret); +-} +- +-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) +-{ +- STACK_OF(X509_INFO) *inf; +- X509_INFO *itmp; +- BIO *in; +- int i, count = 0; +- if (type != X509_FILETYPE_PEM) +- return X509_load_cert_file(ctx, file, type); +- in = BIO_new_file(file, "r"); +- if (!in) { +- X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); +- return 0; +- } +- inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); +- BIO_free(in); +- if (!inf) { +- X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); +- return 0; +- } +- for (i = 0; i < sk_X509_INFO_num(inf); i++) { +- itmp = sk_X509_INFO_value(inf, i); +- if (itmp->x509) { +- X509_STORE_add_cert(ctx->store_ctx, itmp->x509); +- count++; +- } +- if (itmp->crl) { +- X509_STORE_add_crl(ctx->store_ctx, itmp->crl); +- count++; +- } +- } +- sk_X509_INFO_pop_free(inf, X509_INFO_free); +- return count; +-} +- +-#endif /* OPENSSL_NO_STDIO */ +diff --git a/Cryptlib/OpenSSL/crypto/x509/vpm_int.h b/Cryptlib/OpenSSL/crypto/x509/vpm_int.h +new file mode 100644 +index 0000000..9c55def +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/x509/vpm_int.h +@@ -0,0 +1,70 @@ ++/* vpm_int.h */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2013. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2013 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* internal only structure to hold additional X509_VERIFY_PARAM data */ ++ ++struct X509_VERIFY_PARAM_ID_st { ++ STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ ++ unsigned int hostflags; /* Flags to control matching features */ ++ char *peername; /* Matching hostname in peer certificate */ ++ char *email; /* If not NULL email address to match */ ++ size_t emaillen; ++ unsigned char *ip; /* If not NULL IP address to match */ ++ size_t iplen; /* Length of IP address */ ++}; +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c +index de66d37..49c71b9 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c +@@ -87,16 +87,21 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) + + EVP_MD_CTX_init(&ctx); + f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); +- ret = strlen(f); +- EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); +- EVP_DigestUpdate(&ctx, (unsigned char *)f, ret); ++ if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) ++ goto err; ++ if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) ++ goto err; + OPENSSL_free(f); +- EVP_DigestUpdate(&ctx, (unsigned char *)a->cert_info->serialNumber->data, +- (unsigned long)a->cert_info->serialNumber->length); +- EVP_DigestFinal_ex(&ctx, &(md[0]), NULL); ++ if (!EVP_DigestUpdate ++ (&ctx, (unsigned char *)a->cert_info->serialNumber->data, ++ (unsigned long)a->cert_info->serialNumber->length)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) ++ goto err; + ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | + ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) + ) & 0xffffffffL; ++ err: + EVP_MD_CTX_cleanup(&ctx); + return (ret); + } +@@ -117,6 +122,13 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) + return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); + } + ++#ifndef OPENSSL_NO_SHA ++int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) ++{ ++ return memcmp(a->sha1_hash, b->sha1_hash, 20); ++} ++#endif ++ + X509_NAME *X509_get_issuer_name(X509 *a) + { + return (a->cert_info->issuer); +@@ -127,6 +139,13 @@ unsigned long X509_issuer_name_hash(X509 *x) + return (X509_NAME_hash(x->cert_info->issuer)); + } + ++#ifndef OPENSSL_NO_MD5 ++unsigned long X509_issuer_name_hash_old(X509 *x) ++{ ++ return (X509_NAME_hash_old(x->cert_info->issuer)); ++} ++#endif ++ + X509_NAME *X509_get_subject_name(X509 *a) + { + return (a->cert_info->subject); +@@ -142,6 +161,13 @@ unsigned long X509_subject_name_hash(X509 *x) + return (X509_NAME_hash(x->cert_info->subject)); + } + ++#ifndef OPENSSL_NO_MD5 ++unsigned long X509_subject_name_hash_old(X509 *x) ++{ ++ return (X509_NAME_hash_old(x->cert_info->subject)); ++} ++#endif ++ + #ifndef OPENSSL_NO_SHA + /* + * Compare two certificates: they must be identical for this to work. NB: +@@ -153,161 +179,68 @@ unsigned long X509_subject_name_hash(X509 *x) + */ + int X509_cmp(const X509 *a, const X509 *b) + { ++ int rv; + /* ensure hash is valid */ + X509_check_purpose((X509 *)a, -1, 0); + X509_check_purpose((X509 *)b, -1, 0); + +- return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); ++ rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); ++ if (rv) ++ return rv; ++ /* Check for match against stored encoding too */ ++ if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) { ++ rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len); ++ if (rv) ++ return rv; ++ return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc, ++ a->cert_info->enc.len); ++ } ++ return rv; + } + #endif + +-/* Case insensitive string comparision */ +-static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) ++int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) + { +- int i; ++ int ret; + +- if (a->length != b->length) +- return (a->length - b->length); ++ /* Ensure canonical encoding is present and up to date */ + +- for (i = 0; i < a->length; i++) { +- int ca, cb; +- +- ca = tolower(a->data[i]); +- cb = tolower(b->data[i]); +- +- if (ca != cb) +- return (ca - cb); ++ if (!a->canon_enc || a->modified) { ++ ret = i2d_X509_NAME((X509_NAME *)a, NULL); ++ if (ret < 0) ++ return -2; + } +- return 0; +-} + +-/* +- * Case insensitive string comparision with space normalization Space +- * normalization - ignore leading, trailing spaces, multiple spaces between +- * characters are replaced by single space +- */ +-static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) +-{ +- unsigned char *pa = NULL, *pb = NULL; +- int la, lb; +- +- la = a->length; +- lb = b->length; +- pa = a->data; +- pb = b->data; +- +- /* skip leading spaces */ +- while (la > 0 && isspace(*pa)) { +- la--; +- pa++; +- } +- while (lb > 0 && isspace(*pb)) { +- lb--; +- pb++; ++ if (!b->canon_enc || b->modified) { ++ ret = i2d_X509_NAME((X509_NAME *)b, NULL); ++ if (ret < 0) ++ return -2; + } + +- /* skip trailing spaces */ +- while (la > 0 && isspace(pa[la - 1])) +- la--; +- while (lb > 0 && isspace(pb[lb - 1])) +- lb--; +- +- /* compare strings with space normalization */ +- while (la > 0 && lb > 0) { +- int ca, cb; +- +- /* compare character */ +- ca = tolower(*pa); +- cb = tolower(*pb); +- if (ca != cb) +- return (ca - cb); +- +- pa++; +- pb++; +- la--; +- lb--; +- +- if (la <= 0 || lb <= 0) +- break; +- +- /* is white space next character ? */ +- if (isspace(*pa) && isspace(*pb)) { +- /* skip remaining white spaces */ +- while (la > 0 && isspace(*pa)) { +- la--; +- pa++; +- } +- while (lb > 0 && isspace(*pb)) { +- lb--; +- pb++; +- } +- } +- } +- if (la > 0 || lb > 0) +- return la - lb; ++ ret = a->canon_enclen - b->canon_enclen; + +- return 0; +-} ++ if (ret) ++ return ret; + +-static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b) +-{ +- int j; +- j = a->length - b->length; +- if (j) +- return j; +- return memcmp(a->data, b->data, a->length); +-} ++ return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); + +-#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING) ++} + +-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) ++unsigned long X509_NAME_hash(X509_NAME *x) + { +- int i, j; +- X509_NAME_ENTRY *na, *nb; +- +- unsigned long nabit, nbbit; +- +- j = sk_X509_NAME_ENTRY_num(a->entries) +- - sk_X509_NAME_ENTRY_num(b->entries); +- if (j) +- return j; +- for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) { +- na = sk_X509_NAME_ENTRY_value(a->entries, i); +- nb = sk_X509_NAME_ENTRY_value(b->entries, i); +- j = na->value->type - nb->value->type; +- if (j) { +- nabit = ASN1_tag2bit(na->value->type); +- nbbit = ASN1_tag2bit(nb->value->type); +- if (!(nabit & STR_TYPE_CMP) || !(nbbit & STR_TYPE_CMP)) +- return j; +- if (!asn1_string_memcmp(na->value, nb->value)) +- j = 0; +- } else if (na->value->type == V_ASN1_PRINTABLESTRING) +- j = nocase_spacenorm_cmp(na->value, nb->value); +- else if (na->value->type == V_ASN1_IA5STRING +- && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) +- j = nocase_cmp(na->value, nb->value); +- else +- j = asn1_string_memcmp(na->value, nb->value); +- if (j) +- return (j); +- j = na->set - nb->set; +- if (j) +- return (j); +- } ++ unsigned long ret = 0; ++ unsigned char md[SHA_DIGEST_LENGTH]; + +- /* +- * We will check the object types after checking the values since the +- * values will more often be different than the object types. +- */ +- for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) { +- na = sk_X509_NAME_ENTRY_value(a->entries, i); +- nb = sk_X509_NAME_ENTRY_value(b->entries, i); +- j = OBJ_cmp(na->object, nb->object); +- if (j) +- return (j); +- } +- return (0); ++ /* Make sure X509_NAME structure contains valid cached encoding */ ++ i2d_X509_NAME(x, NULL); ++ if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), ++ NULL)) ++ return 0; ++ ++ ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ++ ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ++ ) & 0xffffffffL; ++ return (ret); + } + + #ifndef OPENSSL_NO_MD5 +@@ -315,24 +248,25 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) + * I now DER encode the name and hash it. Since I cache the DER encoding, + * this is reasonably efficient. + */ +-unsigned long X509_NAME_hash(X509_NAME *x) ++ ++unsigned long X509_NAME_hash_old(X509_NAME *x) + { ++ EVP_MD_CTX md_ctx; + unsigned long ret = 0; + unsigned char md[16]; +- EVP_MD_CTX md_ctx; + + /* Make sure X509_NAME structure contains valid cached encoding */ + i2d_X509_NAME(x, NULL); + EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +- EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); +- EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); +- EVP_DigestFinal_ex(&md_ctx, md, NULL); ++ if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) ++ && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) ++ && EVP_DigestFinal_ex(&md_ctx, md, NULL)) ++ ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ++ ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ++ ) & 0xffffffffL; + EVP_MD_CTX_cleanup(&md_ctx); + +- ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | +- ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) +- ) & 0xffffffffL; + return (ret); + } + #endif +@@ -389,13 +323,18 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) + + int X509_check_private_key(X509 *x, EVP_PKEY *k) + { +- EVP_PKEY *xk = NULL; +- int ok = 0; ++ EVP_PKEY *xk; ++ int ret; + + xk = X509_get_pubkey(x); +- switch (EVP_PKEY_cmp(xk, k)) { ++ ++ if (xk) ++ ret = EVP_PKEY_cmp(xk, k); ++ else ++ ret = -2; ++ ++ switch (ret) { + case 1: +- ok = 1; + break; + case 0: + X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH); +@@ -404,22 +343,156 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) + X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH); + break; + case -2: ++ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); ++ } ++ if (xk) ++ EVP_PKEY_free(xk); ++ if (ret > 0) ++ return 1; ++ return 0; ++} ++ ++/* ++ * Check a suite B algorithm is permitted: pass in a public key and the NID ++ * of its signature (or 0 if no signature). The pflags is a pointer to a ++ * flags field which must contain the suite B verification flags. ++ */ ++ + #ifndef OPENSSL_NO_EC +- if (k->type == EVP_PKEY_EC) { +- X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); +- break; +- } +-#endif +-#ifndef OPENSSL_NO_DH +- if (k->type == EVP_PKEY_DH) { +- /* No idea */ +- X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_CANT_CHECK_DH_KEY); +- break; ++ ++static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) ++{ ++ const EC_GROUP *grp = NULL; ++ int curve_nid; ++ if (pkey && pkey->type == EVP_PKEY_EC) ++ grp = EC_KEY_get0_group(pkey->pkey.ec); ++ if (!grp) ++ return X509_V_ERR_SUITE_B_INVALID_ALGORITHM; ++ curve_nid = EC_GROUP_get_curve_name(grp); ++ /* Check curve is consistent with LOS */ ++ if (curve_nid == NID_secp384r1) { /* P-384 */ ++ /* ++ * Check signature algorithm is consistent with curve. ++ */ ++ if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA384) ++ return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM; ++ if (!(*pflags & X509_V_FLAG_SUITEB_192_LOS)) ++ return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED; ++ /* If we encounter P-384 we cannot use P-256 later */ ++ *pflags &= ~X509_V_FLAG_SUITEB_128_LOS_ONLY; ++ } else if (curve_nid == NID_X9_62_prime256v1) { /* P-256 */ ++ if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA256) ++ return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM; ++ if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY)) ++ return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED; ++ } else ++ return X509_V_ERR_SUITE_B_INVALID_CURVE; ++ ++ return X509_V_OK; ++} ++ ++int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, ++ unsigned long flags) ++{ ++ int rv, i, sign_nid; ++ EVP_PKEY *pk = NULL; ++ unsigned long tflags; ++ if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) ++ return X509_V_OK; ++ tflags = flags; ++ /* If no EE certificate passed in must be first in chain */ ++ if (x == NULL) { ++ x = sk_X509_value(chain, 0); ++ i = 1; ++ } else ++ i = 0; ++ ++ if (X509_get_version(x) != 2) { ++ rv = X509_V_ERR_SUITE_B_INVALID_VERSION; ++ /* Correct error depth */ ++ i = 0; ++ goto end; ++ } ++ ++ pk = X509_get_pubkey(x); ++ /* Check EE key only */ ++ rv = check_suite_b(pk, -1, &tflags); ++ if (rv != X509_V_OK) { ++ /* Correct error depth */ ++ i = 0; ++ goto end; ++ } ++ for (; i < sk_X509_num(chain); i++) { ++ sign_nid = X509_get_signature_nid(x); ++ x = sk_X509_value(chain, i); ++ if (X509_get_version(x) != 2) { ++ rv = X509_V_ERR_SUITE_B_INVALID_VERSION; ++ goto end; + } +-#endif +- X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); ++ EVP_PKEY_free(pk); ++ pk = X509_get_pubkey(x); ++ rv = check_suite_b(pk, sign_nid, &tflags); ++ if (rv != X509_V_OK) ++ goto end; + } + +- EVP_PKEY_free(xk); +- return (ok); ++ /* Final check: root CA signature */ ++ rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags); ++ end: ++ if (pk) ++ EVP_PKEY_free(pk); ++ if (rv != X509_V_OK) { ++ /* Invalid signature or LOS errors are for previous cert */ ++ if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM ++ || rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED) && i) ++ i--; ++ /* ++ * If we have LOS error and flags changed then we are signing P-384 ++ * with P-256. Use more meaninggul error. ++ */ ++ if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags) ++ rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256; ++ if (perror_depth) ++ *perror_depth = i; ++ } ++ return rv; ++} ++ ++int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) ++{ ++ int sign_nid; ++ if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) ++ return X509_V_OK; ++ sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); ++ return check_suite_b(pk, sign_nid, &flags); ++} ++ ++#else ++int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, ++ unsigned long flags) ++{ ++ return 0; ++} ++ ++int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) ++{ ++ return 0; ++} ++ ++#endif ++/* ++ * Not strictly speaking an "up_ref" as a STACK doesn't have a reference ++ * count but it has the same effect by duping the STACK and upping the ref of ++ * each X509 structure. ++ */ ++STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) ++{ ++ STACK_OF(X509) *ret; ++ int i; ++ ret = sk_X509_dup(chain); ++ for (i = 0; i < sk_X509_num(ret); i++) { ++ X509 *x = sk_X509_value(ret, i); ++ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ } ++ return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c +index ea14920..43cde18 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_err.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_err.c +@@ -1,6 +1,6 @@ + /* crypto/x509/x509_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2012 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -88,6 +88,7 @@ static ERR_STRING_DATA X509_str_functs[] = { + {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, + {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, ++ {ERR_FUNC(X509_F_X509_CRL_DIFF), "X509_CRL_diff"}, + {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, + {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), + "X509_EXTENSION_create_by_NID"}, +@@ -131,21 +132,31 @@ static ERR_STRING_DATA X509_str_functs[] = { + }; + + static ERR_STRING_DATA X509_str_reasons[] = { ++ {ERR_REASON(X509_R_AKID_MISMATCH), "akid mismatch"}, + {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"}, + {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"}, + {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, + {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), + "cert already in hash table"}, ++ {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"}, ++ {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, + {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"}, ++ {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"}, + {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"}, + {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"}, + {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"}, ++ {ERR_REASON(X509_R_ISSUER_MISMATCH), "issuer mismatch"}, + {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"}, + {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"}, + {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"}, + {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"}, ++ {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"}, ++ {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"}, + {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), + "no cert set for us to verify"}, ++ {ERR_REASON(X509_R_NO_CRL_NUMBER), "no crl number"}, ++ {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, ++ {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, + {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"}, + {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), + "unable to find parameters in chain"}, +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c +index 684ef5f..b0d6539 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c +@@ -87,7 +87,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx) + if (ctx == NULL) + return; + if ((ctx->method != NULL) && (ctx->method->free != NULL)) +- ctx->method->free(ctx); ++ (*ctx->method->free) (ctx); + OPENSSL_free(ctx); + } + +@@ -200,6 +200,8 @@ X509_STORE *X509_STORE_new(void) + ret->get_crl = 0; + ret->check_crl = 0; + ret->cert_crl = 0; ++ ret->lookup_certs = 0; ++ ret->lookup_crls = 0; + ret->cleanup = 0; + + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { +@@ -214,6 +216,8 @@ X509_STORE *X509_STORE_new(void) + + static void cleanup(X509_OBJECT *a) + { ++ if (!a) ++ return; + if (a->type == X509_LU_X509) { + X509_free(a->data.x509); + } else if (a->type == X509_LU_CRL) { +@@ -234,6 +238,19 @@ void X509_STORE_free(X509_STORE *vfy) + if (vfy == NULL) + return; + ++ i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE); ++#ifdef REF_PRINT ++ REF_PRINT("X509_STORE", vfy); ++#endif ++ if (i > 0) ++ return; ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "X509_STORE_free, bad reference count\n"); ++ abort(); /* ok */ ++ } ++#endif ++ + sk = vfy->get_cert_methods; + for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { + lu = sk_X509_LOOKUP_value(sk, i); +@@ -289,7 +306,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, + tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + +- if (tmp == NULL) { ++ if (tmp == NULL || type == X509_LU_CRL) { + for (i = vs->current_method; + i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { + lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); +@@ -407,14 +424,15 @@ void X509_OBJECT_free_contents(X509_OBJECT *a) + } + } + +-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, +- X509_NAME *name) ++static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, ++ X509_NAME *name, int *pnmatch) + { + X509_OBJECT stmp; + X509 x509_s; + X509_CINF cinf_s; + X509_CRL crl_s; + X509_CRL_INFO crl_info_s; ++ int idx; + + stmp.type = type; + switch (type) { +@@ -433,7 +451,26 @@ int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, + return -1; + } + +- return sk_X509_OBJECT_find(h, &stmp); ++ idx = sk_X509_OBJECT_find(h, &stmp); ++ if (idx >= 0 && pnmatch) { ++ int tidx; ++ const X509_OBJECT *tobj, *pstmp; ++ *pnmatch = 1; ++ pstmp = &stmp; ++ for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) { ++ tobj = sk_X509_OBJECT_value(h, tidx); ++ if (x509_object_cmp(&tobj, &pstmp)) ++ break; ++ (*pnmatch)++; ++ } ++ } ++ return idx; ++} ++ ++int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, ++ X509_NAME *name) ++{ ++ return x509_object_idx_cnt(h, type, name, NULL); + } + + X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, +@@ -446,6 +483,94 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + return sk_X509_OBJECT_value(h, idx); + } + ++STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) ++{ ++ int i, idx, cnt; ++ STACK_OF(X509) *sk; ++ X509 *x; ++ X509_OBJECT *obj; ++ sk = sk_X509_new_null(); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); ++ if (idx < 0) { ++ /* ++ * Nothing found in cache: do lookup to possibly add new objects to ++ * cache ++ */ ++ X509_OBJECT xobj; ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { ++ sk_X509_free(sk); ++ return NULL; ++ } ++ X509_OBJECT_free_contents(&xobj); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); ++ if (idx < 0) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ sk_X509_free(sk); ++ return NULL; ++ } ++ } ++ for (i = 0; i < cnt; i++, idx++) { ++ obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); ++ x = obj->data.x509; ++ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ if (!sk_X509_push(sk, x)) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ X509_free(x); ++ sk_X509_pop_free(sk, X509_free); ++ return NULL; ++ } ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ return sk; ++ ++} ++ ++STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) ++{ ++ int i, idx, cnt; ++ STACK_OF(X509_CRL) *sk; ++ X509_CRL *x; ++ X509_OBJECT *obj, xobj; ++ sk = sk_X509_CRL_new_null(); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ /* Check cache first */ ++ idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); ++ ++ /* ++ * Always do lookup to possibly add new CRLs to cache ++ */ ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { ++ sk_X509_CRL_free(sk); ++ return NULL; ++ } ++ X509_OBJECT_free_contents(&xobj); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); ++ if (idx < 0) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ sk_X509_CRL_free(sk); ++ return NULL; ++ } ++ ++ for (i = 0; i < cnt; i++, idx++) { ++ obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); ++ x = obj->data.crl; ++ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); ++ if (!sk_X509_CRL_push(sk, x)) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ X509_CRL_free(x); ++ sk_X509_CRL_pop_free(sk, X509_CRL_free); ++ return NULL; ++ } ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ return sk; ++} ++ + X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x) + { +@@ -454,15 +579,20 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + idx = sk_X509_OBJECT_find(h, x); + if (idx == -1) + return NULL; +- if (x->type != X509_LU_X509) ++ if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) + return sk_X509_OBJECT_value(h, idx); + for (i = idx; i < sk_X509_OBJECT_num(h); i++) { + obj = sk_X509_OBJECT_value(h, i); + if (x509_object_cmp + ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) + return NULL; +- if ((x->type != X509_LU_X509) +- || !X509_cmp(obj->data.x509, x->data.x509)) ++ if (x->type == X509_LU_X509) { ++ if (!X509_cmp(obj->data.x509, x->data.x509)) ++ return obj; ++ } else if (x->type == X509_LU_CRL) { ++ if (!X509_CRL_match(obj->data.crl, x->data.crl)) ++ return obj; ++ } else + return obj; + } + return NULL; +@@ -558,6 +688,25 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) + return X509_VERIFY_PARAM_set1(ctx->param, param); + } + ++void X509_STORE_set_verify_cb(X509_STORE *ctx, ++ int (*verify_cb) (int, X509_STORE_CTX *)) ++{ ++ ctx->verify_cb = verify_cb; ++} ++ ++void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, ++ STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX ++ *ctx, ++ X509_NAME *nm)) ++{ ++ ctx->lookup_crls = cb; ++} ++ ++X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx) ++{ ++ return ctx->ctx; ++} ++ + IMPLEMENT_STACK_OF(X509_LOOKUP) + + IMPLEMENT_STACK_OF(X509_OBJECT) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c +index c334d3b..d317f3a 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c +@@ -72,7 +72,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) + char *p; + unsigned char *q; + BUF_MEM *b = NULL; +- static char hex[17] = "0123456789ABCDEF"; ++ static const char hex[17] = "0123456789ABCDEF"; + int gs_doit[4]; + char tmp_buf[80]; + #ifdef CHARSET_EBCDIC +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c +index 31e59c4..01795f4 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_req.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_req.c +@@ -61,6 +61,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -209,11 +210,9 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) + if (!ext || (ext->type != V_ASN1_SEQUENCE)) + return NULL; + p = ext->value.sequence->data; +- return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, +- ext->value.sequence->length, +- d2i_X509_EXTENSION, +- X509_EXTENSION_free, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); ++ return (STACK_OF(X509_EXTENSION) *) ++ ASN1_item_d2i(NULL, &p, ext->value.sequence->length, ++ ASN1_ITEM_rptr(X509_EXTENSIONS)); + } + + /* +@@ -224,8 +223,6 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) + int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid) + { +- unsigned char *p = NULL, *q; +- long len; + ASN1_TYPE *at = NULL; + X509_ATTRIBUTE *attr = NULL; + if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new())) +@@ -233,18 +230,10 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + + at->type = V_ASN1_SEQUENCE; + /* Generate encoding of extensions */ +- len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, +- IS_SEQUENCE); +- if (!(p = OPENSSL_malloc(len))) +- goto err; +- q = p; +- i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, +- IS_SEQUENCE); +- at->value.sequence->data = p; +- p = NULL; +- at->value.sequence->length = len; ++ at->value.sequence->length = ++ ASN1_item_i2d((ASN1_VALUE *)exts, ++ &at->value.sequence->data, ++ ASN1_ITEM_rptr(X509_EXTENSIONS)); + if (!(attr = X509_ATTRIBUTE_new())) + goto err; + if (!(attr->value.set = sk_ASN1_TYPE_new_null())) +@@ -262,8 +251,6 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + goto err; + return 1; + err: +- if (p) +- OPENSSL_free(p); + X509_ATTRIBUTE_free(attr); + ASN1_TYPE_free(at); + return 0; +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c +index 4eec1da..5b802bd 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_set.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_set.c +@@ -67,6 +67,11 @@ int X509_set_version(X509 *x, long version) + { + if (x == NULL) + return (0); ++ if (version == 0) { ++ M_ASN1_INTEGER_free(x->cert_info->version); ++ x->cert_info->version = NULL; ++ return (1); ++ } + if (x->cert_info->version == NULL) { + if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL) + return (0); +@@ -105,7 +110,7 @@ int X509_set_subject_name(X509 *x, X509_NAME *name) + return (X509_NAME_set(&x->cert_info->subject, name)); + } + +-int X509_set_notBefore(X509 *x, ASN1_TIME *tm) ++int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) + { + ASN1_TIME *in; + +@@ -122,7 +127,7 @@ int X509_set_notBefore(X509 *x, ASN1_TIME *tm) + return (in != NULL); + } + +-int X509_set_notAfter(X509 *x, ASN1_TIME *tm) ++int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) + { + ASN1_TIME *in; + +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +index 11f2532..11e0763 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +@@ -89,7 +89,9 @@ static X509_TRUST trstandard[] = { + NULL}, + {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, + NULL}, +- {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} ++ {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, ++ NULL}, ++ {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL} + }; + + #define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) +@@ -117,6 +119,14 @@ int X509_check_trust(X509 *x, int id, int flags) + int idx; + if (id == -1) + return 1; ++ /* We get this as a default value */ ++ if (id == 0) { ++ int rv; ++ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); ++ if (rv != X509_TRUST_UNTRUSTED) ++ return rv; ++ return trust_compat(NULL, x, 0); ++ } + idx = X509_TRUST_get_by_id(id); + if (idx == -1) + return default_trust(id, x, flags); +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c +index 1cadbf9..3d46d3f 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c +@@ -162,8 +162,48 @@ const char *X509_verify_cert_error_string(long n) + return ("invalid or inconsistent certificate policy extension"); + case X509_V_ERR_NO_EXPLICIT_POLICY: + return ("no explicit policy"); ++ case X509_V_ERR_DIFFERENT_CRL_SCOPE: ++ return ("Different CRL scope"); ++ case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: ++ return ("Unsupported extension feature"); + case X509_V_ERR_UNNESTED_RESOURCE: + return ("RFC 3779 resource not subset of parent's resources"); ++ ++ case X509_V_ERR_PERMITTED_VIOLATION: ++ return ("permitted subtree violation"); ++ case X509_V_ERR_EXCLUDED_VIOLATION: ++ return ("excluded subtree violation"); ++ case X509_V_ERR_SUBTREE_MINMAX: ++ return ("name constraints minimum and maximum not supported"); ++ case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: ++ return ("unsupported name constraint type"); ++ case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: ++ return ("unsupported or invalid name constraint syntax"); ++ case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: ++ return ("unsupported or invalid name syntax"); ++ case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: ++ return ("CRL path validation error"); ++ ++ case X509_V_ERR_SUITE_B_INVALID_VERSION: ++ return ("Suite B: certificate version invalid"); ++ case X509_V_ERR_SUITE_B_INVALID_ALGORITHM: ++ return ("Suite B: invalid public key algorithm"); ++ case X509_V_ERR_SUITE_B_INVALID_CURVE: ++ return ("Suite B: invalid ECC curve"); ++ case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: ++ return ("Suite B: invalid signature algorithm"); ++ case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: ++ return ("Suite B: curve not allowed for this LOS"); ++ case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: ++ return ("Suite B: cannot sign P-384 with P-256"); ++ ++ case X509_V_ERR_HOSTNAME_MISMATCH: ++ return ("Hostname mismatch"); ++ case X509_V_ERR_EMAIL_MISMATCH: ++ return ("Email address mismatch"); ++ case X509_V_ERR_IP_ADDRESS_MISMATCH: ++ return ("IP address mismatch"); ++ + default: + BIO_snprintf(buf, sizeof buf, "error number %ld", n); + return (buf); +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +index 3249ff8..c085c13 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +@@ -69,15 +69,73 @@ + #include + #include + #include ++#include "vpm_int.h" ++ ++/* CRL score values */ ++ ++/* No unhandled critical extensions */ ++ ++#define CRL_SCORE_NOCRITICAL 0x100 ++ ++/* certificate is within CRL scope */ ++ ++#define CRL_SCORE_SCOPE 0x080 ++ ++/* CRL times valid */ ++ ++#define CRL_SCORE_TIME 0x040 ++ ++/* Issuer name matches certificate */ ++ ++#define CRL_SCORE_ISSUER_NAME 0x020 ++ ++/* If this score or above CRL is probably valid */ ++ ++#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) ++ ++/* CRL issuer is certificate issuer */ ++ ++#define CRL_SCORE_ISSUER_CERT 0x018 ++ ++/* CRL issuer is on certificate path */ ++ ++#define CRL_SCORE_SAME_PATH 0x008 ++ ++/* CRL issuer matches CRL AKID */ ++ ++#define CRL_SCORE_AKID 0x004 ++ ++/* Have a delta CRL with valid times */ ++ ++#define CRL_SCORE_TIME_DELTA 0x002 + + static int null_callback(int ok, X509_STORE_CTX *e); + static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); + static int check_chain_extensions(X509_STORE_CTX *ctx); ++static int check_name_constraints(X509_STORE_CTX *ctx); ++static int check_id(X509_STORE_CTX *ctx); + static int check_trust(X509_STORE_CTX *ctx); + static int check_revocation(X509_STORE_CTX *ctx); + static int check_cert(X509_STORE_CTX *ctx); + static int check_policy(X509_STORE_CTX *ctx); ++ ++static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, ++ unsigned int *preasons, X509_CRL *crl, X509 *x); ++static int get_crl_delta(X509_STORE_CTX *ctx, ++ X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); ++static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, ++ int *pcrl_score, X509_CRL *base, ++ STACK_OF(X509_CRL) *crls); ++static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, ++ int *pcrl_score); ++static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, ++ unsigned int *preasons); ++static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); ++static int check_crl_chain(X509_STORE_CTX *ctx, ++ STACK_OF(X509) *cert_path, ++ STACK_OF(X509) *crl_path); ++ + static int internal_verify(X509_STORE_CTX *ctx); + const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT; + +@@ -92,20 +150,62 @@ static int x509_subject_cmp(X509 **a, X509 **b) + return X509_subject_name_cmp(*a, *b); + } + #endif ++/* Return 1 is a certificate is self signed */ ++static int cert_self_signed(X509 *x) ++{ ++ X509_check_purpose(x, -1, 0); ++ if (x->ex_flags & EXFLAG_SS) ++ return 1; ++ else ++ return 0; ++} ++ ++/* Given a certificate try and find an exact match in the store */ ++ ++static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) ++{ ++ STACK_OF(X509) *certs; ++ X509 *xtmp = NULL; ++ int i; ++ /* Lookup all certs with matching subject name */ ++ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); ++ if (certs == NULL) ++ return NULL; ++ /* Look for exact match */ ++ for (i = 0; i < sk_X509_num(certs); i++) { ++ xtmp = sk_X509_value(certs, i); ++ if (!X509_cmp(xtmp, x)) ++ break; ++ } ++ if (i < sk_X509_num(certs)) ++ CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); ++ else ++ xtmp = NULL; ++ sk_X509_pop_free(certs, X509_free); ++ return xtmp; ++} + + int X509_verify_cert(X509_STORE_CTX *ctx) + { +- X509 *x, *xtmp, *chain_ss = NULL; ++ X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; + int bad_chain = 0; + X509_VERIFY_PARAM *param = ctx->param; + int depth, i, ok = 0; +- int num; ++ int num, j, retry; + int (*cb) (int xok, X509_STORE_CTX *xctx); + STACK_OF(X509) *sktmp = NULL; + if (ctx->cert == NULL) { + X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); + return -1; + } ++ if (ctx->chain != NULL) { ++ /* ++ * This X509_STORE_CTX has already been used to verify a cert. We ++ * cannot do another one. ++ */ ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return -1; ++ } + + cb = ctx->verify_cb; + +@@ -113,15 +213,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + * first we make sure the chain we are going to build is present and that + * the first entry is in place + */ +- if (ctx->chain == NULL) { +- if (((ctx->chain = sk_X509_new_null()) == NULL) || +- (!sk_X509_push(ctx->chain, ctx->cert))) { +- X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); +- goto end; +- } +- CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); +- ctx->last_untrusted = 1; ++ if (((ctx->chain = sk_X509_new_null()) == NULL) || ++ (!sk_X509_push(ctx->chain, ctx->cert))) { ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ++ goto end; + } ++ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); ++ ctx->last_untrusted = 1; + + /* We use a temporary STACK so we can chop and hack at it */ + if (ctx->untrusted != NULL +@@ -143,8 +241,24 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + * later. */ + + /* If we are self signed, we break */ +- if (ctx->check_issued(ctx, x, x)) ++ if (cert_self_signed(x)) + break; ++ /* ++ * If asked see if we can find issuer in trusted store first ++ */ ++ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { ++ ok = ctx->get_issuer(&xtmp, ctx, x); ++ if (ok < 0) ++ return ok; ++ /* ++ * If successful for now free up cert so it will be picked up ++ * again later. ++ */ ++ if (ok > 0) { ++ X509_free(xtmp); ++ break; ++ } ++ } + + /* If we were passed a cert chain, use it first */ + if (ctx->untrusted != NULL) { +@@ -168,88 +282,134 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + break; + } + ++ /* Remember how many untrusted certs we have */ ++ j = num; + /* + * at this point, chain should contain a list of untrusted certificates. + * We now need to add at least one trusted one, if possible, otherwise we + * complain. + */ + +- /* +- * Examine last certificate in chain and see if it is self signed. +- */ +- +- i = sk_X509_num(ctx->chain); +- x = sk_X509_value(ctx->chain, i - 1); +- if (ctx->check_issued(ctx, x, x)) { +- /* we have a self signed certificate */ +- if (sk_X509_num(ctx->chain) == 1) { +- /* +- * We have a single self signed certificate: see if we can find +- * it in the store. We must have an exact match to avoid possible +- * impersonation. +- */ +- ok = ctx->get_issuer(&xtmp, ctx, x); +- if ((ok <= 0) || X509_cmp(x, xtmp)) { +- ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; +- ctx->current_cert = x; +- ctx->error_depth = i - 1; +- if (ok == 1) +- X509_free(xtmp); +- bad_chain = 1; +- ok = cb(0, ctx); +- if (!ok) +- goto end; ++ do { ++ /* ++ * Examine last certificate in chain and see if it is self signed. ++ */ ++ i = sk_X509_num(ctx->chain); ++ x = sk_X509_value(ctx->chain, i - 1); ++ if (cert_self_signed(x)) { ++ /* we have a self signed certificate */ ++ if (sk_X509_num(ctx->chain) == 1) { ++ /* ++ * We have a single self signed certificate: see if we can ++ * find it in the store. We must have an exact match to avoid ++ * possible impersonation. ++ */ ++ ok = ctx->get_issuer(&xtmp, ctx, x); ++ if ((ok <= 0) || X509_cmp(x, xtmp)) { ++ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; ++ ctx->current_cert = x; ++ ctx->error_depth = i - 1; ++ if (ok == 1) ++ X509_free(xtmp); ++ bad_chain = 1; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } else { ++ /* ++ * We have a match: replace certificate with store ++ * version so we get any trust settings. ++ */ ++ X509_free(x); ++ x = xtmp; ++ (void)sk_X509_set(ctx->chain, i - 1, x); ++ ctx->last_untrusted = 0; ++ } + } else { + /* +- * We have a match: replace certificate with store version so +- * we get any trust settings. ++ * extract and save self signed certificate for later use + */ +- X509_free(x); +- x = xtmp; +- (void)sk_X509_set(ctx->chain, i - 1, x); +- ctx->last_untrusted = 0; ++ chain_ss = sk_X509_pop(ctx->chain); ++ ctx->last_untrusted--; ++ num--; ++ j--; ++ x = sk_X509_value(ctx->chain, num - 1); + } +- } else { +- /* +- * extract and save self signed certificate for later use +- */ +- chain_ss = sk_X509_pop(ctx->chain); +- ctx->last_untrusted--; +- num--; +- x = sk_X509_value(ctx->chain, num - 1); + } +- } +- +- /* We now lookup certs from the certificate store */ +- for (;;) { +- /* If we have enough, we break */ +- if (depth < num) +- break; ++ /* We now lookup certs from the certificate store */ ++ for (;;) { ++ /* If we have enough, we break */ ++ if (depth < num) ++ break; ++ /* If we are self signed, we break */ ++ if (cert_self_signed(x)) ++ break; ++ ok = ctx->get_issuer(&xtmp, ctx, x); + +- /* If we are self signed, we break */ +- if (ctx->check_issued(ctx, x, x)) +- break; ++ if (ok < 0) ++ return ok; ++ if (ok == 0) ++ break; ++ x = xtmp; ++ if (!sk_X509_push(ctx->chain, x)) { ++ X509_free(xtmp); ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ num++; ++ } + +- ok = ctx->get_issuer(&xtmp, ctx, x); ++ /* we now have our chain, lets check it... */ ++ i = check_trust(ctx); + +- if (ok < 0) +- return ok; +- if (ok == 0) +- break; ++ /* If explicitly rejected error */ ++ if (i == X509_TRUST_REJECTED) ++ goto end; ++ /* ++ * If it's not explicitly trusted then check if there is an alternative ++ * chain that could be used. We only do this if we haven't already ++ * checked via TRUSTED_FIRST and the user hasn't switched off alternate ++ * chain checking ++ */ ++ retry = 0; ++ if (i != X509_TRUST_TRUSTED ++ && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) ++ && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { ++ while (j-- > 1) { ++ xtmp2 = sk_X509_value(ctx->chain, j - 1); ++ ok = ctx->get_issuer(&xtmp, ctx, xtmp2); ++ if (ok < 0) ++ goto end; ++ /* Check if we found an alternate chain */ ++ if (ok > 0) { ++ /* ++ * Free up the found cert we'll add it again later ++ */ ++ X509_free(xtmp); + +- x = xtmp; +- if (!sk_X509_push(ctx->chain, x)) { +- X509_free(xtmp); +- X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); +- return 0; ++ /* ++ * Dump all the certs above this point - we've found an ++ * alternate chain ++ */ ++ while (num > j) { ++ xtmp = sk_X509_pop(ctx->chain); ++ X509_free(xtmp); ++ num--; ++ } ++ ctx->last_untrusted = sk_X509_num(ctx->chain); ++ retry = 1; ++ break; ++ } ++ } + } +- num++; +- } +- +- /* we now have our chain, lets check it... */ ++ } while (retry); + +- /* Is last certificate looked up self signed? */ +- if (!ctx->check_issued(ctx, x, x)) { ++ /* ++ * If not explicitly trusted then indicate error unless it's a single ++ * self signed certificate in which case we've indicated an error already ++ * and set bad_chain == 1 ++ */ ++ if (i != X509_TRUST_TRUSTED && !bad_chain) { + if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { + if (ctx->last_untrusted >= num) + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; +@@ -279,10 +439,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + if (!ok) + goto end; + +- /* The chain extensions are OK: check trust */ ++ /* Check name constraints */ ++ ++ ok = check_name_constraints(ctx); ++ ++ if (!ok) ++ goto end; + +- if (param->trust > 0) +- ok = check_trust(ctx); ++ ok = check_id(ctx); + + if (!ok) + goto end; +@@ -299,6 +463,16 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + if (!ok) + goto end; + ++ i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, ++ ctx->param->flags); ++ if (i != X509_V_OK) { ++ ctx->error = i; ++ ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ + /* At this point, we have a chain and need to verify it */ + if (ctx->verify != NULL) + ok = ctx->verify(ctx); +@@ -365,7 +539,6 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) + ctx->current_cert = x; + ctx->current_issuer = issuer; + return ctx->verify_cb(0, ctx); +- return 0; + } + + /* Alternative lookup method: look from a STACK stored in other_ctx */ +@@ -394,8 +567,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) + X509 *x; + int (*cb) (int xok, X509_STORE_CTX *xctx); + int proxy_path_length = 0; +- int allow_proxy_certs = +- ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); ++ int purpose; ++ int allow_proxy_certs; + cb = ctx->verify_cb; + + /*- +@@ -409,11 +582,21 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) + */ + must_be_ca = -1; + +- /* +- * A hack to keep people who don't want to modify their software happy +- */ +- if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) +- allow_proxy_certs = 1; ++ /* CRL path validation */ ++ if (ctx->parent) { ++ allow_proxy_certs = 0; ++ purpose = X509_PURPOSE_CRL_SIGN; ++ } else { ++ allow_proxy_certs = ++ ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); ++ /* ++ * A hack to keep people who don't want to modify their software ++ * happy ++ */ ++ if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) ++ allow_proxy_certs = 1; ++ purpose = ctx->param->purpose; ++ } + + /* Check all untrusted certificates */ + for (i = 0; i < ctx->last_untrusted; i++) { +@@ -471,7 +654,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) + goto end; + } + if (ctx->param->purpose > 0) { +- ret = X509_check_purpose(x, ctx->param->purpose, must_be_ca > 0); ++ ret = X509_check_purpose(x, purpose, must_be_ca > 0); + if ((ret == 0) + || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) + && (ret != 1))) { +@@ -522,30 +705,130 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) + #endif + } + +-static int check_trust(X509_STORE_CTX *ctx) ++static int check_name_constraints(X509_STORE_CTX *ctx) + { +-#ifdef OPENSSL_NO_CHAIN_VERIFY ++ X509 *x; ++ int i, j, rv; ++ /* Check name constraints for all certificates */ ++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { ++ x = sk_X509_value(ctx->chain, i); ++ /* Ignore self issued certs unless last in chain */ ++ if (i && (x->ex_flags & EXFLAG_SI)) ++ continue; ++ /* ++ * Check against constraints for all certificates higher in chain ++ * including trust anchor. Trust anchor not strictly speaking needed ++ * but if it includes constraints it is to be assumed it expects them ++ * to be obeyed. ++ */ ++ for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { ++ NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; ++ if (nc) { ++ rv = NAME_CONSTRAINTS_check(x, nc); ++ if (rv != X509_V_OK) { ++ ctx->error = rv; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ } ++ } ++ } + return 1; +-#else ++} ++ ++static int check_id_error(X509_STORE_CTX *ctx, int errcode) ++{ ++ ctx->error = errcode; ++ ctx->current_cert = ctx->cert; ++ ctx->error_depth = 0; ++ return ctx->verify_cb(0, ctx); ++} ++ ++static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) ++{ ++ int i; ++ int n = sk_OPENSSL_STRING_num(id->hosts); ++ char *name; ++ ++ for (i = 0; i < n; ++i) { ++ name = sk_OPENSSL_STRING_value(id->hosts, i); ++ if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0) ++ return 1; ++ } ++ return n == 0; ++} ++ ++static int check_id(X509_STORE_CTX *ctx) ++{ ++ X509_VERIFY_PARAM *vpm = ctx->param; ++ X509_VERIFY_PARAM_ID *id = vpm->id; ++ X509 *x = ctx->cert; ++ if (id->hosts && check_hosts(x, id) <= 0) { ++ if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) ++ return 0; ++ } ++ if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) { ++ if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) ++ return 0; ++ } ++ if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { ++ if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) ++ return 0; ++ } ++ return 1; ++} ++ ++static int check_trust(X509_STORE_CTX *ctx) ++{ + int i, ok; +- X509 *x; ++ X509 *x = NULL; + int (*cb) (int xok, X509_STORE_CTX *xctx); + cb = ctx->verify_cb; +-/* For now just check the last certificate in the chain */ +- i = sk_X509_num(ctx->chain) - 1; +- x = sk_X509_value(ctx->chain, i); +- ok = X509_check_trust(x, ctx->param->trust, 0); +- if (ok == X509_TRUST_TRUSTED) +- return 1; +- ctx->error_depth = i; +- ctx->current_cert = x; +- if (ok == X509_TRUST_REJECTED) +- ctx->error = X509_V_ERR_CERT_REJECTED; +- else +- ctx->error = X509_V_ERR_CERT_UNTRUSTED; +- ok = cb(0, ctx); +- return ok; +-#endif ++ /* Check all trusted certificates in chain */ ++ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { ++ x = sk_X509_value(ctx->chain, i); ++ ok = X509_check_trust(x, ctx->param->trust, 0); ++ /* If explicitly trusted return trusted */ ++ if (ok == X509_TRUST_TRUSTED) ++ return X509_TRUST_TRUSTED; ++ /* ++ * If explicitly rejected notify callback and reject if not ++ * overridden. ++ */ ++ if (ok == X509_TRUST_REJECTED) { ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ctx->error = X509_V_ERR_CERT_REJECTED; ++ ok = cb(0, ctx); ++ if (!ok) ++ return X509_TRUST_REJECTED; ++ } ++ } ++ /* ++ * If we accept partial chains and have at least one trusted certificate ++ * return success. ++ */ ++ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { ++ X509 *mx; ++ if (ctx->last_untrusted < sk_X509_num(ctx->chain)) ++ return X509_TRUST_TRUSTED; ++ x = sk_X509_value(ctx->chain, 0); ++ mx = lookup_cert_match(ctx, x); ++ if (mx) { ++ (void)sk_X509_set(ctx->chain, 0, mx); ++ X509_free(x); ++ ctx->last_untrusted = 0; ++ return X509_TRUST_TRUSTED; ++ } ++ } ++ ++ /* ++ * If no trusted certs in chain at all return untrusted and allow ++ * standard (no issuer cert) etc errors to be indicated. ++ */ ++ return X509_TRUST_UNTRUSTED; + } + + static int check_revocation(X509_STORE_CTX *ctx) +@@ -555,156 +838,630 @@ static int check_revocation(X509_STORE_CTX *ctx) + return 1; + if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) + last = sk_X509_num(ctx->chain) - 1; +- else ++ else { ++ /* If checking CRL paths this isn't the EE certificate */ ++ if (ctx->parent) ++ return 1; + last = 0; ++ } + for (i = 0; i <= last; i++) { + ctx->error_depth = i; + ok = check_cert(ctx); + if (!ok) + return ok; + } +- return 1; +-} ++ return 1; ++} ++ ++static int check_cert(X509_STORE_CTX *ctx) ++{ ++ X509_CRL *crl = NULL, *dcrl = NULL; ++ X509 *x; ++ int ok, cnum; ++ unsigned int last_reasons; ++ cnum = ctx->error_depth; ++ x = sk_X509_value(ctx->chain, cnum); ++ ctx->current_cert = x; ++ ctx->current_issuer = NULL; ++ ctx->current_crl_score = 0; ++ ctx->current_reasons = 0; ++ while (ctx->current_reasons != CRLDP_ALL_REASONS) { ++ last_reasons = ctx->current_reasons; ++ /* Try to retrieve relevant CRL */ ++ if (ctx->get_crl) ++ ok = ctx->get_crl(ctx, &crl, x); ++ else ++ ok = get_crl_delta(ctx, &crl, &dcrl, x); ++ /* ++ * If error looking up CRL, nothing we can do except notify callback ++ */ ++ if (!ok) { ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; ++ ok = ctx->verify_cb(0, ctx); ++ goto err; ++ } ++ ctx->current_crl = crl; ++ ok = ctx->check_crl(ctx, crl); ++ if (!ok) ++ goto err; ++ ++ if (dcrl) { ++ ok = ctx->check_crl(ctx, dcrl); ++ if (!ok) ++ goto err; ++ ok = ctx->cert_crl(ctx, dcrl, x); ++ if (!ok) ++ goto err; ++ } else ++ ok = 1; ++ ++ /* Don't look in full CRL if delta reason is removefromCRL */ ++ if (ok != 2) { ++ ok = ctx->cert_crl(ctx, crl, x); ++ if (!ok) ++ goto err; ++ } ++ ++ X509_CRL_free(crl); ++ X509_CRL_free(dcrl); ++ crl = NULL; ++ dcrl = NULL; ++ /* ++ * If reasons not updated we wont get anywhere by another iteration, ++ * so exit loop. ++ */ ++ if (last_reasons == ctx->current_reasons) { ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; ++ ok = ctx->verify_cb(0, ctx); ++ goto err; ++ } ++ } ++ err: ++ X509_CRL_free(crl); ++ X509_CRL_free(dcrl); ++ ++ ctx->current_crl = NULL; ++ return ok; ++ ++} ++ ++/* Check CRL times against values in X509_STORE_CTX */ ++ ++static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) ++{ ++ time_t *ptime; ++ int i; ++ if (notify) ++ ctx->current_crl = crl; ++ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ++ ptime = &ctx->param->check_time; ++ else ++ ptime = NULL; ++ ++ i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); ++ if (i == 0) { ++ if (!notify) ++ return 0; ++ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ if (i > 0) { ++ if (!notify) ++ return 0; ++ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ if (X509_CRL_get_nextUpdate(crl)) { ++ i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); ++ ++ if (i == 0) { ++ if (!notify) ++ return 0; ++ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ /* Ignore expiry of base CRL is delta is valid */ ++ if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { ++ if (!notify) ++ return 0; ++ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ } ++ ++ if (notify) ++ ctx->current_crl = NULL; ++ ++ return 1; ++} ++ ++static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, ++ X509 **pissuer, int *pscore, unsigned int *preasons, ++ STACK_OF(X509_CRL) *crls) ++{ ++ int i, crl_score, best_score = *pscore; ++ unsigned int reasons, best_reasons = 0; ++ X509 *x = ctx->current_cert; ++ X509_CRL *crl, *best_crl = NULL; ++ X509 *crl_issuer = NULL, *best_crl_issuer = NULL; ++ ++ for (i = 0; i < sk_X509_CRL_num(crls); i++) { ++ crl = sk_X509_CRL_value(crls, i); ++ reasons = *preasons; ++ crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); ++ ++ if (crl_score > best_score) { ++ best_crl = crl; ++ best_crl_issuer = crl_issuer; ++ best_score = crl_score; ++ best_reasons = reasons; ++ } ++ } ++ ++ if (best_crl) { ++ if (*pcrl) ++ X509_CRL_free(*pcrl); ++ *pcrl = best_crl; ++ *pissuer = best_crl_issuer; ++ *pscore = best_score; ++ *preasons = best_reasons; ++ CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); ++ if (*pdcrl) { ++ X509_CRL_free(*pdcrl); ++ *pdcrl = NULL; ++ } ++ get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); ++ } ++ ++ if (best_score >= CRL_SCORE_VALID) ++ return 1; ++ ++ return 0; ++} ++ ++/* ++ * Compare two CRL extensions for delta checking purposes. They should be ++ * both present or both absent. If both present all fields must be identical. ++ */ ++ ++static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) ++{ ++ ASN1_OCTET_STRING *exta, *extb; ++ int i; ++ i = X509_CRL_get_ext_by_NID(a, nid, -1); ++ if (i >= 0) { ++ /* Can't have multiple occurrences */ ++ if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) ++ return 0; ++ exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); ++ } else ++ exta = NULL; ++ ++ i = X509_CRL_get_ext_by_NID(b, nid, -1); ++ ++ if (i >= 0) { ++ ++ if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) ++ return 0; ++ extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); ++ } else ++ extb = NULL; ++ ++ if (!exta && !extb) ++ return 1; ++ ++ if (!exta || !extb) ++ return 0; ++ ++ if (ASN1_OCTET_STRING_cmp(exta, extb)) ++ return 0; ++ ++ return 1; ++} ++ ++/* See if a base and delta are compatible */ ++ ++static int check_delta_base(X509_CRL *delta, X509_CRL *base) ++{ ++ /* Delta CRL must be a delta */ ++ if (!delta->base_crl_number) ++ return 0; ++ /* Base must have a CRL number */ ++ if (!base->crl_number) ++ return 0; ++ /* Issuer names must match */ ++ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta))) ++ return 0; ++ /* AKID and IDP must match */ ++ if (!crl_extension_match(delta, base, NID_authority_key_identifier)) ++ return 0; ++ if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) ++ return 0; ++ /* Delta CRL base number must not exceed Full CRL number. */ ++ if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) ++ return 0; ++ /* Delta CRL number must exceed full CRL number */ ++ if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) ++ return 1; ++ return 0; ++} ++ ++/* ++ * For a given base CRL find a delta... maybe extend to delta scoring or ++ * retrieve a chain of deltas... ++ */ ++ ++static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, ++ X509_CRL *base, STACK_OF(X509_CRL) *crls) ++{ ++ X509_CRL *delta; ++ int i; ++ if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) ++ return; ++ if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) ++ return; ++ for (i = 0; i < sk_X509_CRL_num(crls); i++) { ++ delta = sk_X509_CRL_value(crls, i); ++ if (check_delta_base(delta, base)) { ++ if (check_crl_time(ctx, delta, 0)) ++ *pscore |= CRL_SCORE_TIME_DELTA; ++ CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); ++ *dcrl = delta; ++ return; ++ } ++ } ++ *dcrl = NULL; ++} ++ ++/* ++ * For a given CRL return how suitable it is for the supplied certificate ++ * 'x'. The return value is a mask of several criteria. If the issuer is not ++ * the certificate issuer this is returned in *pissuer. The reasons mask is ++ * also used to determine if the CRL is suitable: if no new reasons the CRL ++ * is rejected, otherwise reasons is updated. ++ */ ++ ++static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, ++ unsigned int *preasons, X509_CRL *crl, X509 *x) ++{ ++ ++ int crl_score = 0; ++ unsigned int tmp_reasons = *preasons, crl_reasons; ++ ++ /* First see if we can reject CRL straight away */ ++ ++ /* Invalid IDP cannot be processed */ ++ if (crl->idp_flags & IDP_INVALID) ++ return 0; ++ /* Reason codes or indirect CRLs need extended CRL support */ ++ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { ++ if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) ++ return 0; ++ } else if (crl->idp_flags & IDP_REASONS) { ++ /* If no new reasons reject */ ++ if (!(crl->idp_reasons & ~tmp_reasons)) ++ return 0; ++ } ++ /* Don't process deltas at this stage */ ++ else if (crl->base_crl_number) ++ return 0; ++ /* If issuer name doesn't match certificate need indirect CRL */ ++ if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { ++ if (!(crl->idp_flags & IDP_INDIRECT)) ++ return 0; ++ } else ++ crl_score |= CRL_SCORE_ISSUER_NAME; ++ ++ if (!(crl->flags & EXFLAG_CRITICAL)) ++ crl_score |= CRL_SCORE_NOCRITICAL; ++ ++ /* Check expiry */ ++ if (check_crl_time(ctx, crl, 0)) ++ crl_score |= CRL_SCORE_TIME; ++ ++ /* Check authority key ID and locate certificate issuer */ ++ crl_akid_check(ctx, crl, pissuer, &crl_score); ++ ++ /* If we can't locate certificate issuer at this point forget it */ ++ ++ if (!(crl_score & CRL_SCORE_AKID)) ++ return 0; ++ ++ /* Check cert for matching CRL distribution points */ ++ ++ if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { ++ /* If no new reasons reject */ ++ if (!(crl_reasons & ~tmp_reasons)) ++ return 0; ++ tmp_reasons |= crl_reasons; ++ crl_score |= CRL_SCORE_SCOPE; ++ } ++ ++ *preasons = tmp_reasons; ++ ++ return crl_score; ++ ++} ++ ++static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, ++ X509 **pissuer, int *pcrl_score) ++{ ++ X509 *crl_issuer = NULL; ++ X509_NAME *cnm = X509_CRL_get_issuer(crl); ++ int cidx = ctx->error_depth; ++ int i; ++ ++ if (cidx != sk_X509_num(ctx->chain) - 1) ++ cidx++; ++ ++ crl_issuer = sk_X509_value(ctx->chain, cidx); ++ ++ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { ++ if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { ++ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT; ++ *pissuer = crl_issuer; ++ return; ++ } ++ } ++ ++ for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { ++ crl_issuer = sk_X509_value(ctx->chain, cidx); ++ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) ++ continue; ++ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { ++ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH; ++ *pissuer = crl_issuer; ++ return; ++ } ++ } ++ ++ /* Anything else needs extended CRL support */ ++ ++ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) ++ return; + +-static int check_cert(X509_STORE_CTX *ctx) +-{ +- X509_CRL *crl = NULL; +- X509 *x; +- int ok, cnum; +- cnum = ctx->error_depth; +- x = sk_X509_value(ctx->chain, cnum); +- ctx->current_cert = x; +- /* Try to retrieve relevant CRL */ +- ok = ctx->get_crl(ctx, &crl, x); + /* +- * If error looking up CRL, nothing we can do except notify callback ++ * Otherwise the CRL issuer is not on the path. Look for it in the set of ++ * untrusted certificates. + */ +- if (!ok) { +- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; +- ok = ctx->verify_cb(0, ctx); +- goto err; ++ for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { ++ crl_issuer = sk_X509_value(ctx->untrusted, i); ++ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) ++ continue; ++ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { ++ *pissuer = crl_issuer; ++ *pcrl_score |= CRL_SCORE_AKID; ++ return; ++ } + } +- ctx->current_crl = crl; +- ok = ctx->check_crl(ctx, crl); +- if (!ok) ++} ++ ++/* ++ * Check the path of a CRL issuer certificate. This creates a new ++ * X509_STORE_CTX and populates it with most of the parameters from the ++ * parent. This could be optimised somewhat since a lot of path checking will ++ * be duplicated by the parent, but this will rarely be used in practice. ++ */ ++ ++static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) ++{ ++ X509_STORE_CTX crl_ctx; ++ int ret; ++ /* Don't allow recursive CRL path validation */ ++ if (ctx->parent) ++ return 0; ++ if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) ++ return -1; ++ ++ crl_ctx.crls = ctx->crls; ++ /* Copy verify params across */ ++ X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); ++ ++ crl_ctx.parent = ctx; ++ crl_ctx.verify_cb = ctx->verify_cb; ++ ++ /* Verify CRL issuer */ ++ ret = X509_verify_cert(&crl_ctx); ++ ++ if (ret <= 0) + goto err; +- ok = ctx->cert_crl(ctx, crl, x); +- err: +- ctx->current_crl = NULL; +- X509_CRL_free(crl); +- return ok; + ++ /* Check chain is acceptable */ ++ ++ ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); ++ err: ++ X509_STORE_CTX_cleanup(&crl_ctx); ++ return ret; + } + +-/* Check CRL times against values in X509_STORE_CTX */ ++/* ++ * RFC3280 says nothing about the relationship between CRL path and ++ * certificate path, which could lead to situations where a certificate could ++ * be revoked or validated by a CA not authorised to do so. RFC5280 is more ++ * strict and states that the two paths must end in the same trust anchor, ++ * though some discussions remain... until this is resolved we use the ++ * RFC5280 version ++ */ + +-static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) ++static int check_crl_chain(X509_STORE_CTX *ctx, ++ STACK_OF(X509) *cert_path, ++ STACK_OF(X509) *crl_path) + { +- time_t *ptime; +- int i; +- ctx->current_crl = crl; +- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) +- ptime = &ctx->param->check_time; +- else +- ptime = NULL; ++ X509 *cert_ta, *crl_ta; ++ cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); ++ crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); ++ if (!X509_cmp(cert_ta, crl_ta)) ++ return 1; ++ return 0; ++} + +- i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); +- if (i == 0) { +- ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; +- if (!notify || !ctx->verify_cb(0, ctx)) +- return 0; +- } ++/*- ++ * Check for match between two dist point names: three separate cases. ++ * 1. Both are relative names and compare X509_NAME types. ++ * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. ++ * 3. Both are full names and compare two GENERAL_NAMES. ++ * 4. One is NULL: automatic match. ++ */ + +- if (i > 0) { +- ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; +- if (!notify || !ctx->verify_cb(0, ctx)) ++static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) ++{ ++ X509_NAME *nm = NULL; ++ GENERAL_NAMES *gens = NULL; ++ GENERAL_NAME *gena, *genb; ++ int i, j; ++ if (!a || !b) ++ return 1; ++ if (a->type == 1) { ++ if (!a->dpname) ++ return 0; ++ /* Case 1: two X509_NAME */ ++ if (b->type == 1) { ++ if (!b->dpname) ++ return 0; ++ if (!X509_NAME_cmp(a->dpname, b->dpname)) ++ return 1; ++ else ++ return 0; ++ } ++ /* Case 2: set name and GENERAL_NAMES appropriately */ ++ nm = a->dpname; ++ gens = b->name.fullname; ++ } else if (b->type == 1) { ++ if (!b->dpname) + return 0; ++ /* Case 2: set name and GENERAL_NAMES appropriately */ ++ gens = a->name.fullname; ++ nm = b->dpname; + } + +- if (X509_CRL_get_nextUpdate(crl)) { +- i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); +- +- if (i == 0) { +- ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; +- if (!notify || !ctx->verify_cb(0, ctx)) +- return 0; ++ /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ ++ if (nm) { ++ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { ++ gena = sk_GENERAL_NAME_value(gens, i); ++ if (gena->type != GEN_DIRNAME) ++ continue; ++ if (!X509_NAME_cmp(nm, gena->d.directoryName)) ++ return 1; + } ++ return 0; ++ } + +- if (i < 0) { +- ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; +- if (!notify || !ctx->verify_cb(0, ctx)) +- return 0; ++ /* Else case 3: two GENERAL_NAMES */ ++ ++ for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { ++ gena = sk_GENERAL_NAME_value(a->name.fullname, i); ++ for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { ++ genb = sk_GENERAL_NAME_value(b->name.fullname, j); ++ if (!GENERAL_NAME_cmp(gena, genb)) ++ return 1; + } + } + +- ctx->current_crl = NULL; ++ return 0; + +- return 1; + } + +-/* +- * Lookup CRLs from the supplied list. Look for matching isser name and +- * validity. If we can't find a valid CRL return the last one with matching +- * name. This gives more meaningful error codes. Otherwise we'd get a CRL not +- * found error if a CRL existed with matching name but was invalid. +- */ +- +-static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, +- X509_NAME *nm, STACK_OF(X509_CRL) *crls) ++static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) + { + int i; +- X509_CRL *crl, *best_crl = NULL; +- for (i = 0; i < sk_X509_CRL_num(crls); i++) { +- crl = sk_X509_CRL_value(crls, i); +- if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) ++ X509_NAME *nm = X509_CRL_get_issuer(crl); ++ /* If no CRLissuer return is successful iff don't need a match */ ++ if (!dp->CRLissuer) ++ return ! !(crl_score & CRL_SCORE_ISSUER_NAME); ++ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { ++ GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); ++ if (gen->type != GEN_DIRNAME) + continue; +- if (check_crl_time(ctx, crl, 0)) { +- *pcrl = crl; +- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); ++ if (!X509_NAME_cmp(gen->d.directoryName, nm)) + return 1; +- } +- best_crl = crl; +- } +- if (best_crl) { +- *pcrl = best_crl; +- CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); + } ++ return 0; ++} + ++/* Check CRLDP and IDP */ ++ ++static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, ++ unsigned int *preasons) ++{ ++ int i; ++ if (crl->idp_flags & IDP_ONLYATTR) ++ return 0; ++ if (x->ex_flags & EXFLAG_CA) { ++ if (crl->idp_flags & IDP_ONLYUSER) ++ return 0; ++ } else { ++ if (crl->idp_flags & IDP_ONLYCA) ++ return 0; ++ } ++ *preasons = crl->idp_reasons; ++ for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { ++ DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); ++ if (crldp_check_crlissuer(dp, crl, crl_score)) { ++ if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) { ++ *preasons &= dp->dp_reasons; ++ return 1; ++ } ++ } ++ } ++ if ((!crl->idp || !crl->idp->distpoint) ++ && (crl_score & CRL_SCORE_ISSUER_NAME)) ++ return 1; + return 0; + } + + /* +- * Retrieve CRL corresponding to certificate: currently just a subject +- * lookup: maybe use AKID later... ++ * Retrieve CRL corresponding to current certificate. If deltas enabled try ++ * to find a delta CRL too + */ +-static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) ++ ++static int get_crl_delta(X509_STORE_CTX *ctx, ++ X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) + { + int ok; +- X509_CRL *crl = NULL; +- X509_OBJECT xobj; +- X509_NAME *nm; +- nm = X509_get_issuer_name(x); +- ok = get_crl_sk(ctx, &crl, nm, ctx->crls); +- if (ok) { +- *pcrl = crl; +- return 1; +- } ++ X509 *issuer = NULL; ++ int crl_score = 0; ++ unsigned int reasons; ++ X509_CRL *crl = NULL, *dcrl = NULL; ++ STACK_OF(X509_CRL) *skcrl; ++ X509_NAME *nm = X509_get_issuer_name(x); ++ reasons = ctx->current_reasons; ++ ok = get_crl_sk(ctx, &crl, &dcrl, ++ &issuer, &crl_score, &reasons, ctx->crls); + +- ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); ++ if (ok) ++ goto done; + +- if (!ok) { +- /* If we got a near match from get_crl_sk use that */ +- if (crl) { +- *pcrl = crl; +- return 1; +- } +- return 0; ++ /* Lookup CRLs from store */ ++ ++ skcrl = ctx->lookup_crls(ctx, nm); ++ ++ /* If no CRLs found and a near match from get_crl_sk use that */ ++ if (!skcrl && crl) ++ goto done; ++ ++ get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); ++ ++ sk_X509_CRL_pop_free(skcrl, X509_CRL_free); ++ ++ done: ++ ++ /* If we got any kind of CRL use it and return success */ ++ if (crl) { ++ ctx->current_issuer = issuer; ++ ctx->current_crl_score = crl_score; ++ ctx->current_reasons = reasons; ++ *pcrl = crl; ++ *pdcrl = dcrl; ++ return 1; + } + +- *pcrl = xobj.data.crl; +- if (crl) +- X509_CRL_free(crl); +- return 1; ++ return 0; + } + + /* Check CRL validity */ +@@ -715,11 +1472,15 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) + int ok = 0, chnum, cnum; + cnum = ctx->error_depth; + chnum = sk_X509_num(ctx->chain) - 1; ++ /* if we have an alternative CRL issuer cert use that */ ++ if (ctx->current_issuer) ++ issuer = ctx->current_issuer; ++ + /* +- * Find CRL issuer: if not last certificate then issuer is next ++ * Else find CRL issuer: if not last certificate then issuer is next + * certificate in chain. + */ +- if (cnum < chnum) ++ else if (cnum < chnum) + issuer = sk_X509_value(ctx->chain, cnum + 1); + else { + issuer = sk_X509_value(ctx->chain, chnum); +@@ -733,11 +1494,46 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) + } + + if (issuer) { +- /* Check for cRLSign bit if keyUsage present */ +- if ((issuer->ex_flags & EXFLAG_KUSAGE) && +- !(issuer->ex_kusage & KU_CRL_SIGN)) { +- ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; +- ok = ctx->verify_cb(0, ctx); ++ /* ++ * Skip most tests for deltas because they have already been done ++ */ ++ if (!crl->base_crl_number) { ++ /* Check for cRLSign bit if keyUsage present */ ++ if ((issuer->ex_flags & EXFLAG_KUSAGE) && ++ !(issuer->ex_kusage & KU_CRL_SIGN)) { ++ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ ++ if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { ++ ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ ++ if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { ++ if (check_crl_path(ctx, ctx->current_issuer) <= 0) { ++ ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ } ++ ++ if (crl->idp_flags & IDP_INVALID) { ++ ctx->error = X509_V_ERR_INVALID_EXTENSION; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ ++ } ++ ++ if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { ++ ok = check_crl_time(ctx, crl, 1); + if (!ok) + goto err; + } +@@ -751,6 +1547,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) + if (!ok) + goto err; + } else { ++ int rv; ++ rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); ++ if (rv != X509_V_OK) { ++ ctx->error = rv; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } + /* Verify CRL signature */ + if (X509_CRL_verify(crl, ikey) <= 0) { + ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; +@@ -761,10 +1565,6 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) + } + } + +- ok = check_crl_time(ctx, crl, 1); +- if (!ok) +- goto err; +- + ok = 1; + + err: +@@ -775,61 +1575,42 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) + /* Check certificate against CRL */ + static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) + { +- int idx, ok; +- X509_REVOKED rtmp; +- STACK_OF(X509_EXTENSION) *exts; +- X509_EXTENSION *ext; +- /* Look for serial number of certificate in CRL */ +- rtmp.serialNumber = X509_get_serialNumber(x); ++ int ok; ++ X509_REVOKED *rev; + /* +- * Sort revoked into serial number order if not already sorted. Do this +- * under a lock to avoid race condition. ++ * The rules changed for this... previously if a CRL contained unhandled ++ * critical extensions it could still be used to indicate a certificate ++ * was revoked. This has since been changed since critical extension can ++ * change the meaning of CRL entries. + */ +- if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { +- CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); +- sk_X509_REVOKED_sort(crl->crl->revoked); +- CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); ++ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) ++ && (crl->flags & EXFLAG_CRITICAL)) { ++ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ return 0; + } +- idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); + /* +- * If found assume revoked: want something cleverer than this to handle +- * entry extensions in V2 CRLs. ++ * Look for serial number of certificate in CRL If found make sure reason ++ * is not removeFromCRL. + */ +- if (idx >= 0) { ++ if (X509_CRL_get0_by_cert(crl, &rev, x)) { ++ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) ++ return 2; + ctx->error = X509_V_ERR_CERT_REVOKED; + ok = ctx->verify_cb(0, ctx); + if (!ok) + return 0; + } + +- if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) +- return 1; +- +- /* +- * See if we have any critical CRL extensions: since we currently don't +- * handle any CRL extensions the CRL must be rejected. This code +- * accesses the X509_CRL structure directly: applications shouldn't do +- * this. +- */ +- +- exts = crl->crl->extensions; +- +- for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { +- ext = sk_X509_EXTENSION_value(exts, idx); +- if (ext->critical > 0) { +- ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; +- ok = ctx->verify_cb(0, ctx); +- if (!ok) +- return 0; +- break; +- } +- } + return 1; + } + + static int check_policy(X509_STORE_CTX *ctx) + { + int ret; ++ if (ctx->parent) ++ return 1; + ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, + ctx->param->policies, ctx->param->flags); + if (ret == 0) { +@@ -849,7 +1630,8 @@ static int check_policy(X509_STORE_CTX *ctx) + continue; + ctx->current_cert = x; + ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; +- ret = ctx->verify_cb(0, ctx); ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; + } + return 1; + } +@@ -871,9 +1653,9 @@ static int check_policy(X509_STORE_CTX *ctx) + + static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) + { +-#if defined(OPENSSL_SYS_UEFI) +- /* Bypass Certificate Time Checking for UEFI version. */ +- return 1; ++#ifdef OPENSSL_SYS_UEFI ++ /* Bypass Certificate Time Checking for UEFI version. */ ++ return 1; + #else + time_t *ptime; + int i; +@@ -934,6 +1716,10 @@ static int internal_verify(X509_STORE_CTX *ctx) + if (ctx->check_issued(ctx, xi, xi)) + xs = xi; + else { ++ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { ++ xs = xi; ++ goto check_cert; ++ } + if (n <= 0) { + ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; + ctx->current_cert = xi; +@@ -979,6 +1765,7 @@ static int internal_verify(X509_STORE_CTX *ctx) + + xs->valid = 1; + ++ check_cert: + ok = check_cert_time(ctx, xs); + if (!ok) + goto end; +@@ -1001,64 +1788,102 @@ static int internal_verify(X509_STORE_CTX *ctx) + return ok; + } + +-int X509_cmp_current_time(ASN1_TIME *ctm) ++int X509_cmp_current_time(const ASN1_TIME *ctm) + { + return X509_cmp_time(ctm, NULL); + } + +-int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) ++int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) + { + char *str; + ASN1_TIME atm; + long offset; + char buff1[24], buff2[24], *p; +- int i, j; ++ int i, j, remaining; + + p = buff1; +- i = ctm->length; ++ remaining = ctm->length; + str = (char *)ctm->data; ++ /* ++ * Note that the following (historical) code allows much more slack in the ++ * time format than RFC5280. In RFC5280, the representation is fixed: ++ * UTCTime: YYMMDDHHMMSSZ ++ * GeneralizedTime: YYYYMMDDHHMMSSZ ++ */ + if (ctm->type == V_ASN1_UTCTIME) { +- if ((i < 11) || (i > 17)) ++ /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ ++ int min_length = sizeof("YYMMDDHHMMZ") - 1; ++ int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; ++ if (remaining < min_length || remaining > max_length) + return 0; + memcpy(p, str, 10); + p += 10; + str += 10; ++ remaining -= 10; + } else { +- if (i < 13) ++ /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ ++ int min_length = sizeof("YYYYMMDDHHMMZ") - 1; ++ int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; ++ if (remaining < min_length || remaining > max_length) + return 0; + memcpy(p, str, 12); + p += 12; + str += 12; ++ remaining -= 12; + } + + if ((*str == 'Z') || (*str == '-') || (*str == '+')) { + *(p++) = '0'; + *(p++) = '0'; + } else { ++ /* SS (seconds) */ ++ if (remaining < 2) ++ return 0; + *(p++) = *(str++); + *(p++) = *(str++); +- /* Skip any fractional seconds... */ +- if (*str == '.') { ++ remaining -= 2; ++ /* ++ * Skip any (up to three) fractional seconds... ++ * TODO(emilia): in RFC5280, fractional seconds are forbidden. ++ * Can we just kill them altogether? ++ */ ++ if (remaining && *str == '.') { + str++; +- while ((*str >= '0') && (*str <= '9')) +- str++; ++ remaining--; ++ for (i = 0; i < 3 && remaining; i++, str++, remaining--) { ++ if (*str < '0' || *str > '9') ++ break; ++ } + } + + } + *(p++) = 'Z'; + *(p++) = '\0'; + +- if (*str == 'Z') ++ /* We now need either a terminating 'Z' or an offset. */ ++ if (!remaining) ++ return 0; ++ if (*str == 'Z') { ++ if (remaining != 1) ++ return 0; + offset = 0; +- else { ++ } else { ++ /* (+-)HHMM */ + if ((*str != '+') && (*str != '-')) + return 0; ++ /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ ++ if (remaining != 5) ++ return 0; ++ if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || ++ str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') ++ return 0; + offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; + offset += (str[3] - '0') * 10 + (str[4] - '0'); + if (*str == '-') + offset = -offset; + } + atm.type = ctm->type; ++ atm.flags = 0; + atm.length = sizeof(buff2); + atm.data = (unsigned char *)buff2; + +@@ -1090,24 +1915,28 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) + return X509_time_adj(s, adj, NULL); + } + +-ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) ++ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm) ++{ ++ return X509_time_adj_ex(s, 0, offset_sec, in_tm); ++} ++ ++ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, ++ int offset_day, long offset_sec, time_t *in_tm) + { + time_t t; +- int type = -1; + + if (in_tm) + t = *in_tm; + else + time(&t); + +- t += adj; +- if (s) +- type = s->type; +- if (type == V_ASN1_UTCTIME) +- return ASN1_UTCTIME_set(s, t); +- if (type == V_ASN1_GENERALIZEDTIME) +- return ASN1_GENERALIZEDTIME_set(s, t); +- return ASN1_TIME_set(s, t); ++ if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) { ++ if (s->type == V_ASN1_UTCTIME) ++ return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); ++ if (s->type == V_ASN1_GENERALIZEDTIME) ++ return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); ++ } ++ return ASN1_TIME_adj(s, t, offset_day, offset_sec); + } + + int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) +@@ -1151,6 +1980,114 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) + return 1; + } + ++/* Make a delta CRL as the diff between two full CRLs */ ++ ++X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, ++ EVP_PKEY *skey, const EVP_MD *md, unsigned int flags) ++{ ++ X509_CRL *crl = NULL; ++ int i; ++ STACK_OF(X509_REVOKED) *revs = NULL; ++ /* CRLs can't be delta already */ ++ if (base->base_crl_number || newer->base_crl_number) { ++ X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_ALREADY_DELTA); ++ return NULL; ++ } ++ /* Base and new CRL must have a CRL number */ ++ if (!base->crl_number || !newer->crl_number) { ++ X509err(X509_F_X509_CRL_DIFF, X509_R_NO_CRL_NUMBER); ++ return NULL; ++ } ++ /* Issuer names must match */ ++ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) { ++ X509err(X509_F_X509_CRL_DIFF, X509_R_ISSUER_MISMATCH); ++ return NULL; ++ } ++ /* AKID and IDP must match */ ++ if (!crl_extension_match(base, newer, NID_authority_key_identifier)) { ++ X509err(X509_F_X509_CRL_DIFF, X509_R_AKID_MISMATCH); ++ return NULL; ++ } ++ if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) { ++ X509err(X509_F_X509_CRL_DIFF, X509_R_IDP_MISMATCH); ++ return NULL; ++ } ++ /* Newer CRL number must exceed full CRL number */ ++ if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) { ++ X509err(X509_F_X509_CRL_DIFF, X509_R_NEWER_CRL_NOT_NEWER); ++ return NULL; ++ } ++ /* CRLs must verify */ ++ if (skey && (X509_CRL_verify(base, skey) <= 0 || ++ X509_CRL_verify(newer, skey) <= 0)) { ++ X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_VERIFY_FAILURE); ++ return NULL; ++ } ++ /* Create new CRL */ ++ crl = X509_CRL_new(); ++ if (!crl || !X509_CRL_set_version(crl, 1)) ++ goto memerr; ++ /* Set issuer name */ ++ if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) ++ goto memerr; ++ ++ if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) ++ goto memerr; ++ if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) ++ goto memerr; ++ ++ /* Set base CRL number: must be critical */ ++ ++ if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) ++ goto memerr; ++ ++ /* ++ * Copy extensions across from newest CRL to delta: this will set CRL ++ * number to correct value too. ++ */ ++ ++ for (i = 0; i < X509_CRL_get_ext_count(newer); i++) { ++ X509_EXTENSION *ext; ++ ext = X509_CRL_get_ext(newer, i); ++ if (!X509_CRL_add_ext(crl, ext, -1)) ++ goto memerr; ++ } ++ ++ /* Go through revoked entries, copying as needed */ ++ ++ revs = X509_CRL_get_REVOKED(newer); ++ ++ for (i = 0; i < sk_X509_REVOKED_num(revs); i++) { ++ X509_REVOKED *rvn, *rvtmp; ++ rvn = sk_X509_REVOKED_value(revs, i); ++ /* ++ * Add only if not also in base. TODO: need something cleverer here ++ * for some more complex CRLs covering multiple CAs. ++ */ ++ if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) { ++ rvtmp = X509_REVOKED_dup(rvn); ++ if (!rvtmp) ++ goto memerr; ++ if (!X509_CRL_add0_revoked(crl, rvtmp)) { ++ X509_REVOKED_free(rvtmp); ++ goto memerr; ++ } ++ } ++ } ++ /* TODO: optionally prune deleted entries */ ++ ++ if (skey && md && !X509_CRL_sign(crl, skey, md)) ++ goto memerr; ++ ++ return crl; ++ ++ memerr: ++ X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE); ++ if (crl) ++ X509_CRL_free(crl); ++ return NULL; ++} ++ + int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, +@@ -1201,16 +2138,24 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) + + STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) + { +- int i; +- X509 *x; +- STACK_OF(X509) *chain; +- if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) ++ if (!ctx->chain) + return NULL; +- for (i = 0; i < sk_X509_num(chain); i++) { +- x = sk_X509_value(chain, i); +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); +- } +- return chain; ++ return X509_chain_up_ref(ctx->chain); ++} ++ ++X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) ++{ ++ return ctx->current_issuer; ++} ++ ++X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) ++{ ++ return ctx->current_crl; ++} ++ ++X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) ++{ ++ return ctx->parent; + } + + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) +@@ -1309,6 +2254,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) + + void X509_STORE_CTX_free(X509_STORE_CTX *ctx) + { ++ if (!ctx) ++ return; + X509_STORE_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } +@@ -1331,7 +2278,11 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, + ctx->error_depth = 0; + ctx->current_cert = NULL; + ctx->current_issuer = NULL; ++ ctx->current_crl = NULL; ++ ctx->current_crl_score = 0; ++ ctx->current_reasons = 0; + ctx->tree = NULL; ++ ctx->parent = NULL; + + ctx->param = X509_VERIFY_PARAM_new(); + +@@ -1392,7 +2343,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, + if (store && store->get_crl) + ctx->get_crl = store->get_crl; + else +- ctx->get_crl = get_crl; ++ ctx->get_crl = NULL; + + if (store && store->check_crl) + ctx->check_crl = store->check_crl; +@@ -1404,6 +2355,16 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, + else + ctx->cert_crl = cert_crl; + ++ if (store && store->lookup_certs) ++ ctx->lookup_certs = store->lookup_certs; ++ else ++ ctx->lookup_certs = X509_STORE_get1_certs; ++ ++ if (store && store->lookup_crls) ++ ctx->lookup_crls = store->lookup_crls; ++ else ++ ctx->lookup_crls = X509_STORE_get1_crls; ++ + ctx->check_policy = check_policy; + + /* +@@ -1437,7 +2398,8 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) + if (ctx->cleanup) + ctx->cleanup(ctx); + if (ctx->param != NULL) { +- X509_VERIFY_PARAM_free(ctx->param); ++ if (ctx->parent == NULL) ++ X509_VERIFY_PARAM_free(ctx->param); + ctx->param = NULL; + } + if (ctx->tree != NULL) { +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c +index 955ece2..1ea0c69 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c +@@ -66,15 +66,81 @@ + #include + #include + ++#include "vpm_int.h" ++ + /* X509_VERIFY_PARAM functions */ + ++#define SET_HOST 0 ++#define ADD_HOST 1 ++ ++static char *str_copy(const char *s) ++{ ++ return OPENSSL_strdup(s); ++} ++ ++static void str_free(char *s) ++{ ++ OPENSSL_free(s); ++} ++ ++#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) ++ ++static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, ++ const char *name, size_t namelen) ++{ ++ char *copy; ++ ++ /* ++ * Refuse names with embedded NUL bytes, except perhaps as final byte. ++ * XXX: Do we need to push an error onto the error stack? ++ */ ++ if (namelen == 0) ++ namelen = name ? strlen(name) : 0; ++ else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen)) ++ return 0; ++ if (name && name[namelen - 1] == '\0') ++ --namelen; ++ ++ if (mode == SET_HOST && id->hosts) { ++ string_stack_free(id->hosts); ++ id->hosts = NULL; ++ } ++ if (name == NULL || namelen == 0) ++ return 1; ++ ++ copy = BUF_strndup(name, namelen); ++ if (copy == NULL) ++ return 0; ++ ++ if (id->hosts == NULL && ++ (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { ++ OPENSSL_free(copy); ++ return 0; ++ } ++ ++ if (!sk_OPENSSL_STRING_push(id->hosts, copy)) { ++ OPENSSL_free(copy); ++ if (sk_OPENSSL_STRING_num(id->hosts) == 0) { ++ sk_OPENSSL_STRING_free(id->hosts); ++ id->hosts = NULL; ++ } ++ return 0; ++ } ++ ++ return 1; ++} ++ + static void x509_verify_param_zero(X509_VERIFY_PARAM *param) + { ++ X509_VERIFY_PARAM_ID *paramid; + if (!param) + return; + param->name = NULL; + param->purpose = 0; + param->trust = 0; ++ /* ++ * param->inh_flags = X509_VP_FLAG_DEFAULT; ++ */ + param->inh_flags = 0; + param->flags = 0; + param->depth = -1; +@@ -82,20 +148,52 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + param->policies = NULL; + } ++ paramid = param->id; ++ if (paramid->hosts) { ++ string_stack_free(paramid->hosts); ++ paramid->hosts = NULL; ++ } ++ if (paramid->peername) ++ OPENSSL_free(paramid->peername); ++ if (paramid->email) { ++ OPENSSL_free(paramid->email); ++ paramid->email = NULL; ++ paramid->emaillen = 0; ++ } ++ if (paramid->ip) { ++ OPENSSL_free(paramid->ip); ++ paramid->ip = NULL; ++ paramid->iplen = 0; ++ } ++ + } + + X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) + { + X509_VERIFY_PARAM *param; +- param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); +- memset(param, 0, sizeof(X509_VERIFY_PARAM)); ++ X509_VERIFY_PARAM_ID *paramid; ++ ++ param = OPENSSL_malloc(sizeof *param); ++ if (!param) ++ return NULL; ++ paramid = OPENSSL_malloc(sizeof *paramid); ++ if (!paramid) { ++ OPENSSL_free(param); ++ return NULL; ++ } ++ memset(param, 0, sizeof *param); ++ memset(paramid, 0, sizeof *paramid); ++ param->id = paramid; + x509_verify_param_zero(param); + return param; + } + + void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) + { ++ if (param == NULL) ++ return; + x509_verify_param_zero(param); ++ OPENSSL_free(param->id); + OPENSSL_free(param); + } + +@@ -137,6 +235,11 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) + (to_overwrite || \ + ((src->field != def) && (to_default || (dest->field == def)))) + ++/* As above but for ID fields */ ++ ++#define test_x509_verify_param_copy_id(idf, def) \ ++ test_x509_verify_param_copy(id->idf, def) ++ + /* Macro to test and copy a field if necessary */ + + #define x509_verify_param_copy(field, def) \ +@@ -148,8 +251,10 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, + { + unsigned long inh_flags; + int to_default, to_overwrite; ++ X509_VERIFY_PARAM_ID *id; + if (!src) + return 1; ++ id = src->id; + inh_flags = dest->inh_flags | src->inh_flags; + + if (inh_flags & X509_VP_FLAG_ONCE) +@@ -190,6 +295,31 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, + return 0; + } + ++ /* Copy the host flags if and only if we're copying the host list */ ++ if (test_x509_verify_param_copy_id(hosts, NULL)) { ++ if (dest->id->hosts) { ++ string_stack_free(dest->id->hosts); ++ dest->id->hosts = NULL; ++ } ++ if (id->hosts) { ++ dest->id->hosts = ++ sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free); ++ if (dest->id->hosts == NULL) ++ return 0; ++ dest->id->hostflags = id->hostflags; ++ } ++ } ++ ++ if (test_x509_verify_param_copy_id(email, NULL)) { ++ if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen)) ++ return 0; ++ } ++ ++ if (test_x509_verify_param_copy_id(ip, NULL)) { ++ if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen)) ++ return 0; ++ } ++ + return 1; + } + +@@ -204,6 +334,30 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + return ret; + } + ++static int int_x509_param_set1(char **pdest, size_t *pdestlen, ++ const char *src, size_t srclen) ++{ ++ void *tmp; ++ if (src) { ++ if (srclen == 0) { ++ tmp = BUF_strdup(src); ++ srclen = strlen(src); ++ } else ++ tmp = BUF_memdup(src, srclen); ++ if (!tmp) ++ return 0; ++ } else { ++ tmp = NULL; ++ srclen = 0; ++ } ++ if (*pdest) ++ OPENSSL_free(*pdest); ++ *pdest = tmp; ++ if (pdestlen) ++ *pdestlen = srclen; ++ return 1; ++} ++ + int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) + { + if (param->name) +@@ -301,11 +455,70 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + return 1; + } + ++int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, ++ const char *name, size_t namelen) ++{ ++ return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen); ++} ++ ++int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, ++ const char *name, size_t namelen) ++{ ++ return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen); ++} ++ ++void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, ++ unsigned int flags) ++{ ++ param->id->hostflags = flags; ++} ++ ++char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) ++{ ++ return param->id->peername; ++} ++ ++int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, ++ const char *email, size_t emaillen) ++{ ++ return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen, ++ email, emaillen); ++} ++ ++int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, ++ const unsigned char *ip, size_t iplen) ++{ ++ if (iplen != 0 && iplen != 4 && iplen != 16) ++ return 0; ++ return int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen, ++ (char *)ip, iplen); ++} ++ ++int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) ++{ ++ unsigned char ipout[16]; ++ size_t iplen; ++ ++ iplen = (size_t)a2i_ipadd(ipout, ipasc); ++ if (iplen == 0) ++ return 0; ++ return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen); ++} ++ + int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) + { + return param->depth; + } + ++const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) ++{ ++ return param->name; ++} ++ ++static X509_VERIFY_PARAM_ID _empty_id = { NULL, 0U, NULL, NULL, 0, NULL, 0 }; ++ ++#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id ++ + /* + * Default verify parameters: these are used for various applications and can + * be overridden by the user specified table. NB: the 'name' field *must* be +@@ -321,28 +534,28 @@ static const X509_VERIFY_PARAM default_table[] = { + 0, /* purpose */ + 0, /* trust */ + 100, /* depth */ +- NULL /* policies */ +- }, ++ NULL, /* policies */ ++ vpm_empty_id}, + { +- "pkcs7", /* S/MIME signing parameters */ ++ "pkcs7", /* S/MIME sign parameters */ + 0, /* Check time */ + 0, /* internal flags */ + 0, /* flags */ + X509_PURPOSE_SMIME_SIGN, /* purpose */ + X509_TRUST_EMAIL, /* trust */ + -1, /* depth */ +- NULL /* policies */ +- }, ++ NULL, /* policies */ ++ vpm_empty_id}, + { +- "smime_sign", /* S/MIME signing parameters */ ++ "smime_sign", /* S/MIME sign parameters */ + 0, /* Check time */ + 0, /* internal flags */ + 0, /* flags */ + X509_PURPOSE_SMIME_SIGN, /* purpose */ + X509_TRUST_EMAIL, /* trust */ + -1, /* depth */ +- NULL /* policies */ +- }, ++ NULL, /* policies */ ++ vpm_empty_id}, + { + "ssl_client", /* SSL/TLS client parameters */ + 0, /* Check time */ +@@ -351,8 +564,8 @@ static const X509_VERIFY_PARAM default_table[] = { + X509_PURPOSE_SSL_CLIENT, /* purpose */ + X509_TRUST_SSL_CLIENT, /* trust */ + -1, /* depth */ +- NULL /* policies */ +- }, ++ NULL, /* policies */ ++ vpm_empty_id}, + { + "ssl_server", /* SSL/TLS server parameters */ + 0, /* Check time */ +@@ -361,18 +574,20 @@ static const X509_VERIFY_PARAM default_table[] = { + X509_PURPOSE_SSL_SERVER, /* purpose */ + X509_TRUST_SSL_SERVER, /* trust */ + -1, /* depth */ +- NULL /* policies */ +- } ++ NULL, /* policies */ ++ vpm_empty_id} + }; + + static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; + +-static int table_cmp(const void *pa, const void *pb) ++static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b) + { +- const X509_VERIFY_PARAM *a = pa, *b = pb; + return strcmp(a->name, b->name); + } + ++DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table); ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table); ++ + static int param_cmp(const X509_VERIFY_PARAM *const *a, + const X509_VERIFY_PARAM *const *b) + { +@@ -400,22 +615,36 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) + return 1; + } + ++int X509_VERIFY_PARAM_get_count(void) ++{ ++ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); ++ if (param_table) ++ num += sk_X509_VERIFY_PARAM_num(param_table); ++ return num; ++} ++ ++const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) ++{ ++ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); ++ if (id < num) ++ return default_table + id; ++ return sk_X509_VERIFY_PARAM_value(param_table, id - num); ++} ++ + const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) + { + int idx; + X509_VERIFY_PARAM pm; ++ + pm.name = (char *)name; + if (param_table) { + idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); + if (idx != -1) + return sk_X509_VERIFY_PARAM_value(param_table, idx); + } +- return (const X509_VERIFY_PARAM *)OBJ_bsearch((char *)&pm, +- (char *)&default_table, +- sizeof(default_table) / +- sizeof(X509_VERIFY_PARAM), +- sizeof(X509_VERIFY_PARAM), +- table_cmp); ++ return OBJ_bsearch_table(&pm, default_table, ++ sizeof(default_table) / ++ sizeof(X509_VERIFY_PARAM)); + } + + void X509_VERIFY_PARAM_table_cleanup(void) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c +index 4ef8808..24ca35b 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509cset.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509cset.c +@@ -82,7 +82,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) + return (X509_NAME_set(&x->crl->issuer, name)); + } + +-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm) ++int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) + { + ASN1_TIME *in; + +@@ -99,7 +99,7 @@ int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm) + return (in != NULL); + } + +-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm) ++int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) + { + ASN1_TIME *in; + +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c +index 4e7b64f..6ea601f 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509name.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509name.c +@@ -369,7 +369,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + len, type, + OBJ_obj2nid(ne->object)) ? 1 : 0; + if (len < 0) +- len = strlen((char *)bytes); ++ len = strlen((const char *)bytes); + i = ASN1_STRING_set(ne->value, bytes, len); + if (!i) + return (0); +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c +index eb177fc..9219f75 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509type.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509type.c +@@ -93,28 +93,34 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) + case EVP_PKEY_DH: + ret = EVP_PK_DH | EVP_PKT_EXCH; + break; ++ case NID_id_GostR3410_94: ++ case NID_id_GostR3410_2001: ++ ret = EVP_PKT_EXCH | EVP_PKT_SIGN; ++ break; + default: + break; + } + +- i = X509_get_signature_type(x); +- switch (i) { +- case EVP_PKEY_RSA: +- ret |= EVP_PKS_RSA; +- break; +- case EVP_PKEY_DSA: +- ret |= EVP_PKS_DSA; +- break; +- case EVP_PKEY_EC: +- ret |= EVP_PKS_EC; +- break; +- default: +- break; ++ i = OBJ_obj2nid(x->sig_alg->algorithm); ++ if (i && OBJ_find_sigid_algs(i, NULL, &i)) { ++ ++ switch (i) { ++ case NID_rsaEncryption: ++ case NID_rsa: ++ ret |= EVP_PKS_RSA; ++ break; ++ case NID_dsa: ++ case NID_dsa_2: ++ ret |= EVP_PKS_DSA; ++ break; ++ case NID_X9_62_id_ecPublicKey: ++ ret |= EVP_PKS_EC; ++ break; ++ default: ++ break; ++ } + } + +- /* /8 because it's 1024 bits we look for, not bytes */ +- if (EVP_PKEY_size(pk) <= 1024 / 8) +- ret |= EVP_PKT_EXP; + if (pkey == NULL) + EVP_PKEY_free(pk); + return (ret); +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c +index 3140cea..0f26c54 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x_all.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x_all.c +@@ -57,13 +57,13 @@ + */ + + #include +-#undef SSLEAY_MACROS + #include + #include "cryptlib.h" + #include + #include + #include + #include ++#include + #ifndef OPENSSL_NO_RSA + # include + #endif +@@ -85,12 +85,6 @@ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) + a->sig_alg, a->signature, a->req_info, r)); + } + +-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) +-{ +- return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), +- a->sig_alg, a->signature, a->crl, r)); +-} +- + int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) + { + return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), +@@ -104,12 +98,33 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) + x->sig_alg, x->signature, x->cert_info, pkey, md)); + } + ++int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) ++{ ++ x->cert_info->enc.modified = 1; ++ return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), ++ x->cert_info->signature, ++ x->sig_alg, x->signature, x->cert_info, ctx); ++} ++ ++int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) ++{ ++ return OCSP_REQ_CTX_nbio_d2i(rctx, ++ (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); ++} ++ + int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) + { + return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL, + x->signature, x->req_info, pkey, md)); + } + ++int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) ++{ ++ return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), ++ x->sig_alg, NULL, x->signature, x->req_info, ++ ctx); ++} ++ + int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) + { + x->crl->enc.modified = 1; +@@ -117,6 +132,21 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) + x->sig_alg, x->signature, x->crl, pkey, md)); + } + ++int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) ++{ ++ x->crl->enc.modified = 1; ++ return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), ++ x->crl->sig_alg, x->sig_alg, x->signature, ++ x->crl, ctx); ++} ++ ++int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) ++{ ++ return OCSP_REQ_CTX_nbio_d2i(rctx, ++ (ASN1_VALUE **)pcrl, ++ ASN1_ITEM_rptr(X509_CRL)); ++} ++ + int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) + { + return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL, +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h +index 3eaec46..01edd2a 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h ++++ b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h +@@ -1,6 +1,7 @@ + /* ext_dat.h */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,71 +62,77 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; + extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; + extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; + extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; +-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld; ++extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; + extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; + extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; + extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; + extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +-extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp; +-#ifndef OPENSSL_NO_RFC3779 ++extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; + extern X509V3_EXT_METHOD v3_addr, v3_asid; +-#endif ++extern X509V3_EXT_METHOD v3_ct_scts[]; + +-/* This table will be searched using OBJ_bsearch so it *must* kept in +- * order of the ext_nid values. ++/* ++ * This table will be searched using OBJ_bsearch so it *must* kept in order ++ * of the ext_nid values. + */ + +-static X509V3_EXT_METHOD *standard_exts[] = { +-&v3_nscert, +-&v3_ns_ia5_list[0], +-&v3_ns_ia5_list[1], +-&v3_ns_ia5_list[2], +-&v3_ns_ia5_list[3], +-&v3_ns_ia5_list[4], +-&v3_ns_ia5_list[5], +-&v3_ns_ia5_list[6], +-&v3_skey_id, +-&v3_key_usage, +-&v3_pkey_usage_period, +-&v3_alt[0], +-&v3_alt[1], +-&v3_bcons, +-&v3_crl_num, +-&v3_cpols, +-&v3_akey_id, +-&v3_crld, +-&v3_ext_ku, +-&v3_delta_crl, +-&v3_crl_reason, ++static const X509V3_EXT_METHOD *standard_exts[] = { ++ &v3_nscert, ++ &v3_ns_ia5_list[0], ++ &v3_ns_ia5_list[1], ++ &v3_ns_ia5_list[2], ++ &v3_ns_ia5_list[3], ++ &v3_ns_ia5_list[4], ++ &v3_ns_ia5_list[5], ++ &v3_ns_ia5_list[6], ++ &v3_skey_id, ++ &v3_key_usage, ++ &v3_pkey_usage_period, ++ &v3_alt[0], ++ &v3_alt[1], ++ &v3_bcons, ++ &v3_crl_num, ++ &v3_cpols, ++ &v3_akey_id, ++ &v3_crld, ++ &v3_ext_ku, ++ &v3_delta_crl, ++ &v3_crl_reason, + #ifndef OPENSSL_NO_OCSP +-&v3_crl_invdate, ++ &v3_crl_invdate, + #endif +-&v3_sxnet, +-&v3_info, ++ &v3_sxnet, ++ &v3_info, + #ifndef OPENSSL_NO_RFC3779 +-&v3_addr, +-&v3_asid, ++ &v3_addr, ++ &v3_asid, + #endif + #ifndef OPENSSL_NO_OCSP +-&v3_ocsp_nonce, +-&v3_ocsp_crlid, +-&v3_ocsp_accresp, +-&v3_ocsp_nocheck, +-&v3_ocsp_acutoff, +-&v3_ocsp_serviceloc, ++ &v3_ocsp_nonce, ++ &v3_ocsp_crlid, ++ &v3_ocsp_accresp, ++ &v3_ocsp_nocheck, ++ &v3_ocsp_acutoff, ++ &v3_ocsp_serviceloc, + #endif +-&v3_sinfo, +-&v3_policy_constraints, ++ &v3_sinfo, ++ &v3_policy_constraints, + #ifndef OPENSSL_NO_OCSP +-&v3_crl_hold, ++ &v3_crl_hold, ++#endif ++ &v3_pci, ++ &v3_name_constraints, ++ &v3_policy_mappings, ++ &v3_inhibit_anyp, ++ &v3_idp, ++ &v3_alt[2], ++ &v3_freshest_crl, ++#ifndef OPENSSL_SYS_UEFI ++ &v3_ct_scts[0], ++ &v3_ct_scts[1], + #endif +-&v3_pci, +-&v3_name_constraints, +-&v3_policy_mappings, +-&v3_inhibit_anyp + }; + + /* Number of standard extensions */ + + #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) +- +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +index 1530cc8..c8f41f2 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +@@ -133,7 +133,6 @@ static int policy_cache_new(X509 *x) + return 0; + cache->anyPolicy = NULL; + cache->data = NULL; +- cache->maps = NULL; + cache->any_skip = -1; + cache->explicit_skip = -1; + cache->map_skip = -1; +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +index 0a6b83b..90e9970 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +@@ -83,17 +83,19 @@ void policy_data_free(X509_POLICY_DATA *data) + * source. + */ + +-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, +- int crit) ++X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ++ const ASN1_OBJECT *cid, int crit) + { + X509_POLICY_DATA *ret; +- if (!policy && !id) ++ ASN1_OBJECT *id; ++ if (!policy && !cid) + return NULL; +- if (id) { +- id = OBJ_dup(id); ++ if (cid) { ++ id = OBJ_dup(cid); + if (!id) + return NULL; +- } ++ } else ++ id = NULL; + ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); + if (!ret) + return NULL; +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h +index 3780de4..b5075f9 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h +@@ -1,6 +1,7 @@ + /* pcy_int.h */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,135 +57,126 @@ + * + */ + +-DECLARE_STACK_OF(X509_POLICY_DATA) +-DECLARE_STACK_OF(X509_POLICY_REF) +-DECLARE_STACK_OF(X509_POLICY_NODE) +- + typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; +-typedef struct X509_POLICY_REF_st X509_POLICY_REF; ++ ++DECLARE_STACK_OF(X509_POLICY_DATA) + + /* Internal structures */ + +-/* This structure and the field names correspond to the Policy 'node' of +- * RFC3280. NB this structure contains no pointers to parent or child +- * data: X509_POLICY_NODE contains that. This means that the main policy data +- * can be kept static and cached with the certificate. ++/* ++ * This structure and the field names correspond to the Policy 'node' of ++ * RFC3280. NB this structure contains no pointers to parent or child data: ++ * X509_POLICY_NODE contains that. This means that the main policy data can ++ * be kept static and cached with the certificate. + */ + +-struct X509_POLICY_DATA_st +- { +- unsigned int flags; +- /* Policy OID and qualifiers for this data */ +- ASN1_OBJECT *valid_policy; +- STACK_OF(POLICYQUALINFO) *qualifier_set; +- STACK_OF(ASN1_OBJECT) *expected_policy_set; +- }; ++struct X509_POLICY_DATA_st { ++ unsigned int flags; ++ /* Policy OID and qualifiers for this data */ ++ ASN1_OBJECT *valid_policy; ++ STACK_OF(POLICYQUALINFO) *qualifier_set; ++ STACK_OF(ASN1_OBJECT) *expected_policy_set; ++}; + + /* X509_POLICY_DATA flags values */ + +-/* This flag indicates the structure has been mapped using a policy mapping +- * extension. If policy mapping is not active its references get deleted. ++/* ++ * This flag indicates the structure has been mapped using a policy mapping ++ * extension. If policy mapping is not active its references get deleted. + */ + +-#define POLICY_DATA_FLAG_MAPPED 0x1 ++#define POLICY_DATA_FLAG_MAPPED 0x1 + +-/* This flag indicates the data doesn't correspond to a policy in Certificate ++/* ++ * This flag indicates the data doesn't correspond to a policy in Certificate + * Policies: it has been mapped to any policy. + */ + +-#define POLICY_DATA_FLAG_MAPPED_ANY 0x2 ++#define POLICY_DATA_FLAG_MAPPED_ANY 0x2 + + /* AND with flags to see if any mapping has occurred */ + +-#define POLICY_DATA_FLAG_MAP_MASK 0x3 ++#define POLICY_DATA_FLAG_MAP_MASK 0x3 + + /* qualifiers are shared and shouldn't be freed */ + +-#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 ++#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 + + /* Parent node is an extra node and should be freed */ + +-#define POLICY_DATA_FLAG_EXTRA_NODE 0x8 ++#define POLICY_DATA_FLAG_EXTRA_NODE 0x8 + + /* Corresponding CertificatePolicies is critical */ + +-#define POLICY_DATA_FLAG_CRITICAL 0x10 +- +-/* This structure is an entry from a table of mapped policies which +- * cross reference the policy it refers to. +- */ +- +-struct X509_POLICY_REF_st +- { +- ASN1_OBJECT *subjectDomainPolicy; +- const X509_POLICY_DATA *data; +- }; ++#define POLICY_DATA_FLAG_CRITICAL 0x10 + + /* This structure is cached with a certificate */ + + struct X509_POLICY_CACHE_st { +- /* anyPolicy data or NULL if no anyPolicy */ +- X509_POLICY_DATA *anyPolicy; +- /* other policy data */ +- STACK_OF(X509_POLICY_DATA) *data; +- /* If policyMappings extension present a table of mapped policies */ +- STACK_OF(X509_POLICY_REF) *maps; +- /* If InhibitAnyPolicy present this is its value or -1 if absent. */ +- long any_skip; +- /* If policyConstraints and requireExplicitPolicy present this is its +- * value or -1 if absent. +- */ +- long explicit_skip; +- /* If policyConstraints and policyMapping present this is its +- * value or -1 if absent. +- */ +- long map_skip; +- }; +- +-/*#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL*/ ++ /* anyPolicy data or NULL if no anyPolicy */ ++ X509_POLICY_DATA *anyPolicy; ++ /* other policy data */ ++ STACK_OF(X509_POLICY_DATA) *data; ++ /* If InhibitAnyPolicy present this is its value or -1 if absent. */ ++ long any_skip; ++ /* ++ * If policyConstraints and requireExplicitPolicy present this is its ++ * value or -1 if absent. ++ */ ++ long explicit_skip; ++ /* ++ * If policyConstraints and policyMapping present this is its value or -1 ++ * if absent. ++ */ ++ long map_skip; ++}; ++ ++/* ++ * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL ++ */ + + /* This structure represents the relationship between nodes */ + +-struct X509_POLICY_NODE_st +- { +- /* node data this refers to */ +- const X509_POLICY_DATA *data; +- /* Parent node */ +- X509_POLICY_NODE *parent; +- /* Number of child nodes */ +- int nchild; +- }; +- +-struct X509_POLICY_LEVEL_st +- { +- /* Cert for this level */ +- X509 *cert; +- /* nodes at this level */ +- STACK_OF(X509_POLICY_NODE) *nodes; +- /* anyPolicy node */ +- X509_POLICY_NODE *anyPolicy; +- /* Extra data */ +- /*STACK_OF(X509_POLICY_DATA) *extra_data;*/ +- unsigned int flags; +- }; +- +-struct X509_POLICY_TREE_st +- { +- /* This is the tree 'level' data */ +- X509_POLICY_LEVEL *levels; +- int nlevel; +- /* Extra policy data when additional nodes (not from the certificate) +- * are required. +- */ +- STACK_OF(X509_POLICY_DATA) *extra_data; +- /* This is the authority constained policy set */ +- STACK_OF(X509_POLICY_NODE) *auth_policies; +- STACK_OF(X509_POLICY_NODE) *user_policies; +- unsigned int flags; +- }; ++struct X509_POLICY_NODE_st { ++ /* node data this refers to */ ++ const X509_POLICY_DATA *data; ++ /* Parent node */ ++ X509_POLICY_NODE *parent; ++ /* Number of child nodes */ ++ int nchild; ++}; ++ ++struct X509_POLICY_LEVEL_st { ++ /* Cert for this level */ ++ X509 *cert; ++ /* nodes at this level */ ++ STACK_OF(X509_POLICY_NODE) *nodes; ++ /* anyPolicy node */ ++ X509_POLICY_NODE *anyPolicy; ++ /* Extra data */ ++ /* ++ * STACK_OF(X509_POLICY_DATA) *extra_data; ++ */ ++ unsigned int flags; ++}; ++ ++struct X509_POLICY_TREE_st { ++ /* This is the tree 'level' data */ ++ X509_POLICY_LEVEL *levels; ++ int nlevel; ++ /* ++ * Extra policy data when additional nodes (not from the certificate) are ++ * required. ++ */ ++ STACK_OF(X509_POLICY_DATA) *extra_data; ++ /* This is the authority constained policy set */ ++ STACK_OF(X509_POLICY_NODE) *auth_policies; ++ STACK_OF(X509_POLICY_NODE) *user_policies; ++ unsigned int flags; ++}; + + /* Set if anyPolicy present in user policies */ +-#define POLICY_FLAG_ANY_POLICY 0x2 ++#define POLICY_FLAG_ANY_POLICY 0x2 + + /* Useful macros */ + +@@ -193,15 +185,14 @@ struct X509_POLICY_TREE_st + + /* Internal functions */ + +-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, +- int crit); ++X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, ++ int crit); + void policy_data_free(X509_POLICY_DATA *data); + + X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, +- const ASN1_OBJECT *id); ++ const ASN1_OBJECT *id); + int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); + +- + STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void); + + void policy_cache_init(void); +@@ -209,15 +200,18 @@ void policy_cache_init(void); + void policy_cache_free(X509_POLICY_CACHE *cache); + + X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, +- const ASN1_OBJECT *id); ++ const X509_POLICY_NODE *parent, ++ const ASN1_OBJECT *id); + + X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, +- const ASN1_OBJECT *id); ++ const ASN1_OBJECT *id); + + X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, +- X509_POLICY_DATA *data, +- X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree); ++ const X509_POLICY_DATA *data, ++ X509_POLICY_NODE *parent, ++ X509_POLICY_TREE *tree); + void policy_node_free(X509_POLICY_NODE *node); ++int policy_node_match(const X509_POLICY_LEVEL *lvl, ++ const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); + + const X509_POLICY_CACHE *policy_cache_set(X509 *x); +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +index 0067c3d..b99eb91 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +@@ -63,30 +63,6 @@ + + #include "pcy_int.h" + +-static int ref_cmp(const X509_POLICY_REF * const *a, +- const X509_POLICY_REF * const *b) +-{ +- return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); +-} +- +-static void policy_map_free(X509_POLICY_REF * map) +-{ +- OPENSSL_free(map); +-} +- +-static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, +- ASN1_OBJECT *id) +-{ +- X509_POLICY_REF tmp; +- int idx; +- tmp.subjectDomainPolicy = id; +- +- idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); +- if (idx == -1) +- return NULL; +- return sk_X509_POLICY_REF_value(cache->maps, idx); +-} +- + /* + * Set policy mapping entries in cache. Note: this modifies the passed + * POLICY_MAPPINGS structure +@@ -95,8 +71,6 @@ static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, + int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) + { + POLICY_MAPPING *map; +- X509_POLICY_REF *ref = NULL; +- ASN1_OBJECT *subjectDomainPolicyRef; + X509_POLICY_DATA *data; + X509_POLICY_CACHE *cache = x->policy_cache; + int i; +@@ -105,7 +79,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) + ret = -1; + goto bad_mapping; + } +- cache->maps = sk_X509_POLICY_REF_new(ref_cmp); + for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) { + map = sk_POLICY_MAPPING_value(maps, i); + /* Reject if map to or from anyPolicy */ +@@ -115,12 +88,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) + goto bad_mapping; + } + +- /* If we've already mapped from this OID bad mapping */ +- if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) { +- ret = -1; +- goto bad_mapping; +- } +- + /* Attempt to find matching policy data */ + data = policy_cache_find_data(cache, map->issuerDomainPolicy); + /* If we don't have anyPolicy can't map */ +@@ -135,7 +102,9 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) + if (!data) + goto bad_mapping; + data->qualifier_set = cache->anyPolicy->qualifier_set; +- map->issuerDomainPolicy = NULL; ++ /* ++ * map->issuerDomainPolicy = NULL; ++ */ + data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; + if (!sk_X509_POLICY_DATA_push(cache->data, data)) { +@@ -144,41 +113,17 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) + } + } else + data->flags |= POLICY_DATA_FLAG_MAPPED; +- + if (!sk_ASN1_OBJECT_push(data->expected_policy_set, + map->subjectDomainPolicy)) + goto bad_mapping; +- /* +- * map->subjectDomainPolicy will be freed when cache->data is freed. +- * Set it to NULL to avoid double-free. +- */ +- subjectDomainPolicyRef = map->subjectDomainPolicy; + map->subjectDomainPolicy = NULL; + +- ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); +- if (!ref) +- goto bad_mapping; +- +- ref->subjectDomainPolicy = subjectDomainPolicyRef; +- ref->data = data; +- +- if (!sk_X509_POLICY_REF_push(cache->maps, ref)) +- goto bad_mapping; +- +- ref = NULL; +- + } + + ret = 1; + bad_mapping: + if (ret == -1) + x->ex_flags |= EXFLAG_INVALID_POLICY; +- if (ref) +- policy_map_free(ref); +- if (ret <= 0) { +- sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); +- cache->maps = NULL; +- } + sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); + return ret; + +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +index 438b49b..d6c9176 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +@@ -93,13 +93,23 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, + } + + X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, ++ const X509_POLICY_NODE *parent, + const ASN1_OBJECT *id) + { +- return tree_find_sk(level->nodes, id); ++ X509_POLICY_NODE *node; ++ int i; ++ for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) { ++ node = sk_X509_POLICY_NODE_value(level->nodes, i); ++ if (node->parent == parent) { ++ if (!OBJ_cmp(node->data->valid_policy, id)) ++ return node; ++ } ++ } ++ return NULL; + } + + X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, +- X509_POLICY_DATA *data, ++ const X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, + X509_POLICY_TREE *tree) + { +@@ -150,3 +160,31 @@ void policy_node_free(X509_POLICY_NODE *node) + { + OPENSSL_free(node); + } ++ ++/* ++ * See if a policy node matches a policy OID. If mapping enabled look through ++ * expected policy set otherwise just valid policy. ++ */ ++ ++int policy_node_match(const X509_POLICY_LEVEL *lvl, ++ const X509_POLICY_NODE *node, const ASN1_OBJECT *oid) ++{ ++ int i; ++ ASN1_OBJECT *policy_oid; ++ const X509_POLICY_DATA *x = node->data; ++ ++ if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP) ++ || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) { ++ if (!OBJ_cmp(x->valid_policy, oid)) ++ return 1; ++ return 0; ++ } ++ ++ for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) { ++ policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i); ++ if (!OBJ_cmp(policy_oid, oid)) ++ return 1; ++ } ++ return 0; ++ ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +index 9e506e9..09b8691 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +@@ -63,9 +63,77 @@ + + #include "pcy_int.h" + ++/* ++ * Enable this to print out the complete policy tree at various point during ++ * evaluation. ++ */ ++ ++/* ++ * #define OPENSSL_POLICY_DEBUG ++ */ ++ ++#ifdef OPENSSL_POLICY_DEBUG ++ ++static void expected_print(BIO *err, X509_POLICY_LEVEL *lev, ++ X509_POLICY_NODE *node, int indent) ++{ ++ if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) ++ || !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK)) ++ BIO_puts(err, " Not Mapped\n"); ++ else { ++ int i; ++ STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set; ++ ASN1_OBJECT *oid; ++ BIO_puts(err, " Expected: "); ++ for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) { ++ oid = sk_ASN1_OBJECT_value(pset, i); ++ if (i) ++ BIO_puts(err, ", "); ++ i2a_ASN1_OBJECT(err, oid); ++ } ++ BIO_puts(err, "\n"); ++ } ++} ++ ++static void tree_print(char *str, X509_POLICY_TREE *tree, ++ X509_POLICY_LEVEL *curr) ++{ ++ X509_POLICY_LEVEL *plev; ++ X509_POLICY_NODE *node; ++ int i; ++ BIO *err; ++ err = BIO_new_fp(stderr, BIO_NOCLOSE); ++ if (!curr) ++ curr = tree->levels + tree->nlevel; ++ else ++ curr++; ++ BIO_printf(err, "Level print after %s\n", str); ++ BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels); ++ for (plev = tree->levels; plev != curr; plev++) { ++ BIO_printf(err, "Level %ld, flags = %x\n", ++ plev - tree->levels, plev->flags); ++ for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { ++ node = sk_X509_POLICY_NODE_value(plev->nodes, i); ++ X509_POLICY_NODE_print(err, node, 2); ++ expected_print(err, plev, node, 2); ++ BIO_printf(err, " Flags: %x\n", node->data->flags); ++ } ++ if (plev->anyPolicy) ++ X509_POLICY_NODE_print(err, plev->anyPolicy, 2); ++ } ++ ++ BIO_free(err); ++ ++} ++#else ++ ++# define tree_print(a,b,c) /* */ ++ ++#endif ++ + /*- + * Initialize policy tree. Return values: +- * 0 Some internal error occured. ++ * 0 Some internal error occurred. + * -1 Inconsistent or invalid extensions in certificates. + * 1 Tree initialized OK. + * 2 Policy tree is empty. +@@ -89,8 +157,10 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + *ptree = NULL; + n = sk_X509_num(certs); + ++#if 0 + /* Disable policy mapping for now... */ + flags |= X509_V_FLAG_INHIBIT_MAP; ++#endif + + if (flags & X509_V_FLAG_EXPLICIT_POLICY) + explicit_policy = 0; +@@ -184,7 +254,6 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + level++; + x = sk_X509_value(certs, i); + cache = policy_cache_set(x); +- + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + level->cert = x; + +@@ -210,7 +279,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + if (map_skip == 0) + level->flags |= X509_V_FLAG_INHIBIT_MAP; + else { +- map_skip--; ++ if (!(x->ex_flags & EXFLAG_SI)) ++ map_skip--; + if ((cache->map_skip >= 0) + && (cache->map_skip < map_skip)) + map_skip = cache->map_skip; +@@ -233,8 +303,30 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + + } + ++static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, ++ const X509_POLICY_DATA *data) ++{ ++ X509_POLICY_LEVEL *last = curr - 1; ++ X509_POLICY_NODE *node; ++ int i, matched = 0; ++ /* Iterate through all in nodes linking matches */ ++ for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { ++ node = sk_X509_POLICY_NODE_value(last->nodes, i); ++ if (policy_node_match(last, node, data->valid_policy)) { ++ if (!level_add_node(curr, data, node, NULL)) ++ return 0; ++ matched = 1; ++ } ++ } ++ if (!matched && last->anyPolicy) { ++ if (!level_add_node(curr, data, last->anyPolicy, NULL)) ++ return 0; ++ } ++ return 1; ++} ++ + /* +- * This corresponds to RFC3280 XXXX XXXXX: link any data from ++ * This corresponds to RFC3280 6.1.3(d)(1): link any data from + * CertificatePolicies onto matching parent or anyPolicy if no match. + */ + +@@ -242,10 +334,8 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, + const X509_POLICY_CACHE *cache) + { + int i; +- X509_POLICY_LEVEL *last; + X509_POLICY_DATA *data; +- X509_POLICY_NODE *parent; +- last = curr - 1; ++ + for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { + data = sk_X509_POLICY_DATA_value(cache->data, i); + /* +@@ -256,39 +346,104 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, + * because then it will have the mapping flags right and we can prune + * it later. + */ ++#if 0 + if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) + && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) + continue; +- /* Look for matching node in parent */ +- parent = level_find_node(last, data->valid_policy); +- /* If no match link to anyPolicy */ +- if (!parent) +- parent = last->anyPolicy; +- if (parent && !level_add_node(curr, data, parent, NULL)) ++#endif ++ /* Look for matching nodes in previous level */ ++ if (!tree_link_matching_nodes(curr, data)) + return 0; + } + return 1; + } + + /* +- * This corresponds to RFC3280 XXXX XXXXX: Create new data for any unmatched ++ * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched + * policies in the parent and link to anyPolicy. + */ + ++static int tree_add_unmatched(X509_POLICY_LEVEL *curr, ++ const X509_POLICY_CACHE *cache, ++ const ASN1_OBJECT *id, ++ X509_POLICY_NODE *node, X509_POLICY_TREE *tree) ++{ ++ X509_POLICY_DATA *data; ++ if (id == NULL) ++ id = node->data->valid_policy; ++ /* ++ * Create a new node with qualifiers from anyPolicy and id from unmatched ++ * node. ++ */ ++ data = policy_data_new(NULL, id, node_critical(node)); ++ ++ if (data == NULL) ++ return 0; ++ /* Curr may not have anyPolicy */ ++ data->qualifier_set = cache->anyPolicy->qualifier_set; ++ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; ++ if (!level_add_node(curr, data, node, tree)) { ++ policy_data_free(data); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int tree_link_unmatched(X509_POLICY_LEVEL *curr, ++ const X509_POLICY_CACHE *cache, ++ X509_POLICY_NODE *node, X509_POLICY_TREE *tree) ++{ ++ const X509_POLICY_LEVEL *last = curr - 1; ++ int i; ++ ++ if ((last->flags & X509_V_FLAG_INHIBIT_MAP) ++ || !(node->data->flags & POLICY_DATA_FLAG_MAPPED)) { ++ /* If no policy mapping: matched if one child present */ ++ if (node->nchild) ++ return 1; ++ if (!tree_add_unmatched(curr, cache, NULL, node, tree)) ++ return 0; ++ /* Add it */ ++ } else { ++ /* If mapping: matched if one child per expected policy set */ ++ STACK_OF(ASN1_OBJECT) *expset = node->data->expected_policy_set; ++ if (node->nchild == sk_ASN1_OBJECT_num(expset)) ++ return 1; ++ /* Locate unmatched nodes */ ++ for (i = 0; i < sk_ASN1_OBJECT_num(expset); i++) { ++ ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i); ++ if (level_find_node(curr, node, oid)) ++ continue; ++ if (!tree_add_unmatched(curr, cache, oid, node, tree)) ++ return 0; ++ } ++ ++ } ++ ++ return 1; ++ ++} ++ + static int tree_link_any(X509_POLICY_LEVEL *curr, + const X509_POLICY_CACHE *cache, + X509_POLICY_TREE *tree) + { + int i; +- X509_POLICY_DATA *data; ++ /* ++ * X509_POLICY_DATA *data; ++ */ + X509_POLICY_NODE *node; +- X509_POLICY_LEVEL *last; +- +- last = curr - 1; ++ X509_POLICY_LEVEL *last = curr - 1; + + for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { + node = sk_X509_POLICY_NODE_value(last->nodes, i); + ++ if (!tree_link_unmatched(curr, cache, node, tree)) ++ return 0; ++ ++#if 0 ++ + /* + * Skip any node with any children: we only want unmathced nodes. + * Note: need something better for policy mapping because each node +@@ -296,6 +451,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + */ + if (node->nchild) + continue; ++ + /* + * Create a new node with qualifiers from anyPolicy and id from + * unmatched node. +@@ -312,6 +468,8 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + policy_data_free(data); + return 0; + } ++#endif ++ + } + /* Finally add link to anyPolicy */ + if (last->anyPolicy) { +@@ -329,26 +487,31 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + + static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) + { ++ STACK_OF(X509_POLICY_NODE) *nodes; + X509_POLICY_NODE *node; + int i; +- for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) { +- node = sk_X509_POLICY_NODE_value(curr->nodes, i); +- /* Delete any mapped data: see RFC3280 XXXX */ +- if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) { +- node->parent->nchild--; +- OPENSSL_free(node); +- (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); ++ nodes = curr->nodes; ++ if (curr->flags & X509_V_FLAG_INHIBIT_MAP) { ++ for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) { ++ node = sk_X509_POLICY_NODE_value(nodes, i); ++ /* Delete any mapped data: see RFC3280 XXXX */ ++ if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) { ++ node->parent->nchild--; ++ OPENSSL_free(node); ++ (void)sk_X509_POLICY_NODE_delete(nodes, i); ++ } + } + } + + for (;;) { + --curr; +- for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) { +- node = sk_X509_POLICY_NODE_value(curr->nodes, i); ++ nodes = curr->nodes; ++ for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) { ++ node = sk_X509_POLICY_NODE_value(nodes, i); + if (node->nchild == 0) { + node->parent->nchild--; + OPENSSL_free(node); +- (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); ++ (void)sk_X509_POLICY_NODE_delete(nodes, i); + } + } + if (curr->anyPolicy && !curr->anyPolicy->nchild) { +@@ -511,6 +674,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) + && !tree_link_any(curr, cache, tree)) + return 0; ++ tree_print("before tree_prune()", tree, curr); + ret = tree_prune(tree, curr); + if (ret != 1) + return ret; +@@ -620,6 +784,8 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + goto error; + ret = tree_evaluate(tree); + ++ tree_print("tree_evaluate()", tree, NULL); ++ + if (ret <= 0) + goto error; + +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +index e1911f2..94cfed0 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +@@ -239,7 +239,7 @@ static int i2r_IPAddressOrRanges(BIO *out, + /* + * i2r handler for an IPAddrBlocks extension. + */ +-static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, ++static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, + void *ext, BIO *out, int indent) + { + const IPAddrBlocks *addr = ext; +@@ -321,8 +321,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, + const IPAddressOrRange *b, const int length) + { + unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; +- int prefixlen_a = 0; +- int prefixlen_b = 0; ++ int prefixlen_a = 0, prefixlen_b = 0; + int r; + + switch (a->type) { +@@ -879,7 +878,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, + IPAddressOrRange *merged; + if (!make_addressRange(&merged, a_min, b_max, length)) + return 0; +- sk_IPAddressOrRange_set(aors, i, merged); ++ (void)sk_IPAddressOrRange_set(aors, i, merged); + (void)sk_IPAddressOrRange_delete(aors, i + 1); + IPAddressOrRange_free(a); + IPAddressOrRange_free(b); +@@ -928,7 +927,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) + /* + * v2i handler for the IPAddrBlocks extension. + */ +-static void *v2i_IPAddrBlocks(struct v3_ext_method *method, ++static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values) + { +@@ -1219,7 +1218,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, + { + IPAddrBlocks *child = NULL; + int i, j, ret = 1; +- X509 *x = NULL; ++ X509 *x; + + OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); + OPENSSL_assert(ctx != NULL || ext != NULL); +@@ -1232,6 +1231,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, + */ + if (ext != NULL) { + i = -1; ++ x = NULL; + } else { + i = 0; + x = sk_X509_value(chain, i); +@@ -1299,6 +1299,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, + /* + * Trust anchor can't inherit. + */ ++ OPENSSL_assert(x != NULL); + if (x->rfc3779_addr != NULL) { + for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { + IPAddressFamily *fp = +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +index ea0e6be..22ec202 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +@@ -87,6 +87,12 @@ const X509V3_EXT_METHOD v3_alt[] = { + (X509V3_EXT_I2V) i2v_GENERAL_NAMES, + (X509V3_EXT_V2I)v2i_issuer_alt, + NULL, NULL, NULL}, ++ ++ {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), ++ 0, 0, 0, 0, ++ 0, 0, ++ (X509V3_EXT_I2V) i2v_GENERAL_NAMES, ++ NULL, NULL, NULL, NULL}, + }; + + STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, +@@ -390,7 +396,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) + + } + +-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, ++GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { + GENERAL_NAME *gen; +@@ -413,27 +419,22 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, + return NULL; + } + +-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- CONF_VALUE *cnf) ++GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, CONF_VALUE *cnf) + { + return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); + } + +-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, +- X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- CONF_VALUE *cnf, int is_nc) ++GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, ++ const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, int gen_type, char *value, ++ int is_nc) + { + char is_string = 0; +- int type; + GENERAL_NAME *gen = NULL; + +- char *name, *value; +- +- name = cnf->name; +- value = cnf->value; +- + if (!value) { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE); ++ X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_MISSING_VALUE); + return NULL; + } + +@@ -442,55 +443,57 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + else { + gen = GENERAL_NAME_new(); + if (gen == NULL) { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE); ++ X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); + return NULL; + } + } + +- if (!name_cmp(name, "email")) { +- is_string = 1; +- type = GEN_EMAIL; +- } else if (!name_cmp(name, "URI")) { +- is_string = 1; +- type = GEN_URI; +- } else if (!name_cmp(name, "DNS")) { ++ switch (gen_type) { ++ case GEN_URI: ++ case GEN_EMAIL: ++ case GEN_DNS: + is_string = 1; +- type = GEN_DNS; +- } else if (!name_cmp(name, "RID")) { +- ASN1_OBJECT *obj; +- if (!(obj = OBJ_txt2obj(value, 0))) { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_OBJECT); +- ERR_add_error_data(2, "value=", value); +- goto err; ++ break; ++ ++ case GEN_RID: ++ { ++ ASN1_OBJECT *obj; ++ if (!(obj = OBJ_txt2obj(value, 0))) { ++ X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT); ++ ERR_add_error_data(2, "value=", value); ++ goto err; ++ } ++ gen->d.rid = obj; + } +- gen->d.rid = obj; +- type = GEN_RID; +- } else if (!name_cmp(name, "IP")) { ++ break; ++ ++ case GEN_IPADD: + if (is_nc) + gen->d.ip = a2i_IPADDRESS_NC(value); + else + gen->d.ip = a2i_IPADDRESS(value); + if (gen->d.ip == NULL) { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_IP_ADDRESS); ++ X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_IP_ADDRESS); + ERR_add_error_data(2, "value=", value); + goto err; + } +- type = GEN_IPADD; +- } else if (!name_cmp(name, "dirName")) { +- type = GEN_DIRNAME; ++ break; ++ ++ case GEN_DIRNAME: + if (!do_dirname(gen, value, ctx)) { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_DIRNAME_ERROR); ++ X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_DIRNAME_ERROR); + goto err; + } +- } else if (!name_cmp(name, "otherName")) { ++ break; ++ ++ case GEN_OTHERNAME: + if (!do_othername(gen, value, ctx)) { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_OTHERNAME_ERROR); ++ X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_OTHERNAME_ERROR); + goto err; + } +- type = GEN_OTHERNAME; +- } else { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION); +- ERR_add_error_data(2, "name=", name); ++ break; ++ default: ++ X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_UNSUPPORTED_TYPE); + goto err; + } + +@@ -498,12 +501,12 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || + !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, + strlen(value))) { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE); ++ X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); + goto err; + } + } + +- gen->type = type; ++ gen->type = gen_type; + + return gen; + +@@ -513,6 +516,46 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + return NULL; + } + ++GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, ++ const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) ++{ ++ int type; ++ ++ char *name, *value; ++ ++ name = cnf->name; ++ value = cnf->value; ++ ++ if (!value) { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE); ++ return NULL; ++ } ++ ++ if (!name_cmp(name, "email")) ++ type = GEN_EMAIL; ++ else if (!name_cmp(name, "URI")) ++ type = GEN_URI; ++ else if (!name_cmp(name, "DNS")) ++ type = GEN_DNS; ++ else if (!name_cmp(name, "RID")) ++ type = GEN_RID; ++ else if (!name_cmp(name, "IP")) ++ type = GEN_IPADD; ++ else if (!name_cmp(name, "dirName")) ++ type = GEN_DIRNAME; ++ else if (!name_cmp(name, "otherName")) ++ type = GEN_OTHERNAME; ++ else { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION); ++ ERR_add_error_data(2, "name=", name); ++ return NULL; ++ } ++ ++ return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); ++ ++} ++ + static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) + { + char *objtmp = NULL, *p; +@@ -541,25 +584,26 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) + + static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) + { +- int ret; +- STACK_OF(CONF_VALUE) *sk; +- X509_NAME *nm; ++ int ret = 0; ++ STACK_OF(CONF_VALUE) *sk = NULL; ++ X509_NAME *nm = NULL; + if (!(nm = X509_NAME_new())) +- return 0; ++ goto err; + sk = X509V3_get_section(ctx, value); + if (!sk) { + X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND); + ERR_add_error_data(2, "section=", value); +- X509_NAME_free(nm); +- return 0; ++ goto err; + } + /* FIXME: should allow other character types... */ + ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); + if (!ret) +- X509_NAME_free(nm); ++ goto err; + gen->d.dirn = nm; + ++err: ++ if (ret == 0) ++ X509_NAME_free(nm); + X509V3_section_free(ctx, sk); +- + return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +index c2a8393..2a32c9d 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +@@ -151,7 +151,7 @@ static int i2r_ASIdentifierChoice(BIO *out, + /* + * i2r method for an ASIdentifier extension. + */ +-static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method, ++static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, + void *ext, BIO *out, int indent) + { + ASIdentifiers *asid = ext; +@@ -537,7 +537,7 @@ int v3_asid_canonize(ASIdentifiers *asid) + /* + * v2i method for an ASIdentifier extension. + */ +-static void *v2i_ASIdentifiers(struct v3_ext_method *method, ++static void *v2i_ASIdentifiers(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values) + { +@@ -757,7 +757,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, + { + ASIdOrRanges *child_as = NULL, *child_rdi = NULL; + int i, ret = 1, inherit_as = 0, inherit_rdi = 0; +- X509 *x = NULL; ++ X509 *x; + + OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); + OPENSSL_assert(ctx != NULL || ext != NULL); +@@ -770,6 +770,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, + */ + if (ext != NULL) { + i = -1; ++ x = NULL; + } else { + i = 0; + x = sk_X509_value(chain, i); +@@ -852,6 +853,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, + /* + * Trust anchor can't inherit. + */ ++ OPENSSL_assert(x != NULL); + if (x->rfc3779_asid != NULL) { + if (x->rfc3779_asid->asnum != NULL && + x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +index b1c916f..eeff8bd 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +@@ -74,8 +74,8 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, + X509V3_CTX *ctx); + static char *conf_lhash_get_string(void *db, char *section, char *value); + static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); +-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, +- int crit, void *ext_struc); ++static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, ++ int ext_nid, int crit, void *ext_struc); + static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, + long *ext_len); + /* CONF *conf: Config file */ +@@ -117,7 +117,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, + int crit, char *value) + { +- X509V3_EXT_METHOD *method; ++ const X509V3_EXT_METHOD *method; + X509_EXTENSION *ext; + STACK_OF(CONF_VALUE) *nval; + void *ext_struc; +@@ -173,8 +173,8 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, + + } + +-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, +- int crit, void *ext_struc) ++static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, ++ int ext_nid, int crit, void *ext_struc) + { + unsigned char *ext_der; + int ext_len; +@@ -217,7 +217,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, + + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) + { +- X509V3_EXT_METHOD *method; ++ const X509V3_EXT_METHOD *method; + if (!(method = X509V3_EXT_get_nid(ext_nid))) { + X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); + return NULL; +@@ -462,8 +462,8 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, + + /* Old conf compatibility functions */ + +-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, +- char *value) ++X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, ++ char *name, char *value) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +@@ -472,8 +472,8 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, + + /* LHASH *conf: Config file */ + /* char *value: Value */ +-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, +- char *value) ++X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, ++ X509V3_CTX *ctx, int ext_nid, char *value) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +@@ -497,14 +497,14 @@ static X509V3_CONF_METHOD conf_lhash_method = { + NULL + }; + +-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) ++void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) + { + ctx->db_meth = &conf_lhash_method; + ctx->db = lhash; + } + +-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +- X509 *cert) ++int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, ++ char *section, X509 *cert) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +@@ -513,8 +513,8 @@ int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, + + /* Same as above but for a CRL */ + +-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +- X509_CRL *crl) ++int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, ++ char *section, X509_CRL *crl) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +@@ -523,8 +523,8 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, + + /* Add extensions to certificate request */ + +-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +- X509_REQ *req) ++int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, ++ char *section, X509_REQ *req) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +index 3c26ac1..0febc1b 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +@@ -230,8 +230,12 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, + goto merr; + if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + goto merr; +- qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); +- qual->d.cpsuri = M_ASN1_IA5STRING_new(); ++ if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { ++ X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ if (!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) ++ goto merr; + if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, + strlen(cnf->value))) + goto merr; +@@ -290,14 +294,18 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, + POLICYQUALINFO *qual; + if (!(qual = POLICYQUALINFO_new())) + goto merr; +- qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); ++ if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { ++ X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } + if (!(not = USERNOTICE_new())) + goto merr; + qual->d.usernotice = not; + for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { + cnf = sk_CONF_VALUE_value(unot, i); + if (!strcmp(cnf->name, "explicitText")) { +- not->exptext = M_ASN1_VISIBLESTRING_new(); ++ if (!(not->exptext = M_ASN1_VISIBLESTRING_new())) ++ goto merr; + if (!ASN1_STRING_set(not->exptext, cnf->value, + strlen(cnf->value))) + goto merr; +@@ -473,4 +481,7 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) + BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); + } + ++ + IMPLEMENT_STACK_OF(X509_POLICY_NODE) ++ ++IMPLEMENT_STACK_OF(X509_POLICY_DATA) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +index 6c8ec98..d3e1d1b 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +@@ -4,7 +4,7 @@ + * 1999. + */ + /* ==================================================================== +- * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -64,52 +64,228 @@ + #include + #include + +-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, +- STACK_OF(DIST_POINT) *crld, +- STACK_OF(CONF_VALUE) *extlist); +-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, +- STACK_OF(CONF_VALUE) *nval); ++static void *v2i_crld(const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); ++static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, ++ int indent); + + const X509V3_EXT_METHOD v3_crld = { +- NID_crl_distribution_points, X509V3_EXT_MULTILINE, +- ASN1_ITEM_ref(CRL_DIST_POINTS), ++ NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), + 0, 0, 0, 0, + 0, 0, +- (X509V3_EXT_I2V) i2v_crld, +- (X509V3_EXT_V2I)v2i_crld, ++ 0, ++ v2i_crld, ++ i2r_crldp, 0, ++ NULL ++}; ++ ++const X509V3_EXT_METHOD v3_freshest_crl = { ++ NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), ++ 0, 0, 0, 0, + 0, 0, ++ 0, ++ v2i_crld, ++ i2r_crldp, 0, + NULL + }; + +-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, +- STACK_OF(DIST_POINT) *crld, +- STACK_OF(CONF_VALUE) *exts) ++static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, ++ char *sect) + { +- DIST_POINT *point; +- int i; +- for (i = 0; i < sk_DIST_POINT_num(crld); i++) { +- point = sk_DIST_POINT_value(crld, i); +- if (point->distpoint) { +- if (point->distpoint->type == 0) +- exts = i2v_GENERAL_NAMES(NULL, +- point->distpoint->name.fullname, +- exts); ++ STACK_OF(CONF_VALUE) *gnsect; ++ STACK_OF(GENERAL_NAME) *gens; ++ if (*sect == '@') ++ gnsect = X509V3_get_section(ctx, sect + 1); ++ else ++ gnsect = X509V3_parse_list(sect); ++ if (!gnsect) { ++ X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, X509V3_R_SECTION_NOT_FOUND); ++ return NULL; ++ } ++ gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); ++ if (*sect == '@') ++ X509V3_section_free(ctx, gnsect); ++ else ++ sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); ++ return gens; ++} ++ ++static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, ++ CONF_VALUE *cnf) ++{ ++ STACK_OF(GENERAL_NAME) *fnm = NULL; ++ STACK_OF(X509_NAME_ENTRY) *rnm = NULL; ++ if (!strncmp(cnf->name, "fullname", 9)) { ++ fnm = gnames_from_sectname(ctx, cnf->value); ++ if (!fnm) ++ goto err; ++ } else if (!strcmp(cnf->name, "relativename")) { ++ int ret; ++ STACK_OF(CONF_VALUE) *dnsect; ++ X509_NAME *nm; ++ nm = X509_NAME_new(); ++ if (!nm) ++ return -1; ++ dnsect = X509V3_get_section(ctx, cnf->value); ++ if (!dnsect) { ++ X509V3err(X509V3_F_SET_DIST_POINT_NAME, ++ X509V3_R_SECTION_NOT_FOUND); ++ return -1; ++ } ++ ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); ++ X509V3_section_free(ctx, dnsect); ++ rnm = nm->entries; ++ nm->entries = NULL; ++ X509_NAME_free(nm); ++ if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0) ++ goto err; ++ /* ++ * Since its a name fragment can't have more than one RDNSequence ++ */ ++ if (sk_X509_NAME_ENTRY_value(rnm, ++ sk_X509_NAME_ENTRY_num(rnm) - 1)->set) { ++ X509V3err(X509V3_F_SET_DIST_POINT_NAME, ++ X509V3_R_INVALID_MULTIPLE_RDNS); ++ goto err; ++ } ++ } else ++ return 0; ++ ++ if (*pdp) { ++ X509V3err(X509V3_F_SET_DIST_POINT_NAME, ++ X509V3_R_DISTPOINT_ALREADY_SET); ++ goto err; ++ } ++ ++ *pdp = DIST_POINT_NAME_new(); ++ if (!*pdp) ++ goto err; ++ if (fnm) { ++ (*pdp)->type = 0; ++ (*pdp)->name.fullname = fnm; ++ } else { ++ (*pdp)->type = 1; ++ (*pdp)->name.relativename = rnm; ++ } ++ ++ return 1; ++ ++ err: ++ if (fnm) ++ sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); ++ if (rnm) ++ sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); ++ return -1; ++} ++ ++static const BIT_STRING_BITNAME reason_flags[] = { ++ {0, "Unused", "unused"}, ++ {1, "Key Compromise", "keyCompromise"}, ++ {2, "CA Compromise", "CACompromise"}, ++ {3, "Affiliation Changed", "affiliationChanged"}, ++ {4, "Superseded", "superseded"}, ++ {5, "Cessation Of Operation", "cessationOfOperation"}, ++ {6, "Certificate Hold", "certificateHold"}, ++ {7, "Privilege Withdrawn", "privilegeWithdrawn"}, ++ {8, "AA Compromise", "AACompromise"}, ++ {-1, NULL, NULL} ++}; ++ ++static int set_reasons(ASN1_BIT_STRING **preas, char *value) ++{ ++ STACK_OF(CONF_VALUE) *rsk = NULL; ++ const BIT_STRING_BITNAME *pbn; ++ const char *bnam; ++ int i, ret = 0; ++ rsk = X509V3_parse_list(value); ++ if (!rsk) ++ return 0; ++ if (*preas) ++ return 0; ++ for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { ++ bnam = sk_CONF_VALUE_value(rsk, i)->name; ++ if (!*preas) { ++ *preas = ASN1_BIT_STRING_new(); ++ if (!*preas) ++ goto err; ++ } ++ for (pbn = reason_flags; pbn->lname; pbn++) { ++ if (!strcmp(pbn->sname, bnam)) { ++ if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1)) ++ goto err; ++ break; ++ } ++ } ++ if (!pbn->lname) ++ goto err; ++ } ++ ret = 1; ++ ++ err: ++ sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); ++ return ret; ++} ++ ++static int print_reasons(BIO *out, const char *rname, ++ ASN1_BIT_STRING *rflags, int indent) ++{ ++ int first = 1; ++ const BIT_STRING_BITNAME *pbn; ++ BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); ++ for (pbn = reason_flags; pbn->lname; pbn++) { ++ if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) { ++ if (first) ++ first = 0; + else +- X509V3_add_value("RelativeName", "", &exts); ++ BIO_puts(out, ", "); ++ BIO_puts(out, pbn->lname); + } +- if (point->reasons) +- X509V3_add_value("reasons", "", &exts); +- if (point->CRLissuer) +- X509V3_add_value("CRLissuer", "", &exts); + } +- return exts; ++ if (first) ++ BIO_puts(out, "\n"); ++ else ++ BIO_puts(out, "\n"); ++ return 1; + } + +-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, ++static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) + { ++ int i; ++ CONF_VALUE *cnf; ++ DIST_POINT *point = NULL; ++ point = DIST_POINT_new(); ++ if (!point) ++ goto err; ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ int ret; ++ cnf = sk_CONF_VALUE_value(nval, i); ++ ret = set_dist_point_name(&point->distpoint, ctx, cnf); ++ if (ret > 0) ++ continue; ++ if (ret < 0) ++ goto err; ++ if (!strcmp(cnf->name, "reasons")) { ++ if (!set_reasons(&point->reasons, cnf->value)) ++ goto err; ++ } else if (!strcmp(cnf->name, "CRLissuer")) { ++ point->CRLissuer = gnames_from_sectname(ctx, cnf->value); ++ if (!point->CRLissuer) ++ goto err; ++ } ++ } ++ ++ return point; ++ ++ err: ++ if (point) ++ DIST_POINT_free(point); ++ return NULL; ++} ++ ++static void *v2i_crld(const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++{ + STACK_OF(DIST_POINT) *crld = NULL; + GENERAL_NAMES *gens = NULL; + GENERAL_NAME *gen = NULL; +@@ -120,24 +296,39 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + DIST_POINT *point; + cnf = sk_CONF_VALUE_value(nval, i); +- if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) +- goto err; +- if (!(gens = GENERAL_NAMES_new())) +- goto merr; +- if (!sk_GENERAL_NAME_push(gens, gen)) +- goto merr; +- gen = NULL; +- if (!(point = DIST_POINT_new())) +- goto merr; +- if (!sk_DIST_POINT_push(crld, point)) { +- DIST_POINT_free(point); +- goto merr; ++ if (!cnf->value) { ++ STACK_OF(CONF_VALUE) *dpsect; ++ dpsect = X509V3_get_section(ctx, cnf->name); ++ if (!dpsect) ++ goto err; ++ point = crldp_from_section(ctx, dpsect); ++ X509V3_section_free(ctx, dpsect); ++ if (!point) ++ goto err; ++ if (!sk_DIST_POINT_push(crld, point)) { ++ DIST_POINT_free(point); ++ goto merr; ++ } ++ } else { ++ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) ++ goto err; ++ if (!(gens = GENERAL_NAMES_new())) ++ goto merr; ++ if (!sk_GENERAL_NAME_push(gens, gen)) ++ goto merr; ++ gen = NULL; ++ if (!(point = DIST_POINT_new())) ++ goto merr; ++ if (!sk_DIST_POINT_push(crld, point)) { ++ DIST_POINT_free(point); ++ goto merr; ++ } ++ if (!(point->distpoint = DIST_POINT_NAME_new())) ++ goto merr; ++ point->distpoint->name.fullname = gens; ++ point->distpoint->type = 0; ++ gens = NULL; + } +- if (!(point->distpoint = DIST_POINT_NAME_new())) +- goto merr; +- point->distpoint->name.fullname = gens; +- point->distpoint->type = 0; +- gens = NULL; + } + return crld; + +@@ -154,11 +345,30 @@ IMPLEMENT_STACK_OF(DIST_POINT) + + IMPLEMENT_ASN1_SET_OF(DIST_POINT) + ++static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; ++ ++ switch (operation) { ++ case ASN1_OP_NEW_POST: ++ dpn->dpname = NULL; ++ break; ++ ++ case ASN1_OP_FREE_POST: ++ if (dpn->dpname) ++ X509_NAME_free(dpn->dpname); ++ break; ++ } ++ return 1; ++} + +-ASN1_CHOICE(DIST_POINT_NAME) = { ++ ++ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { + ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), + ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) +-} ASN1_CHOICE_END(DIST_POINT_NAME) ++} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type) ++ + + IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) + +@@ -175,3 +385,178 @@ ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = + ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) + + IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) ++ ++ASN1_SEQUENCE(ISSUING_DIST_POINT) = { ++ ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0), ++ ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1), ++ ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2), ++ ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3), ++ ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4), ++ ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5) ++} ASN1_SEQUENCE_END(ISSUING_DIST_POINT) ++ ++IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) ++ ++static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, ++ int indent); ++static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval); ++ ++const X509V3_EXT_METHOD v3_idp = { ++ NID_issuing_distribution_point, X509V3_EXT_MULTILINE, ++ ASN1_ITEM_ref(ISSUING_DIST_POINT), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, ++ v2i_idp, ++ i2r_idp, 0, ++ NULL ++}; ++ ++static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval) ++{ ++ ISSUING_DIST_POINT *idp = NULL; ++ CONF_VALUE *cnf; ++ char *name, *val; ++ int i, ret; ++ idp = ISSUING_DIST_POINT_new(); ++ if (!idp) ++ goto merr; ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ cnf = sk_CONF_VALUE_value(nval, i); ++ name = cnf->name; ++ val = cnf->value; ++ ret = set_dist_point_name(&idp->distpoint, ctx, cnf); ++ if (ret > 0) ++ continue; ++ if (ret < 0) ++ goto err; ++ if (!strcmp(name, "onlyuser")) { ++ if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) ++ goto err; ++ } else if (!strcmp(name, "onlyCA")) { ++ if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) ++ goto err; ++ } else if (!strcmp(name, "onlyAA")) { ++ if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) ++ goto err; ++ } else if (!strcmp(name, "indirectCRL")) { ++ if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) ++ goto err; ++ } else if (!strcmp(name, "onlysomereasons")) { ++ if (!set_reasons(&idp->onlysomereasons, val)) ++ goto err; ++ } else { ++ X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ } ++ return idp; ++ ++ merr: ++ X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE); ++ err: ++ ISSUING_DIST_POINT_free(idp); ++ return NULL; ++} ++ ++static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) ++{ ++ int i; ++ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { ++ BIO_printf(out, "%*s", indent + 2, ""); ++ GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); ++ BIO_puts(out, "\n"); ++ } ++ return 1; ++} ++ ++static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) ++{ ++ if (dpn->type == 0) { ++ BIO_printf(out, "%*sFull Name:\n", indent, ""); ++ print_gens(out, dpn->name.fullname, indent); ++ } else { ++ X509_NAME ntmp; ++ ntmp.entries = dpn->name.relativename; ++ BIO_printf(out, "%*sRelative Name:\n%*s", indent, "", indent + 2, ""); ++ X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); ++ BIO_puts(out, "\n"); ++ } ++ return 1; ++} ++ ++static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, ++ int indent) ++{ ++ ISSUING_DIST_POINT *idp = pidp; ++ if (idp->distpoint) ++ print_distpoint(out, idp->distpoint, indent); ++ if (idp->onlyuser > 0) ++ BIO_printf(out, "%*sOnly User Certificates\n", indent, ""); ++ if (idp->onlyCA > 0) ++ BIO_printf(out, "%*sOnly CA Certificates\n", indent, ""); ++ if (idp->indirectCRL > 0) ++ BIO_printf(out, "%*sIndirect CRL\n", indent, ""); ++ if (idp->onlysomereasons) ++ print_reasons(out, "Only Some Reasons", idp->onlysomereasons, indent); ++ if (idp->onlyattr > 0) ++ BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); ++ if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) ++ && (idp->indirectCRL <= 0) && !idp->onlysomereasons ++ && (idp->onlyattr <= 0)) ++ BIO_printf(out, "%*s\n", indent, ""); ++ ++ return 1; ++} ++ ++static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, ++ int indent) ++{ ++ STACK_OF(DIST_POINT) *crld = pcrldp; ++ DIST_POINT *point; ++ int i; ++ for (i = 0; i < sk_DIST_POINT_num(crld); i++) { ++ BIO_puts(out, "\n"); ++ point = sk_DIST_POINT_value(crld, i); ++ if (point->distpoint) ++ print_distpoint(out, point->distpoint, indent); ++ if (point->reasons) ++ print_reasons(out, "Reasons", point->reasons, indent); ++ if (point->CRLissuer) { ++ BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); ++ print_gens(out, point->CRLissuer, indent); ++ } ++ } ++ return 1; ++} ++ ++int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) ++{ ++ int i; ++ STACK_OF(X509_NAME_ENTRY) *frag; ++ X509_NAME_ENTRY *ne; ++ if (!dpn || (dpn->type != 1)) ++ return 1; ++ frag = dpn->name.relativename; ++ dpn->dpname = X509_NAME_dup(iname); ++ if (!dpn->dpname) ++ return 0; ++ for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) { ++ ne = sk_X509_NAME_ENTRY_value(frag, i); ++ if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) { ++ X509_NAME_free(dpn->dpname); ++ dpn->dpname = NULL; ++ return 0; ++ } ++ } ++ /* generate cached encoding of name */ ++ if (i2d_X509_NAME(dpn->dpname, NULL) < 0) { ++ X509_NAME_free(dpn->dpname); ++ dpn->dpname = NULL; ++ return 0; ++ } ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +index aa91c5d..7678664 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +@@ -62,14 +62,19 @@ + #include + + static ENUMERATED_NAMES crl_reasons[] = { +- {0, "Unspecified", "unspecified"}, +- {1, "Key Compromise", "keyCompromise"}, +- {2, "CA Compromise", "CACompromise"}, +- {3, "Affiliation Changed", "affiliationChanged"}, +- {4, "Superseded", "superseded"}, +- {5, "Cessation Of Operation", "cessationOfOperation"}, +- {6, "Certificate Hold", "certificateHold"}, +- {8, "Remove From CRL", "removeFromCRL"}, ++ {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, ++ {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"}, ++ {CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"}, ++ {CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", ++ "affiliationChanged"}, ++ {CRL_REASON_SUPERSEDED, "Superseded", "superseded"}, ++ {CRL_REASON_CESSATION_OF_OPERATION, ++ "Cessation Of Operation", "cessationOfOperation"}, ++ {CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold"}, ++ {CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL"}, ++ {CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", ++ "privilegeWithdrawn"}, ++ {CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise"}, + {-1, NULL, NULL} + }; + +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +index 0220174..6092c2e 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +@@ -63,12 +63,11 @@ + #include + #include + +-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, ++static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +- void *eku, +- STACK_OF(CONF_VALUE) ++static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD ++ *method, void *eku, STACK_OF(CONF_VALUE) + *extlist); + + const X509V3_EXT_METHOD v3_ext_ku = { +@@ -100,9 +99,8 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) + + IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) + +-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +- void *a, +- STACK_OF(CONF_VALUE) ++static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD ++ *method, void *a, STACK_OF(CONF_VALUE) + *ext_list) + { + EXTENDED_KEY_USAGE *eku = a; +@@ -117,7 +115,7 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, + return ext_list; + } + +-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, ++static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) + { +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +index 760b304..7f40bfa 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +@@ -4,7 +4,7 @@ + * 1999. + */ + /* ==================================================================== +- * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -99,3 +99,152 @@ ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = + ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES) + + IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES) ++ ++GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a) ++{ ++ return (GENERAL_NAME *)ASN1_dup((i2d_of_void *)i2d_GENERAL_NAME, ++ (d2i_of_void *)d2i_GENERAL_NAME, ++ (char *)a); ++} ++ ++/* Returns 0 if they are equal, != 0 otherwise. */ ++int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) ++{ ++ int result = -1; ++ ++ if (!a || !b || a->type != b->type) ++ return -1; ++ switch (a->type) { ++ case GEN_X400: ++ case GEN_EDIPARTY: ++ result = ASN1_TYPE_cmp(a->d.other, b->d.other); ++ break; ++ ++ case GEN_OTHERNAME: ++ result = OTHERNAME_cmp(a->d.otherName, b->d.otherName); ++ break; ++ ++ case GEN_EMAIL: ++ case GEN_DNS: ++ case GEN_URI: ++ result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5); ++ break; ++ ++ case GEN_DIRNAME: ++ result = X509_NAME_cmp(a->d.dirn, b->d.dirn); ++ break; ++ ++ case GEN_IPADD: ++ result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip); ++ break; ++ ++ case GEN_RID: ++ result = OBJ_cmp(a->d.rid, b->d.rid); ++ break; ++ } ++ return result; ++} ++ ++/* Returns 0 if they are equal, != 0 otherwise. */ ++int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b) ++{ ++ int result = -1; ++ ++ if (!a || !b) ++ return -1; ++ /* Check their type first. */ ++ if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0) ++ return result; ++ /* Check the value. */ ++ result = ASN1_TYPE_cmp(a->value, b->value); ++ return result; ++} ++ ++void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) ++{ ++ switch (type) { ++ case GEN_X400: ++ case GEN_EDIPARTY: ++ a->d.other = value; ++ break; ++ ++ case GEN_OTHERNAME: ++ a->d.otherName = value; ++ break; ++ ++ case GEN_EMAIL: ++ case GEN_DNS: ++ case GEN_URI: ++ a->d.ia5 = value; ++ break; ++ ++ case GEN_DIRNAME: ++ a->d.dirn = value; ++ break; ++ ++ case GEN_IPADD: ++ a->d.ip = value; ++ break; ++ ++ case GEN_RID: ++ a->d.rid = value; ++ break; ++ } ++ a->type = type; ++} ++ ++void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype) ++{ ++ if (ptype) ++ *ptype = a->type; ++ switch (a->type) { ++ case GEN_X400: ++ case GEN_EDIPARTY: ++ return a->d.other; ++ ++ case GEN_OTHERNAME: ++ return a->d.otherName; ++ ++ case GEN_EMAIL: ++ case GEN_DNS: ++ case GEN_URI: ++ return a->d.ia5; ++ ++ case GEN_DIRNAME: ++ return a->d.dirn; ++ ++ case GEN_IPADD: ++ return a->d.ip; ++ ++ case GEN_RID: ++ return a->d.rid; ++ ++ default: ++ return NULL; ++ } ++} ++ ++int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, ++ ASN1_OBJECT *oid, ASN1_TYPE *value) ++{ ++ OTHERNAME *oth; ++ oth = OTHERNAME_new(); ++ if (!oth) ++ return 0; ++ oth->type_id = oid; ++ oth->value = value; ++ GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth); ++ return 1; ++} ++ ++int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, ++ ASN1_OBJECT **poid, ASN1_TYPE **pvalue) ++{ ++ if (gen->type != GEN_OTHERNAME) ++ return 0; ++ if (poid) ++ *poid = gen->d.otherName->type_id; ++ if (pvalue) ++ *pvalue = gen->d.otherName->value; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +index e0c0b04..8350429 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +@@ -90,20 +90,20 @@ static int ext_cmp(const X509V3_EXT_METHOD *const *a, + return ((*a)->ext_nid - (*b)->ext_nid); + } + +-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) ++DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, ++ const X509V3_EXT_METHOD *, ext); ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, ++ const X509V3_EXT_METHOD *, ext); ++ ++const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) + { +- X509V3_EXT_METHOD tmp, *t = &tmp, **ret; ++ X509V3_EXT_METHOD tmp; ++ const X509V3_EXT_METHOD *t = &tmp, *const *ret; + int idx; + if (nid < 0) + return NULL; + tmp.ext_nid = nid; +- ret = (X509V3_EXT_METHOD **)OBJ_bsearch((char *)&t, +- (char *)standard_exts, +- STANDARD_EXTENSION_COUNT, +- sizeof(X509V3_EXT_METHOD *), +- (int (*) +- (const void *, +- const void *))ext_cmp); ++ ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT); + if (ret) + return *ret; + if (!ext_list) +@@ -114,7 +114,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) + return sk_X509V3_EXT_METHOD_value(ext_list, idx); + } + +-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) ++const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) + { + int nid; + if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) +@@ -122,6 +122,28 @@ X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) + return X509V3_EXT_get_nid(nid); + } + ++int X509V3_EXT_free(int nid, void *ext_data) ++{ ++ const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid); ++ if (ext_method == NULL) { ++ X509V3err(X509V3_F_X509V3_EXT_FREE, ++ X509V3_R_CANNOT_FIND_FREE_FUNCTION); ++ return 0; ++ } ++ ++ if (ext_method->it != NULL) ++ ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it)); ++ else if (ext_method->ext_free != NULL) ++ ext_method->ext_free(ext_data); ++ else { ++ X509V3err(X509V3_F_X509V3_EXT_FREE, ++ X509V3_R_CANNOT_FIND_FREE_FUNCTION); ++ return 0; ++ } ++ ++ return 1; ++} ++ + int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) + { + for (; extlist->ext_nid != -1; extlist++) +@@ -132,7 +154,9 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) + + int X509V3_EXT_add_alias(int nid_to, int nid_from) + { +- X509V3_EXT_METHOD *ext, *tmpext; ++ const X509V3_EXT_METHOD *ext; ++ X509V3_EXT_METHOD *tmpext; ++ + if (!(ext = X509V3_EXT_get_nid(nid_from))) { + X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, + X509V3_R_EXTENSION_NOT_FOUND); +@@ -176,7 +200,7 @@ int X509V3_add_standard_extensions(void) + + void *X509V3_EXT_d2i(X509_EXTENSION *ext) + { +- X509V3_EXT_METHOD *method; ++ const X509V3_EXT_METHOD *method; + const unsigned char *p; + + if (!(method = X509V3_EXT_get(ext))) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +index 24c1b66..b97ed27 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +@@ -63,16 +63,23 @@ + #include + #include + +-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, ++static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, void *a, BIO *bp, +- int ind); +-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, ++static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, ++ BIO *bp, int ind); ++static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, + int ind, char *name); + static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); + ++static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); ++static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); ++static int nc_dn(X509_NAME *sub, X509_NAME *nm); ++static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); ++static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); ++static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); ++ + const X509V3_EXT_METHOD v3_name_constraints = { + NID_name_constraints, 0, + ASN1_ITEM_ref(NAME_CONSTRAINTS), +@@ -100,7 +107,7 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, ++static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { + int i; +@@ -147,8 +154,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + return NULL; + } + +-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, +- void *a, BIO *bp, int ind) ++static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, ++ BIO *bp, int ind) + { + NAME_CONSTRAINTS *ncons = a; + do_i2r_name_constraints(method, ncons->permittedSubtrees, +@@ -158,7 +165,7 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + return 1; + } + +-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, ++static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name) + { +@@ -201,3 +208,270 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) + BIO_printf(bp, "IP Address:"); + return 1; + } ++ ++/*- ++ * Check a certificate conforms to a specified set of constraints. ++ * Return values: ++ * X509_V_OK: All constraints obeyed. ++ * X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation. ++ * X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation. ++ * X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type. ++ * X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type. ++ * X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax. ++ * X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name ++ */ ++ ++int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) ++{ ++ int r, i; ++ X509_NAME *nm; ++ ++ nm = X509_get_subject_name(x); ++ ++ if (X509_NAME_entry_count(nm) > 0) { ++ GENERAL_NAME gntmp; ++ gntmp.type = GEN_DIRNAME; ++ gntmp.d.directoryName = nm; ++ ++ r = nc_match(&gntmp, nc); ++ ++ if (r != X509_V_OK) ++ return r; ++ ++ gntmp.type = GEN_EMAIL; ++ ++ /* Process any email address attributes in subject name */ ++ ++ for (i = -1;;) { ++ X509_NAME_ENTRY *ne; ++ i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i); ++ if (i == -1) ++ break; ++ ne = X509_NAME_get_entry(nm, i); ++ gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne); ++ if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING) ++ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; ++ ++ r = nc_match(&gntmp, nc); ++ ++ if (r != X509_V_OK) ++ return r; ++ } ++ ++ } ++ ++ for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) { ++ GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i); ++ r = nc_match(gen, nc); ++ if (r != X509_V_OK) ++ return r; ++ } ++ ++ return X509_V_OK; ++ ++} ++ ++static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) ++{ ++ GENERAL_SUBTREE *sub; ++ int i, r, match = 0; ++ ++ /* ++ * Permitted subtrees: if any subtrees exist of matching the type at ++ * least one subtree must match. ++ */ ++ ++ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) { ++ sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); ++ if (gen->type != sub->base->type) ++ continue; ++ if (sub->minimum || sub->maximum) ++ return X509_V_ERR_SUBTREE_MINMAX; ++ /* If we already have a match don't bother trying any more */ ++ if (match == 2) ++ continue; ++ if (match == 0) ++ match = 1; ++ r = nc_match_single(gen, sub->base); ++ if (r == X509_V_OK) ++ match = 2; ++ else if (r != X509_V_ERR_PERMITTED_VIOLATION) ++ return r; ++ } ++ ++ if (match == 1) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ ++ /* Excluded subtrees: must not match any of these */ ++ ++ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { ++ sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); ++ if (gen->type != sub->base->type) ++ continue; ++ if (sub->minimum || sub->maximum) ++ return X509_V_ERR_SUBTREE_MINMAX; ++ ++ r = nc_match_single(gen, sub->base); ++ if (r == X509_V_OK) ++ return X509_V_ERR_EXCLUDED_VIOLATION; ++ else if (r != X509_V_ERR_PERMITTED_VIOLATION) ++ return r; ++ ++ } ++ ++ return X509_V_OK; ++ ++} ++ ++static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) ++{ ++ switch (base->type) { ++ case GEN_DIRNAME: ++ return nc_dn(gen->d.directoryName, base->d.directoryName); ++ ++ case GEN_DNS: ++ return nc_dns(gen->d.dNSName, base->d.dNSName); ++ ++ case GEN_EMAIL: ++ return nc_email(gen->d.rfc822Name, base->d.rfc822Name); ++ ++ case GEN_URI: ++ return nc_uri(gen->d.uniformResourceIdentifier, ++ base->d.uniformResourceIdentifier); ++ ++ default: ++ return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; ++ } ++ ++} ++ ++/* ++ * directoryName name constraint matching. The canonical encoding of ++ * X509_NAME makes this comparison easy. It is matched if the subtree is a ++ * subset of the name. ++ */ ++ ++static int nc_dn(X509_NAME *nm, X509_NAME *base) ++{ ++ /* Ensure canonical encodings are up to date. */ ++ if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) ++ return X509_V_ERR_OUT_OF_MEM; ++ if (base->modified && i2d_X509_NAME(base, NULL) < 0) ++ return X509_V_ERR_OUT_OF_MEM; ++ if (base->canon_enclen > nm->canon_enclen) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ return X509_V_OK; ++} ++ ++static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) ++{ ++ char *baseptr = (char *)base->data; ++ char *dnsptr = (char *)dns->data; ++ /* Empty matches everything */ ++ if (!*baseptr) ++ return X509_V_OK; ++ /* ++ * Otherwise can add zero or more components on the left so compare RHS ++ * and if dns is longer and expect '.' as preceding character. ++ */ ++ if (dns->length > base->length) { ++ dnsptr += dns->length - base->length; ++ if (*baseptr != '.' && dnsptr[-1] != '.') ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ } ++ ++ if (strcasecmp(baseptr, dnsptr)) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ ++ return X509_V_OK; ++ ++} ++ ++static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) ++{ ++ const char *baseptr = (char *)base->data; ++ const char *emlptr = (char *)eml->data; ++ ++ const char *baseat = strchr(baseptr, '@'); ++ const char *emlat = strchr(emlptr, '@'); ++ if (!emlat) ++ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; ++ /* Special case: inital '.' is RHS match */ ++ if (!baseat && (*baseptr == '.')) { ++ if (eml->length > base->length) { ++ emlptr += eml->length - base->length; ++ if (!strcasecmp(baseptr, emlptr)) ++ return X509_V_OK; ++ } ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ } ++ ++ /* If we have anything before '@' match local part */ ++ ++ if (baseat) { ++ if (baseat != baseptr) { ++ if ((baseat - baseptr) != (emlat - emlptr)) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ /* Case sensitive match of local part */ ++ if (strncmp(baseptr, emlptr, emlat - emlptr)) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ } ++ /* Position base after '@' */ ++ baseptr = baseat + 1; ++ } ++ emlptr = emlat + 1; ++ /* Just have hostname left to match: case insensitive */ ++ if (strcasecmp(baseptr, emlptr)) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ ++ return X509_V_OK; ++ ++} ++ ++static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) ++{ ++ const char *baseptr = (char *)base->data; ++ const char *hostptr = (char *)uri->data; ++ const char *p = strchr(hostptr, ':'); ++ int hostlen; ++ /* Check for foo:// and skip past it */ ++ if (!p || (p[1] != '/') || (p[2] != '/')) ++ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; ++ hostptr = p + 3; ++ ++ /* Determine length of hostname part of URI */ ++ ++ /* Look for a port indicator as end of hostname first */ ++ ++ p = strchr(hostptr, ':'); ++ /* Otherwise look for trailing slash */ ++ if (!p) ++ p = strchr(hostptr, '/'); ++ ++ if (!p) ++ hostlen = strlen(hostptr); ++ else ++ hostlen = p - hostptr; ++ ++ if (hostlen == 0) ++ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; ++ ++ /* Special case: inital '.' is RHS match */ ++ if (*baseptr == '.') { ++ if (hostlen > base->length) { ++ p = hostptr + hostlen - base->length; ++ if (!strncasecmp(p, baseptr, base->length)) ++ return X509_V_OK; ++ } ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ } ++ ++ if ((base->length != (int)hostlen) ++ || strncasecmp(hostptr, baseptr, hostlen)) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ ++ return X509_V_OK; ++ ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c +index e1b72f5..b151eac 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c +@@ -70,26 +70,26 @@ + * OCSP extensions and a couple of CRL entry extensions + */ + +-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, +- int indent); +-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, +- int indent); +-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, ++static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, ++ BIO *out, int indent); ++static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, ++ BIO *out, int indent); ++static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, + int indent); + + static void *ocsp_nonce_new(void); + static int i2d_ocsp_nonce(void *a, unsigned char **pp); + static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); + static void ocsp_nonce_free(void *a); +-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, +- int indent); ++static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, ++ BIO *out, int indent); + +-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, +- BIO *out, int indent); +-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- const char *str); +-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, +- int ind); ++static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, ++ void *nocheck, BIO *out, int indent); ++static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, const char *str); ++static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, ++ BIO *bp, int ind); + + const X509V3_EXT_METHOD v3_ocsp_crlid = { + NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), +@@ -157,7 +157,7 @@ const X509V3_EXT_METHOD v3_ocsp_serviceloc = { + NULL + }; + +-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, ++static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, + int ind) + { + OCSP_CRLID *a = in; +@@ -190,8 +190,8 @@ static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, + return 0; + } + +-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, +- int ind) ++static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, ++ BIO *bp, int ind) + { + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; +@@ -200,7 +200,8 @@ static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, + return 1; + } + +-static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) ++static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, ++ int ind) + { + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; +@@ -258,8 +259,8 @@ static void ocsp_nonce_free(void *a) + M_ASN1_OCTET_STRING_free(a); + } + +-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, +- int indent) ++static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, ++ BIO *out, int indent) + { + if (BIO_printf(out, "%*s", indent, "") <= 0) + return 0; +@@ -270,20 +271,20 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, + + /* Nocheck is just a single NULL. Don't print anything and always set it */ + +-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, ++static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, + BIO *out, int indent) + { + return 1; + } + +-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- const char *str) ++static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, const char *str) + { + return ASN1_NULL_new(); + } + +-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, +- int ind) ++static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, ++ BIO *bp, int ind) + { + int i; + OCSP_SERVICELOC *a = in; +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +index cd6b4b2..fe0d806 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +@@ -82,7 +82,7 @@ static int process_pci_value(CONF_VALUE *val, + if (strcmp(val->name, "language") == 0) { + if (*language) { + X509V3err(X509V3_F_PROCESS_PCI_VALUE, +- X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); ++ X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); + X509V3_conf_err(val); + return 0; + } +@@ -95,7 +95,7 @@ static int process_pci_value(CONF_VALUE *val, + } else if (strcmp(val->name, "pathlen") == 0) { + if (*pathlen) { + X509V3err(X509V3_F_PROCESS_PCI_VALUE, +- X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); ++ X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); + X509V3_conf_err(val); + return 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +index 6a5f337..cfccb97 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +@@ -64,11 +64,10 @@ + #include + #include + +-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, +- void *bcons, +- STACK_OF(CONF_VALUE) ++static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD ++ *method, void *bcons, STACK_OF(CONF_VALUE) + *extlist); +-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, ++static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values); + +@@ -90,9 +89,8 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { + + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) + +-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, +- void *a, +- STACK_OF(CONF_VALUE) ++static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD ++ *method, void *a, STACK_OF(CONF_VALUE) + *extlist) + { + POLICY_CONSTRAINTS *pcons = a; +@@ -103,7 +101,7 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + return extlist; + } + +-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, ++static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) + { +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +index 22e9e58..a168343 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +@@ -63,11 +63,10 @@ + #include + #include + +-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, ++static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, +- void *pmps, +- STACK_OF(CONF_VALUE) ++static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD ++ *method, void *pmps, STACK_OF(CONF_VALUE) + *extlist); + + const X509V3_EXT_METHOD v3_policy_mappings = { +@@ -93,8 +92,8 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) + + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) + +-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, +- void *a, STACK_OF(CONF_VALUE) ++static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD ++ *method, void *a, STACK_OF(CONF_VALUE) + *ext_list) + { + POLICY_MAPPINGS *pmaps = a; +@@ -111,7 +110,7 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + return ext_list; + } + +-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, ++static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { + POLICY_MAPPINGS *pmaps; +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +index 4ae463e..acc9c6d 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +@@ -121,7 +121,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + void *ext_str = NULL; + char *value = NULL; + const unsigned char *p; +- X509V3_EXT_METHOD *method; ++ const X509V3_EXT_METHOD *method; + STACK_OF(CONF_VALUE) *nval = NULL; + int ok = 1; + +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +index 6ff1521..36b0d87 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +@@ -78,6 +78,8 @@ static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, + int ca); + static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, + int ca); ++static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, ++ int ca); + static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); + static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca); + +@@ -101,6 +103,9 @@ static X509_PURPOSE xstandard[] = { + NULL}, + {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, + "OCSP helper", "ocsphelper", NULL}, ++ {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, ++ check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", ++ NULL}, + }; + + #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) +@@ -292,11 +297,14 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp) + return xp->trust; + } + +-static int nid_cmp(int *a, int *b) ++static int nid_cmp(const int *a, const int *b) + { + return *a - *b; + } + ++DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid); ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid); ++ + int X509_supported_extension(X509_EXTENSION *ex) + { + /* +@@ -307,7 +315,7 @@ int X509_supported_extension(X509_EXTENSION *ex) + * order because it will be searched using bsearch. + */ + +- static int supported_nids[] = { ++ static const int supported_nids[] = { + NID_netscape_cert_type, /* 71 */ + NID_key_usage, /* 83 */ + NID_subject_alt_name, /* 85 */ +@@ -319,24 +327,59 @@ int X509_supported_extension(X509_EXTENSION *ex) + NID_sbgp_autonomousSysNum, /* 291 */ + #endif + NID_policy_constraints, /* 401 */ +- NID_proxyCertInfo, /* 661 */ ++ NID_proxyCertInfo, /* 663 */ ++ NID_name_constraints, /* 666 */ ++ NID_policy_mappings, /* 747 */ + NID_inhibit_any_policy /* 748 */ + }; + +- int ex_nid; +- +- ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); ++ int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); + + if (ex_nid == NID_undef) + return 0; + +- if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, +- sizeof(supported_nids) / sizeof(int), sizeof(int), +- (int (*)(const void *, const void *))nid_cmp)) ++ if (OBJ_bsearch_nid(&ex_nid, supported_nids, ++ sizeof(supported_nids) / sizeof(int))) + return 1; + return 0; + } + ++static void setup_dp(X509 *x, DIST_POINT *dp) ++{ ++ X509_NAME *iname = NULL; ++ int i; ++ if (dp->reasons) { ++ if (dp->reasons->length > 0) ++ dp->dp_reasons = dp->reasons->data[0]; ++ if (dp->reasons->length > 1) ++ dp->dp_reasons |= (dp->reasons->data[1] << 8); ++ dp->dp_reasons &= CRLDP_ALL_REASONS; ++ } else ++ dp->dp_reasons = CRLDP_ALL_REASONS; ++ if (!dp->distpoint || (dp->distpoint->type != 1)) ++ return; ++ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { ++ GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); ++ if (gen->type == GEN_DIRNAME) { ++ iname = gen->d.directoryName; ++ break; ++ } ++ } ++ if (!iname) ++ iname = X509_get_issuer_name(x); ++ ++ DIST_POINT_set_dpname(dp->distpoint, iname); ++ ++} ++ ++static void setup_crldp(X509 *x) ++{ ++ int i; ++ x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); ++ for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) ++ setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); ++} ++ + static void x509v3_cache_extensions(X509 *x) + { + BASIC_CONSTRAINTS *bs; +@@ -352,9 +395,6 @@ static void x509v3_cache_extensions(X509 *x) + #ifndef OPENSSL_NO_SHA + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); + #endif +- /* Does subject name match issuer ? */ +- if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) +- x->ex_flags |= EXFLAG_SI; + /* V1 should mean no extensions ... */ + if (!X509_get_version(x)) + x->ex_flags |= EXFLAG_V1; +@@ -377,8 +417,8 @@ static void x509v3_cache_extensions(X509 *x) + /* Handle proxy certificates */ + if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { + if (x->ex_flags & EXFLAG_CA +- || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 +- || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { ++ || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 ++ || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { + x->ex_flags |= EXFLAG_INVALID; + } + if (pci->pcPathLengthConstraint) { +@@ -436,6 +476,10 @@ static void x509v3_cache_extensions(X509 *x) + case NID_dvcs: + x->ex_xkusage |= XKU_DVCS; + break; ++ ++ case NID_anyExtendedKeyUsage: ++ x->ex_xkusage |= XKU_ANYEKU; ++ break; + } + } + sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); +@@ -451,6 +495,19 @@ static void x509v3_cache_extensions(X509 *x) + } + x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); + x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); ++ /* Does subject name match issuer ? */ ++ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { ++ x->ex_flags |= EXFLAG_SI; ++ /* If SKID matches AKID also indicate self signed */ ++ if (X509_check_akid(x, x->akid) == X509_V_OK) ++ x->ex_flags |= EXFLAG_SS; ++ } ++ x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); ++ x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL); ++ if (!x->nc && (i != -1)) ++ x->ex_flags |= EXFLAG_INVALID; ++ setup_crldp(x); ++ + #ifndef OPENSSL_NO_RFC3779 + x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); + x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, +@@ -458,6 +515,9 @@ static void x509v3_cache_extensions(X509 *x) + #endif + for (i = 0; i < X509_get_ext_count(x); i++) { + ex = X509_get_ext(x, i); ++ if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) ++ == NID_freshest_crl) ++ x->ex_flags |= EXFLAG_FRESHEST; + if (!X509_EXTENSION_get_critical(ex)) + continue; + if (!X509_supported_extension(ex)) { +@@ -546,8 +606,8 @@ static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, + return 0; + if (ca) + return check_ssl_ca(x); +- /* We need to do digital signatures with it */ +- if (ku_reject(x, KU_DIGITAL_SIGNATURE)) ++ /* We need to do digital signatures or key agreement */ ++ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)) + return 0; + /* nsCertType if present should allow SSL client use */ + if (ns_reject(x, NS_SSL_CLIENT)) +@@ -555,6 +615,14 @@ static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, + return 1; + } + ++/* ++ * Key usage needed for TLS/SSL server: digital signature, encipherment or ++ * key agreement. The ssl code can check this more thoroughly for individual ++ * key types. ++ */ ++#define KU_TLS \ ++ KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT ++ + static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, + int ca) + { +@@ -565,8 +633,7 @@ static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, + + if (ns_reject(x, NS_SSL_SERVER)) + return 0; +- /* Now as for keyUsage: we'll at least need to sign OR encipher */ +- if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_ENCIPHERMENT)) ++ if (ku_reject(x, KU_TLS)) + return 0; + + return 1; +@@ -669,6 +736,41 @@ static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) + return 1; + } + ++static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, ++ int ca) ++{ ++ int i_ext; ++ ++ /* If ca is true we must return if this is a valid CA certificate. */ ++ if (ca) ++ return check_ca(x); ++ ++ /* ++ * Check the optional key usage field: ++ * if Key Usage is present, it must be one of digitalSignature ++ * and/or nonRepudiation (other values are not consistent and shall ++ * be rejected). ++ */ ++ if ((x->ex_flags & EXFLAG_KUSAGE) ++ && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) || ++ !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)))) ++ return 0; ++ ++ /* Only time stamp key usage is permitted and it's required. */ ++ if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP) ++ return 0; ++ ++ /* Extended Key Usage MUST be critical */ ++ i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1); ++ if (i_ext >= 0) { ++ X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); ++ if (!X509_EXTENSION_get_critical(ext)) ++ return 0; ++ } ++ ++ return 1; ++} ++ + static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) + { + return 1; +@@ -694,39 +796,13 @@ int X509_check_issued(X509 *issuer, X509 *subject) + return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; + x509v3_cache_extensions(issuer); + x509v3_cache_extensions(subject); ++ + if (subject->akid) { +- /* Check key ids (if present) */ +- if (subject->akid->keyid && issuer->skid && +- ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid)) +- return X509_V_ERR_AKID_SKID_MISMATCH; +- /* Check serial number */ +- if (subject->akid->serial && +- ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), +- subject->akid->serial)) +- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; +- /* Check issuer name */ +- if (subject->akid->issuer) { +- /* +- * Ugh, for some peculiar reason AKID includes SEQUENCE OF +- * GeneralName. So look for a DirName. There may be more than one +- * but we only take any notice of the first. +- */ +- GENERAL_NAMES *gens; +- GENERAL_NAME *gen; +- X509_NAME *nm = NULL; +- int i; +- gens = subject->akid->issuer; +- for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { +- gen = sk_GENERAL_NAME_value(gens, i); +- if (gen->type == GEN_DIRNAME) { +- nm = gen->d.dirn; +- break; +- } +- } +- if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) +- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; +- } ++ int ret = X509_check_akid(issuer, subject->akid); ++ if (ret != X509_V_OK) ++ return ret; + } ++ + if (subject->ex_flags & EXFLAG_PROXY) { + if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; +@@ -734,3 +810,42 @@ int X509_check_issued(X509 *issuer, X509 *subject) + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; + return X509_V_OK; + } ++ ++int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) ++{ ++ ++ if (!akid) ++ return X509_V_OK; ++ ++ /* Check key ids (if present) */ ++ if (akid->keyid && issuer->skid && ++ ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid)) ++ return X509_V_ERR_AKID_SKID_MISMATCH; ++ /* Check serial number */ ++ if (akid->serial && ++ ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial)) ++ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; ++ /* Check issuer name */ ++ if (akid->issuer) { ++ /* ++ * Ugh, for some peculiar reason AKID includes SEQUENCE OF ++ * GeneralName. So look for a DirName. There may be more than one but ++ * we only take any notice of the first. ++ */ ++ GENERAL_NAMES *gens; ++ GENERAL_NAME *gen; ++ X509_NAME *nm = NULL; ++ int i; ++ gens = akid->issuer; ++ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { ++ gen = sk_GENERAL_NAME_value(gens, i); ++ if (gen->type == GEN_DIRNAME) { ++ nm = gen->d.dirn; ++ break; ++ } ++ } ++ if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) ++ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; ++ } ++ return X509_V_OK; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +index 70c2795..1cede04 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +@@ -133,7 +133,9 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, + goto err; + } + +- EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); ++ if (!EVP_Digest ++ (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) ++ goto err; + + if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { + X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +index ff32afe..bdd7b95 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +@@ -67,9 +67,10 @@ + + static char *strip_spaces(char *name); + static int sk_strcmp(const char *const *a, const char *const *b); +-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); +-static void str_free(void *str); +-static int append_ia5(STACK ** sk, ASN1_IA5STRING *email); ++static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, ++ GENERAL_NAMES *gens); ++static void str_free(OPENSSL_STRING str); ++static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); + + static int ipv4_from_asc(unsigned char *v4, const char *in); + static int ipv6_from_asc(unsigned char *v6, const char *in); +@@ -284,6 +285,10 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) + int state; + /* We are going to modify the line so copy it first */ + linebuf = BUF_strdup(line); ++ if (linebuf == NULL) { ++ X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + state = HDR_NAME; + ntmp = NULL; + /* Go through all characters */ +@@ -399,10 +404,10 @@ static char *strip_spaces(char *name) + * on EBCDIC machines) + */ + +-char *hex_to_string(unsigned char *buffer, long len) ++char *hex_to_string(const unsigned char *buffer, long len) + { + char *tmp, *q; +- unsigned char *p; ++ const unsigned char *p; + int i; + const static char hexdig[] = "0123456789ABCDEF"; + if (!buffer || !len) +@@ -429,7 +434,7 @@ char *hex_to_string(unsigned char *buffer, long len) + * Give a string of hex digits convert to a buffer + */ + +-unsigned char *string_to_hex(char *str, long *len) ++unsigned char *string_to_hex(const char *str, long *len) + { + unsigned char *hexbuf, *q; + unsigned char ch, cl, *p; +@@ -517,21 +522,23 @@ static int sk_strcmp(const char *const *a, const char *const *b) + return strcmp(*a, *b); + } + +-STACK *X509_get1_email(X509 *x) ++STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x) + { + GENERAL_NAMES *gens; +- STACK *ret; ++ STACK_OF(OPENSSL_STRING) *ret; ++ + gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + ret = get_email(X509_get_subject_name(x), gens); + sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); + return ret; + } + +-STACK *X509_get1_ocsp(X509 *x) ++STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x) + { + AUTHORITY_INFO_ACCESS *info; +- STACK *ret = NULL; ++ STACK_OF(OPENSSL_STRING) *ret = NULL; + int i; ++ + info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); + if (!info) + return NULL; +@@ -549,11 +556,12 @@ STACK *X509_get1_ocsp(X509 *x) + return ret; + } + +-STACK *X509_REQ_get1_email(X509_REQ *x) ++STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x) + { + GENERAL_NAMES *gens; + STACK_OF(X509_EXTENSION) *exts; +- STACK *ret; ++ STACK_OF(OPENSSL_STRING) *ret; ++ + exts = X509_REQ_get_extensions(x); + gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); + ret = get_email(X509_REQ_get_subject_name(x), gens); +@@ -562,9 +570,10 @@ STACK *X509_REQ_get1_email(X509_REQ *x) + return ret; + } + +-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) ++static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, ++ GENERAL_NAMES *gens) + { +- STACK *ret = NULL; ++ STACK_OF(OPENSSL_STRING) *ret = NULL; + X509_NAME_ENTRY *ne; + ASN1_IA5STRING *email; + GENERAL_NAME *gen; +@@ -589,12 +598,12 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) + return ret; + } + +-static void str_free(void *str) ++static void str_free(OPENSSL_STRING str) + { + OPENSSL_free(str); + } + +-static int append_ia5(STACK ** sk, ASN1_IA5STRING *email) ++static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) + { + char *emtmp; + /* First some sanity checks */ +@@ -603,14 +612,14 @@ static int append_ia5(STACK ** sk, ASN1_IA5STRING *email) + if (!email->data || !email->length) + return 1; + if (!*sk) +- *sk = sk_new(sk_strcmp); ++ *sk = sk_OPENSSL_STRING_new(sk_strcmp); + if (!*sk) + return 0; + /* Don't add duplicates */ +- if (sk_find(*sk, (char *)email->data) != -1) ++ if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) + return 1; + emtmp = BUF_strdup((char *)email->data); +- if (!emtmp || !sk_push(*sk, emtmp)) { ++ if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { + X509_email_free(*sk); + *sk = NULL; + return 0; +@@ -618,9 +627,436 @@ static int append_ia5(STACK ** sk, ASN1_IA5STRING *email) + return 1; + } + +-void X509_email_free(STACK * sk) ++void X509_email_free(STACK_OF(OPENSSL_STRING) *sk) ++{ ++ sk_OPENSSL_STRING_pop_free(sk, str_free); ++} ++ ++typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, ++ const unsigned char *subject, size_t subject_len, ++ unsigned int flags); ++ ++/* Skip pattern prefix to match "wildcard" subject */ ++static void skip_prefix(const unsigned char **p, size_t *plen, ++ const unsigned char *subject, size_t subject_len, ++ unsigned int flags) ++{ ++ const unsigned char *pattern = *p; ++ size_t pattern_len = *plen; ++ ++ /* ++ * If subject starts with a leading '.' followed by more octets, and ++ * pattern is longer, compare just an equal-length suffix with the ++ * full subject (starting at the '.'), provided the prefix contains ++ * no NULs. ++ */ ++ if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0) ++ return; ++ ++ while (pattern_len > subject_len && *pattern) { ++ if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) && ++ *pattern == '.') ++ break; ++ ++pattern; ++ --pattern_len; ++ } ++ ++ /* Skip if entire prefix acceptable */ ++ if (pattern_len == subject_len) { ++ *p = pattern; ++ *plen = pattern_len; ++ } ++} ++ ++/* Compare while ASCII ignoring case. */ ++static int equal_nocase(const unsigned char *pattern, size_t pattern_len, ++ const unsigned char *subject, size_t subject_len, ++ unsigned int flags) ++{ ++ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); ++ if (pattern_len != subject_len) ++ return 0; ++ while (pattern_len) { ++ unsigned char l = *pattern; ++ unsigned char r = *subject; ++ /* The pattern must not contain NUL characters. */ ++ if (l == 0) ++ return 0; ++ if (l != r) { ++ if ('A' <= l && l <= 'Z') ++ l = (l - 'A') + 'a'; ++ if ('A' <= r && r <= 'Z') ++ r = (r - 'A') + 'a'; ++ if (l != r) ++ return 0; ++ } ++ ++pattern; ++ ++subject; ++ --pattern_len; ++ } ++ return 1; ++} ++ ++/* Compare using memcmp. */ ++static int equal_case(const unsigned char *pattern, size_t pattern_len, ++ const unsigned char *subject, size_t subject_len, ++ unsigned int flags) ++{ ++ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); ++ if (pattern_len != subject_len) ++ return 0; ++ return !memcmp(pattern, subject, pattern_len); ++} ++ ++/* ++ * RFC 5280, section 7.5, requires that only the domain is compared in a ++ * case-insensitive manner. ++ */ ++static int equal_email(const unsigned char *a, size_t a_len, ++ const unsigned char *b, size_t b_len, ++ unsigned int unused_flags) ++{ ++ size_t i = a_len; ++ if (a_len != b_len) ++ return 0; ++ /* ++ * We search backwards for the '@' character, so that we do not have to ++ * deal with quoted local-parts. The domain part is compared in a ++ * case-insensitive manner. ++ */ ++ while (i > 0) { ++ --i; ++ if (a[i] == '@' || b[i] == '@') { ++ if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0)) ++ return 0; ++ break; ++ } ++ } ++ if (i == 0) ++ i = a_len; ++ return equal_case(a, i, b, i, 0); ++} ++ ++/* ++ * Compare the prefix and suffix with the subject, and check that the ++ * characters in-between are valid. ++ */ ++static int wildcard_match(const unsigned char *prefix, size_t prefix_len, ++ const unsigned char *suffix, size_t suffix_len, ++ const unsigned char *subject, size_t subject_len, ++ unsigned int flags) ++{ ++ const unsigned char *wildcard_start; ++ const unsigned char *wildcard_end; ++ const unsigned char *p; ++ int allow_multi = 0; ++ int allow_idna = 0; ++ ++ if (subject_len < prefix_len + suffix_len) ++ return 0; ++ if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags)) ++ return 0; ++ wildcard_start = subject + prefix_len; ++ wildcard_end = subject + (subject_len - suffix_len); ++ if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags)) ++ return 0; ++ /* ++ * If the wildcard makes up the entire first label, it must match at ++ * least one character. ++ */ ++ if (prefix_len == 0 && *suffix == '.') { ++ if (wildcard_start == wildcard_end) ++ return 0; ++ allow_idna = 1; ++ if (flags & X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS) ++ allow_multi = 1; ++ } ++ /* IDNA labels cannot match partial wildcards */ ++ if (!allow_idna && ++ subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0) ++ return 0; ++ /* The wildcard may match a literal '*' */ ++ if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*') ++ return 1; ++ /* ++ * Check that the part matched by the wildcard contains only ++ * permitted characters and only matches a single label unless ++ * allow_multi is set. ++ */ ++ for (p = wildcard_start; p != wildcard_end; ++p) ++ if (!(('0' <= *p && *p <= '9') || ++ ('A' <= *p && *p <= 'Z') || ++ ('a' <= *p && *p <= 'z') || ++ *p == '-' || (allow_multi && *p == '.'))) ++ return 0; ++ return 1; ++} ++ ++#define LABEL_START (1 << 0) ++#define LABEL_END (1 << 1) ++#define LABEL_HYPHEN (1 << 2) ++#define LABEL_IDNA (1 << 3) ++ ++static const unsigned char *valid_star(const unsigned char *p, size_t len, ++ unsigned int flags) ++{ ++ const unsigned char *star = 0; ++ size_t i; ++ int state = LABEL_START; ++ int dots = 0; ++ for (i = 0; i < len; ++i) { ++ /* ++ * Locate first and only legal wildcard, either at the start ++ * or end of a non-IDNA first and not final label. ++ */ ++ if (p[i] == '*') { ++ int atstart = (state & LABEL_START); ++ int atend = (i == len - 1 || p[i + 1] == '.'); ++ /*- ++ * At most one wildcard per pattern. ++ * No wildcards in IDNA labels. ++ * No wildcards after the first label. ++ */ ++ if (star != NULL || (state & LABEL_IDNA) != 0 || dots) ++ return NULL; ++ /* Only full-label '*.example.com' wildcards? */ ++ if ((flags & X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS) ++ && (!atstart || !atend)) ++ return NULL; ++ /* No 'foo*bar' wildcards */ ++ if (!atstart && !atend) ++ return NULL; ++ star = &p[i]; ++ state &= ~LABEL_START; ++ } else if (('a' <= p[i] && p[i] <= 'z') ++ || ('A' <= p[i] && p[i] <= 'Z') ++ || ('0' <= p[i] && p[i] <= '9')) { ++ if ((state & LABEL_START) != 0 ++ && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0) ++ state |= LABEL_IDNA; ++ state &= ~(LABEL_HYPHEN | LABEL_START); ++ } else if (p[i] == '.') { ++ if ((state & (LABEL_HYPHEN | LABEL_START)) != 0) ++ return NULL; ++ state = LABEL_START; ++ ++dots; ++ } else if (p[i] == '-') { ++ if ((state & LABEL_HYPHEN) != 0) ++ return NULL; ++ state |= LABEL_HYPHEN; ++ } else ++ return NULL; ++ } ++ ++ /* ++ * The final label must not end in a hyphen or ".", and ++ * there must be at least two dots after the star. ++ */ ++ if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2) ++ return NULL; ++ return star; ++} ++ ++/* Compare using wildcards. */ ++static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, ++ const unsigned char *subject, size_t subject_len, ++ unsigned int flags) ++{ ++ const unsigned char *star = NULL; ++ ++ /* ++ * Subject names starting with '.' can only match a wildcard pattern ++ * via a subject sub-domain pattern suffix match. ++ */ ++ if (!(subject_len > 1 && subject[0] == '.')) ++ star = valid_star(pattern, pattern_len, flags); ++ if (star == NULL) ++ return equal_nocase(pattern, pattern_len, ++ subject, subject_len, flags); ++ return wildcard_match(pattern, star - pattern, ++ star + 1, (pattern + pattern_len) - star - 1, ++ subject, subject_len, flags); ++} ++ ++/* ++ * Compare an ASN1_STRING to a supplied string. If they match return 1. If ++ * cmp_type > 0 only compare if string matches the type, otherwise convert it ++ * to UTF8. ++ */ ++ ++static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, ++ unsigned int flags, const char *b, size_t blen, ++ char **peername) ++{ ++ int rv = 0; ++ ++ if (!a->data || !a->length) ++ return 0; ++ if (cmp_type > 0) { ++ if (cmp_type != a->type) ++ return 0; ++ if (cmp_type == V_ASN1_IA5STRING) ++ rv = equal(a->data, a->length, (unsigned char *)b, blen, flags); ++ else if (a->length == (int)blen && !memcmp(a->data, b, blen)) ++ rv = 1; ++ if (rv > 0 && peername) ++ *peername = BUF_strndup((char *)a->data, a->length); ++ } else { ++ int astrlen; ++ unsigned char *astr; ++ astrlen = ASN1_STRING_to_UTF8(&astr, a); ++ if (astrlen < 0) { ++ /* ++ * -1 could be an internal malloc failure or a decoding error from ++ * malformed input; we can't distinguish. ++ */ ++ return -1; ++ } ++ rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); ++ if (rv > 0 && peername) ++ *peername = BUF_strndup((char *)astr, astrlen); ++ OPENSSL_free(astr); ++ } ++ return rv; ++} ++ ++static int do_x509_check(X509 *x, const char *chk, size_t chklen, ++ unsigned int flags, int check_type, char **peername) + { +- sk_pop_free(sk, str_free); ++ GENERAL_NAMES *gens = NULL; ++ X509_NAME *name = NULL; ++ int i; ++ int cnid; ++ int alt_type; ++ int san_present = 0; ++ int rv = 0; ++ equal_fn equal; ++ ++ /* See below, this flag is internal-only */ ++ flags &= ~_X509_CHECK_FLAG_DOT_SUBDOMAINS; ++ if (check_type == GEN_EMAIL) { ++ cnid = NID_pkcs9_emailAddress; ++ alt_type = V_ASN1_IA5STRING; ++ equal = equal_email; ++ } else if (check_type == GEN_DNS) { ++ cnid = NID_commonName; ++ /* Implicit client-side DNS sub-domain pattern */ ++ if (chklen > 1 && chk[0] == '.') ++ flags |= _X509_CHECK_FLAG_DOT_SUBDOMAINS; ++ alt_type = V_ASN1_IA5STRING; ++ if (flags & X509_CHECK_FLAG_NO_WILDCARDS) ++ equal = equal_nocase; ++ else ++ equal = equal_wildcard; ++ } else { ++ cnid = 0; ++ alt_type = V_ASN1_OCTET_STRING; ++ equal = equal_case; ++ } ++ ++ if (chklen == 0) ++ chklen = strlen(chk); ++ ++ gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); ++ if (gens) { ++ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { ++ GENERAL_NAME *gen; ++ ASN1_STRING *cstr; ++ gen = sk_GENERAL_NAME_value(gens, i); ++ if (gen->type != check_type) ++ continue; ++ san_present = 1; ++ if (check_type == GEN_EMAIL) ++ cstr = gen->d.rfc822Name; ++ else if (check_type == GEN_DNS) ++ cstr = gen->d.dNSName; ++ else ++ cstr = gen->d.iPAddress; ++ /* Positive on success, negative on error! */ ++ if ((rv = do_check_string(cstr, alt_type, equal, flags, ++ chk, chklen, peername)) != 0) ++ break; ++ } ++ GENERAL_NAMES_free(gens); ++ if (rv != 0) ++ return rv; ++ if (!cnid ++ || (san_present ++ && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) ++ return 0; ++ } ++ i = -1; ++ name = X509_get_subject_name(x); ++ while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) { ++ X509_NAME_ENTRY *ne; ++ ASN1_STRING *str; ++ ne = X509_NAME_get_entry(name, i); ++ str = X509_NAME_ENTRY_get_data(ne); ++ /* Positive on success, negative on error! */ ++ if ((rv = do_check_string(str, -1, equal, flags, ++ chk, chklen, peername)) != 0) ++ return rv; ++ } ++ return 0; ++} ++ ++int X509_check_host(X509 *x, const char *chk, size_t chklen, ++ unsigned int flags, char **peername) ++{ ++ if (chk == NULL) ++ return -2; ++ /* ++ * Embedded NULs are disallowed, except as the last character of a ++ * string of length 2 or more (tolerate caller including terminating ++ * NUL in string length). ++ */ ++ if (chklen == 0) ++ chklen = strlen(chk); ++ else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen)) ++ return -2; ++ if (chklen > 1 && chk[chklen - 1] == '\0') ++ --chklen; ++ return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername); ++} ++ ++int X509_check_email(X509 *x, const char *chk, size_t chklen, ++ unsigned int flags) ++{ ++ if (chk == NULL) ++ return -2; ++ /* ++ * Embedded NULs are disallowed, except as the last character of a ++ * string of length 2 or more (tolerate caller including terminating ++ * NUL in string length). ++ */ ++ if (chklen == 0) ++ chklen = strlen((char *)chk); ++ else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen)) ++ return -2; ++ if (chklen > 1 && chk[chklen - 1] == '\0') ++ --chklen; ++ return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL); ++} ++ ++int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, ++ unsigned int flags) ++{ ++ if (chk == NULL) ++ return -2; ++ return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL); ++} ++ ++int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) ++{ ++ unsigned char ipout[16]; ++ size_t iplen; ++ ++ if (ipasc == NULL) ++ return -2; ++ iplen = (size_t)a2i_ipadd(ipout, ipasc); ++ if (iplen == 0) ++ return -2; ++ return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL); + } + + /* +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +index 40b0076..bcc1be7 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +@@ -1,6 +1,6 @@ + /* crypto/x509v3/v3err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -70,6 +70,7 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) + + static ERR_STRING_DATA X509V3_str_functs[] = { ++ {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"}, + {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), + "ASIDENTIFIERCHOICE_CANONIZE"}, + {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), +@@ -81,6 +82,7 @@ static ERR_STRING_DATA X509V3_str_functs[] = { + {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, + {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, + {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, ++ {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"}, + {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, +@@ -98,6 +100,7 @@ static ERR_STRING_DATA X509V3_str_functs[] = { + {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, + {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, ++ {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"}, + {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, + {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, + {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, +@@ -114,6 +117,7 @@ static ERR_STRING_DATA X509V3_str_functs[] = { + {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, + {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, + {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, ++ {ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"}, + {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, + {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, + {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, +@@ -128,6 +132,7 @@ static ERR_STRING_DATA X509V3_str_functs[] = { + {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, ++ {ERR_FUNC(X509V3_F_X509V3_EXT_FREE), "X509V3_EXT_free"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, + {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, +@@ -145,7 +150,10 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { + {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, + {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), + "bn to asn1 integer error"}, ++ {ERR_REASON(X509V3_R_CANNOT_FIND_FREE_FUNCTION), ++ "cannot find free function"}, + {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"}, ++ {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"}, + {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, + {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"}, + {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION), +@@ -169,6 +177,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { + "invalid extension string"}, + {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"}, + {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"}, ++ {ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS), "invalid multiple rdns"}, + {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"}, + {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, + {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"}, +@@ -201,11 +210,11 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { + {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, + {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, + {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"}, +- {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED), +- "policy language alreadty defined"}, ++ {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), ++ "policy language already defined"}, + {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"}, +- {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED), +- "policy path length alreadty defined"}, ++ {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), ++ "policy path length already defined"}, + {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), + "policy syntax not currently supported"}, + {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), +@@ -221,6 +230,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { + {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"}, + {ERR_REASON(X509V3_R_UNKNOWN_OPTION), "unknown option"}, + {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION), "unsupported option"}, ++ {ERR_REASON(X509V3_R_UNSUPPORTED_TYPE), "unsupported type"}, + {ERR_REASON(X509V3_R_USER_TOO_LONG), "user too long"}, + {0, NULL} + }; +diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h +index 4a85a9c..45fef69 100644 +--- a/Cryptlib/OpenSSL/e_os.h ++++ b/Cryptlib/OpenSSL/e_os.h +@@ -104,7 +104,6 @@ extern "C" { + # ifndef MAC_OS_GUSI_SOURCE + # define MAC_OS_pre_X + # define NO_SYS_TYPES_H +-typedef long ssize_t; + # endif + # define NO_SYS_PARAM_H + # define NO_CHMOD +@@ -118,7 +117,7 @@ typedef long ssize_t; + The Microsoft section + ********************************************************************/ + /* +- * The following is used becaue of the small stack in some Microsoft ++ * The following is used because of the small stack in some Microsoft + * operating systems + */ + # if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32) +@@ -130,9 +129,6 @@ typedef long ssize_t; + # if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) + # define WIN32 + # endif +-# if defined(OPENSSL_SYS_WIN16) && !defined(WIN16) +-# define WIN16 +-# endif + # if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS) + # define WINDOWS + # endif +@@ -187,6 +183,13 @@ typedef long ssize_t; + # define closesocket(s) close(s) + # define readsocket(s,b,n) read((s),(b),(n)) + # define writesocket(s,b,n) write((s),(char *)(b),(n)) ++# elif defined(OPENSSL_SYS_BEOS_R5) ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define FIONBIO SO_NONBLOCK ++# define ioctlsocket(a,b,c) setsockopt((a),SOL_SOCKET,(b),(c),sizeof(*(c))) ++# define readsocket(s,b,n) recv((s),(b),(n),0) ++# define writesocket(s,b,n) send((s),(b),(n),0) + # elif defined(OPENSSL_SYS_NETWARE) + # if defined(NETWARE_BSDSOCK) + # define get_last_socket_error() errno +@@ -215,7 +218,7 @@ typedef long ssize_t; + # define writesocket(s,b,n) write((s),(b),(n)) + # endif + +-# ifdef WIN16 ++# ifdef WIN16 /* never the case */ + # define MS_CALLBACK _far _loadds + # define MS_FAR _far + # else +@@ -261,23 +264,38 @@ typedef long ssize_t; + /* + * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." + * Most notably we ought to check for availability of each specific +- * routine with GetProcAddress() and/or quard NT-specific calls with ++ * routine with GetProcAddress() and/or guard NT-specific calls with + * GetVersion() < 0x80000000. One can argue that in latter "or" case + * we ought to /DELAYLOAD some .DLLs in order to protect ourselves + * against run-time link errors. This doesn't seem to be necessary, + * because it turned out that already Windows 95, first non-NT Win32 + * implementation, is equipped with at least NT 3.51 stubs, dummy + * routines with same name, but which do nothing. Meaning that it's +- * apparently appropriate to guard generic NT calls with GetVersion +- * alone, while NT 4.0 and above calls ought to be additionally +- * checked upon with GetProcAddress. ++ * apparently sufficient to guard "vanilla" NT calls with GetVersion ++ * alone, while NT 4.0 and above interfaces ought to be linked with ++ * GetProcAddress at run-time. + */ + # define _WIN32_WINNT 0x0400 + # endif ++# if !defined(OPENSSL_NO_SOCK) && (defined(_WIN32_WINNT) || defined(_WIN32_WCE)) ++ /* ++ * Just like defining _WIN32_WINNT including winsock2.h implies ++ * certain "discipline" for maintaining [broad] binary compatibility. ++ * As long as structures are invariant among Winsock versions, ++ * it's sufficient to check for specific Winsock2 API availability ++ * at run-time [DSO_global_lookup is recommended]... ++ */ ++# include ++# include ++ /* yes, they have to be #included prior to */ ++# endif + # include + # include + # include + # include ++# if defined(_WIN32_WCE) && !defined(EACCES) ++# define EACCES 13 ++# endif + # include + # ifdef _WIN64 + # define strlen(s) _strlen31(s) +@@ -299,8 +317,8 @@ static __inline unsigned int _strlen31(const char *str) + # undef isupper + # undef isxdigit + # endif +-# if defined(_MSC_VER) && !defined(_DLL) && defined(stdin) +-# if _MSC_VER>=1300 ++# if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin) ++# if _MSC_VER>=1300 && _MSC_VER<1600 + # undef stdin + # undef stdout + # undef stderr +@@ -308,7 +326,7 @@ FILE *__iob_func(); + # define stdin (&__iob_func()[0]) + # define stdout (&__iob_func()[1]) + # define stderr (&__iob_func()[2]) +-# elif defined(I_CAN_LIVE_WITH_LNK4049) ++# elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049) + # undef stdin + # undef stdout + # undef stderr +@@ -330,11 +348,9 @@ extern FILE *_imp___iob; + # include + + # ifdef OPENSSL_SYS_WINCE +-# include ++# define OPENSSL_NO_POSIX_IO + # endif + +-# define ssize_t long +- + # if defined (__BORLANDC__) + # define _setmode setmode + # define _O_TEXT O_TEXT +@@ -343,12 +359,7 @@ extern FILE *_imp___iob; + # define _kbhit kbhit + # endif + +-# if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST) +-# define EXIT(n) _wsetexit(_WINEXITNOPERSIST) +-# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0) +-# else +-# define EXIT(n) exit(n) +-# endif ++# define EXIT(n) exit(n) + # define LIST_SEPARATOR_CHAR ';' + # ifndef X_OK + # define X_OK 0 +@@ -434,7 +445,6 @@ extern FILE *_imp___iob; + extern int GetThreadID(void); + /* # include */ + extern int kbhit(void); +-extern void delay(unsigned milliseconds); + # else + # include + # endif +@@ -468,13 +478,14 @@ extern void delay(unsigned milliseconds); + * -D_POSIX_SOURCE, which doesn't work for + * us) */ + # endif +-# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) +-# define ssize_t int /* ditto */ +-# endif + # ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ + # define setvbuf(a, b, c, d) setbuffer((a), (b), (d)) + typedef unsigned long clock_t; + # endif ++# ifdef OPENSSL_SYS_WIN32_CYGWIN ++# include ++# include ++# endif + + # define OPENSSL_CONF "openssl.cnf" + # define SSLEAY_CONF OPENSSL_CONF +@@ -490,6 +501,10 @@ typedef unsigned long clock_t; + + /*************/ + ++# if defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_DGRAM) ++# define OPENSSL_NO_DGRAM ++# endif ++ + # ifdef USE_SOCKETS + # if defined(WINDOWS) || defined(MSDOS) + /* windows world */ +@@ -500,8 +515,19 @@ typedef unsigned long clock_t; + # define SHUTDOWN(fd) close(fd) + # define SHUTDOWN2(fd) close(fd) + # elif !defined(__DJGPP__) +-# include +-extern HINSTANCE _hInstance; ++# if defined(_WIN32_WCE) && _WIN32_WCE<410 ++# define getservbyname _masked_declaration_getservbyname ++# endif ++# if !defined(IPPROTO_IP) ++ /* winsock[2].h was included already? */ ++# include ++# endif ++# ifdef getservbyname ++# undef getservbyname ++ /* this is used to be wcecompat/include/winsock_extras.h */ ++struct servent *PASCAL getservbyname(const char *, const char *); ++# endif ++ + # ifdef _WIN64 + /* + * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because +@@ -575,7 +601,9 @@ extern HINSTANCE _hInstance; + # include /* Added for FIONBIO under unixware */ + # endif + # include +-# include ++# if !defined(OPENSSL_SYS_BEOS_R5) ++# include ++# endif + # endif + + # if defined(NeXT) || defined(_NEXT_SOURCE) +@@ -619,12 +647,18 @@ extern HINSTANCE _hInstance; + # define INVALID_SOCKET (-1) + # endif /* INVALID_SOCKET */ + # endif +-# endif + +-# if defined(__ultrix) +-# ifndef ssize_t +-# define ssize_t int ++/* ++ * Some IPv6 implementations are broken, disable them in known bad versions. ++ */ ++# if !defined(OPENSSL_USE_IPV6) ++# if defined(AF_INET6) && !defined(OPENSSL_SYS_BEOS_BONE) && !defined(NETWARE_CLIB) ++# define OPENSSL_USE_IPV6 1 ++# else ++# define OPENSSL_USE_IPV6 0 ++# endif + # endif ++ + # endif + + # if defined(sun) && !defined(__svr4__) && !defined(__SVR4) +@@ -653,20 +687,6 @@ extern int sys_nerr; + + /***********************************************/ + +-/* +- * do we need to do this for getenv. Just define getenv for use under windows +- */ +- +-# ifdef WIN16 +-/* How to do this needs to be thought out a bit more.... */ +-/* +- * char *GETENV(char *); #define Getenv GETENV +- */ +-# define Getenv getenv +-# else +-# define Getenv getenv +-# endif +- + # define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */ + + # ifdef sgi +@@ -730,6 +750,14 @@ struct servent *getservbyname(const char *name, const char *proto); + # endif + /* end vxworks */ + ++/* beos */ ++# if defined(OPENSSL_SYS_BEOS_R5) ++# define SO_ERROR 0 ++# define NO_SYS_UN ++# define IPPROTO_IP 0 ++# include ++# endif ++ + # if !defined(inline) && !defined(__cplusplus) + # if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* do nothing, inline works */ +diff --git a/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch b/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch +new file mode 100644 +index 0000000..6e56dbc +--- /dev/null ++++ b/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch +@@ -0,0 +1,70 @@ ++diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c ++index 7c81e25..9091d56 100644 ++--- a/Cryptlib/OpenSSL/crypto/bio/b_print.c +++++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c ++@@ -129,8 +129,10 @@ static void fmtstr(char **, char **, size_t *, size_t *, ++ const char *, int, int, int); ++ static void fmtint(char **, char **, size_t *, size_t *, ++ LLONG, int, int, int, int); +++#ifndef OPENSSL_SYS_UEFI ++ static void fmtfp(char **, char **, size_t *, size_t *, ++ LDOUBLE, int, int, int); +++#endif ++ static void doapr_outch(char **, char **, size_t *, size_t *, int); ++ static void _dopr(char **sbuffer, char **buffer, ++ size_t *maxlen, size_t *retlen, int *truncated, ++@@ -173,7 +175,9 @@ _dopr(char **sbuffer, ++ { ++ char ch; ++ LLONG value; +++#ifndef OPENSSL_SYS_UEFI ++ LDOUBLE fvalue; +++#endif ++ char *strvalue; ++ int min; ++ int max; ++@@ -275,10 +279,12 @@ _dopr(char **sbuffer, ++ cflags = DP_C_LLONG; ++ ch = *format++; ++ break; +++#ifndef OPENSSL_SYS_UEFI ++ case 'L': ++ cflags = DP_C_LDOUBLE; ++ ch = *format++; ++ break; +++#endif ++ default: ++ break; ++ } ++@@ -330,6 +336,7 @@ _dopr(char **sbuffer, ++ ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), ++ min, max, flags); ++ break; +++#ifndef OPENSSL_SYS_UEFI ++ case 'f': ++ if (cflags == DP_C_LDOUBLE) ++ fvalue = va_arg(args, LDOUBLE); ++@@ -354,6 +361,7 @@ _dopr(char **sbuffer, ++ else ++ fvalue = va_arg(args, double); ++ break; +++#endif ++ case 'c': ++ doapr_outch(sbuffer, buffer, &currlen, maxlen, ++ va_arg(args, int)); ++@@ -550,6 +558,7 @@ fmtint(char **sbuffer, ++ return; ++ } ++ +++#ifndef OPENSSL_SYS_UEFI ++ static LDOUBLE abs_val(LDOUBLE value) ++ { ++ LDOUBLE result = value; ++@@ -696,6 +705,7 @@ fmtfp(char **sbuffer, ++ ++padlen; ++ } ++ } +++#endif ++ ++ static void ++ doapr_outch(char **sbuffer, +diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh +index 89ccd84..03f9459 100755 +--- a/Cryptlib/OpenSSL/update.sh ++++ b/Cryptlib/OpenSSL/update.sh +@@ -1,11 +1,12 @@ + #/bin/sh + DIR=$1 +-version="0.9.8zf" ++version="1.0.2d" + + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/constant_time_locl.h crypto/constant_time_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md32_common.h crypto/md32_common.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.h crypto/cryptlib.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dyn_lck.c crypto/dyn_lck.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_clr.c crypto/mem_clr.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_dbg.c crypto/mem_dbg.c +@@ -14,17 +15,23 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ex_data.c c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cpt_err.c crypto/cpt_err.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ebcdic.c crypto/ebcdic.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/uid.c crypto/uid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.h crypto/o_time.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.c crypto/o_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.h crypto/o_str.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.c crypto/o_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.h crypto/o_dir.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.c crypto/o_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_fips.c crypto/o_fips.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_init.c crypto/o_init.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/fips_err.c crypto/fips_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_one.c crypto/md2/md2_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/fips_ers.c crypto/fips_ers.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/LPdir_nyi.c crypto/LPdir_nyi.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_locl.h crypto/md4/md4_locl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_one.c crypto/md4/md4_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_locl.h crypto/md5/md5_locl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_one.c crypto/md5/md5_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_locl.h crypto/sha/sha_locl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_one.c crypto/sha/sha_one.c +@@ -32,12 +39,16 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1_on + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha256.c crypto/sha/sha256.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha512.c crypto/sha/sha512.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hmac.c crypto/hmac/hmac.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_lib.c crypto/des/des_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hm_ameth.c crypto/hmac/hm_ameth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hm_pmeth.c crypto/hmac/hm_pmeth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_locl.h crypto/des/des_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_ver.h crypto/des/des_ver.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/spr.h crypto/des/spr.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_des.h crypto/des/rpc_des.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/set_key.c crypto/des/set_key.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb_enc.c crypto/des/ecb_enc.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_enc.c crypto/des/cbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ncbc_enc.c crypto/des/ncbc_enc.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64enc.c crypto/des/cfb64enc.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64ede.c crypto/des/cfb64ede.c +@@ -61,29 +72,11 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ede_cbc + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old.c crypto/des/des_old.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old2.c crypto/des/des_old2.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/read2pwd.c crypto/des/read2pwd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_locl.h crypto/rc4/rc4_locl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cbc.c crypto/idea/i_cbc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ecb.c crypto/idea/i_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_skey.c crypto/idea/i_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_skey.c crypto/bf/bf_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_enc.c crypto/bf/bf_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_skey.c crypto/cast/c_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ecb.c crypto/cast/c_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_enc.c crypto/cast/c_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_utl.c crypto/rc4/rc4_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_locl.h crypto/aes/aes_locl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_misc.c crypto/aes/aes_misc.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c +@@ -93,6 +86,19 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ige + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_core.c crypto/aes/aes_core.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/modes_lcl.h crypto/modes/modes_lcl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/cbc128.c crypto/modes/cbc128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/ctr128.c crypto/modes/ctr128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/cts128.c crypto/modes/cts128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/cfb128.c crypto/modes/cfb128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/ofb128.c crypto/modes/ofb128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/gcm128.c crypto/modes/gcm128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/ccm128.c crypto/modes/ccm128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/xts128.c crypto/modes/xts128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/wrap128.c crypto/modes/wrap128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn.h crypto/bn/bn.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lcl.h crypto/bn/bn_lcl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.h crypto/bn/bn_prime.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_add.c crypto/bn/bn_add.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_div.c crypto/bn/bn_div.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp.c crypto/bn/bn_exp.c +@@ -121,7 +127,8 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_nist. + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_depr.c crypto/bn/bn_depr.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_const.c crypto/bn/bn_const.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_opt.c crypto/bn/bn_opt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/rsaz_exp.h crypto/bn/rsaz_exp.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_locl.h crypto/rsa/rsa_locl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c +@@ -136,20 +143,12 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_chk + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_prn.c crypto/rsa/rsa_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pmeth.c crypto/rsa/rsa_pmeth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_crpt.c crypto/rsa/rsa_crpt.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dl.c crypto/dso/dso_dl.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_err.c crypto/dso/dso_err.c +@@ -158,6 +157,7 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_nul + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_win32.c crypto/dso/dso_win32.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_vms.c crypto/dso/dso_vms.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_beos.c crypto/dso/dso_beos.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_gen.c crypto/dh/dh_gen.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_key.c crypto/dh/dh_key.c +@@ -165,33 +165,14 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_lib.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_check.c crypto/dh/dh_check.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_err.c crypto/dh/dh_err.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_depr.c crypto/dh/dh_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_lib.c crypto/ec/ec_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_mult.c crypto/ec/ec_mult.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_err.c crypto/ec/ec_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_curve.c crypto/ec/ec_curve.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_check.c crypto/ec/ec_check.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_print.c crypto/ec/ec_print.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_key.c crypto/ec/ec_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_ameth.c crypto/dh/dh_ameth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_prn.c crypto/dh/dh_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_rfc5114.c crypto/dh/dh_rfc5114.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buffer.c crypto/buffer/buffer.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_str.c crypto/buffer/buf_str.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_err.c crypto/buffer/buf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lcl.h crypto/bio/bio_lcl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lib.c crypto/bio/bio_lib.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_cb.c crypto/bio/bio_cb.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_err.c crypto/bio/bio_err.c +@@ -199,9 +180,14 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_mem + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_null.c crypto/bio/bss_null.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_fd.c crypto/bio/bss_fd.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_file.c crypto/bio/bss_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_sock.c crypto/bio/bss_sock.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_conn.c crypto/bio/bss_conn.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_null.c crypto/bio/bf_null.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_buff.c crypto/bio/bf_buff.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_dump.c crypto/bio/b_dump.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_print.c crypto/bio/b_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_sock.c crypto/bio/b_sock.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_acpt.c crypto/bio/bss_acpt.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_log.c crypto/bio/bss_log.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_bio.c crypto/bio/bss_bio.c +@@ -209,29 +195,25 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_dgr + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/stack/stack.c crypto/stack/stack.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lhash.c crypto/lhash/lhash.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lcl.h crypto/rand/rand_lcl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/md_rand.c crypto/rand/md_rand.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/randfile.c crypto/rand/randfile.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lib.c crypto/rand/rand_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_eng.c crypto/rand/rand_eng.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_err.c crypto/rand/rand_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_egd.c crypto/rand/rand_egd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_win.c crypto/rand/rand_win.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_unix.c crypto/rand/rand_unix.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_os2.c crypto/rand/rand_os2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_nw.c crypto/rand/rand_nw.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err.c crypto/err/err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_def.c crypto/err/err_def.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_all.c crypto/err/err_all.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_prn.c crypto/err/err_prn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_str.c crypto/err/err_str.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_bio.c crypto/err/err_bio.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/o_names.c crypto/objects/o_names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.h crypto/objects/obj_dat.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.c crypto/objects/obj_dat.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_lib.c crypto/objects/obj_lib.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_err.c crypto/objects/obj_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_xref.h crypto/objects/obj_xref.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_xref.c crypto/objects/obj_xref.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_locl.h crypto/evp/evp_locl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/encode.c crypto/evp/encode.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/digest.c crypto/evp/digest.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/dig_eng.c crypto/evp/dig_eng.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_enc.c crypto/evp/evp_enc.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_key.c crypto/evp/evp_key.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c +@@ -240,22 +222,25 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_bf.c crypto/evp/e_bf.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_idea.c crypto/evp/e_idea.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des3.c crypto/evp/e_des3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_camellia.c crypto/evp/e_camellia.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4.c crypto/evp/e_rc4.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes.c crypto/evp/e_aes.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/names.c crypto/evp/names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_seed.c crypto/evp/e_seed.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc2.c crypto/evp/e_rc2.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_cast.c crypto/evp/e_cast.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc5.c crypto/evp/e_rc5.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/enc_min.c crypto/evp/enc_min.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_null.c crypto/evp/m_null.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md2.c crypto/evp/m_md2.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md4.c crypto/evp/m_md4.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md5.c crypto/evp/m_md5.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha.c crypto/evp/m_sha.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha1.c crypto/evp/m_sha1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_wp.c crypto/evp/m_wp.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss.c crypto/evp/m_dss.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss1.c crypto/evp/m_dss1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_mdc2.c crypto/evp/m_mdc2.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_open.c crypto/evp/p_open.c +@@ -280,6 +265,15 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pbe + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_old.c crypto/evp/e_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/pmeth_lib.c crypto/evp/pmeth_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/pmeth_fn.c crypto/evp/pmeth_fn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/pmeth_gn.c crypto/evp/pmeth_gn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sigver.c crypto/evp/m_sigver.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes_cbc_hmac_sha256.c crypto/evp/e_aes_cbc_hmac_sha256.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4_hmac_md5.c crypto/evp/e_rc4_hmac_md5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_locl.h crypto/asn1/asn1_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/charmap.h crypto/asn1/charmap.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_object.c crypto/asn1/a_object.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c +@@ -315,6 +309,7 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_crl. + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_info.c crypto/asn1/x_info.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_spki.c crypto/asn1/x_spki.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/nsseq.c crypto/asn1/nsseq.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_nx509.c crypto/asn1/x_nx509.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c +@@ -332,20 +327,22 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_e + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_prn.c crypto/asn1/tasn_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/ameth_lib.c crypto/asn1/ameth_lib.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_int.c crypto/asn1/f_int.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_string.c crypto/asn1/f_string.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_enum.c crypto/asn1/f_enum.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bool.c crypto/asn1/a_bool.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_exten.c crypto/asn1/x_exten.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/bio_asn1.c crypto/asn1/bio_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/bio_ndef.c crypto/asn1/bio_ndef.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_meth.c crypto/asn1/a_meth.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c +@@ -365,6 +362,8 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_xau + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_oth.c crypto/pem/pem_oth.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pvkfmt.c crypto/pem/pvkfmt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/vpm_int.h crypto/x509/vpm_int.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_def.c crypto/x509/x509_def.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_d2.c crypto/x509/x509_d2.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c +@@ -386,9 +385,9 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_l + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x_all.c crypto/x509/x_all.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_txt.c crypto/x509/x509_txt.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_trs.c crypto/x509/x509_trs.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_file.c crypto/x509/by_file.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_dir.c crypto/x509/by_dir.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_int.h crypto/x509v3/pcy_int.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c +@@ -428,6 +427,7 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_a + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_err.c crypto/conf/conf_err.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_lib.c crypto/conf/conf_lib.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_api.c crypto/conf/conf_api.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.h crypto/conf/conf_def.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.c crypto/conf/conf_def.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mod.c crypto/conf/conf_mod.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mall.c crypto/conf/conf_mall.c +@@ -440,6 +440,7 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_d + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/bio_pk7.c crypto/pkcs7/bio_pk7.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c +@@ -459,29 +460,6 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_l + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_err.c crypto/comp/comp_err.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_rle.c crypto/comp/c_rle.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_zlib.c crypto/comp/c_zlib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_err.c crypto/engine/eng_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_lib.c crypto/engine/eng_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_list.c crypto/engine/eng_list.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_init.c crypto/engine/eng_init.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_table.c crypto/engine/eng_table.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_fat.c crypto/engine/eng_fat.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_all.c crypto/engine/eng_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dh.c crypto/engine/tb_dh.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rand.c crypto/engine/tb_rand.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_store.c crypto/engine/tb_store.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_digest.c crypto/engine/tb_digest.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c +@@ -491,15 +469,29 @@ install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_s + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_err.c crypto/ui/ui_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_locl.h crypto/ui/ui_locl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_lib.c crypto/ui/ui_lib.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_util.c crypto/ui/ui_util.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_compat.c crypto/ui/ui_compat.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_err.c crypto/store/str_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_lib.c crypto/store/str_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_meth.c crypto/store/str_meth.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_mem.c crypto/store/str_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pqueue/pqueue.h crypto/pqueue/pqueue.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts.h crypto/ts/ts.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_err.c crypto/ts/ts_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_req_utils.c crypto/ts/ts_req_utils.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_req_print.c crypto/ts/ts_req_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_rsp_utils.c crypto/ts/ts_rsp_utils.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_rsp_print.c crypto/ts/ts_rsp_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_rsp_sign.c crypto/ts/ts_rsp_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_rsp_verify.c crypto/ts/ts_rsp_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_verify_ctx.c crypto/ts/ts_verify_ctx.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_lib.c crypto/ts/ts_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_conf.c crypto/ts/ts_conf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ts/ts_asn1.c crypto/ts/ts_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cmac/cmac.c crypto/cmac/cmac.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cmac/cm_ameth.c crypto/cmac/cm_ameth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cmac/cm_pmeth.c crypto/cmac/cm_pmeth.c + + find . -name "*.[ch]" -exec chmod -x {} \; ++ ++patch -p3 < openssl-bio-b_print-disable-sse.patch +diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c +index 4ce2b06..9e93355 100644 +--- a/Cryptlib/Pk/CryptAuthenticode.c ++++ b/Cryptlib/Pk/CryptAuthenticode.c +@@ -9,7 +9,7 @@ + AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for + data structure. + +-Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
++Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -72,6 +72,7 @@ AuthenticodeVerify ( + { + BOOLEAN Status; + PKCS7 *Pkcs7; ++ CONST UINT8 *Temp; + CONST UINT8 *OrigAuthData; + UINT8 *SpcIndirectDataContent; + UINT8 Asn1Byte; +@@ -96,7 +97,8 @@ AuthenticodeVerify ( + // + // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature + // +- Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize); ++ Temp = AuthData; ++ Pkcs7 = d2i_PKCS7 (NULL, &Temp, (int)DataSize); + if (Pkcs7 == NULL) { + goto _Exit; + } +diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c +index a9665d5..d0b0c83 100644 +--- a/Cryptlib/Pk/CryptPkcs7Verify.c ++++ b/Cryptlib/Pk/CryptPkcs7Verify.c +@@ -10,7 +10,7 @@ + WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated + Variable and will do basic check for data structure. + +-Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
++Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -273,7 +273,7 @@ X509PopCertificate ( + goto _Exit; + } + +- Length = ((BUF_MEM *) CertBio->ptr)->length; ++ Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length); + if (Length <= 0) { + goto _Exit; + } +@@ -343,7 +343,7 @@ Pkcs7GetSigners ( + PKCS7 *Pkcs7; + BOOLEAN Status; + UINT8 *SignedData; +- UINT8 *Temp; ++ CONST UINT8 *Temp; + UINTN SignedDataSize; + BOOLEAN Wrapped; + STACK_OF(X509) *Stack; +@@ -549,7 +549,7 @@ Pkcs7Verify ( + X509 *Cert; + X509_STORE *CertStore; + UINT8 *SignedData; +- UINT8 *Temp; ++ CONST UINT8 *Temp; + UINTN SignedDataSize; + BOOLEAN Wrapped; + +@@ -618,7 +618,8 @@ Pkcs7Verify ( + // + // Read DER-encoded root certificate and Construct X509 Certificate + // +- Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength); ++ Temp = TrustedCert; ++ Cert = d2i_X509 (NULL, &Temp, (long) CertLength); + if (Cert == NULL) { + goto _Exit; + } +@@ -679,4 +680,115 @@ _Exit: + } + + return Status; +-} +\ No newline at end of file ++} ++ ++/** ++ Extracts the attached content from a PKCS#7 signed data if existed. The input signed ++ data could be wrapped in a ContentInfo structure. ++ ++ If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow, ++ then return FAlSE. If the P7Data is not correctly formatted, then return FALSE. ++ ++ Caution: This function may receive untrusted input. So this function will do ++ basic check for PKCS#7 data structure. ++ ++ @param[in] P7Data Pointer to the PKCS#7 signed data to process. ++ @param[in] P7Length Length of the PKCS#7 signed data in bytes. ++ @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. ++ It's caller's responsiblity to free the buffer. ++ @param[out] ContentSize The size of the extracted content in bytes. ++ ++ @retval TRUE The P7Data was correctly formatted for processing. ++ @retval FALSE The P7Data was not correctly formatted for processing. ++ ++*/ ++BOOLEAN ++EFIAPI ++Pkcs7GetAttachedContent ( ++ IN CONST UINT8 *P7Data, ++ IN UINTN P7Length, ++ OUT VOID **Content, ++ OUT UINTN *ContentSize ++ ) ++{ ++ BOOLEAN Status; ++ PKCS7 *Pkcs7; ++ UINT8 *SignedData; ++ UINTN SignedDataSize; ++ BOOLEAN Wrapped; ++ CONST UINT8 *Temp; ++ ASN1_OCTET_STRING *OctStr; ++ ++ // ++ // Check input parameter. ++ // ++ if ((P7Data == NULL) || (P7Length > INT_MAX) || (Content == NULL) || (ContentSize == NULL)) { ++ return FALSE; ++ } ++ ++ *Content = NULL; ++ Pkcs7 = NULL; ++ SignedData = NULL; ++ OctStr = NULL; ++ ++ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); ++ if (!Status || (SignedDataSize > INT_MAX)) { ++ goto _Exit; ++ } ++ ++ Status = FALSE; ++ ++ // ++ // Decoding PKCS#7 SignedData ++ // ++ Temp = SignedData; ++ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize); ++ if (Pkcs7 == NULL) { ++ goto _Exit; ++ } ++ ++ // ++ // The type of Pkcs7 must be signedData ++ // ++ if (!PKCS7_type_is_signed (Pkcs7)) { ++ goto _Exit; ++ } ++ ++ // ++ // Check for detached or attached content ++ // ++ if (PKCS7_get_detached (Pkcs7)) { ++ // ++ // No Content supplied for PKCS7 detached signedData ++ // ++ *Content = NULL; ++ *ContentSize = 0; ++ } else { ++ // ++ // Retrieve the attached content in PKCS7 signedData ++ // ++ OctStr = Pkcs7->d.sign->contents->d.data; ++ if ((OctStr->length > 0) && (OctStr->data != NULL)) { ++ *ContentSize = OctStr->length; ++ *Content = malloc (*ContentSize); ++ if (*Content == NULL) { ++ *ContentSize = 0; ++ goto _Exit; ++ } ++ CopyMem (*Content, OctStr->data, *ContentSize); ++ } ++ } ++ Status = TRUE; ++ ++_Exit: ++ // ++ // Release Resources ++ // ++ PKCS7_free (Pkcs7); ++ ++ if (!Wrapped) { ++ OPENSSL_free (SignedData); ++ } ++ ++ return Status; ++} +diff --git a/Cryptlib/Pk/CryptTs.c b/Cryptlib/Pk/CryptTs.c +new file mode 100644 +index 0000000..7d269b0 +--- /dev/null ++++ b/Cryptlib/Pk/CryptTs.c +@@ -0,0 +1,729 @@ ++/** @file ++ RFC3161 Timestamp Countersignature Verification over OpenSSL. ++ The timestamp is generated by a TimeStamping Authority (TSA) and asserts that a ++ publisher's signature existed before the specified time. The timestamp extends ++ the lifetime of the signature when a signing certificate expires or is later ++ revoked. ++ ++Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++#include ++#include ++#include ++#include ++#include ++ ++// ++// OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1") ++// ++UINT8 mSpcRFC3161OidValue[] = { ++ 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01 ++ }; ++ ++/// ++/// The messageImprint field SHOULD contain the hash of the datum to be ++/// time-stamped. The hash is represented as an OCTET STRING. Its ++/// length MUST match the length of the hash value for that algorithm ++/// (e.g., 20 bytes for SHA-1 or 16 bytes for MD5). ++/// ++/// MessageImprint ::= SEQUENCE { ++/// hashAlgorithm AlgorithmIdentifier, ++/// hashedMessage OCTET STRING } ++/// ++typedef struct { ++ X509_ALGOR *HashAlgorithm; ++ ASN1_OCTET_STRING *HashedMessage; ++} TS_MESSAGE_IMPRINT; ++ ++// ++// ASN.1 Functions for TS_MESSAGE_IMPRINT ++// ++DECLARE_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT) ++ASN1_SEQUENCE (TS_MESSAGE_IMPRINT) = { ++ ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashAlgorithm, X509_ALGOR), ++ ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashedMessage, ASN1_OCTET_STRING) ++} ASN1_SEQUENCE_END (TS_MESSAGE_IMPRINT) ++IMPLEMENT_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT) ++ ++/// ++/// Accuracy represents the time deviation around the UTC time contained ++/// in GeneralizedTime of time-stamp token. ++/// ++/// Accuracy ::= SEQUENCE { ++/// seconds INTEGER OPTIONAL, ++/// millis [0] INTEGER (1..999) OPTIONAL, ++/// micros [1] INTEGER (1..999) OPTIONAL } ++/// ++typedef struct { ++ ASN1_INTEGER *Seconds; ++ ASN1_INTEGER *Millis; ++ ASN1_INTEGER *Micros; ++} TS_ACCURACY; ++ ++// ++// ASN.1 Functions for TS_ACCURACY ++// ++DECLARE_ASN1_FUNCTIONS (TS_ACCURACY) ++ASN1_SEQUENCE (TS_ACCURACY) = { ++ ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER), ++ ASN1_IMP_OPT (TS_ACCURACY, Millis, ASN1_INTEGER, 0), ++ ASN1_IMP_OPT (TS_ACCURACY, Micros, ASN1_INTEGER, 1) ++} ASN1_SEQUENCE_END (TS_ACCURACY) ++IMPLEMENT_ASN1_FUNCTIONS (TS_ACCURACY) ++ ++/// ++/// The timestamp token info resulting from a successful timestamp request, ++/// as defined in RFC 3161. ++/// ++/// TSTInfo ::= SEQUENCE { ++/// version INTEGER { v1(1) }, ++/// policy TSAPolicyId, ++/// messageImprint MessageImprint, ++/// -- MUST have the same value as the similar field in ++/// -- TimeStampReq ++/// serialNumber INTEGER, ++/// -- Time-Stamping users MUST be ready to accommodate integers ++/// -- up to 160 bits. ++/// genTime GeneralizedTime, ++/// accuracy Accuracy OPTIONAL, ++/// ordering BOOLEAN DEFAULT FALSE, ++/// nonce INTEGER OPTIONAL, ++/// -- MUST be present if the similar field was present ++/// -- in TimeStampReq. In that case it MUST have the same value. ++/// tsa [0] GeneralName OPTIONAL, ++/// extensions [1] IMPLICIT Extensions OPTIONAL } ++/// ++typedef struct { ++ ASN1_INTEGER *Version; ++ ASN1_OBJECT *Policy; ++ TS_MESSAGE_IMPRINT *MessageImprint; ++ ASN1_INTEGER *SerialNumber; ++ ASN1_GENERALIZEDTIME *GenTime; ++ TS_ACCURACY *Accuracy; ++ ASN1_BOOLEAN Ordering; ++ ASN1_INTEGER *Nonce; ++ GENERAL_NAME *Tsa; ++ STACK_OF(X509_EXTENSION) *Extensions; ++} TS_TST_INFO; ++ ++// ++// ASN.1 Functions for TS_TST_INFO ++// ++DECLARE_ASN1_FUNCTIONS (TS_TST_INFO) ++ASN1_SEQUENCE (TS_TST_INFO) = { ++ ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER), ++ ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT), ++ ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRINT), ++ ASN1_SIMPLE (TS_TST_INFO, SerialNumber, ASN1_INTEGER), ++ ASN1_SIMPLE (TS_TST_INFO, GenTime, ASN1_GENERALIZEDTIME), ++ ASN1_OPT (TS_TST_INFO, Accuracy, TS_ACCURACY), ++ ASN1_OPT (TS_TST_INFO, Ordering, ASN1_FBOOLEAN), ++ ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER), ++ ASN1_EXP_OPT(TS_TST_INFO, Tsa, GENERAL_NAME, 0), ++ ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, 1) ++} ASN1_SEQUENCE_END (TS_TST_INFO) ++IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO) ++ ++ ++/** ++ Verification callback function to override any existing callbacks in OpenSSL ++ for intermediate TSA certificate supports. ++ ++ @param[in] Status Original status before calling this callback. ++ @param[in] Context X509 store context. ++ ++ @retval 1 Current X509 certificate is verified successfully. ++ @retval 0 Verification failed. ++ ++**/ ++int ++TSVerifyCallback ( ++ IN int Status, ++ IN X509_STORE_CTX *Context ++ ) ++{ ++ X509_OBJECT *Obj; ++ INTN Error; ++ INTN Index; ++ INTN Count; ++ ++ Obj = NULL; ++ Error = (INTN) X509_STORE_CTX_get_error (Context); ++ ++ // ++ // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_ ++ // CERT_LOCALLY mean a X509 certificate is not self signed and its issuer ++ // can not be found in X509_verify_cert of X509_vfy.c. ++ // In order to support intermediate certificate node, we override the ++ // errors if the certification is obtained from X509 store, i.e. it is ++ // a trusted ceritifcate node that is enrolled by user. ++ // Besides,X509_V_ERR_CERT_UNTRUSTED and X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ++ // are also ignored to enable such feature. ++ // ++ if ((Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) || ++ (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)) { ++ Obj = (X509_OBJECT *) malloc (sizeof (X509_OBJECT)); ++ if (Obj == NULL) { ++ return 0; ++ } ++ ++ Obj->type = X509_LU_X509; ++ Obj->data.x509 = Context->current_cert; ++ ++ CRYPTO_w_lock (CRYPTO_LOCK_X509_STORE); ++ ++ if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) { ++ Status = 1; ++ } else { ++ // ++ // If any certificate in the chain is enrolled as trusted certificate, ++ // pass the certificate verification. ++ // ++ if (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) { ++ Count = (INTN) sk_X509_num (Context->chain); ++ for (Index = 0; Index < Count; Index++) { ++ Obj->data.x509 = sk_X509_value (Context->chain, (int) Index); ++ if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) { ++ Status = 1; ++ break; ++ } ++ } ++ } ++ } ++ ++ CRYPTO_w_unlock (CRYPTO_LOCK_X509_STORE); ++ } ++ ++ if ((Error == X509_V_ERR_CERT_UNTRUSTED) || ++ (Error == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) { ++ Status = 1; ++ } ++ ++ if (Obj != NULL) { ++ OPENSSL_free (Obj); ++ } ++ ++ return Status; ++} ++ ++/** ++ Convert ASN.1 GeneralizedTime to EFI Time. ++ ++ @param[in] Asn1Time Pointer to the ASN.1 GeneralizedTime to be converted. ++ @param[out] SigningTime Return the corresponding EFI Time. ++ ++ @retval TRUE The time convertion succeeds. ++ @retval FALSE Invalid parameters. ++ ++**/ ++BOOLEAN ++EFIAPI ++ConvertAsn1TimeToEfiTime ( ++ IN ASN1_TIME *Asn1Time, ++ OUT EFI_TIME *EfiTime ++ ) ++{ ++ CONST CHAR8 *Str; ++ UINTN Index; ++ ++ if ((Asn1Time == NULL) || (EfiTime == NULL)) { ++ return FALSE; ++ } ++ ++ Str = (CONST CHAR8*)Asn1Time->data; ++ SetMem (EfiTime, 0, sizeof (EFI_TIME)); ++ ++ Index = 0; ++ if (Asn1Time->type == V_ASN1_UTCTIME) { /* two digit year */ ++ EfiTime->Year = (Str[Index++] - '0') * 10; ++ EfiTime->Year += (Str[Index++] - '0'); ++ if (EfiTime->Year < 70) { ++ EfiTime->Year += 100; ++ } ++ } else if (Asn1Time->type == V_ASN1_GENERALIZEDTIME) { /* four digit year */ ++ EfiTime->Year = (Str[Index++] - '0') * 1000; ++ EfiTime->Year += (Str[Index++] - '0') * 100; ++ EfiTime->Year += (Str[Index++] - '0') * 10; ++ EfiTime->Year += (Str[Index++] - '0'); ++ if ((EfiTime->Year < 1900) || (EfiTime->Year > 9999)) { ++ return FALSE; ++ } ++ } ++ ++ EfiTime->Month = (Str[Index++] - '0') * 10; ++ EfiTime->Month += (Str[Index++] - '0'); ++ if ((EfiTime->Month < 1) || (EfiTime->Month > 12)) { ++ return FALSE; ++ } ++ ++ EfiTime->Day = (Str[Index++] - '0') * 10; ++ EfiTime->Day += (Str[Index++] - '0'); ++ if ((EfiTime->Day < 1) || (EfiTime->Day > 31)) { ++ return FALSE; ++ } ++ ++ EfiTime->Hour = (Str[Index++] - '0') * 10; ++ EfiTime->Hour += (Str[Index++] - '0'); ++ if (EfiTime->Hour > 23) { ++ return FALSE; ++ } ++ ++ EfiTime->Minute = (Str[Index++] - '0') * 10; ++ EfiTime->Minute += (Str[Index++] - '0'); ++ if (EfiTime->Minute > 59) { ++ return FALSE; ++ } ++ ++ EfiTime->Second = (Str[Index++] - '0') * 10; ++ EfiTime->Second += (Str[Index++] - '0'); ++ if (EfiTime->Second > 59) { ++ return FALSE; ++ } ++ ++ /* Note: we did not adjust the time based on time zone information */ ++ ++ return TRUE; ++} ++ ++/** ++ ++ Check the validity of TimeStamp Token Information. ++ ++ @param[in] TstInfo Pointer to the TS_TST_INFO structure. ++ @param[in] TimestampedData Pointer to the data to be time-stamped. ++ @param[in] DataSize Size of timestamped data in bytes. ++ ++ @retval TRUE The TimeStamp Token Information is valid. ++ @retval FALSE Invalid TimeStamp Token Information. ++ ++**/ ++BOOLEAN ++EFIAPI ++CheckTSTInfo ( ++ IN CONST TS_TST_INFO *TstInfo, ++ IN CONST UINT8 *TimestampedData, ++ IN UINTN DataSize ++ ) ++{ ++ BOOLEAN Status; ++ TS_MESSAGE_IMPRINT *Imprint; ++ X509_ALGOR *HashAlgo; ++ CONST EVP_MD *Md; ++ EVP_MD_CTX MdCtx; ++ UINTN MdSize; ++ UINT8 *HashedMsg; ++ ++ // ++ // Initialization ++ // ++ Status = FALSE; ++ HashAlgo = NULL; ++ HashedMsg = NULL; ++ ++ // ++ // -- Check version number of Timestamp: ++ // The version field (currently v1) describes the version of the time-stamp token. ++ // Conforming time-stamping servers MUST be able to provide version 1 time-stamp tokens. ++ // ++ if ((ASN1_INTEGER_get (TstInfo->Version)) != 1) { ++ return FALSE; ++ } ++ ++ // ++ // -- Check Policies ++ // The policy field MUST indicate the TSA's policy under which the response was produced. ++ // ++ if (TstInfo->Policy == NULL) { ++ /// NOTE: Need to check if the requested and returned policies. ++ /// We have no information about the Requested TSA Policy. ++ return FALSE; ++ } ++ ++ // ++ // -- Compute & Check Message Imprint ++ // ++ Imprint = TstInfo->MessageImprint; ++ HashAlgo = X509_ALGOR_dup (Imprint->HashAlgorithm); ++ ++ Md = EVP_get_digestbyobj (HashAlgo->algorithm); ++ if (Md == NULL) { ++ goto _Exit; ++ } ++ ++ MdSize = EVP_MD_size (Md); ++ HashedMsg = AllocateZeroPool (MdSize); ++ if (HashedMsg == NULL) { ++ goto _Exit; ++ } ++ EVP_DigestInit (&MdCtx, Md); ++ EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize); ++ EVP_DigestFinal (&MdCtx, HashedMsg, NULL); ++ if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) && ++ (CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage), MdSize) != 0)) { ++ goto _Exit; ++ } ++ ++ // ++ // -- Check Nonces ++ // ++ if (TstInfo->Nonce != NULL) { ++ // ++ // Nonces is optional, No error if no nonce is returned; ++ // ++ } ++ ++ // ++ // -- Check if the TSA name and signer certificate is matched. ++ // ++ if (TstInfo->Tsa != NULL) { ++ // ++ // Ignored the optional Tsa field checking. ++ // ++ } ++ ++ Status = TRUE; ++ ++_Exit: ++ X509_ALGOR_free (HashAlgo); ++ if (HashedMsg != NULL) { ++ FreePool (HashedMsg); ++ } ++ ++ return Status; ++} ++ ++/** ++ Verifies the validility of a TimeStamp Token as described in RFC 3161 ("Internet ++ X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)"). ++ ++ If TSToken is NULL, then return FALSE. ++ If TimestampedData is NULL, then return FALSE. ++ ++ @param[in] TSToken Pointer to the RFC3161 TimeStamp Token, which is generated ++ by a TSA and located in the software publisher's SignerInfo ++ structure. ++ @param[in] TokenSize Size of the TimeStamp Token in bytes. ++ @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER. ++ @param[in] CertSize Size of the trusted TSA certificate in bytes. ++ @param[in] TimestampedData Pointer to the data to be time-stamped. ++ @param[in] DataSize Size of timestamped data in bytes. ++ @param[out] SigningTime Return the time of timestamp generation time if the timestamp ++ signature is valid. ++ ++ @retval TRUE The specified timestamp token is valid. ++ @retval FALSE Invalid timestamp token. ++ ++**/ ++BOOLEAN ++EFIAPI ++TimestampTokenVerify ( ++ IN CONST UINT8 *TSToken, ++ IN UINTN TokenSize, ++ IN CONST UINT8 *TsaCert, ++ IN UINTN CertSize, ++ IN CONST UINT8 *TimestampedData, ++ IN UINTN DataSize, ++ OUT EFI_TIME *SigningTime ++ ) ++{ ++ BOOLEAN Status; ++ CONST UINT8 *TokenTemp; ++ PKCS7 *Pkcs7; ++ X509 *Cert; ++ CONST UINT8 *CertTemp; ++ X509_STORE *CertStore; ++ BIO *OutBio; ++ UINT8 *TstData; ++ UINTN TstSize; ++ CONST UINT8 *TstTemp; ++ TS_TST_INFO *TstInfo; ++ ++ Status = FALSE; ++ ++ // ++ // Check input parameters ++ // ++ if ((TSToken == NULL) || (TsaCert == NULL) || (TimestampedData == NULL) || ++ (TokenSize > INT_MAX) || (CertSize > INT_MAX) || (DataSize > INT_MAX)) { ++ return FALSE; ++ } ++ ++ // ++ // Initializations ++ // ++ if (SigningTime != NULL) { ++ SetMem (SigningTime, sizeof (EFI_TIME), 0); ++ } ++ Pkcs7 = NULL; ++ Cert = NULL; ++ CertStore = NULL; ++ OutBio = NULL; ++ TstData = NULL; ++ TstInfo = NULL; ++ ++ // ++ // TimeStamp Token should contain one valid DER-encoded ASN.1 PKCS#7 structure. ++ // ++ TokenTemp = TSToken; ++ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &TokenTemp, (int) TokenSize); ++ if (Pkcs7 == NULL) { ++ goto _Exit; ++ } ++ ++ // ++ // The timestamp signature (TSA's response) will be one PKCS#7 signed data. ++ // ++ if (!PKCS7_type_is_signed (Pkcs7)) { ++ goto _Exit; ++ } ++ ++ // ++ // Read the trusted TSA certificate (DER-encoded), and Construct X509 Certificate. ++ // ++ CertTemp = TsaCert; ++ Cert = d2i_X509 (NULL, &CertTemp, (long) CertSize); ++ if (Cert == NULL) { ++ goto _Exit; ++ } ++ ++ // ++ // Setup X509 Store for trusted certificate. ++ // ++ CertStore = X509_STORE_new (); ++ if ((CertStore == NULL) || !(X509_STORE_add_cert (CertStore, Cert))) { ++ goto _Exit; ++ } ++ ++ // ++ // Register customized X509 verification callback function to support ++ // trusted intermediate TSA certificate anchor. ++ // ++ CertStore->verify_cb = TSVerifyCallback; ++ ++ X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY); ++ ++ // ++ // Verifies the PKCS#7 signedData structure, and output the signed contents. ++ // ++ OutBio = BIO_new (BIO_s_mem ()); ++ if (OutBio == NULL) { ++ goto _Exit; ++ } ++ if (!PKCS7_verify (Pkcs7, NULL, CertStore, NULL, OutBio, PKCS7_BINARY)) { ++ goto _Exit; ++ } ++ ++ // ++ // Read the signed contents detached in timestamp signature. ++ // ++ TstData = AllocateZeroPool (2048); ++ if (TstData == NULL) { ++ goto _Exit; ++ } ++ TstSize = BIO_read (OutBio, (void *) TstData, 2048); ++ ++ // ++ // Construct TS_TST_INFO structure from the signed contents. ++ // ++ TstTemp = TstData; ++ TstInfo = d2i_TS_TST_INFO (NULL, (const unsigned char **) &TstTemp, ++ (int)TstSize); ++ if (TstInfo == NULL) { ++ goto _Exit; ++ } ++ ++ // ++ // Check TS_TST_INFO structure. ++ // ++ Status = CheckTSTInfo (TstInfo, TimestampedData, DataSize); ++ if (!Status) { ++ goto _Exit; ++ } ++ ++ // ++ // Retrieve the signing time from TS_TST_INFO structure. ++ // ++ if (SigningTime != NULL) { ++ SetMem (SigningTime, sizeof (EFI_TIME), 0); ++ Status = ConvertAsn1TimeToEfiTime (TstInfo->GenTime, SigningTime); ++ } ++ ++_Exit: ++ // ++ // Release Resources ++ // ++ PKCS7_free (Pkcs7); ++ X509_free (Cert); ++ X509_STORE_free (CertStore); ++ BIO_free (OutBio); ++ TS_TST_INFO_free (TstInfo); ++ ++ if (TstData != NULL) { ++ FreePool (TstData); ++ } ++ ++ return Status; ++} ++ ++/** ++ Verifies the validility of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode ++ signature. ++ ++ If AuthData is NULL, then return FALSE. ++ ++ @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed ++ PE/COFF image to be verified. ++ @param[in] DataSize Size of the Authenticode Signature in bytes. ++ @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which ++ is used for TSA certificate chain verification. ++ @param[in] CertSize Size of the trusted certificate in bytes. ++ @param[out] SigningTime Return the time of timestamp generation time if the timestamp ++ signature is valid. ++ ++ @retval TRUE The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature. ++ @retval FALSE No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data. ++ ++**/ ++BOOLEAN ++EFIAPI ++ImageTimestampVerify ( ++ IN CONST UINT8 *AuthData, ++ IN UINTN DataSize, ++ IN CONST UINT8 *TsaCert, ++ IN UINTN CertSize, ++ OUT EFI_TIME *SigningTime ++ ) ++{ ++ BOOLEAN Status; ++ PKCS7 *Pkcs7; ++ CONST UINT8 *Temp; ++ STACK_OF(PKCS7_SIGNER_INFO) *SignerInfos; ++ PKCS7_SIGNER_INFO *SignInfo; ++ UINTN Index; ++ STACK_OF(X509_ATTRIBUTE) *Sk; ++ X509_ATTRIBUTE *Xa; ++ ASN1_TYPE *Asn1Type; ++ ASN1_OCTET_STRING *EncDigest; ++ UINT8 *TSToken; ++ UINTN TokenSize; ++ ++ // ++ // Input Parameters Checking. ++ // ++ if ((AuthData == NULL) || (TsaCert == NULL)) { ++ return FALSE; ++ } ++ ++ if ((DataSize > INT_MAX) || (CertSize > INT_MAX)) { ++ return FALSE; ++ } ++ ++ // ++ // Register & Initialize necessary digest algorithms for PKCS#7 Handling. ++ // ++ if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) == 0) || ++ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0) { ++ return FALSE; ++ } ++ ++ // ++ // Initialization. ++ // ++ Status = FALSE; ++ Pkcs7 = NULL; ++ SignInfo = NULL; ++ ++ // ++ // Decode ASN.1-encoded Authenticode data into PKCS7 structure. ++ // ++ Temp = AuthData; ++ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) DataSize); ++ if (Pkcs7 == NULL) { ++ goto _Exit; ++ } ++ ++ // ++ // Check if there is one and only one signer. ++ // ++ SignerInfos = PKCS7_get_signer_info (Pkcs7); ++ if (!SignerInfos || (sk_PKCS7_SIGNER_INFO_num (SignerInfos) != 1)) { ++ goto _Exit; ++ } ++ ++ // ++ // Locate the TimeStamp CounterSignature. ++ // ++ SignInfo = sk_PKCS7_SIGNER_INFO_value (SignerInfos, 0); ++ if (SignInfo == NULL) { ++ goto _Exit; ++ } ++ ++ // ++ // Locate Message Digest which will be the data to be time-stamped. ++ // ++ EncDigest = SignInfo->enc_digest; ++ if (EncDigest == NULL) { ++ goto _Exit; ++ } ++ ++ // ++ // The RFC3161 timestamp counterSignature is contained in unauthenticatedAttributes field ++ // of SignerInfo. ++ // ++ Sk = SignInfo->unauth_attr; ++ if (Sk == NULL) { // No timestamp counterSignature. ++ goto _Exit; ++ } ++ ++ Asn1Type = NULL; ++ for (Index = 0; Index < (UINTN) sk_X509_ATTRIBUTE_num (Sk); Index++) { ++ // ++ // Search valid RFC3161 timestamp counterSignature based on OBJID. ++ // ++ Xa = sk_X509_ATTRIBUTE_value (Sk, (int)Index); ++ if ((Xa->object->length != sizeof (mSpcRFC3161OidValue)) || ++ (CompareMem (Xa->object->data, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) { ++ continue; ++ } ++ Asn1Type = sk_ASN1_TYPE_value (Xa->value.set, 0); ++ } ++ ++ if (Asn1Type == NULL) { ++ Status = FALSE; ++ goto _Exit; ++ } ++ TSToken = Asn1Type->value.octet_string->data; ++ TokenSize = Asn1Type->value.octet_string->length; ++ ++ // ++ // TimeStamp counterSignature (Token) verification. ++ // ++ Status = TimestampTokenVerify ( ++ TSToken, ++ TokenSize, ++ TsaCert, ++ CertSize, ++ EncDigest->data, ++ EncDigest->length, ++ SigningTime ++ ); ++ ++_Exit: ++ // ++ // Release Resources ++ // ++ PKCS7_free (Pkcs7); ++ ++ return Status; ++} +diff --git a/Cryptlib/Pk/CryptX509.c b/Cryptlib/Pk/CryptX509.c +index 29efc42..70b135a 100644 +--- a/Cryptlib/Pk/CryptX509.c ++++ b/Cryptlib/Pk/CryptX509.c +@@ -1,7 +1,7 @@ + /** @file + X.509 Certificate Handler Wrapper Implementation over OpenSSL. + +-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
++Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -38,7 +38,8 @@ X509ConstructCertificate ( + OUT UINT8 **SingleX509Cert + ) + { +- X509 *X509Cert; ++ X509 *X509Cert; ++ CONST UINT8 *Temp; + + // + // Check input parameters. +@@ -50,7 +51,8 @@ X509ConstructCertificate ( + // + // Read DER-encoded X509 Certificate and Construct X509 object. + // +- X509Cert = d2i_X509 (NULL, &Cert, (long) CertSize); ++ Temp = Cert; ++ X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize); + if (X509Cert == NULL) { + return FALSE; + } +@@ -65,7 +67,7 @@ X509ConstructCertificate ( + + If X509Stack is NULL, then return FALSE. + +- @param[in, out] X509Stack On input, pointer to an existing X509 stack object. ++ @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param ... A list of DER-encoded single certificate data followed +@@ -123,17 +125,23 @@ X509ConstructCertificateStack ( + } + + CertSize = VA_ARG (Args, UINTN); ++ if (CertSize == 0) { ++ break; ++ } + + // + // Construct X509 Object from the given DER-encoded certificate data. + // ++ X509Cert = NULL; + Status = X509ConstructCertificate ( + (CONST UINT8 *) Cert, + CertSize, + (UINT8 **) &X509Cert + ); + if (!Status) { +- X509_free (X509Cert); ++ if (X509Cert != NULL) { ++ X509_free (X509Cert); ++ } + break; + } + +@@ -518,7 +526,8 @@ X509GetTBSCert ( + // + // Check input parameters. + // +- if ((Cert == NULL) || (TBSCert == NULL) || (TBSCertSize == NULL)) { ++ if ((Cert == NULL) || (TBSCert == NULL) || ++ (TBSCertSize == NULL) || (CertSize > INT_MAX)) { + return FALSE; + } + +diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh +index 0e34db9..f05036e 100755 +--- a/Cryptlib/update.sh ++++ b/Cryptlib/update.sh +@@ -2,27 +2,30 @@ + + DIR=$1 + +-cp $DIR/InternalCryptLib.h InternalCryptLib.h +-cp $DIR/Hash/CryptMd4.c Hash/CryptMd4.c +-cp $DIR/Hash/CryptMd5.c Hash/CryptMd5.c +-cp $DIR/Hash/CryptSha1.c Hash/CryptSha1.c +-cp $DIR/Hash/CryptSha256.c Hash/CryptSha256.c +-cp $DIR/Hmac/CryptHmacMd5.c Hmac/CryptHmacMd5.c +-cp $DIR/Hmac/CryptHmacSha1.c Hmac/CryptHmacSha1.c +-cp $DIR/Cipher/CryptAes.c Cipher/CryptAes.c +-cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c +-cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c +-cp $DIR/Rand/CryptRand.c Rand/CryptRand.c +-cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c +-cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c +-cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c +-cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c +-cp $DIR/Pk/CryptDhNull.c Pk/CryptDhNull.c +-cp $DIR/Pk/CryptX509.c Pk/CryptX509.c +-cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c +-cp $DIR/Pem/CryptPem.c Pem/CryptPem.c +-cp $DIR/SysCall/CrtWrapper.c SysCall/CrtWrapper.c +-cp $DIR/SysCall/TimerWrapper.c SysCall/TimerWrapper.c +-cp $DIR/SysCall/BaseMemAllocation.c SysCall/BaseMemAllocation.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h InternalCryptLib.h ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c Hash/CryptMd4.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c Hash/CryptMd5.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c Hash/CryptSha1.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c Hash/CryptSha256.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c Hmac/CryptHmacMd5.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c Hmac/CryptHmacSha1.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c Cipher/CryptAes.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c Cipher/CryptTdes.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c Cipher/CryptArc4.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c Rand/CryptRand.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c Pk/CryptDhNull.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c Pk/CryptTs.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c Pk/CryptX509.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c Pem/CryptPem.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c SysCall/CrtWrapper.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c SysCall/TimerWrapper.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c SysCall/BaseMemAllocation.c ++ ++cp $DIR/CryptoPkg/Include/openssl/* Include/openssl/ + + patch -p2 +Date: Wed, 15 Jul 2015 16:33:32 +0800 +Subject: [PATCH 2/2] Openssl: Add EFIAPI for ERR_add_error_vdata + +Without declaring EFIAPI for ERR_add_error_vdata, shim would crash +while verifying the loaded image. + +Signed-off-by: Gary Ching-Pang Lin +--- + Cryptlib/Include/openssl/err.h | 4 ++++ + Cryptlib/OpenSSL/crypto/err/err.c | 4 ++++ + 2 files changed, 8 insertions(+) + +diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h +index bbfdb95..da589f8 100644 +--- a/Cryptlib/Include/openssl/err.h ++++ b/Cryptlib/Include/openssl/err.h +@@ -352,7 +352,11 @@ void EFIAPI ERR_add_error_data(int num, ...); + void ERR_add_error_data(int num, ...); + #endif + ++#if defined(OPENSSL_SYS_UEFI) ++void EFIAPI ERR_add_error_vdata(int num, va_list args); ++#else + void ERR_add_error_vdata(int num, va_list args); ++#endif + void ERR_load_strings(int lib, ERR_STRING_DATA str[]); + void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); + void ERR_load_ERR_strings(void); +diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c +index f98cce6..108b83a 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err.c ++++ b/Cryptlib/OpenSSL/crypto/err/err.c +@@ -1085,7 +1085,11 @@ void ERR_add_error_data(int num, ...) + va_end(args); + } + ++#if defined(OPENSSL_SYS_UEFI) ++void EFIAPI ERR_add_error_vdata(int num, va_list args) ++#else + void ERR_add_error_vdata(int num, va_list args) ++#endif + { + int i, n, s; + char *str, *p, *a; +-- +2.1.4 + diff --git a/shim.changes b/shim.changes index 158d6cb..0f364fe 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Jul 16 06:49:01 UTC 2015 - glin@suse.com + +- Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d +- Refresh shim-gcc5.patch and add it back since we really need it +- Add shim-change-debug-file-path.patch to change the debug file + path in shim.efi + + also add the debuginfo and debugsource subpackages +- Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore + ------------------------------------------------------------------- Mon Jul 6 09:06:02 UTC 2015 - glin@suse.com diff --git a/shim.spec b/shim.spec index 6864532..9496661 100644 --- a/shim.spec +++ b/shim.spec @@ -18,6 +18,8 @@ # needssslcertforbuild +%undefine _build_create_debug + Name: shim Version: 0.9 Release: 0 @@ -42,10 +44,14 @@ Source11: strip_signature.sh Source12: signature-sles.asc # PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Only include the OS name in version.c Patch1: shim-only-os-name.patch -# PATCH-FIX-UPSTREAM shim-fix-gnu-efi-30w.patch glin@suse.com -- Adapt the change in gnu-efi 3.0w -Patch2: shim-fix-gnu-efi-30w.patch # PATCH-FIX-UPSTREAM shim-fix-mokmanager-sections.patch glin@suse.com -- Fix the objcopy parameters for the EFI files Patch3: shim-fix-mokmanager-sections.patch +# PATCH-FIX-UPSTREAM shim-update-openssl-1.0.2d.patch glin@suse.com -- Update openssl to 1.0.2d +Patch4: shim-update-openssl-1.0.2d.patch +# PATCH-FIX-UPSTREAM shim-gcc5.patch glin@suse.com -- Specify the gnu89 standard +Patch5: shim-gcc5.patch +# PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path +Patch50: shim-change-debug-file-path.patch # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not Patch100: shim-opensuse-cert-prompt.patch BuildRequires: gnu-efi >= 3.0t @@ -63,7 +69,19 @@ ExclusiveArch: x86_64 aarch64 shim is a trivial EFI application that, when run, attempts to open and execute another application. +%package -n shim-debuginfo +Summary: UEFI shim loader - debug symbols +Group: System/Boot +%description -n shim-debuginfo +The debug symbols of UEFI shim loader + +%package -n shim-debugsource +Summary: UEFI shim loader - debug source +Group: System/Boot + +%description -n shim-debugsource +The source code of UEFI shim loader Authors: -------- @@ -72,8 +90,10 @@ Authors: %prep %setup -q %patch1 -p1 -%patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch50 -p1 %patch100 -p1 %build # first, build MokManager and fallback as they don't depend on a @@ -164,12 +184,18 @@ for suffix in "${suffixes[@]}"; do else mv shim.efi shim-$suffix.efi fi + mv shim.efi.debug shim-$suffix.debug rm -f shim.cer shim.crt # make sure cert.o gets rebuilt rm -f cert.o done ln -s shim-${suffixes[0]}.efi shim.efi +mv shim-${suffixes[0]}.debug shim.debug + +# Collect the source for debugsource +mkdir source +find . \( -name "*.c" -o -name "*.h" \) -type f -exec cp --parents -a {} source/ \; %install export BRP_PESIGN_FILES='%{_libdir}/efi/shim*.efi %{_libdir}/efi/MokManager.efi %{_libdir}/efi/fallback.efi' @@ -187,6 +213,16 @@ for file in shim-*.der; do install -m 644 $file %{buildroot}/%{_sysconfdir}/uefi/certs/$fpr.crt done +# install the debug symbols +install -d %{buildroot}/usr/lib/debug/%{_libdir}/efi +install -m 644 shim.debug %{buildroot}/usr/lib/debug/%{_libdir}/efi +install -m 644 MokManager.efi.debug %{buildroot}/usr/lib/debug/%{_libdir}/efi/MokManager.debug +install -m 644 fallback.efi.debug %{buildroot}/usr/lib/debug/%{_libdir}/efi/fallback.debug + +# install the debug source +install -d %{buildroot}/usr/src/debug/%{name}-%{version} +cp -r source/* %{buildroot}/usr/src/debug/%{name}-%{version} + %clean %{?buildroot:%__rm -rf "%{buildroot}"} @@ -207,4 +243,15 @@ done %dir %{_sysconfdir}/uefi/certs/ %{_sysconfdir}/uefi/certs/*.crt +%files -n shim-debuginfo +%defattr(-,root,root,-) +/usr/lib/debug/%{_libdir}/efi/shim.debug +/usr/lib/debug/%{_libdir}/efi/MokManager.debug +/usr/lib/debug/%{_libdir}/efi/fallback.debug + +%files -n shim-debugsource +%defattr(-,root,root,-) +%dir /usr/src/debug/%{name}-%{version} +/usr/src/debug/%{name}-%{version}/* + %changelog